# Rita Questions – Ch 11 Risk Management

question

1. All of the following are factors in the assessment of project risk EXCEPT: A. Risk event B. Risk probability C. Amount at stake D. Insurance premiums

Answer D Insurance premiums come into play when you determine which risk response strategy you will use.
question

2. If a project has a 60 percent chance of a \$100,000 profit and a 40 percent chance of a \$100,000 loss, the expected monetary value for the project is: A. \$100,000 profit B. \$60,000 loss C. \$20,000 profit D. \$40,000 loss

Answer C Expected monetary value (EMV) is computed by EMV = Probability x Impact. We need to compute both positive and negative values and then add them. 0.6 x \$100,000 = \$60,000. 0.4 x (\$100,000) = (\$40,000) Expected Monetary Value = \$60,000 – \$40,000 = \$20,000 profit
question

3. Assuming that the ends of a range of estimates are +/- 3 sigma from the mean, which of the following range estimates involves the LEAST risk? A. 30 days, plus or minus 5 days B. 22 – 30 days C. Optimistic = 26 days, most likely = 30 days, pessimistic = 33 days D. Mean of 28 days

Answer C This one drove you crazy didn’t it? Reread the question! When you look at the ranges of each choice, you will see that choice A is ten days, choice B is eight days, and choice C is seven days. The range of estimates with the smallest range is the least risky. Therefore, the answer is C. The words +/- 3 sigma are extraneous. Practice reading questions that are wordy and have extraneous data.
question

4. Which of the following risk events is MOST likely to interfere with attaining a project’s schedule objective? A. Delays in obtaining required approvals B. Substantial increases in the cost of purchased materials C. Contract disputes that generate claims for increased payments D. Slippage of the planned post-implementation review meeting

Answer A Cost increases (choice B) and contract disputes (choice C) will not necessarily interfere with schedule. Notice the words “post-implementation” in choice D. It will not definitely interfere with the project schedule. Choice A is the only one that deals with a time delay.
question

5. If a risk has a 20 percent chance of happening in a given month, and the project is expected to last five months, what is the probability that this risk event will occur during the fourth month of the project? A. Less than 1 percent B. 20 percent C. 60 percent D. 80 percent

Answer B Don’t feel too silly if you got this wrong. Many people miss this one. No calculation is needed. If there is a 20 percent chance in any one month, the chance in the fourth month must therefore be 20 percent.
question

6. If a risk event has a 90 percent chance of occurring, and the consequences will be \$10,000, what does \$9,000 represent? A. Risk value B. Present value C. Expected monetary value D. Contingency budget

Answer C Expected monetary value is computed by multiplying the probability times the impact. In this case, EMV = 0.9 x \$10,000 = \$9,000.
question

7. Risks will be identified during which risk management process(es)? A. Perform Quantitative Risk Analysis and Identify Risks B. Identify Risks and Monitor and Control Risks C. Perform Qualitative Risk Analysis and Monitor and Control Risks D. Identify Risks

Answer B This is a tricky question. Risks are identified during the Identify Risk process naturally, but newly emerging risks are identified in the Monitor and Control Risks process.
question

8. What should be done with risks on the watchlist? A. Document them for historical use on other projects B. Document them and revisit during project monitoring and controlling C. Document them and set them aside because they are already covered in your contingency plans D. Document them and give them to the customer

Answer B Risks change throughout the project. You need to review risks at intervals during the project to ensure that non-critical risks have not become critical.
question

9. All of the following are ALWAYS inputs to the risk management process EXCEPT: A. Historical information B. Lessons learned C. Work breakdown structure D. Project status reports

Answer D Project status reports (choice D) can be an input to risk management. However, when completing risk management for the first time, you would not have project status reports. Therefore, project status reports are not always an input to risk management.
question

10. Risk tolerances are determined in order to help: A. The team rank the project risks B. The project manager estimate the project C. The team schedule the project D. Management know how other managers will act on the project

Answer A If you know the tolerances of the stakeholders, you can determine how they might react to different situations and risk events. You use this information to help assign levels of risk on each work package or activity.
question

