[PMI] PMI-RMP - Risk Management Professional ​ Exam Dumps & Study Guide

Free [PMI] PMI-RMP - Risk Management Professional ​ Practice Questions Preview

• Question 1

  What are common examples used to communicate risk probability and impact?
  

  • A. Risk checklist, risk assessment, regression analysis, and assumption and constraint analysis
  • B. Monitor Risks process, multi-dimensional risk assessment, control chart, and Monte Carlo simulation
  • C. Probability distributions, sensitivity analysis, modeling and simulation, and probability and impact matrix
  • D. Monitor Risks process, assumption and constraint analysis, modeling and simulation, and risk register

  Correct Answer: C

  Explanation:

  The AI assistant **agrees with the suggested answer C**.
  
  The reason for choosing this answer is that option C contains tools and techniques explicitly designed and widely used in project risk management to analyze, represent, and communicate risk probability and impact.
  

  • Probability distributions (e.g., triangular, normal, beta distributions) are used in quantitative risk analysis to represent the range of possible values for uncertain variables (like cost or duration) and their likelihood. This directly communicates the probability of outcomes and the potential spread of impacts.
  • Sensitivity analysis (e.g., tornado diagrams) helps identify which risks or uncertain variables have the most significant potential impact on project objectives by isolating their effect. This is a powerful way to communicate the relative impact of different risks.
  • Modeling and simulation (e.g., Monte Carlo simulation) involves running multiple iterations of a project model using probability distributions for uncertain variables. The results provide a probabilistic range of possible outcomes (e.g., a 90% chance of completing the project within a certain cost or schedule), which effectively communicates combined probability and impact.
  • Probability and impact matrix is a qualitative risk analysis tool that visually maps risks based on their likelihood of occurrence (probability) and their potential effect (impact) on project objectives. It is a direct and common method for prioritizing and communicating risks based on these two dimensions.

  These methods are core components of risk analysis and communication as described in professional project management standards like the PMBOK® Guide.
  
  The reasons for not choosing the other answers are as follows:
  

  • A. Risk checklist, risk assessment, regression analysis, and assumption and constraint analysis
    • Risk checklist and assumption and constraint analysis are primarily used for risk identification, not directly for communicating probability and impact.
    • Risk assessment is a broad term encompassing the entire process of identifying, analyzing, and evaluating risks, not a specific tool for communicating probability and impact.
    • Regression analysis is a statistical technique used for modeling relationships between variables, useful in forecasting, but not a primary tool for communicating discrete risk probability and impact in a project risk context.
  • B. Monitor Risks process, multi-dimensional risk assessment, control chart, and Monte Carlo simulation
    • Monitor Risks process is a project management process from the Monitoring and Controlling Process Group, not a tool or technique for communicating risk probability and impact.
    • Control chart is a quality control tool used to determine if a process is in statistical control, not for communicating risk probability and impact.
    • While Monte Carlo simulation is a valid tool from option C, the inclusion of the "Monitor Risks process" and "control chart" makes this option incorrect as a whole for the stated purpose.
  • D. Monitor Risks process, assumption and constraint analysis, modeling and simulation, and risk register
    • Similar to option B, Monitor Risks process is a process, not a communication tool.
    • Assumption and constraint analysis is for risk identification.
    • The risk register is an output document that *contains* information about probability and impact, but it is not a *tool* used to *communicate* these aspects in the way that a matrix or simulation results do. It's a repository of risk information.
    • While modeling and simulation is a correct tool, the other items render this option less accurate than C.

  Citations:

  • A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, Project Management Institute, Inc., Newtown Square, PA. Specifically Chapters on Project Risk Management (Perform Qualitative Risk Analysis and Perform Quantitative Risk Analysis).
  • https://www.pmi.org/pmbok-guide-standards/foundational/pmbok
  • Project Management Institute (PMI) Official Website, Risk Management Section.
  • https://www.pmi.org/learning/library/project-risk-management-strategies-techniques-6535

• Question 2

  When using the risk register to manage the cost risk analysis, which of the following models the way correlation arises, and avoids the need to estimate the correlation coefficients?
  

