******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******

© 2011 Daniel C. Yeomans, PMI-RMP, PMI-PMP, CMQ/OE

All Rights Reserved.

No part of this publication may be reproduced, stored in a retrieval system, or

transmitted, in any form or by any means, electronic, mechanical, photocopying,
recording, or otherwise, without the written permission of the author.

This edition published by

Dog Ear Publishing
4010 W. 86th Street, Ste H
Indianapolis, IN 46268

www.dogearpublishing.net

ISBN: 978-145750-018-3
This book is printed on acid-free paper.

Printed in the United States of America

******ebook converter DEMO Watermarks*******

 The terms PMI-PMP ®, and PMI-RMP ® are certification designations of the
Project Management Institute (PMI)®, Inc. We have identified those designations
throughout this book with capital letters, or with the ® trademark designator. PMI is a
trademark of the Project Management Institute, Inc. which is registered in the United
States and other nations.

Project Management Body of Knowledge PMBOK® Guide is a trademark of the

Project Management Institute, Inc. which is registered in the United States and other
nations.

PMI did not participate in the development of this publication and has not
reviewed the content for accuracy. PMI does not endorse or otherwise sponsor this
publication and makes no warranty, guarantee, or representation, expressed or
implied, as to the accuracy or content. PMI does not have any financial interest in this
publication, and has not contributed any financial resources.

The author and publisher took care in the preparation of this book, but make no
expressed or implied warranty of any kind, and assume no responsibility for errors
or omissions. No liability is assumed for incidental or consequential damages in
conjunction with, or arising out of, the use of the information contained within.

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
 Passing the Risk Management Professional (PMI-
RMP)® Certification Exam the First Time!

Author: Daniel C. Yeomans, RMP, PMP,CMQ/OE

Lead Editor: Patricia Carey, PMP

Secondary Editors:

Robert B. Childress

Robert H. Winkler

Acknowledgements in Alphabetical Order:

Patricia Carey, PMP

Cynthia Holmberg

Peter Rogers, MBA

Gilmere Vieira, PMP

******ebook converter DEMO Watermarks*******

This book is dedicated to all my friends and associates at Northwest University and
Microsoft Corporation who provided valued input, ideas, and support. I also
dedicate this book to my youngest daughter Erika who serenaded me with lovely
piano and flute music while I worked.

******ebook converter DEMO Watermarks*******

 Table of Contents

PREFACE

ACKNOWLEDGEMENTS

Patricia Carey, PMP

Cynthia Certified Emergenetics Associate
Peter Rogers, MBA
Gilmere PMP

FORWARDS

ABOUT THE AUTHOR

INTRODUCTION

Objectives

THE PMI RISK MANAGEMENT PROFESSIONAL CERTIFICATION EXAM

The Four Domains of Project Risk Management

To Qualify for Testing
About the Test

CHAPTER 1: THE RISK MANAGEMENT PROCESS

Risk Definition
The PMI Risk Management Process: An Overview of PIER-C
Performing Risk Activities
Other Basic Concepts to Remember
Risk Management Process: Keys to Success
Project Manager’s Role in Risk Managemen
Activity 1: Risk Management Process Overview

CHAPTER 2: PLAN RISK MANAGEMENT

Step 1: Plan Risk Management

******ebook converter DEMO Watermarks*******
 Plan Risk Management Process
Plan Risk Management: Inputs
Plan Risk Management: Tools and Techniques
Plan Risk Management Output: Risk Management Plan
Plan Risk Management: Other Key Concepts
Plan Risk Management: Keys to Success
Activity 2: Plan Risk Management

CHAPTER 3: IDENTIFY RISKS

Step 2: Identify Risks

Identify Risks Process
Identify Risks: Inputs
Identify Risks: Tools and Techniques
Identify Risks Output: Risk Register
Identify Risks: Keys to Success
Activity 3: Identify Risks Review

CHAPTER 4: PERFORM QUALITATIVE RISK ANALYSIS

Step 3: Perform Qualitative Risk Analysis

Perform Qualitative Risk Analysis Process
Perform Qualitative Risk Analysis: Inputs
Perform Qualitative Risk Analysis: Tools and Techniques
Perform Qualitative Risk Analysis Output: Update the Risk Register
Perform Qualitative Risk Analysis: Keys to Success
Activity 4: Perform Qualitative Risk Analysis

CHAPTER 5: PERFORM QUANTITATIVE RISK ANALYSIS

Step 4: Perform Quantitative Risk Analysis

Perform Quantitative Risk Analysis Process
Perform Quantitative Risk Analysis: Inputs
Perform Quantitative Risk Analysis: Tools and Techniques
Data Gathering and Representation Techniques
Quantitative Risk Analysis and Modeling Techniques
Perform Quantitative Risk Analysis Output: Update the Risk Register
Perform Qualitative Risk Analysis: Keys to Success
Qualitative Versus Quantitative Risk Analysis
Activity 5: Perform Quantitative Risk Analysis