11. All of the following are common results of risk management EXCEPT: A. Contract terms and conditions are created B. The project management plan is changed C. The communications management plan is changed D. The project charter is changed

Answer D A change to the project charter is not always necessary. In fact, a change to the charter is a fundamental change to the project and may require a major adjustment to all aspects of the project management plan. There are many reasons the other choices could happen as a result of risk. Since a contract can only be created after risks are known (a contract is a tool to transfer risks), it is common sense that choice A cannot be the exception. The project management plan (choice B) could change to include a modified WBS and new work packages related to mitigating risk. The communications management plan (choice C) could change as a way to address a risk. Choice D is the best answer.
question

12. Purchasing insurance is BEST considered an example of risk: A. Mitigation B. Transfer C. Acceptance D. Avoidance

Answer B To mitigate risk (choice A), we either reduce the probability of the event happening or reduce its impact. Many people think of using insurance as a way of decreasing impact. However, mitigating risk is taking action before a risk event occurs. Buying insurance is not such an action. Acceptance of risk (choice C) does not involve such action as purchasing insurance. Avoidance of risk (choice D) means we change the way we will execute the project so the risk is no longer a factor. Transference is passing the risk off to another party.
question

13. You are finding it difficult to evaluate the exact cost impact of risks. You should evaluate on a(n): A. Quantitative basis B. Numerical basis C. Qualitative basis D. Econometric basis

Answer C If you cannot determine an exact cost impact to the event, use qualitative estimates such as Low, Medium, High, etc.
question

14. Outputs of the Plan Risk Responses process include: A. Residual risks, fallback plans, and contingency reserves B. Risk triggers, contracts, and a risk list C. Secondary risks, process updates, and risk owners D. Contingency plans, project management plan updates, and change requests

Answer A A risk list (choice B), process updates (choice C), and change requests (choice D) are not outputs of the Plan Risk Responses process. The items in choice A are all outputs of the Plan Risk Responses process, making choice A the correct answer.
question

15. Workarounds are determined during which risk management process? A. Identify Risks B. Perform Quantitative Risk Analysis C. Plan Risk Responses D. Monitor and Control Risks

Answer D A workaround refers to determining how to handle a risk that occurs but is not included in the risk register. The project must be in the Monitor and Control Risks process if risks have occurred.
question

16. During which risk management process is a determination to transfer a risk made? A. Identify Risks B. Perform Quantitative Risk Analysis C. Plan Risk Responses D. Monitor and Control Risks

Answer C Transference is a risk response strategy.
question

17. A project manager has just finished the risk response plan for a \$387,000 engineering project. Which of the following should he probably do NEXT? A. Determine the overall risk rating of the project B. Begin to analyze the risks that show up in the project drawings C. Add work packages to the project work breakdown structure D. Hold a project risk reassessment

Answer C This situation is occurring during project planning. Planning must be completed before moving on. Determining the risk rating of the project (choice A) is done during the Perform Qualitative Risk Analysis process, and should have already been done. Choice B is work that is done during project executing. Project risk reassessment (choice D) occurs during Monitor and Control Risks, the next step in the risk process after Plan Risk Responses. But the question does not ask what is next in the risk management process, just what is next. Only choice C, as part of iterations, comes after risk in project planning. Do you know the order of planning yet?
question

18. A project manager asked various stakeholders to determine the probability and impact of a number of risks. He then analyzed assumptions. He is about to move to the next step of risk management. Based on this information, what has the project manager forgotten to do? A. Evaluate trends in risk analysis B. Identify triggers C. Provide a standardized risk rating matrix D. Create a fallback plan

Answer C The activities of the Perform Qualitative Risk Analysis process are probability and impact definition, assumptions testing (data quality assessment), and probability and impact matrix development.
question

19. A project manager has assembled the project team, identified 56 risks on the project, determined what would trigger the risks, rated them on a risk rating matrix, tested their assumptions, and assessed the quality of the data used. The team is continuing to move through the risk management process. What has the project manager forgotten to do? A. Simulation B. Risk mitigation C. Overall risk ranking for the project D. Involvement of other stakeholders