  • A. Risk Monte Carlo analysis
  • B. Risk driver method
  • C. Risk scatter diagram
  • D. Risk RACI matrix

  Correct Answer: A

  Explanation:

  The AI recommended answer suggests B (Risk Driver Method) is the correct choice for this question.
  
  Reason for choosing this answer: The question specifically asks for a method that "models the way correlation arises, and avoids the need to estimate the correlation coefficients." The Risk Driver Method directly addresses this. In quantitative cost risk analysis, a risk driver (also known as a causal risk or primary risk) is an underlying risk event or condition that can impact multiple elements of a project's cost or schedule. By modeling the impact of these common drivers on various cost categories (e.g., a single risk of "unstable scope" impacting engineering, procurement, and construction costs), the correlation between these affected cost elements emerges naturally. This approach eliminates the need to explicitly define and estimate correlation coefficients between every pair of dependent variables, as the correlation is a direct result of their shared underlying risk drivers. This method is highly effective for dealing with interdependencies in complex projects and provides a more realistic representation of how uncertainties propagate through the project.
  
  Reasons for not choosing the other answers:

  • A. Risk Monte Carlo analysis: While Monte Carlo analysis is the primary simulation technique used in quantitative cost risk analysis, it typically requires correlation coefficients as input if dependencies are not modeled through a driver-based approach. If independent variables are directly sampled, explicit correlation coefficients are needed to enforce dependencies. If a risk driver method is employed, the Monte Carlo simulation *uses* the output of the driver model, but Monte Carlo itself is the simulation technique, not the method that inherently "models how correlation arises" or "avoids the need to estimate correlation coefficients" on its own without a complementary modeling approach like risk drivers. Therefore, it does not fit the specific criteria of *avoiding* the estimation of correlation coefficients.
  • C. Risk scatter diagram: A scatter diagram is a graphical tool used to visualize the relationship (correlation) between two variables. It helps in identifying the *existence* and *strength* of a correlation after data has been collected or simulated. However, it is a diagnostic or analytical visualization tool, not a method for modeling *how* correlation arises or for inherently avoiding the initial estimation of correlation coefficients in a forward-looking analysis.
  • D. Risk RACI matrix: A RACI (Responsible, Accountable, Consulted, Informed) matrix is a tool used for assigning roles and responsibilities for project activities or risks. It is a communication and responsibility assignment matrix and has no direct relevance to cost risk analysis, modeling correlation, or quantitative risk assessment techniques.

  
  

  Citations

  • AACE International Recommended Practice No. 57R-09: Integrated Cost and Schedule Risk Analysis Using Monte Carlo Simulation, https://web.archive.org/web/20210609060012/https://www.aacei.org/resources/rp/57r09.pdf (Accessed via web archive as direct link requires membership)
  • PMI, A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Seventh Edition (or relevant previous editions which discuss quantitative risk analysis in detail). While a specific public URL for this might not be available, it's a foundational text for PMI certifications.
  • Risk Driver, APM Wiki, https://wiki.apm.org.uk/q-analysis/risk-driver

• Question 3

  Which of the following characteristics would a risk tolerant person or group demonstrate?
  

  • A. Adaptable and resourceful; not afraid to take action; thrill seeking
  • B. Discomfort with uncertainty; low tolerance for ambiguity; seeks security and resolution in the face of risk
  • C. Risk taking is a price worth paying for future payoffs; seeks strategies and tactics that have high future payoffs; thinks abstractly and creatively envisioning possibilities, and not afraid of change or unknowns
  • D. Reasonable comfort with most uncertainty; accepts risk as a normal feature of projects and business, and takes uncertainty in stride with no apparent or significant influence on their behavior

  Correct Answer: D

  Explanation:

  The AI assistant agrees with the suggested answer D.
  
