Project Management

Risk Management
EEE 399 -01-MW

Prepared by: Masud Karim

29 August 2022
 Ten Area of PM
Ten Area as per guide to PMBOK (Project Management Body of Knowledge)

1.Project Integration Management

2.Project Scope Management

3.Project Time/ Schedule Management

4.Project Cost Management

5.Project Quality Management

6.Project Resource Management

7.Project Stakeholder Management

8.Project Communications Management

9.Project Risk Management

10.Project Procurement Management 

 Knowledge Area: Risk Management

 What is risk?
a) Negative consequence that could occur
b) Negative consequence that will occur
c) Negative consequence that must occur
d) Negative consequence that shall occur

 Answer: Negative consequence that could occur

 Project Risk Management
 The Project Risk Management processes are:
 Plan Risk Management—The process of defining how to conduct risk management
activities for a project.
 Identify Risks—The process of identifying individual project risks as well as sources
of overall project risk, and documenting their characteristics.
 Perform Qualitative Risk Analysis—The process of prioritizing individual project
risks for further analysis or action by assessing their probability of occurrence and
impact as well as other characteristics.
 Perform Quantitative Risk Analysis—The process of numerically analyzing the
combined effect of identified individual project risks and other sources of uncertainty
on overall project objectives.
 Plan Risk Responses—The process of developing options, selecting strategies, and
agreeing on actions to address overall project risk exposure, as well as to treat
individual project risks.
 Implement Risk Responses—The process of implementing agreed-upon risk
response plans.
 Monitor Risks—The process of monitoring the implementation of agreed-upon risk
response plans, tracking identified risks, identifying and analyzing new risks, and
evaluating risk process effectiveness throughout the project
PLAN RISK MANAGEMENT
 STRATEGIES FOR OVERALL PROJECT RISK

 Risk responses should be planned and implemented not only for

individual project risks but also to address overall project risk.
 Avoid.
 Escalate. - Escalation is appropriate when the project team or the project
sponsor agrees that a threat is outside the scope of the project or that the
proposed response would exceed the project manager’s authority.
Escalated risks are managed at the program level, portfolio level, or other
relevant part of the organization, and not on the project level
 Transfer - Transfer involves shifting ownership of a threat to a third party
to manage the risk and to bear the impact if the threat occurs. Risk
transfer often involves payment of a risk premium to the party taking on
the threat
 Mitigate: In risk mitigation, action is taken to reduce the probability of
occurrence and/or impact of a threat
 Accept.
Project Risk Management

Three strategies that typically deal with negative risks or

threats are:
A. Enhance, Share, and Accept
B. Transfer, Exploit, and Accept
C. Avoid, Transfer, and Exploit
D. Avoid, Transfer, and Mitigate

D - Five negative risk management strategies are: Escalate,

Avoid, Transfer, Mitigate, and Accept. [PMBOK 6th edition,
Pages 442, 443]
 Project Risk Management

 Negative risks can either be ______, transferred, or mitigated as a

countermeasure.
 A. enhanced
 B. avoided
 C. exploited
 D. ignored

 B - You can avoid a risk by revising the project plan to eliminate the risk
entirely.
 [Project Risk Management]

As part of the Risk Response planning for your project, you are
trying to come up with a strategy to deal with negative risks or
threats. In order to eliminate the impact of a particular risk, you relax
the objective that is in jeopardy by extending the project schedule.
This is an example of:
A. Transference
B. Mitigation
C. Avoidance
D. Postponement
Answer: C - This is an example of avoidance. It involves changing
the project management plan to "eliminate" the threat posed by an
adverse risk, isolating the project objectives from the risk's impacts,
or relaxing the objective that is in jeopardy, such as by extending the
schedule or reducing scope. Transference involves shifting the
negative impact of a threat along with the ownership of the
response. Mitigation implies a reduction in the probability and impact
of an adverse risk. Postponement is not a valid strategy since it does
not address the risk.
 [[Project Risk Management]]

Which strategy attempts to reduce the probability and the impact of

a risk to the point where the risk is acceptable?
A. Mitigation
B. Avoidance
C. Acceptance
D. Transfer

Answer: A - Risk mitigation is a strategy that seeks to reduce the

risk to a level that the risk becomes acceptable. A Project Manager
may add specific project tasks to the work of a project to reduce the
level of risk. [PMBOK 6th edition, Page 443]
 [Project Risk Management]