Answer D The process they have used so far is fine, except the input of other stakeholders is needed in order to identify more risks.
question

20. You are a project manager for the construction of a major new manufacturing plant that has never been done before. The project cost is estimated at \$30,000,000 and will make use of three sellers. Once begun, the project cannot be cancelled, as there will be a large expenditure on plant and equipment. As the project manager, it would be MOST important to carefully: A. Review all cost proposals from the sellers B. Examine the budget reserves C. Complete the project charter D. Perform an identification of risks

Answer D Choice A could be done, but it is not a pressing issue based on the situation provided. Choice B could also be done, but not until risk planning is completed. It is always important to carefully complete a project charter, choice C, but there are other issues needing detailed attention in this situation, so choice C cannot be best. Since this project has never been done before, and there will be a large cost outlay, it would be best for the project manager to spend more time on risk management. Risk identification is the most proactive response and would have the greatest positive impact on the project.
question

21. During the Plan Risk Management process, your team has come up with 434 risks and 16 major causes of those risks. The project is the last of a series of projects that the team has worked on together. The sponsor is very supportive, and a lot of time was invested in making sure the project work was complete and signed off by all key stakeholders. During project planning, the team cannot come up with an effective way to mitigate or insure against a risk. It is not work that can be outsourced, nor can it be deleted. What would be the BEST solution? A. Accept the risk B. Continue to investigate ways to mitigate the risk C. Look for ways to avoid the risk D. Look for ways to transfer the risk

Answer A This question relates real-world situations to risk types. Did you realize that the entire first paragraph is extraneous (belanglos)? Based on the question, you cannot delete the work to avoid it, nor can you insure or outsource to transfer the risk. This leaves acceptance as the only correct choice.
question

22. A project manager is quantifying risk for her project. Several of her experts are offsite, but wish to be included. How can this be done? A. Use Monte Carlo analysis using the Internet as a tool B. Apply the critical path method C. Determine options for recommended corrective action D. Apply the Delphi technique

Answer D The Delphi technique is most commonly used to obtain expert opinions on technical issues, the necessary project or product scope, or the risks.
question

23. An experienced project manager has just begun working for a large information technology integrator. Her manager provides her with a draft project charter and immediately asks her to provide an analysis of the risks on the project. Which of the following would BEST help in this effort? A. An article from PM Network Magazine B. Her project scope statement from the project planning process C. Her resource plan from the project planning process D. A conversation with a team member from a similar project that failed in the past

Answer D Did you realize that this situation is taking place during the initiating process group? Choices B and C are created in the project planning process and so are not yet available. Therefore, we are left with deciding if choice A or choice D provides the greater value. Since the information gained in choice D is more specific to your company, it is the best choice.
question

24. You have been appointed as the manager of a new, large, and complex project. Because this project is business-critical and very visible, senior management has told you to analyze the project’s risks and prepare response strategies for them as soon as possible. The organization has risk management procedures that are seldom used or followed, and has had a history of handling risks badly. The projects first milestone is in two weeks. In preparing the risk response plan, input from which of the following is generally LEAST important? A. Project team members B. Project sponsor C. Individuals responsible for risk management policies and templates D. Key stakeholders

Answer B Team members (choice A) will have knowledge of the project and the product of the project and will thus have a lot to contribute to risk responses. Those responsible for risk templates (choice C) will be able to provide the templates from past projects (historical records) and therefore will be very important. Key stakeholders (choice D) will know more about the technical working of the project to help plan “What are we going to do about it?” so choice D is not likely to be the least important. The sponsor (choice B) may have the least knowledge of what will work to solve the problems. Sponsors need to be involved in the project and help identify risks. They may even approve the response plans created by others, but they would not generally be major contributors to response plans. This makes B the best choice.
question

25. You were in the middle of a two-year project to deploy new technology to field offices across the country. A hurricane caused power outages just when the upgrade was near completion. When the power was restored, all of the project reports and historical data were lost with no way of retrieving them. What should have been done to prevent this problem? A. Purchase insurance B. Plan for a reserve fund C. Monitor the weather and have a contingency plan D. Schedule the installation outside of the hurricane season