CHAPTER 6: PLAN RISK RESPONSES

Step 5: Plan Risk Responses

******ebook converter DEMO Watermarks*******
 Plan Risk Responses Process
Plan Risk Responses: Inputs
Plan Risk Responses: Tools and Techniques
Plan Risk Responses: Outputs
Plan Risk Responses: Keys to Success
Activity 6: Plan Risk Responses

CHAPTER 7: MONITOR AND CONTROL RISKS

Step 6: Monitor and Control Risks

Monitor and Control Risk Process
Monitor and Control Risk: Inputs
Monitor and Control Risks: Tools and Techniques
Monitor and Control Risks: Outputs
Monitor and Control Risks: Keys to Success
Activity 7: Monitor and Control Risk Concepts

CHAPTER 8: RISK GOVERNANCE

General Risk Governance Concepts

Other Governance Areas
Activity 8: Risk Governance

CHAPTER 9: OTHER KEY CONCEPTS FROM THE PMBOK® GUIDE

Introduction to Project Management

Activity 9A: PMBOK® Guide Chapter 1 through 4 Review
Project Scope Management
Project Time Management
Project Quality Management
Activity 9B: Project Scope, Time, and Quality Management Review
Project Human Resource Management
Project Communications Management
Activity 9C: Project Human Resource and Communications Management
Review Risk
Management Process Outputs: Impact other Areas of Project Management

APPENDIX A: ACTIVITY SOLUTIONS

Activity 1: Risk Management Process

Activity 2: Plan Risk Management
Activity 3: Identify Risks
Activity 4: Perform Qualitative Risk Analysis
Activity 5: Perform Quantitative Risk Analysis
******ebook converter DEMO Watermarks*******
 Activity 6: Plan Risk Responses
Activity 7: Monitor and Control Risk Concepts
Activity 8: Risk Governance
Activity 9A: PMBOK® Guide Chapter 1 through 4 Review
Activity 9B: Project Scope, Time, and Quality Management Review
Activity 9C: Project Human Resource and Communications Management
Review

APPENDIX B: FINAL 125 QUESTION TEST

Final Test Solutions and Explanations

APPENDIX C: ACRONYMS

APPENDIX D: GLOSSARY OF TERMS

APPENDIX E: INDEX

Index: Assumptions - Closing Process Group

Index: Coaching Leadership Style - Domains
Index: Earned Value - Insurable Risks
Index: Integrated Change Control - Outputs
Index: Parametric Estimating - Program
Index: Project Documents - Risk Communication
Index: Risk Data Quality Assessment - Scope Creep
Index: Scope Statement - Tuckman Model
Index: Uniform Distribution - Workaround

******ebook converter DEMO Watermarks*******

Preface

Project Risk Management is a challenging area of project management that can

make or break a project. It is often said that “project risk will find you if you do not
find it first”. This book uses a six-step approach to risk that was developed by the
Project Management Institute (PMI) ®. This approach follows the proven “PDCA”
methodology developed many years ago by W. Edwards Deming and Walter A.
Shewhart. Step one to effectively manage risk is to Plan effectively. Once you
develop a plan, follow it or “Do it”. Check to ensure the plan is working and Act
accordingly based on your findings.

The PMI Risk Management Professional (PMI-RMP ®) certification was

introduced in 2008. This certification acknowledges the continuing pressure to
complete projects on-time, within budget, and provide the scope needed by the
customer. Per PMI, “Qualified Risk Management Professionals are needed on project
management teams. The Project Management Institute recognizes the importance and
special qualifications needed to be a Project Risk Management Professional. The
PMI-RMP credential will substantiate the applicant’s knowledge, skills and
experience in this area. “

This book is designed for Project Managers and other professionals who want
to attain the PMI-RMP certification. It takes you through a journey of a proven Risk
Management Process, and includes activities and practice test questions that will
help achieve the goal of passing the certification examination the first time. In
addition, we are confident your individual abilities to plan and manage risk will be
enhanced through your studies.

I wish you the best of luck on the Risk Management Professional certification
exam. The desire to improve your project management skill set to a deeper level in
the area of risk management is admirable. Study hard, prepare, and pass the test the
first time!

Daniel C. Yeomans, MBA, PMI-RMP, PMI-PMP, CMQ/OE

******ebook converter DEMO Watermarks*******

Acknowledgements

“Nothing happens by coincidence”. This is true in any life endeavor to include

authoring and publishing a book such as this. There were many contributors I could
acknowledge who made this book a reality. I would like to acknowledge four
contributors who helped me immensely along the way.