As part of a strategy to handle negative risk, a project manager

decided to adopt less complex processes, conduct more tests,
and choose a more stable supplier. What strategy would this be
classified as?
A. Acceptance
B. Transference
C. Mitigation
D. Avoidance

Answer: C - Actions such as adopting less complex processes, more

testing, or choosing a more stable supplier would be considered
mitigation. These actions reduce the probability and impact of risks.
[PMBOK 6th edition, Page 443]
 Risk
 There is a risk which has a 7% chance of happening, and if it occurs it will
cost you 2,500 USD. What is the EMV of this event?
(a) 75 USD
(b) 2,325 USD
(c) 2,675 USD
(d) 175 USD
 Knowledge Area: Risk Management

 Risks included in the Watch List are known as:

(a) High priority
(b) Low priority
(c) Negative risk
(d) Positive risk

 Answer: b
 Explanation: Low-priority risks are kept in the Watch List. These risks
have low probability and low impact. These risks are kept in the Watch
List for future monitoring to determine if they may become a high
probability or a large impact risk.
 Reference: The PMBOK Guide
 Knowledge Area: Risk Management

 Risk management is responsibility of the

a) Customer
b) Investor
c) Developer
d) Project team
e) Production team

 Answer: d) Project team

Comment: Risk management is responsibility of a whole project team.

They should identify the risks as early as possible and come up with the
ways to deal with them.
 Knowledge Area: Risk
 A project has a 60% chance of a $100,000 profit and a 40 percent of a US
$100,000 loss. The Expected Monetary Value for the project is:
 $100,000 profit
 $60,000 loss
 $ 20,000 profit
 $40,000 loss

 Answer:
 Expected Monitory Value (EMV) is computed by EMV = Probability ×
Impact.
 Compute both positive and negative values and then add them:
 0.6 × $100,000 = $60,000
 0.4 × $100,000 = $40,000
 EMV = $60,000 - $40,000 = $20,000 profit
MCQ: Risk

 If a risk has a 20 percent chance of happening in a given month, and the

project is expected to last five months, what is the probability that the risk
event will occur during the fourth month of the project?
 Answer:
 Less than 1 percent
 20 percent
 60 percent
 80 percent

Answer: 20%
MCQ: Risk

 If a project is expected to last ten months, what is the probability that the
risk event will occur during the fourth month of the project?
 Answer:
 Less than 1 percent
 20 percent
 10 percent
 100 percent

Answer: 10%
Knowledge Area: Risk

 If a risk event has a 90 percent chance of occurring, and the

consequences will be the US $ 10,000, what does the US $9,000
represent?

 Risk value
 Present value
 Expected monetary value
 Contingency budget

 EMV = .9 X $ 10,000 = $ 9,000

Project Risk Management

Early in the project, you are meeting with your team and would
like to address all the strengths, weaknesses, opportunities,
and threats the project is facing. What tool should be used?
A. SWOT Analysis
B. Interviewing
C. Delphi Technique
D. Brainstorming

A - A SWOT Analysis chart would be the best choice. SWOT is

an acronym for strengths, weakness, opportunities and threats.
[PMBOK 6th edition, Page 415]
Non-event risks

 Variability risk. Uncertainty exists about some key characteristics of a

planned event or activity or decision. Examples of variability risks include:
productivity may be above or below target, the number of errors found
during testing may be higher or lower than expected, or unseasonal
weather conditions may occur during the construction phase.

 Ambiguity risk. Uncertainty exists about what might happen in the future.
Areas of the project where imperfect knowledge might affect the project’s
ability to achieve its objectives include: elements of the requirement or
technical solution, future developments in regulatory frameworks, or
inherent systemic complexity in the project.

 In contrast with variability risks where you know something will happen
but the results will vary, like the weather, ambiguity risks deal with
unknown factors about what will happen in the future.
 Knowledge Area: Project Risk Management
 Julia is managing a water treatment plant construction project. A new
government has recently been sworn in. During the election campaign,
the winning candidate made a number of commitments regarding
environmental control reforms. Julia is not sure how the new government
and its future policies might affect her project. This is an example of:
 A. Variability risk
 B. Mitigated risk
 C. Ambiguity risk
 D. Opportunity risk

 C - Ambiguity risks relate to areas of the project where imperfect

knowledge might affect the project’s ability to achieve its objectives.
 Knowledge Area: Project Risk Management
 What is the primary risk when including reserves, or contingency
allowances, in your cost estimate?
 A. Cancelling your project
 B. Understating the cost estimate
 C. Overstating the cost estimate
 D. Tracking the funds