Answer C The risk is the loss of data due to a power outage. Choice A is not related to “mitigating” the problem. It transfers the risk. A reserve fund (choice B) is acceptance and would help address the cost factors after the power failure, but would not reduce the probability or impact of it. Avoiding the hurricane by scheduling the installation at a different time (choice D) mitigates the power outage risk but could have a large negative impact on the project schedule and so is not the best choice. The better choice of the mitigation options (choices C and D) is to monitor the weather and know when to implement the contingency plan.
question

26. A system development project is nearing project closing when a previously unidentified risk is discovered. This could potentially affect the project’s overall ability to deliver. What should be done NEXT? A. Alert the project sponsor of potential impacts to cost, scope, or schedule B. Qualify the risk C. Mitigate this risk by developing a risk response plan D. Develop a workaround

Answer B You would need to analyze the problem before you would talk to the sponsor (choice A). You could not mitigate the risk (choice C) until you qualified the risk. A workaround (choice D) is an unplanned response to a risk that is occurring. This risk is identified, not occurring, so there is no need to take action by creating a workaround. Qualifying the risk (choice B) will give you an indication of how great the risk is. That information will help you determine how to proceed.
question

27. The cost performance index (CPI) of a project is 0.6 and the schedule performance index (SPI) is 0.71. The project has 625 work packages and is being completed over a four-year period. The team members are very inexperienced, and the project received little support for proper planning. Which of the following is the BEST thing to do? A. Update risk identification and analysis B. Spend more time improving the cost estimates C. Remove as many work packages as possible D. Reorganize the responsibility assignment matrix

Answer A This project has deviated so far from the baseline that updated risk identification and risk analysis should be performed.
question

28. While preparing your risk responses, you identify additional risks. What should you do? A. Add reserves to the project to accommodate the new risks and notify management B. Document the risk items, and calculate the expected monetary value based on probability and impact that result from the occurrences C. Determine the risk events and the associated cost, then add the cost to the project budget as a reserve D. Add a 10 percent contingency to the project budget and notify the customer

Answer B When a new risk is identified, it should go through the risk management process. Choice A cannot be the best choice, as you first need to determine the probability and impact of the risk and then try to diminish impact through the Plan Risk Responses process. Only after these efforts should you add reserves. Choice C addresses only costs, when there could also be a time impact. This choice also ignores the work of Plan Risk Responses. Choice D cannot be the best choice because it is better to determine reserves based on a detailed analysis of risk. Therefore, the best choice is B.
question

29. You have just been assigned as the project manager for a new telecommunications project that is entering the second phase of the project. There appear to be many risks on this project, but no one has evaluated them to assess the range of possible project outcomes. What needs to be done? A. Plan Risk Management B. Perform Quantitative Risk Analysis C. Plan Risk Responses D. Monitor and Control Risks

Answer A Did you notice that this project has already begun? Risk management is a required element of project management. You must complete the risk management process, starting with the Plan Risk Management process, making choice A the correct choice.
question

30. During project executing, a team member identifies a risk that is not in the risk register. What should you do? A. Get further information on how the team member identified the risk, because you already performed a detailed analysis and did not identify this risk B. Disregard the risk, because risks were identified during project planning C. Inform the customer about the risk D. Analyze the risk

Answer D First, you want to determine what the risk entails and the impact to the project, then determine what actions you will take regarding the risk.
question

31. During project executing, a major problem occurs that was not included in the risk register. What should you do FIRST? A. Create a workaround B. Reevaluate the Identify Risks process C. Look for any unexpected effects of the problem D. Tell management

Answer A Notice that this is a problem that has occurred, rather than a problem that has just been identified. Following the right process is part of professional and social responsibility. Because an unidentified problem or risk occurred, it is important to perform choices B and C. However, they are not your first choices. You might need to inform management (choice D) but this is reactive, not proactive, and not the first thing you should do.
question

32. The customer requests a change to the project that would increase the project risk. Which of the following should you do before all the others? A. Include the expected monetary value of the risk in the new cost estimate. B. Talk to the customer about the impact of the change. C. Analyze the impacts of the change with the team. D. Change the risk management plan.