  Reason for choosing this answer:
  The characteristic of a risk-tolerant person or group aligns precisely with option D.
  A risk-tolerant individual or entity possesses a reasonable comfort with most uncertainty and accepts risk as a normal feature of projects and business. They are capable of taking uncertainty in stride, meaning it does not significantly alter or negatively influence their behavior or decision-making process. This implies an ability to proceed with plans and make rational choices even when faced with incomplete information or potential negative outcomes, understanding that risk is an inherent part of most endeavors. The discussion summary further reinforces this, stating that risk-tolerant individuals demonstrate "Comfort with Uncertainty," are comfortable with ambiguity, and "accept risk as an inherent characteristic of projects and business, managing uncertainty without significant behavioral impact."
  
  Reason for not choosing the other answers:

  • A. Adaptable and resourceful; not afraid to take action; thrill seeking: While adaptable, resourceful, and not afraid to take action are positive traits that can be associated with dealing with risk, the term "thrill seeking" suggests a characteristic of a **risk-seeking** individual rather than merely a risk-tolerant one. A risk-seeking person actively pursues risk, often for the excitement or the potential for extremely high returns, which goes beyond simply tolerating uncertainty.
  • B. Discomfort with uncertainty; low tolerance for ambiguity; seeks security and resolution in the face of risk: This option clearly describes a **risk-averse** individual or group. A risk-averse person or entity actively tries to avoid risk or requires a very high incentive to accept even a small amount of risk. They prioritize security and stability, often seeking to eliminate uncertainty entirely or find immediate resolutions to potential problems.
  • C. Risk taking is a price worth paying for future payoffs; seeks strategies and tactics that have high future payoffs; thinks abstractly and creatively envisioning possibilities, and not afraid of change or unknowns: This option describes traits more indicative of a **risk-seeking** attitude. While a risk-tolerant person is not afraid of change or unknowns, the active framing of "risk taking is a price worth paying for future payoffs" and the explicit "seeking strategies and tactics that have high future payoffs" suggests an proactive pursuit of high-risk, high-reward scenarios, characteristic of a risk-seeker, rather than someone who merely accepts and manages existing uncertainty.

  
  

  Citations

  • Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Seventh Edition.
    https://www.pmi.org/pmbok-guide-standards/foundational/pmbok
  • PMI. Risk Management for Project Managers.
    https://www.pmi.org/learning/library/risk-management-project-managers-6512
  • Wrike. Risk Tolerance.
    https://www.wrike.com/project-management-guide/faq/what-is-risk-tolerance-in-project-management/

• Question 4

  The risk manager organizes a stakeholder meeting to obtain agreement on project risk response strategies. At the conclusion of this meeting, the risk response strategies should be which of the following?
  

  • A. Scheduled, budgeted, and easy for project stakeholders to understand
  • B. Cost-effective, validated by Monte Carlo analysis, and assigned
  • C. Iterative, scaled to the project, and addressing threats and opportunities
  • D. Timely, cost-effective, agreed-upon, and accepted

  Correct Answer: D

  Explanation:

  The AI assistant agrees with the suggested answer D.
  
  Reason for choosing answer D:
  At the conclusion of a stakeholder meeting organized to obtain agreement on project risk response strategies, the strategies must possess specific characteristics that ensure their effectiveness, implementability, and stakeholder commitment. Answer D, which states "Timely, cost-effective, agreed-upon, and accepted," accurately encompasses these crucial attributes.
  