 Answer: C
 Contingency funds are used to handle cost uncertainty due to unforeseen
events during a project. These funds are generally used for items that are
likely to occur but are not certain to occur. [PMBOK 6th edition, Page 245]
[Project Cost Management]
MCQ: Risk Management
 After brainstorming potential project risks, what is the recommended
method for prioritizing these risks and their mitigation plans?
 A. RACI chart
 B. Control chart
 C. Fishbone diagram
 D. Probability and impact matrix

Answer: D
 A probability and impact matrix will help filter the high-risk items and
high-impact items from the others, so that you can focus your attention
on these riskier items. [PMBOK 6th edition, Page 425] [Project Risk
Management]
Project Risk Management

You are managing an oil-drilling project. With oil at $143 per

barrel, this could be a highly lucrative project. However, there
is a chance that the price of oil will drop below $105 per barrel,
which would eliminate the profit in the project. This is an
example of:
A. Requirement
B. Assumption
C. Risk
D. Constraint

C - The uncertainty of the oil price is a project risk, which can

positively or negatively affect the project. The rest of the
choices are incorrect. [PMBOK 6th edition, Page 397]
Project Risk Management

Mary is managing an organizational transformation project. The

nature of the project would require responding to high levels of
change and would also require continuous stakeholder
engagement. Which of the project lifecycles should be chosen
for this project?
A. Predictive life cycle
B. Plan-driven life cycle
C. Waterfall life cycle
D. Adaptive life cycle

D - Projects with adaptive life cycles are intended to respond to

high levels of change and require ongoing stakeholder
engagement. All other choices are predictive life cycles which
are designed to be plan driven rather than being change
driven. [PMBOK 6th edition, Page 131]
Project Risk Management

There are a number of risks that have been identified in your

project. The team has decided not to change the project plan to
deal with the risks, but they have established a contingency
reserve of money in the event something triggers these risks.
This is an example of what type of risk mitigation technique?
A.Contingent Response Strategy
B.Active acceptance
C.Passive acceptance
D.Avoidance

Answer: B - Recognizing the risk and not changing the plan

but making some contingencies in the event the risk is
triggered is an example of active acceptance. Passive
acceptance would recognize the risk but not put contingencies
in place, and avoidance would be correct if the project plan
were modified. [PMBOK 6th edition, Page 443]
[Project Risk Management]

You are managing a fund-raising golf tournament that has a

hole-in-one contest. However, your company cannot afford to
pay the $1,000,000 award if someone does get a hole in one,
so it has elected to take out an insurance policy in the event
someone does get lucky. This is an example of:
A. Sharing
B. Mitigation
C. Transference
D. Avoidance

C - The use of insurance to shift the negative impact of a risk—

in this case, the payment of $1,000,000—is an example of risk
transference. [PMBOK 6th edition, Page 443]
[Project Risk Management]

Robert is managing a road construction project. Due to

unseasonal weather conditions, the team productivity might be
above or below target. This is an example of:
A. Ambiguity risk
B. Variability risk
C. Mitigated risk
D. Opportunity risk
Answer:B - Examples of variability risks include: productivity
may be above or below target, the number of errors found
during testing may be higher or lower than expected, or
unseasonal weather conditions may occur during the
construction phase. [PMBOK 6th edition, Page 398]
[[Project Risk Management] ]

A software development project team has determined that the

best way to mitigate the risk of not having the computational
resources to complete all bug testing on schedule is to add
three more servers to the test bed. However, the network may
not have enough capacity to handle the extra load of those
three servers and could fail. This type of risk is a
_______________ risk.
A. Secondary
B. Simulation
C. Bottleneck
D. Hidden
Answer: A - A secondary risk arises as a direct result of
implementing a risk response.
[Project Risk Management]

Which of the following is not a Risk Diagramming technique?

A. Influence diagrams
B. Control charts
C. Decision trees
D. Tornado diagram

Answer: B - The business case for any project includes the

analysis of the situation, recommended solution and
Identification of alternative solutions. [PMBOK 6th edition,
Page 31]
[Project Risk Management]
Decision tree analysis is used to calculate the average outcome when the
future includes scenarios that may or may not happen. What are a decision
node’s inputs and outputs?
A. Input: Cost of each decision; Output: Probability of occurrence
B. Input: Cost of each decision; Output: Decision made
C. Input: Scenario probability; Output: Expected Monetary Value (EMV)
D. Input: Cost of each decision; Output: Payoff

Answer: B - Decision tree analysis is used to calculate the average

outcome when the future includes scenarios that may or may not happen. In
a decision node, the input is the cost of each decision and the output is a
decision made. [PMBOK 6th edition, Page 435]
[Project Risk Management]

Which of the following is true about risks?