******ebook converter DEMO Watermarks*******

Patricia Carey, PMP
Patricia Carey, PMP, is a graduate of Northwest University in Kirkland, WA.
During the course of her studies, Patti was one of my students who took a total of nine
semester hours in project management electives, graduated Summa Cum Laude, and
attained her PMP certification. Patti played a critical role in proof reading and
editing a 350 page Project Management Certification Prep Course that has led to
hundreds of professionals achieving PMP ® or CAPM ® certification.

******ebook converter DEMO Watermarks*******

Cynthia Holmberg, Certified
Emergenetics Associate
Cynthia Holmberg, BA Business Management, Certified Emergenetics
Associate, is a Learning & Development Consultant at Microsoft Corporation. She
has over 25 years of experience in Learning & Development in the technology
industry, focusing primarily on technical and project management training within the
Information Technology environment. Cynthia worked with me to develop more than
25 project management related courses over the past ten years. Her feedback, insight,
and great attention to detail allowed our development team to take all courses from
good to great.

******ebook converter DEMO Watermarks*******

Peter Rogers, MBA
Peter Rogers, MBA, is a partner at Becauz LLC. Peter is a powerful coach who
combines a strong academic background with years of high-impact training expertise
helping individuals, teams, and organizations reach their potential. Peter is at the
forefront of worldwide thinking on project management and program delivery. A
Microsoft facilitator/trainer for more than 15 years, Peter is renowned for delivering
Microsoft’s project management courses and capabilities worldwide. Peter has also
served as my development and facilitation partner for the past ten years. Many of the
concepts in this book are a direct result of our brainstorming sessions and his expert
insight.

******ebook converter DEMO Watermarks*******

Gilmere Vieira, PMP
Gilmere Vieira, PMP, was born in Brazil and moved to Seattle in 1990. Gilmere
graduated Magna Cum Laude from the University of Washington with a BA in
Business in 1997. She is currently working on her Leadership MBA at the University
of Washington. She holds a PMP Certification, as well as a Dale Carnegie Effective
Communications & Human Relations Certification. Gilmere worked closely with me
over the past four years to improve project management competencies in the
Microsoft Entertainment and Devices area. Through our mutual efforts, hundreds of
Microsoft professionals achieved PMP or CAPM certification in her organization.
She is a very valued partner!

******ebook converter DEMO Watermarks*******

FORWARDS

From the first time I met Daniel Yeomans, in early 2008, I suspected there was
something special about him. As a Learning Manager at Microsoft, I was seeking a
consultant to provide Project Management knowledge and expertise to our
employees. Daniel came highly recommended by professionals in the project
management industry, so I expected him to be a very knowledgeable instructor. Not
only did he meet these expectations, but he far exceeded them. As I came to know
Daniel better and witnessed his unmatched enthusiasm, sense of humor, unmitigated
optimism, brilliance and sense of creativity, I saw all of the intangible traits that you
cannot get off of a resume, but are some of the most important qualities of a great
teacher.

Over time, I attended many of the courses that Daniel taught to our organization,
and I was able to see first-hand his knowledge of the subject matter and his ability to
help others “get it”. Daniel was able to present the material in a clear, organized and
engaging manner. He was able to take complicated material and break it down into
manageable pieces and help everyone learn the material, excel when taking their
exams, and apply this newfound knowledge at work in a very significant way. Daniel
has been able to raise the “project management bar” at Microsoft and his contribution
to our organization’s success has been invaluable.

Now that he has published Passing the Risk Management Professional (PMI-
RMP)® Certification Exam the First Time!, even more of what makes Daniel
Yeomans special as a teacher has become apparent. He has the ability to break
through aspects of project management that most find tedious and boring, to reveal
what is fascinating and interesting to students and what drives them in their pursuit of
project management knowledge. By taking a fresh approach, he is able to expose the
student to difficult principles through a process-oriented, proven method that is
motivating, intriguing, compelling, and well...that is just plain fun!

This is, in a nutshell, my opinion of what makes Daniel Yeomans’ book a “must-
read”. As you sift through the chapters, I have no doubt you will forget that you are
learning project management principles and will also have a little fun along the way.
Enjoy!

Gilmere Vieira, PMP

Dan Yeomans brings theory and practical application together in his work with
Project Management. Dan has several years’ experience helping individuals
understand the necessity and value of identifying and managing their project risks and
issues. His ability to clearly explain principles, and help individuals understand how

******ebook converter DEMO Watermarks*******

to apply the concepts to their projects, has had a direct impact on the success of
business projects.