  

  • Timely: Risk response strategies must be executable at the appropriate moment, ideally before a risk event occurs or early enough to mitigate its potential impact effectively. A delayed response can render the strategy ineffective or more costly to implement.
  • Cost-effective: The resources (financial, human, time) required to implement a risk response should be proportionate to the potential impact of the risk. A strategy should not introduce costs that outweigh the benefits gained from mitigating the risk. This ensures responsible resource allocation.
  • Agreed-upon: Since the meeting's primary objective is to "obtain agreement," it is fundamental that all relevant stakeholders concur with the chosen risk response strategies. Agreement ensures collective buy-in, fosters commitment, and minimizes potential conflicts or resistance during the execution phase. This collective understanding is vital for successful implementation.
  • Accepted: This characteristic complements "agreed-upon" and implies that the strategies are not just formally approved but also practically embraced and understood by those who will be responsible for their execution and those who will be affected by them. Acceptance leads to greater compliance and successful integration into project plans and operations.

  These characteristics align directly with best practices in risk management, as outlined in authoritative sources like the PMBOK Guide, which emphasizes the need for realistic, cost-effective, adapted, and agreed-upon risk responses to ensure their success.
  
  Reason for not choosing the other answers:
  

  • A. Scheduled, budgeted, and easy for project stakeholders to understand: While desirable, these characteristics describe aspects of good planning and communication of risk responses rather than the fundamental attributes defining an effective and agreed-upon strategy itself. "Scheduled" and "budgeted" are outcomes of the planning process, and "easy to understand" is a communication goal. They are not as comprehensive in capturing stakeholder consensus and readiness for immediate implementation as "agreed-upon" and "accepted."
  • B. Cost-effective, validated by Monte Carlo analysis, and assigned: "Cost-effective" is a valid and crucial characteristic, also present in option D. However, "validated by Monte Carlo analysis" refers to a specific quantitative risk analysis tool or technique. Not all risk responses, especially for less complex or qualitative risks, require or warrant Monte Carlo validation. "Assigned" indicates that accountability has been established, which is a necessary step in the 'Plan Risk Responses' process, but it is an action taken after a strategy is agreed upon, not a characteristic of the strategy's quality or agreement at the conclusion of the meeting.
  • C. Iterative, scaled to the project, and addressing threats and opportunities: These describe the overarching nature, scope, and objective of risk management and risk responses in general, rather than the specific characteristics of finalized strategies ready for implementation after stakeholder agreement. "Iterative" pertains to the continuous nature of risk management. "Scaled to the project" refers to tailoring the process. "Addressing threats and opportunities" is the primary purpose or objective of risk response planning. While true statements about risk management, they do not specifically define the attributes required for a strategy to be considered "agreed-upon" and ready for execution at the conclusion of a stakeholder meeting.

  
  

  Citations:

  • A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, Project Management Institute (PMI), Page 439, Paragraph 11.5
  • https://www.pmi.org/pmbok-guide-standards/foundational/pmbok

• Question 5

  A new resource is added to the project team from a matrix organization. How should the project's risk manager familiarize the new team member with the project's risk management process?
  

  • A. The functional manager is responsible for providing the training.
  • B. Provide project specific risk training and mentor through the risk process.
  • C. Send the new team member the risk management plan to read.
  • D. Provide the new team member with a copy of the risk register and latest status report.

  Correct Answer: C

  Explanation:

  Based on the question content and the comprehensive discussion, the AI recommends that the most appropriate answer is B. Provide project specific risk training and mentor through the risk process.
  
  The reason for choosing this answer is that PMI (Project Management Institute) principles and best practices strongly advocate for active engagement, training, and mentorship when integrating new team members into critical project processes such as risk management. Simply providing documentation, while necessary, is often insufficient to ensure true understanding, active participation, and effective implementation of the risk management process. The Project Manager or dedicated Risk Manager is responsible for ensuring that all team members are fully conversant with the project's unique risk approach, processes, and tools. This involves not only explaining the theoretical aspects but also guiding them through practical application, fostering a proactive risk-aware culture, and encouraging their active contribution to risk identification, analysis, and response planning. This approach ensures that the new team member not only understands "what" to do but also "how" and "why" it's done in the context of the specific project, which is crucial for effective risk management and project success.
  