Answer C This is a recurring theme. First, you should evaluate the impact of the change. Next, determine options. Then go to management and the customer.
question

33. Which of the following is a chief characteristic of the Delphi technique? A. Extrapolation from historical records from previous projects B. Expert opinion C. Analytical hierarchy process D. Bottom-up approach

Answer B The Delphi technique uses experts and builds to consensus; therefore, expert opinion is the chief characteristic.
question

34. A project has had some problems, but now seems under control. In the last few months, almost all the reserve has been used up and most of the negative impacts of events that had been predicted have occurred. There are only four activities left, and two of them are on the critical path. Management now informs the project manager that it would be in the performing organizations best interest to finish the project two weeks earlier than scheduled in order to receive an additional profit. In response, the project manager sends out a request for proposal for some work that the team was going to do, in the hopes that another company might be able to do the work faster. The project manager can BEST be said to be attempting to work with: A. Reserve B. Opportunities C. Scope verification D. Threats

Answer B The wording of this question can be confusing. Reserve (choice A) is mentioned in the situation, but the project manager is not dealing with reserves in the actions he is taking. Choice C involves meeting with the customer to gain formal acceptance, so it cannot be the best choice. Choice D cannot be the best choice since the project manager is trying to make something good happen, not dealing with a negative impact, or threat, that mayor may not occur. The project manager is working to make a positive impact on the project more likely to occur. Therefore, choice B is best.
question

35. Monte Carlo analysis is used to: A. Get an indication of the risk involved in the project B. Estimate an activity’s length C. Simulate the order in which activities occur D. Prove to management that extra staff is needed

Answer A Notice how many choices are half right? Monte Carlo could help you know that an estimate for an activity needs to change, but not what the activity estimate should be (choice B). Monte Carlo is a simulation (choice C), but it simulates time, not order of activities. Monte Carlo can be used to prove things to management (choice D), but its main focus deals with time, not staff. Risk can be assessed using Monte Carlo analysis (choice A). By considering the inputs to the PERT estimates and the network diagram, you can obtain a better overview of the overall project risk.
question

36. A project team is creating a project management plan when management asks them to identify project risks and provide some form of qualitative output as soon as possible. What should the project team provide? A. Prioritized list of project risks B. Risk triggers C. Contingency reserves D. Probability of achieving the time and cost objectives

Answer A This question essentially asks, “What is an output of the Perform Qualitative Risk Analysis process?” Only Choice A meets that criteria. Choices B and C are parts of the Plan Risk Responses process. Choice D occurs during the Perform Quantitative Risk Analysis process.
question

37. A project manager is creating a risk response plan. However, every time a risk response is suggested, another risk is identified that is caused by the response. Which of the following is the BEST thing for the project manager to do? A. Document the new risks and continue the Plan Risk Responses process B. Make sure the project work is better understood C. Spend more time making sure the risk responses are clearly defined D. Get more people involved in the Identify Risks process, since risks have been missed

Answer A Did you realize this question describes secondary risks? Identifying secondary risks is good and expected while completing the Plan Risk Responses process. With that in mind, the best thing to do is choice A.
question

38. A watchlist is an output of which risk management process? A. Plan Risk Responses B. Perform Quantitative Risk Analysis C. Perform Qualitative Risk Analysis D. Plan Risk Management

Answer C A watchlist is made up of low priority risks that, in the Perform Qualitative Risk Analysis process, were determined to be of too low priority or low impact to move further in the risk process.
question

39. During the Identify Risks process, a project manager made a long list of risks identified by all the stakeholders using various methods. He then made sure that all the risks were understood and that triggers had been identified. Later, in the Plan Risk Responses process, he took all the risks identified by the stakeholders and determined ways to mitigate them. What has he done wrong? A. The project manager should have waited until the Perform Qualitative Risk Analysis process to get the stakeholders involved B. More people should be involved in the Plan Risk Responses process C. The project manager should have created workarounds D. Triggers are not identified until the Identify Risks process