Cynthia Holmberg, Certified Emergenetics Associate

******ebook converter DEMO Watermarks*******

About the Author

Daniel C. Yeomans became a Project Manager in 1977 while serving in the

United States Air Force. Since that time, he has successfully coached, mentored, and
trained thousands of Project Managers in a variety of settings, including the Air
Force, university, and corporate environments.

Dan holds a Master Degree in Business Administration (MBA) from St.

Martin’s University in Olympia, Washington. He is certified as a Project Management
Professional (PMP) and Risk Management Professional (RMP) by the Project
Management Institute (PMI). He is also recognized as a Certified Manager of
Quality/Organizational Excellence (CMQ/OE) by the American Society of Quality
(ASQ), and completed training to become an Emergenetics Associate.

Dan is a member of the Project Management Institute (PMI), and the local PMI
Puget Sound Chapter. He also uses his skills to support a number of non-profit
organizations to include the Air Force Sergeants Association (AFSA).

Dan is currently working as an adjunct professor at Northwest University in

Kirkland, Washington supporting the institute’s undergraduate and graduate level
business programs. His primary focus includes the project management and financial
management curriculum areas. He also works as an independent consultant for
Becauz LLC in the Seattle, Washington area. He services Microsoft Corporation and
other clients in a consulting and training capacity in the project management arena.

Dan developed more than 50 specific training offerings at both university and

******ebook converter DEMO Watermarks*******

corporate levels. He developed a benchmark course and workbook for PMP
certification that enabled hundreds at the university and corporate levels to
successfully attain PMP or CAPM certification. He has a track record of success and
seeks to share his successes with others using this book as a guide.

******ebook converter DEMO Watermarks*******

Introduction:

Thank you for purchasing Passing the Risk Management Professional (PMI-
RMP) ® Certification Exam the First Time! The goal of this book is to prepare you to
achieve the Project Management Institute’s Risk Management Professional
Certification (PMI-RMP) the first time. In addition, we are confident this book will
give you some greater insight into Risk Management best practices!

The PMI Risk Management Professional Credential was conceived in 2008.

Once achieved, this certification places you above the rest in terms of risk
management competency. The concepts covered in this book are appropriate for
effective risk management in project and non-project environments.

This book uses the following three key references as source documents:

1. Project Management Body of Knowledge (PMBOK® Guide)1 4th Edition. This

book will cover key concepts at a high level. However, the primary focus of this
book is risk. It is highly advisable that PMI-RMP candidates have a basic
understanding of project management principles in the PMBOK® Guide.
Essential project management concepts covered on the RMP certification exam
are covered in Chapter 9 of this book.

2. Practice Standard for Project Risk Management2. This is a great resource

published by PMI. However, note that the information covered on the actual
certification exam extends beyond the information provided in this publication.

3. PMI Risk Management Professional (PMI-RMP) Examination Specification3.

This publication lists key objectives covered in the PMI-RMP certification
exam. This book maps to these objectives.

******ebook converter DEMO Watermarks*******

Objectives
This book will explain and assist in understanding the six distinct steps of the
PMI Risk Management Process as defined in the 4th Edition of the PMBOK® Guide
referenced earlier. We are confident you will gain a far greater understanding of a
proven process to manage risk effectively as a result of reading this book. The PMI
Risk Management Process defines key tools and techniques which can be applied to
projects, thereby improving overall risk management skills.

This book is designed to help the reader recognize and accurately respond to
questions regarding specific concepts addressed in each of the four domains of the
RMP certification examination.

We provide a series of activities designed to prepare you for the PMI-RMP

certification exam. We encourage you to complete each activity. Activity
solutions are located in Appendix A.

We provide a 125 question “final test” you can use to test your readiness to
challenge the PMI-RMP certification examination. This test covers key risk
management objectives stated in PMI literature. It also covers questions in other
areas of project management you may encounter on the test. For example,
Earned Value Technique is a certification objective covered in Chapter 7 of the
PMBOK® Guide.

We provide a list of acronyms used in this book in Appendix C. Acronyms are

often used on the certification exam in place of the written out definition. For
example, WBS is more commonly used than spelling out Work Breakdown
Structure. Acronyms must be understood.

We provide a comprehensive glossary of terms used in this book for your

reference in Appendix D as well.

There are a number of italicized entries in the book. These entries are important
concepts that will likely appear on the certification exam.

Key concepts are repeated more than once throughout this book. This is by

******ebook converter DEMO Watermarks*******

 design. Repetition enhances understanding and learning.

1 PMBOK® Guide, 4th Edition

2 PMI 2009 Edition
3 PMI RMP Examination Specification 2008

******ebook converter DEMO Watermarks*******

The PMI Risk Management Professional Certification Exam

There are four key areas or domains in the PMI Risk Management Professional
Body of Knowledge. The PMI-RMP certification exam covers all four domains. An
in-depth understanding of risk management activities that support each area is critical
to pass the certification exam.