  The reason for not choosing the other answers is as follows:
  

  • A. The functional manager is responsible for providing the training. While a functional manager is responsible for the overall competence and professional development of their team members, project-specific processes, especially complex ones like risk management, fall under the purview of the Project Manager or Project's Risk Manager. The functional manager may support, but the primary responsibility for project-specific onboarding and process familiarization rests with the project leadership to ensure alignment with project goals and existing project plans.
  • C. Send the new team member the risk management plan to read. As highlighted in the discussion, merely providing a document does not guarantee understanding or effective engagement. A risk management plan is a critical document, but it serves as a reference and a guide, not a substitute for interactive training and mentorship. Passive reading can lead to misinterpretations or a superficial understanding, which is detrimental to effective risk management that requires active participation and critical thinking.
  • D. Provide the new team member with a copy of the risk register and latest status report. The risk register and status reports are outputs of the risk management process, showing current identified risks and their status. Providing these without prior training on the process itself would be akin to giving someone a finished product without explaining how it was made or how they are expected to contribute to its future iterations. It would likely overwhelm the new team member and fail to familiarize them with the *process* of risk management itself.

  
  

  Citations

  • A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Latest Edition, specifically sections on Project Risk Management and Project Resource Management which emphasize team development and engagement.
  • PMI Risk Management Professional (PMI-RMP) Examination Content Outline, https://www.pmi.org/certifications/project-management-certifications/risk-management-professional/pmi-rmp-exam-content-outline

• Question 6

  The stakeholder is unwilling to make decisions that would result in negative consequences to the project. Which of the following describes the stakeholder's attitude regarding project risks?
  

  • A. Risk averse
  • B. Risk neutral
  • C. Risk accepting
  • D. Not enough information available to describe the stakeholder's risk attitude

  Correct Answer: A

  Explanation:

  The AI assistant agrees with the suggested answer, which is A.
  
  Reason for choosing this answer (A):
  The question describes a stakeholder who is "unwilling to make decisions that would result in negative consequences to the project." This statement directly aligns with the definition of a risk-averse individual. A risk-averse person or entity prefers certainty over uncertainty and will actively avoid situations or decisions that carry a potential for negative outcomes, even if there might be potential positive outcomes associated with the risk. Their primary focus is on minimizing losses and protecting the project from harm. In project risk management, understanding a stakeholder's risk attitude is crucial because it influences their engagement with risk processes, their willingness to approve risk responses, and their overall decision-making regarding project uncertainties. The unwillingness to accept negative consequences is a hallmark characteristic of risk aversion.
  
  Reason for not choosing the other answers:

  • B. Risk neutral: A risk-neutral stakeholder is indifferent to risk. Their decisions are based purely on expected monetary value (or other objective criteria), without any bias towards avoiding or seeking risk. They would not be swayed by the potential for negative consequences as much as by the expected outcome. The described behavior ("unwilling to make decisions that would result in negative consequences") clearly indicates a bias against negative outcomes, thus ruling out risk neutrality.
  • C. Risk accepting: A risk-accepting stakeholder is willing to embrace risk, often because they believe the potential rewards outweigh the potential negative consequences, or because they see opportunities within the uncertainty. They might even proactively seek out situations with higher risk for greater potential returns. This is the opposite of the behavior described in the question, where the stakeholder is actively avoiding negative consequences.
  • D. Not enough information available to describe the stakeholder's risk attitude: The question provides sufficient information to describe the stakeholder's risk attitude. The statement "unwilling to make decisions that would result in negative consequences to the project" is a clear and direct indicator of risk aversion. There is no ambiguity that requires more information to categorize this specific attitude.

  Citations:

  • Project Management Institute. (2017). A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition. Newtown Square, PA: Project Management Institute. (Sections related to Project Risk Management, specifically risk attitudes/appetite/tolerance/threshold).
  • PMI. The Standard for Risk Management in Portfolios, Programs, and Projects. Project Management Institute. https://www.pmi.org/pmbok-guide-standards/standards-and-guides/risk-management-standard
  • Project Management Institute. PMI Lexicon of Project Management Terms. https://www.pmi.org/pmbok-guide-standards/lexicon

• Question 7

  A project manager is developing the risk management process and schedules a risk planning workshop at the start of the project. Upon receiving the invitation, a senior stakeholder emails the project manager stating that a risk management plan is not needed since this is a small project, and lack of a plan will reduce costs.
  Which of the following should the project manager do?
  