A. A risk may have one or more causes, and, if it occurs, may have
one or more effects.
B. A risk usually has a single cause and, if it occurs, may have one
or more effects.
C. A risk usually has a single cause and, if it occurs, usually has a
single effect.
D. A risk usually has more than one cause, and if it occurs, usually
has a single effect.

Answer A - A project risk is an uncertain event or condition whose

occurrence may affect the objectives of the project. A risk may have
one or many causes, and if it occurs, it may have one or more
impacts. [PMBOK 6th edition, Page 417]
[Project Risk Management]

A project manager is considering risk in a project. When does

risk come into play in a project?
A. During the SWOT (strengths, weaknesses, opportunities,
and threats) analysis
B. During the Identify Risks phase
C. As soon as the Plan Risk Management phase begins
D. As soon as a project is conceived

Answer: D - Project risk exists in a project from the moment

the project is conceived. The risks are identified as part of
specific processes, but the risks always exist. [PMBOK 6th
edition, Page 397]
[Project Risk Management]

A risk with a positive outcome is an ___________.

A. Unlikely risk
B. Objective risk
C. Opportunity
D. Obsolete risk

Answer: C - Risks can pose a threat or an opportunity to a

project. Positive risks are called opportunities. [PMBOK 6th
edition, Page 444]
[Risks] .

At the beginning of the project, a project manager realized that

the technical expertise of the team was limited, a risk to the
project. Midway through the project, the project manager
decided this was no longer a risk and considered it outdated.
As part of which process would he do the risk reassessment?
A. Perform Qualitative Risk Analysis
B. Perform Quantitative Risk Analysis
C. Identify Risks
D. Monitor Risks

Answer: D - Risk reassessment is performed as part of the

Monitor Risks process. Such project risk reassessments
should be regularly scheduled and may result in the closure of
outdated risks. [PMBOK 6th edition, Page 453]
 [Project Risk Management]

A number of identified risks occurred early in a project. As a result,

most of the project objectives ended up in jeopardy. The project
manager decided to present a case to management that the
project be closed down. This is an example of:
A. Risk Acceptance
B. Risk Mitigation
C. Risk Avoidance
D. Risk Transfer

Answer: C - Risk avoidance involves changing the project

management plan to eliminate the risk. Although an extreme
situation, shutting down a project constitutes a radical but
legitimate avoidance strategy. [PMBOK 6th edition, Page 443]
[Project Risk Management]

While analyzing the risks in a project, a project manager

updated the risk register with risk urgency assessment ratings.
In which process would this be done?
A. Identify Risks
B. Monitor Risks
C. Perform Qualitative Risk Analysis
D. Plan Risk Management

Answer: C - Risk urgency information is updated to the Risk

register during the Perform Qualitative Risks Analysis process.
[PMBOK 6th edition, Page 427]
Project Risk Management

Lee is the project manager of a project, and he is planning

responses to a set of risks. As a direct result of implementing
these risk responses, he anticipates certain other risks to arise.
These are:
A. Secondary risks
B. Primary risks
C. Planned risks
D. Workaround

A - Secondary risks are those that arise as a direct result of

implementing a risk response. [PMBOK 6th edition, Page 439]
 Risk Management

 You are the program level manager with several project activities
underway. In the executing process group, you begin to become
concerned about the accuracy of progress reports from the projects.
What would BEST support your opinion that there is a problem?
 A-) Quality Audits
 B-) Risk Quantification Reports
 C-) Regression Analysis
 D-) Monte Carlo Analysis

 Answer is A. quality audits. If you read the second sentence again, it
says that you are concerned about the accuracy of progress reports
from the project. In order to check whether the standards of your
organization have been applied in the projects that you are
responsible of, you can conduct a quality audit and find out whether
there is really a problem. Therefore, here the best answer is A,
Quality Audits.
 Knowledge Area: Risk Management

 Andrew has joined as the Project Manager of a project. One of the project
documents available to Andrew lists down all the risks in a hierarchical
fashion. What is this document called?
Risk Management Plan.
List of risks.
Monte Carlo diagram.
Risk Breakdown Structure.

Answer: Risk Breakdown Structure.