******ebook converter DEMO Watermarks*******

The Four Domains of Project Risk
Management
Here is a list of the four key domains of concentration:

1. Risk Communication: This area includes 27% of all certification exam

questions. Risk Communications questions can support all six (6) Project
Risk Management activities as listed in the PMBOK® Guide 4th Edition.

In addition, other areas covered in prior PMBOK® Guide Chapters are

included. Communications Planning, Stakeholder Management, Scope
Management, etc. are prime examples. PMI specifically defines four tasks that
must be understood in the Risk Communications domain as follows:

Tasks Description of Risk Communication Tasks

Lead the risk management function by applying interpersonal skills to
1.
heighten awareness of the value of risk management.
Gather relevant information using human and automated sources in order to
2.
assess and communicate the sensitivity of the stakeholder to risk.
Document risk related information using standard tools and techniques in
3.
order to establish and maintain a common understanding of the risks.
Create regular status reports using performance metrics as specified in the
4.
Risk Management Plan in order to update the stakeholders.

2. Risk Analysis: The Risk Analysis domain includes 30% of all certification
exam questions and concentrates on five (5) of the six (6) Project Risk
Management areas covered in the PMBOK® Guide. The exception, Plan Risk
Responses, is included in the Risk Response Planning domain. PMI
specifically defines four tasks that must be understood in the Risk Analysis
domain.

Tasks Description of Risk Analysis Tasks

Identify all relevant risks (positive and negative) using human and automated
1.
sources in order to scope the potential impact(s) of these risks.

******ebook converter DEMO Watermarks*******

 Evaluate the attributes of the identified risks using qualitative and
2. quantitative tools and techniques in order to establish a uniform context for
the risk response process.
Prioritize the evaluated risks based on collected stakeholder sensitivity in
3.
order to facilitate decision and action.
Establish control limits by completing a risk tolerance assessment in order to
4.
influence risk response and monitor trends.

3. Risk Response Planning: The Risk Response Planning domain includes 26%
of all certification exam questions. This area covers the Plan Risk Response
activity of Risk Management. PMI specifically defines three tasks that must
be understood in the Risk Response Planning domain.

Tasks Description of Risk Response Planning Domain Tasks

Develop a risk (positive and negative) response strategy from the policy and
1. information gathered during risk analysis in order to ensure timely and
defined action when required.
Develop a contingency approach using the response strategy and relevant
2. scenarios in order to prepare for the occurrence of anticipated risks and
unanticipated events.
Present recommendations to key stakeholders based on risk response values
3. and other influences in order to obtain authorization for response plan
execution.

4. Risk Governance: This domain includes 17% of all certification exam

questions. This area covers concepts in the Monitor and Control Risks
activity. This area also includes subjects not covered in the PMBOK®
GUIDE. PMI specifically defines seven tasks that must be understood in the
Risk Governance domain.

Tasks Description of Risk Governance Domain Tasks

Capture Lessons Learned by formal and informal means in order to
1.
incorporate them into future risk planning.
Refine risk policies and practices using Lessons Learned in order to improve
2.
risk management effectiveness.
Create the Risk Management Plan using relevant policies and standards in
3.
order to direct risk management activities.
******ebook converter DEMO Watermarks*******
 Establish metrics for Risk Management Processes by defining baselines in
4.
order to evaluate performance.
Examine process performance using established metrics and standard tools in
5.
order to drive risk process improvements.
Monitor risk performance using the Risk Response Plan in order to initiate
6.
corrective actions.
Identify relevant policies and standards using internal and external sources in
7.
order to integrate the applicable elements into the Risk Management Plan.

******ebook converter DEMO Watermarks*******

To Qualify for Testing
You must complete an application through the Project Management Institute to
qualify for the PMI-RMP certification examination4. You may complete a paper or
on-line application. The application must show you have adequate education and
experience in the risk management area of project management to qualify.

The PMI-RMP certification is a stand-alone credential. It is administered in

English only. You may take the test up to 3 times in a one-year period to attain a
passing score. The ability to test is not impacted by any other PMI certifications you
may possess.

