PROJECT RISK MANAGEMENT

PMP Prep - Quick Review

STATEMENTS FOR REVIEW

Risk Mgmt can be justified on all projects
Positive risk events also called opportunities
The level, type, and visibility, of risk mgmt should be commensurate with both the risk &
importance of the project to the org
*If you see the term risk assessment refers to id, qualitative and quantitative analysis
All risk processes are facilitating except for Risk Management Planning, which is core
Qualitative risk analysis and quantitative risk analysis can be done at the simultaneously
Three components of a risk are: identity of the event, the probability of its occurrence, and the
impact on project objectives. Also known as risk factors
Three types of events: Known-known, Known-unknown, unknown-unknown
Unknown risks that cant be managed are known as force majeure and generally require disaster
recovery actions rather than risk mgmt, using whats known as mgmt reserves
The impact from the occurrence of a risk event is expressed in dollars
All risk processes are planning except for Risk Monitoring + Control , which is Controlling
The level of risk is highest at the beginning of the project
Insurable risk is also known as pure risk and only addresses loss
Risk-prone people are also known as risk seekers
Know your stakeholders tolerance for risk. Found in their policies and by their actions.
The risk mgmt plan is the only output from Risk Mgmt Planning process and is an input to all
other subsequent risk processes
The advantage of using checklists for risk identification is that it is quick and simple
The amount at stake from risk is highest at the end of the project
PDM is used to analyze schedule risk
*Some elements of the Risk Mgmt Plan include methodology, budget, roles and responsibilities,
timing, scoring and interpretation, thresholds, reporting formats + tracking
A watch list is a list of triggers
Risk identification is an iterative process which is done early & performed regularly
Ordinal rating orders items by rank, cardinal ranking assigns numerical values to the rank
The 2 main outputs from Risk identification are risk events and triggers
Triggers are also called risk symptoms or warning signs
*Risk categories can be external-unpredictable, external-predictable, technical, legal, and internal
(non-technical)
*Risks can also be classified according to industry standards, PMBOK knowledge areas, project
phase
Business risk addresses profit + loss
Brainstorming is the most common technique for Risk identification
Delphi Technique is done anonymously, surveying SMEs, and repeated until consensus reached
Nominal group technique is similar to Delphi Technique except that it is face to face
The key input to risk mgmt planning is the WBS
The disadvantage of using checklists for risk identification is that its impossible to create an
exhaustive list
The initial step in risk identification is generally document reviews.
SWOT stands for strengths, weaknesses, opps + threats
Data precision is the extent to which a risk is known and understood
Projects are compared to each other based on there overall risk rank for their project
Risk impact can also be referred to as risk consequence
PMBOK says risks should be qualified using established methods + tools
 PROJECT RISK MANAGEMENT
PMP Prep - Quick Review

Cardinal scale is often linear, but can be non-linear for organizations desiring avoid risk
Risk avoidance will result in changes to the project plan
Quantitative risk simulation is typically performed using Monte Carlo Technique
The simplest form of quantitative risk analysis is sensitivity analysis
*Risk responses can also be called risk strategies
It is not feasible or necessary to quantify every risk identified
PERT 0 + 4m + P
--------------
6
*Monte Carlo technique also used for schedule simulations
Monte Carlo uses concept of path convergence
Path convergence assumes that one of any set of converging tasks will take its worse-case time
EVM = expected monetary value and is result of probability x impact
On a decision tree, the sum of probabilities on a set of branches must be equal 1.0
Risk monitoring & control uses metrics such as EVA, cost & schedule variances, SPI, CPI
The four risk responses per PMBOK are Avoidance, acceptance, transference, mitigation
Probability cardinal score for no probability is 0, for certainty is 1.0
Risk transference can also be called risk deflection
With passive risk acceptance, there is no action taken when even occurs
Response planning should be appropriate to the severity of the risk
Risk acceptance can be active or passive
Residual risks remain after response is taken, or is a minor accepted risk
Both a workaround and contingency plan constitute a corrective action
Secondary risks are a result of implementing a risk response
*Commonly used work result reports (for risk monitoring & control) are issues logs, action item
lists, jeopardy warnings, escalation notices
Project risk response audits evaluate the effectiveness of risk responses, and are often performed
external entity
Risk acceptance can also be called risk assumption, or risk retention
Monte Carlo technique uses PERT
The most usual response to risk acceptance is to establish contingency reserves.
*Lessons learned should be documented during Risk Mgmt processes
Risk avoidance attempts to eliminate the source of risk, or reduce risk to acceptable level
Transference (or deflection) does not eliminate a risk. It is most effective in dealing with financial
risks
With active risk acceptance, action is taken when the event occurs, and is called contingency plan
Transfer mechanisms include performance bonds, guarantees, warrantees, and contract types
Risk avoidance and mitigation can both result in changes to schedule, resources, or time
A workaround is an unplanned corrective action to the occurrence of an unidentified or an
accepted risk
A fallback plan is developed if the risk has a high impact