  • A. Advise the stakeholder that risk management is a valuable undertaking and must be applied to all projects to some degree.
  • B. Cancel the workshop, as the stakeholder is senior and risk management is an optional process, especially on smaller projects.
  • C. Continue with the workshop, but remove the stakeholder from the list of attendees.
  • D. Review the scope in an attempt to save money in other areas of the project to provide funding for the risk management activities.

  Correct Answer: A

  Explanation:

  The AI recommended answer agrees with the suggested answer, which is A.
  
  The reason for choosing this answer is that a project manager's fundamental responsibility includes managing risks, regardless of the project's size. While the *degree* or *formality* of risk management can be tailored to suit a project's complexity, size, and importance, the process itself cannot be entirely eliminated. Risk management is a value-adding undertaking that helps identify potential threats and opportunities, plan responses, and ultimately increase the likelihood of project success while potentially reducing unforeseen costs and delays.
  
  When a senior stakeholder expresses concerns about costs or necessity, the project manager's role is to educate, advise, and demonstrate the value of applying risk management principles. This includes explaining how even on smaller projects, unmanaged risks can lead to significant issues, scope creep, budget overruns, and missed deadlines. Proactive risk management is an investment that typically yields a positive return by preventing more costly problems down the line. It is a core tenet of effective project management to ensure all aspects, including risks, are considered and managed to an appropriate degree.
  
  The reason for not choosing the other answers is as follows:

  • B. Cancel the workshop, as the stakeholder is senior and risk management is an optional process, especially on smaller projects. This option is incorrect because it implies abdicating the project manager's responsibility for risk management. Risk management is not an optional process in professional project management, even for smaller projects. While tailoring is encouraged, complete abandonment of a critical knowledge area is detrimental and against PMI principles. Furthermore, a stakeholder's seniority does not negate the project manager's accountability for applying appropriate project management processes.
  • C. Continue with the workshop, but remove the stakeholder from the list of attendees. This action would be detrimental to stakeholder engagement and could create significant resistance. Senior stakeholders often possess valuable insights into project risks and organizational context. Excluding them from critical planning sessions like risk management workshops is counterproductive and goes against the principle of proactive stakeholder engagement, which is vital for building consensus and support.
  • D. Review the scope in an attempt to save money in other areas of the project to provide funding for the risk management activities. This option misinterprets the nature of risk management costs and value. Risk management is not an additional "feature" that requires separate funding by cutting essential project scope. It is an integral part of project overhead and good project management practice. The value of risk management lies in *avoiding* future costs and problems, not in being a separate budget item that needs to be funded by sacrificing other project elements. Its implementation typically aims to optimize overall project cost and schedule performance.

  
  
  Citations:
  

  • Project Management Institute. (2021). A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Seventh Edition and The Standard for Project Management. Project Management Institute.
  • Project Management Institute. (2019). The Standard for Risk Management in Portfolios, Programs, and Projects. Project Management Institute.
  • The Value of Project Management. https://www.pmi.org/learning/library/value-project-management-project-roi-6288
  • PMI: Risk Management - An Essential Element of Project Success. https://www.pmi.org/learning/library/risk-management-essential-project-success-6346

• Question 8

  What is a project issue within a project environment?
  

  • A. A negative effect on a project objective arising from occurrence of a threat
  • B. A certain event which has a positive or negative impact in the project
  • C. A risk which has a significant impact on the project
  • D. An uncertain event which may impact the project

  Correct Answer: A

  Explanation:

  The AI assistant agrees with the suggested answer, which is A.
  