The table below provides an overview of required education and experience

needed to qualify for PMI-RMP testing:

Project Risk Project Risk Management

Education
Experience Education
High school diploma, At least 4,500 hours 40 contact hours of formal
Associates Degree, or in the past 5 education in the specialized area of
global equivalent consecutive years Project Risk Management
OR
At least 3,000 hours 30 contact hours of formal
Bachelor’s Degree or
in the past 5 education in the specialized area of
global equivalent
consecutive years Project Risk Management

******ebook converter DEMO Watermarks*******

About the Test
You will be authorized to take the PMI-RMP certification exam once your
application is approved by PMI. Here are specifics that describe the certification
exam process:

The test is computerized. All questions are multiple choices with four potential
answers. There is only one correct answer for each question. Most test
questions are short and very straight forward. Some include extraneous verbiage
designed to distract. Always try to understand what the question is asking before
responding.

You will have time to write down notes before you start the test. You will be
offered an opportunity to take a 15 minute tutorial on how to use the
computerized testing system. You will also be given pencils and note paper you
can use during the test. This tutorial should not take more than two to three
minutes to complete. It is my recommendation that you take advantage of time
remaining to write down key pieces of information before you begin the actual
test. You may want to consider the following tips at a minimum:

List the six steps of Project Risk Management in the order they occur.

List key inputs, tools and techniques, and outputs for all Project Risk
Management activities.

List key formulas such as Earned Value Technique, EMV, etc.

List key definitions you may wish to reference during the test.

The test consists of 170 questions. 150 are graded. 20 are “Pre-Release” and
not graded. You will not be able to identify the pre-release questions. Therefore,
answer all questions to the best of your ability.

You have 3.5 hours to complete the test. You will have the option to mark
questions you want to review before you finalize the test.
******ebook converter DEMO Watermarks*******
 It is a best practice to go through the test one time and answer questions
you are sure of first. Then come back to answer the more difficult
questions. You can “mark” questions you wish to review later.

Take a periodic break during the test. It is recommended by many

certification professionals to take a short break every 50 questions for a
few minutes to “catch your breath” and refresh yourself.

Testing is conducted at Prometric testing centers. You are able to schedule your
own testing time at the center of your choice once your application is approved.

A calculator is provided for math questions. You will be provided either a hand
held calculator or one will be included on the computer.

Ensure you have two picture IDs when you arrive at the testing center. A locker
will be provided for you to store any personal items.

PMI has not published a passing score for the PMI-RMP credential.
Recommend you strive for a 75% score on all practice tests provided in this
book.

You will be notified of your pass/fail status at the completion of the exam. You
will be given a scorecard that shows your proficiency levels in each of the four
domains of the PMI-RMP Body of Knowledge.

You will be required to attain 30 Professional Development Units (PDU) over a

three-year period to maintain the certification once you pass the test. The same
PDU’s can be claimed for other PMI certifications such as the PMP as well.

4 www.pmi.org

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Chapter 1: The Risk Management
Process
The Risk Management Process in the PMBOK® Guide is a six (6)-step
approach designed to help manage end-to-end project risk. An acronym we
developed to remember the steps in this process is PIER-C. This acronym stands for
Plan, Identify, Evaluate, Respond, and Control.

Project Risk Management is a very challenging process. However, “practice

makes perfect.” The Risk Management Process is designed to follow a proven
formula for success. That formula is PDCA. PDCA states that success in project
management is best achieved when you Plan before you Do. As you Do, you Check
to ensure the plan is being followed. If there are issues, you must Act accordingly.
Believe it or not, risk management becomes easier the more it is performed.

******ebook converter DEMO Watermarks*******

Risk Definition
Project Risk is defined in the PMBOK® Guide as “An uncertain event or
condition that, if it occurs, has a positive or negative effect on at least one of the
project’s objectives.” Project objectives are defined as scope, time, cost, and
quality.

Recurrent projects generally have the best understood risks. Complex projects
with many unknowns are far more challenging from a risk standpoint.

PMI developed a six-step approach to effectively manage project risk. It works!

******ebook converter DEMO Watermarks*******

The PMI Risk Management
Process: An Overview of PIER-C
PMI developed an interrelated six (6) step approach to manage project risk. The
“PIER” process activities or steps occur during the Project Planning Process Group.
The Monitor and Control Risks activity occurs during the Project Monitoring and
Controlling Process Group. This is the “C”. Here is a quick overview of each step in
the order they occur. As a testing note, memorize and understand this order.

1. Plan Risk Management: This initial step defines how risk management will be
accomplished (methodology). The ultimate goal is to develop a Risk
Management Plan which describes how the entire end-to-end Risk Management
Process will work.

2. Identify Risks: This step requires you to develop a list of risks by project,
activity, work package, etc. During this step you define the risk, assign initial
ownership, define risk causes, develop initial responses, and categorize each
risk. The key output of Identify Risks is a document referred to as the Risk
Register.