TRUE & FALSE

Risk Mgmt can be justified on all projects True
The level, type, and visibility, of risk mgmt should be the same FALSE, commensurate with both
on all projects. the risk + importance of the
project to the org
All risk processes are facilitating except for Risk Management True
 PROJECT RISK MANAGEMENT
PMP Prep - Quick Review

Planning, which is core

All risk processes are planning processes FALSE, Risk Monitoring &
Control is a Controlling
Qualitative risk analysis and quantitative risk analysis can be True, however qualification is
done as one function done in order to quantify
Three components of a risk are: the probability of its FALSE, a response is not a
occurrence, the impact on project objectives, and the response component (risk factor)
Unknown risks that cant be managed are known as force FALSE, uses management
majeure and generally require disaster recovery actions rather reserves
than risk mgmt, using whats known as contingency reserves
The impact from the occurrence of a risk event is expressed in True
dollars
The level of risk is highest at the beginning of the project True
The amount at stake from risk is highest during the planning FALSE, at the end of the project
phase of the project
Insurable risk is also known as financial risk and only FALSE, pure risk
addresses loss
Business risk addresses both profit & loss True
Risk-prone people are also known as risk seekers True
The risk mgmt plan is an input to all other subsequent risk True
processes
The key input to risk mgmt planning is the project charter FALSE, WBS
The WBS is used to analyze schedule risk FALSE, PDM
A watch list is a list of risk responses that require contingency FALSE, a list of triggers
reserves
Risk identification is performed during the planning phase of a FALSE, an iterative process
project and reviewed at project closeout performed regularly throughout
the project
The 2 main outputs from Risk identification are risk events and True
triggers
Triggers are also called risk symptoms or warning signs True
Delphi Technique is the most common technique for Risk FALSE, Brainstorming
identification
Delphi Technique is done anonymously, surveying SMEs, True
and repeated until consensus reached
The advantage of using checklists for risk identification is that it FALSE, it is quick and simple
provides the project team with a conclusive list of all possible
risks for the project
The initial step in risk identification is generally document True
reviews.
SWOT stands for strengths, weaknesses, opportunities & FALSE, opportunities & threats
threats, all of which are internal to the project are external to the project
Data precision is the extent to which a risk is known and True
understood
Ordinal rating orders items by rank, cardinal ranking assigns True
numerical values to the rank
Risk impact can also be referred to as risk consequence True
PMBOK says risks should be qualified using established True
methods & tools
Cardinal scales are linear numerical assignments to ordinal FALSE, organizations that want
 PROJECT RISK MANAGEMENT
PMP Prep - Quick Review

scales. to avoid risk would use non-

linear scale
Probability cardinal score for no probability is 0, for certainty True
is 1.0
Quantitative risk simulation is typically performed using FALSE, Monte Carlo Technique
Nominal Group Technique
A workaround is an unplanned corrective action to the True
occurrence of an unidentified or an accepted risk
A fallback plan is developed if the risk has a high impact True
Risk avoidance and mitigation can both result in changes to True
schedule, resources, or time
The simplest form of quantitative risk analysis is PERT analysis FALSE, Sensitivity Analysis
Active risk acceptance action is taken when the event occurs, True
and is called a contingency plan
Every risk identified should be quantified FALSE, it is not feasible or
necessary to quantify every risk
identified
PERT 0 + 4m + P True
--------------
6
Monte Carlo uses concept of path avoidance FALSE, path convergence
Path convergence assumes that one of any set of converging True
tasks will take its worse-case time
Expected monetary value and is result of probability x impact or FALSE, just probability x impact
an event, as a percentage of the total overall risk ranking of the
project
On a decision tree, the sum of probabilities on a set of True
branches must be equal 1.0
Nominal group technique is similar to Delphi Technique except True
that it is face to face
The four risk responses per PMBOK are Avoidance, True, assumption is another
assumption, transference, mitigation term for acceptance. However,
PMBOK uses acceptance.
Risk transference can also be called risk deflection True
All risks should get the same level of response planning FALSE, response planning
should be appropriate to the
severity of the risk
Risk acceptance can be active or passive True
Residual risks remain after response is taken, or is a result of FALSE, or is a minor accepted
implementing a risk response. risk.
Secondary risks are a result of implementing a risk response True
Project risk response audits evaluate the total monetary value FALSE, evaluate the
of responding to the risks effectiveness of risk responses
Risk acceptance can also be called risk retention True
Both a workaround and contingency plan constitute a planned FALSE, workaround is
corrective action unplanned
Risk monitoring & control uses metrics such as EVA, cost & True
schedule variances, SPI, CPI
The most usual response to risk acceptance is to establish True
contingency reserves.
 PROJECT RISK MANAGEMENT
PMP Prep - Quick Review

Risk avoidance attempts to eliminate the source of risk, or FALSE, or reduce the risk to an
assign the risk to another entity acceptable level
Risk avoidance will result in transferring risk to another entity FALSE, will result in changes to
the project plan.
With passive risk acceptance, there is no action taken when the True
event occurs
Transference (or deflection) eliminates a risk. It is most FALSE, does not eliminate the
effective in dealing with financial risks risk
Project risk reviews are generally performed by project team on True
a regular basis
Financial risks are best handled by risk deflection True, risk deflection is the same
as risk transference
Risk Mitigation mechanisms include performance bonds, FALSE, Risk Transfer.
guarantees, warrantees, and contract types
Monte Carlo technique uses PERT True
A fallback is an unplanned corrective action FALSE, Fallback is planned for
high-impact risk events