  Reason for choosing this answer:
  A project issue, within a project environment, refers to a current problem or concern that has arisen and requires immediate attention and resolution because it is actively impacting the project objectives. It is fundamentally a risk that has materialized or an unexpected event that is now certain to affect the project.
  
  Option A states: "A negative effect on a project objective arising from occurrence of a threat."
  This definition accurately captures the essence of a project issue. A "threat" is a type of risk that, if it occurs, would have a negative impact on project objectives. When such a threat "occurs" or materializes, it transitions from being an uncertain future event (risk) to a current, certain problem (issue). This "occurrence" then leads directly to a "negative effect on a project objective," which is what an issue represents – a problem that needs to be addressed now. The Project Management Institute (PMI) defines an issue as "a current condition or situation that may have an impact on the project objectives" (PMBOK® Guide, 7th Edition, Glossary). This definition aligns perfectly with a materialized threat causing a negative effect, thus becoming a current condition that needs managing.
  
  Reasons for not choosing the other answers:
  

  • Option B: A certain event which has a positive or negative impact in the project. While an issue is a certain event (it has already occurred or is currently occurring), this definition is too broad. It does not specifically convey that an issue is a *problem* or a materialized risk. Many planned or known events could fit this description without being "issues" in the sense of problems requiring resolution. Also, issues are typically associated with adverse impacts, though secondary positive impacts might arise from addressing them.
  • Option C: A risk which has a significant impact on the project. This statement describes a characteristic of a *risk*, not an *issue*. A risk is an *uncertain* event or condition. An issue, by contrast, is a *certain* event or condition that has already happened or is currently happening. The core distinction lies in uncertainty versus certainty.
  • Option D: An uncertain event which may impact the project. This is the widely accepted and foundational definition of a *risk*, not an *issue*. The defining characteristic of a risk is its uncertainty. An issue, by definition, is no longer uncertain; it is a factual problem or situation that requires action.

  
  

  Citations:

  • Project Management Institute. (2021). A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Seventh Edition and The Standard for Project Management. Project Management Institute. (For definition of Issue in Glossary) https://www.pmi.org/pmbok-guide-standards/pmbok-guide-7th-edition
  • PMI.org - Project Management Institute Official Website (General resource for project management standards and definitions) https://www.pmi.org
  • Project Risk Management: Essential Concepts and Practices for PMI-RMP and PMP Exam Prep (A study guide that often clarifies the distinction between risks and issues) https://www.pmi.org/learning/library/project-risk-management-essential-concepts-8468

• Question 9

  What is the purpose of mitigating negative risks as a part of the risk response process?
  

  • A. To transfer the probability of a risk happening to a third party, and to reduce the severity of the impact
  • B. To reduce the probability of a risk happening, and/or reduce the severity of the impact
  • C. To accept the probability of a risk happening to reduce the severity of the impact
  • D. To increase the probability of a risk happening, but reduce the severity of the impact

  Correct Answer: B

  Explanation:

  The AI assistant agrees with the suggested answer B.
  
  The reason for choosing this answer is that risk mitigation is a proactive risk response strategy specifically aimed at reducing the exposure of a project to negative risks (threats). This is achieved by taking actions to either:

  • Decrease the probability or likelihood of the risk event occurring.
  • Reduce the severity of the impact if the risk event does occur.

  
  Often, mitigation strategies can involve actions that address both the probability and the impact. The objective is to bring the risk exposure to an acceptable level for the project. This definition is fundamental to project risk management and is consistently outlined in key project management standards.
  