3. Perform Qualitative Risk Analysis: Perform Qualitative Risk Analysis is the

first evaluation step. This is a subjective process. During this step, you use the
Risk Register to classify risks by probability (likelihood the risk will occur)
and impact (effect of the risk consequence on the project). At the end of this
step, prioritize all risks and establish a short list of risks that must be
aggressively managed. This is often referred to as the “Urgent List”. You also
place low probability and impact risks in a separate section of the Risk
Register. This is called a “Watch List”. The Risk Register is updated at the
conclusion of this step.

4. Perform Quantitative Risk Analysis: This step is optional. The Project

Manager decides! You may or may not Perform Quantitative Risk Analysis. This
decision is determined by factors such as time, project priority, level of effort as
compared to benefits, etc. This evaluation method numerically analyzes the
impact of multiple risks to the project. This is an objective method that helps
determine probability that stated budgetary and schedule outcomes can be met.
The Risk Register is updated at the conclusion of this step.
******ebook converter DEMO Watermarks*******
 5. Plan Risk Responses: The next step in the Risk Management Process is Plan
Risk Responses. During this step, develop responses to risks on the urgent or
“short” list of risks. The level of response detail is dictated by the priority of
the risk. Strive for responses that address both positive risks (opportunities) and
negative risks (threats). The Risk Register is updated at the conclusion of this
step as well. In addition, contractual agreements may be developed to support
responses that require third party involvement.

6. Monitor and Control Risks: This is the final step in the Risk Management
Process. During this step, monitor and reassess risks on the Risk Register.
Implement risk responses as necessary. Identify new or Emergent Risks that
were not identified during the Identify Risks activity. In addition, evaluate the
effectiveness of the risk program for the overall project. Look for triggers—an
early warning sign a risk has or will occur. The Risk Register is updated during
this step as well.

******ebook converter DEMO Watermarks*******

Performing Risk Activities
Each step in the Risk Management Process follows a three-step approach. The
approach consists of gathering Inputs, using Tools and Techniques to transform the
inputs, and completing the activity by generating Outputs.

Inputs: Always begin each activity by gathering required inputs and providing
them to the Risk Team members performing the activity. Think of inputs as what
you would bring to a planning meeting.

Tools and Techniques: Ensure all Risk Team members are aware of the types of
tools and techniques that will be used. These tools and techniques are used to
transform inputs into outputs. Some tools and techniques work better than others
depending on the type of project and team. Some tools and techniques may
require specific training.

Outputs: Use the appropriate tools and techniques to generate required outputs.
This is the deliverable or product you want to leave the meeting with.

******ebook converter DEMO Watermarks*******

Other Basic Concepts to
Remember
Risk Management Process: The Risk Management Process aims to help
control projects by reducing uncertainties or unknowns. Two key areas that
cause risks are assumptions or estimates. Identifying as many risks as possible
is a highly recommended best practice. There are two types of risks—known
risks and unknown risks. You can manage risks you are aware of. Unknown
risks are not easily identified and often occur at the most inopportune times.
Find all the risks—or they will find you!

The PMI-RMP methodology focuses on single projects. The published

methodology does not focus on portfolios or programs. A portfolio is a
group of programs or projects grouped together to facilitate management of
the work. A program is a group of related projects.

Risk management identifies and analyzes individual risks and overall

project risk. Overall project risk is quantified using a Project Risk Score.
This score reflects the uncertainty of the project as a whole by summing the
total of all individual Risk Scores.

Risk management should be conducted in accordance with existing

corporate policies and procedures. This topic will be covered more in-
depth in the Risk Governance chapter.

Assumptions are defined as information believed to be true. A key risk

management success factor is to understand assumptions and validate them.
Disconnects between project plans and assumptions are indicators of
project risk.

The objectives of risk management are to increase the probability and

impact of positive events and decrease the probability and impact of
negative events. The aim is to identify and prioritize risks before they
occur, and provide action oriented information concerning risk to all key
stakeholders.

******ebook converter DEMO Watermarks*******

 Risk management includes all processes concerned with conducting the six
(6) end-to-end activities that comprise the PMI Project Risk Management
methodology.

Project Risk Management is NOT an optional activity. PMI states that risk
management activities must be applied to every project!

Risk Attitudes/Tolerance/Thresholds: The overall risk attitudes of

stakeholders determine the significance and priority of both individual risks and
overall project risk. These attitudes can be impacted by the priority of the
project, level of commitment, sensitivity to certain types of risk, or the overall
organizational culture, etc.

It is critical to understand stakeholder attitudes toward risk before

undertaking risk identification activities.

Risk attitude can affect measurements of risk probability and impact. In

addition, risk attitudes can impact the ability to procure Contingency
Reserves to address risk events. For example, stakeholders may have a
high tolerance for budget overruns. If this is the case, budget related risks
should not be prioritized as high as other risks.