QUESTIONS
Risk Mgmt is justified on what type of projects?
Positive risk events also called ?
How do you determine the level of detail and
visibility your project risk mgmt planning should
be?
If you see the term risk assessment on the
exam, what risk processes does it refer to?
All risk processes are planning except for .?
Of the 6 Risk Mgmt Processes, which can be
done together?
The advantage of using checklists for risk
identification is that it is ..?
Three components of a risk are?
Unknown risks that cant be managed are
known as ?
The impact from the occurrence of a risk event
is expressed in ..?
When is the amount at stake from project risk
highest..?
Insurable risk is also known as ..?
All risk processes are facilitating except for ?
What form of risk response is mores effective in
dealing with financial risk?
What type of risk addresses profit & loss?
How do you determine your stakeholders
tolerance for risk?
all
Opportunities
Commensurate with both the risk & importance
of the project to the org
Risk Identification, qualification & quantification
Risk Monitoring + Control , which is Controlling
Qualitative risk analysis and quantitative risk
analysis, although quantification relies on first
qualifying a risk
Quick and simple
identity of the event, the probability of its
occurrence, and the impact on project
objectives.
force majeure and generally require disaster
recovery actions rather than risk mgmt, using
whats known as mgmt reserves
Dollars
At the end
pure risk and only addresses loss
Risk Management Planning, which is core
Risk transference
Business risk
In their policies and by their actions
 PROJECT RISK MANAGEMENT
PMP Prep - Quick Review

What is the output from Risk Mgmt Planning The risk mgmt plan is the only output from Risk
process? Mgmt Planning process and is an input to all
other subsequent risk processes
The key input to risk mgmt planning is the ..? WBS
Some elements of the Risk Mgmt Plan methodology, budget, roles and responsibilities,
include ..? timing, scoring and interpretation, thresholds,
reporting formats + tracking
A list of triggers is also known as a? A watch list
When and how often do you perform Risk Risk identification is an iterative process which is
identification? done early & performed regularly
2 main outputs from Risk identification are? Risk events and triggers
Risk symptoms or warning signs are known as: Triggers
The most common technique for Risk Brainstorming
identification is?
The process of surveying SMEs anonymously, Delphi Technique
documenting results, redistributing and
repeating until consensus reached is known as:
What method can be used to analyze schedule PDM
risk?
When is the level of project risk highest..? At the beginning
The disadvantage of using checklists for risk Its impossible to create an exhaustive list
identification is that ..?
The initial step in risk identification is Document reviews
generally ..?
SWOT stands for: strengths, weaknesses, opportunities & threats
What is data precision? the extent to which a risk is known and
understood
What is ordinal and cardinal ranking, and how Ordinal rating orders items by rank, cardinal
do they relate or differ? ranking assigns numerical values to the rank
Risk assumption is another term for? Risk acceptance
How are projects compared to each other Overall Risk Rank
within an organization?
Risk consequence is another term for? Risk Impact
For organizations desiring to avoid risks, what Non-linear
type of cardinal scale can be used?
Risk avoidance attempts to do two things: Eliminate the source of risk, or reduce risk to
acceptable level
What are Secondary risks? Secondary risks are a result of implementing a
risk response
A cardinal score of certain for a probability is: 1.0
Quant risk simulation is typically performed Monte Carlo Technique
using ..?
The simplest form of quantitative risk analysis Sensitivity analysis
is ..?
Formula for a PERT score? PERT 0 + 4m + P
--------------
6
What simulation method uses the concept of Monte Carlo Technique
path convergence
Describe path convergence: Path convergence assumes that one of any set
 PROJECT RISK MANAGEMENT
PMP Prep - Quick Review
A cardinal score for no probability is:
EVM =
On a decision tree, the sum of probabilities on
a set of branches must be equal to:
Risk strategies is another term for:
The four risk responses per PMBOK are:
Risk deflection is another term for..?
What are Residual risks?
Who generally performs project risk response
audits, and for what reason?
Workarounds and contingency plans are both:
Risk monitoring & control uses metrics such as:
The most usual response to risk acceptance is:
Transfer mechanisms include ..?
A workaround is ..?
of converging tasks will take its worse-case time
0
Expected monetary value and is result of
probability x impact
1.0
Risk responses
Avoidance, acceptance, transference, mitigation
Risk transference
Residual risks remain after response is taken, or
is a minor accepted risk
Project risk response audits evaluate the
effectiveness of risk responses, and are often
performed an external group
a corrective action
EVA, cost + schedule variances, SPI, CPI
Establish contingency reserves
performance bonds, guarantees, warrantees,
and contract types
An unplanned corrective action to the occurance
of an unidentified or an accepted risk