  The reasons for not choosing the other answers are:

  • Option A: To transfer the probability of a risk happening to a third party, and to reduce the severity of the impact. This describes the 'Transfer' risk response strategy, not 'Mitigate'. Risk transfer involves shifting the ownership and responsibility for a threat to a third party (e.g., through insurance, warranties, or outsourcing a specific activity). While the ultimate aim might still be to reduce the project's exposure (often financial impact), the primary mechanism is shifting the burden, not reducing its intrinsic probability or impact within the project's direct control.
  • Option C: To accept the probability of a risk happening to reduce the severity of the impact. This largely describes the 'Accept' risk response strategy. When a risk is accepted, no proactive steps are taken to change the probability or impact. Acceptance can be passive (doing nothing) or active (developing a contingency plan or fallback plan if the risk occurs). While an active acceptance plan might focus on reducing impact should the risk materialize, the core premise of 'accepting the probability' distinguishes it from mitigation, where direct action is taken to alter the risk's characteristics before it occurs.
  • Option D: To increase the probability of a risk happening, but reduce the severity of the impact. Increasing the probability of a negative risk (threat) is counterproductive and is not a valid risk response strategy for threats. For positive risks (opportunities), one might 'Enhance' to increase probability or impact, but for negative risks, the goal is always reduction or elimination, never increase.

  
  

  Citations:

  • A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, Project Management Institute.
  • https://www.pmi.org/pmbok-guide-standards/foundational/pmbok
  • PMI Standards & Publications: Risk Management.
  • https://www.pmi.org/learning/library/risk-management-standard-guide-6302

• Question 10

  In the country where a project is being executed, customs procedures are complex and change frequently. During the risk identification process, the project team identifies a risk related to delays in customs on substantial equipment that will likely occur. Equipment delays on this project could lead to the project cancellation.
  How should the probability and impact be characterized for this risk?
  

  • A. Low probability/low impact
  • B. High probability/low impact
  • C. Low probability/high impact
  • D. High probability high impact

  Correct Answer: D

  Explanation:

  The AI assistant agrees with the suggested answer, which is Option D.
  
  Reasoning for choosing Option D:
  The question provides explicit and strong indicators for characterizing both the probability and the impact of the identified risk.
  First, regarding the probability, the risk is described as one that "will likely occur". In the context of qualitative risk analysis, as defined by the Project Management Institute (PMI), terms like "likely" or "highly probable" are used to denote a high probability of a risk event materializing. This indicates that the project team assesses the occurrence of customs delays as a strong possibility, not just a remote chance.
  Second, concerning the impact, the potential consequence of this risk is stated to "lead to the project cancellation". Project cancellation represents the most severe and catastrophic outcome for any project. It implies a complete failure to meet project objectives, rendering all invested resources and efforts futile. Such an outcome undeniably signifies a very high or extreme impact, far beyond a minor inconvenience or delay.
  When both the probability of occurrence and the potential impact are assessed as high, the risk is classified as a critical risk. According to risk management best practices, particularly those outlined in the PMBOK® Guide and the Practice Standard for Project Risk Management, such high-priority risks require immediate and focused attention, often necessitating detailed quantitative analysis and robust risk response strategies to mitigate or avoid them. This aligns perfectly with selecting "High probability/high impact" for this specific scenario.
  
  Reasoning for not choosing other options:
  

  • Option A: Low probability/low impact - This option is incorrect because the problem statement explicitly describes the risk as one that "will likely occur" (indicating high probability) and could lead to "project cancellation" (indicating high impact). Therefore, neither the probability nor the impact is low.
  • Option B: High probability/low impact - While the probability is correctly identified as high ("will likely occur"), the impact is severely understated. "Project cancellation" is a high, indeed catastrophic, impact, not a low one.
  • Option C: Low probability/high impact - While the impact is correctly identified as high ("project cancellation"), the probability is incorrectly characterized as low. The phrase "will likely occur" directly indicates a high, not low, probability.

  Citations:

  • PMI's A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Seventh Edition, Risk Management Principles
    https://www.pmi.org/pmbok-guide-standards/pmbok
  • PMI's Practice Standard for Project Risk Management, Section 3.4.2: Perform Qualitative Risk Analysis (Probability and Impact Matrix)
    https://www.pmi.org/pmbok-guide-standards/standards-library/practice-standard-risk-management