A tolerance is normally broad. For example, stakeholders have a low

tolerance for schedule delays. A threshold is normally a numeric indicator
of tolerance. For example, the schedule cannot slip by more than 3 days.

Positive and Negative Risks: Risks can be either positive or negative.

Negative risks are referred to as threats. Positive risks are referred to as
opportunities.

Timing: Risk management is not a one-time event. It is iterative. It must be

repeated throughout the life of a project. You will identify new risks as the
project progresses. Emergent Risks are defined as risks not identified initially.
These are risks discovered after the project begins. In addition, risks initially
identified may become candidates for closure and deletion from the Risk
Register.

******ebook converter DEMO Watermarks*******

 The level of Risk Exposure, or risk impacting a project, is always highest
at the beginning of the project. When new or Emergent Risks are identified,
a best practice is to look for additional related risks.

The risk of not successfully completing a project peaks during the Project
Initiation Process Group. Risk Exposure is reduced through solid risk
management as the project progresses. The potential for project success
increases when risks are identified early in the project management
process.

The level of risk management depth and level of effort should be scaled
and tailored to the project. Extensive risk management activities may be
appropriate for some projects and not others.

Risk Categories: Placing risks in categories identifies common causes and

facilitates better risk responses. PMI lists two types of risks:

Business Risks: These risks can either be opportunities or threats. They

can result in either profit or loss.

Insurable Risks: These are also called “Pure Risks”. Insurable risks are
always negative or threats. In addition, they are outside the Project
Manager’s control. Examples are natural disasters, fire, theft, etc.

Issues and Benefits: Risks are potential events that have not occurred. A
negative risk that occurs is called an issue or problem. A positive event that
occurs is called a benefit. All issues and benefits should be documented in a
formal issues log.

PMO Role: A PMO (Project Management Office) can play a role in risk
management. The PMO is an organization that could share policies, procedures,
templates, etc. A PMO traditionally supports project management in the
organization. This includes risk management. There may be a specific Risk
Management Department assigned to your organization to address risk
management specifically.

******ebook converter DEMO Watermarks*******

Risk Management Process: Keys to
Success
The following are key success factors that impact the success of a risk
management program:

Value of Risk Management: It is imperative to ensure all stakeholders

understand the value of an effective Project Risk Management program and the
return on investment from a stakeholder’s level of effort. If this objective is not
met, resistance from stakeholders can be expected. The Project Manager is
responsible to ensure stakeholder buy-in.

Stakeholder and Organizational Commitment: All stakeholders must be

committed to perform their roles and responsibilities supporting effective risk
management. The organization must be committed to risk management as a
whole.

Communication: Open and honest communication is key to success. Include all

key stakeholders in the Project Communications Plan to ensure maximum risk
management effectiveness.

Integration: Risk management must be integrated with all project management

activities to be successful. Risk management cannot be an isolated event.

Reserves: It is important to plan for reserves to address risks. Reserves are

simply extra time or costs added to the project baseline to account for risks.
Effective risk management provides a basis for identifying and requesting
reserves. There are two types of reserves:

Contingency Reserves: These reserves account for known risks

Management Reserves: These are reserves for unknown risks.

Reserves are normally determined by guessing (believe it or not), using an

x% rule (normally 10%), using Expected Monetary Value, or through
******ebook converter DEMO Watermarks*******
 computerized What If Scenario Analysis such as Monte Carlo.

The “Seven Constraint Model”: According to PMI, there are seven (7)
constraints that drive risk tolerance levels. Revisiting this model will prove
beneficial. This model supplements traditional constraints of scope, time, and
cost with resources, risk, quality, and customer satisfaction. It is used to
describe stakeholder risk tolerance areas.

******ebook converter DEMO Watermarks*******

Project Manager’s Role in Risk
Management
The Project Manager ensures Project Risk Management is accomplished at an
appropriate level to ensure project success. They are accountable to ensure all
required processes are followed.

Here are some specific Project Manager responsibilities:

Manage risk on a daily basis from the Initiating Process Group through Closing
Process Group.

Ensure a Risk Management Plan is developed and approved. Promote the need
to have and follow a Risk Management Process.

Include risk as part of periodic project status meetings. Communicate risk status
to all key stakeholders.

Ensure risk is communicated effectively. Ensure risk is included as part of the

overall Project Communications Management Plan. Strive for open and honest
communications.

Encourage senior management to support the Risk Management Process. Share

the benefits of adopting a solid Risk Management Process.

Understand stakeholder attitudes, tolerances, and thresholds. These factors

impact risk prioritization, response strategies, and reserve requirements.

Approve risk responses. Escalate responses as required. Ensure risk responses

are approved and incorporated into the Project Management Plan.

******ebook converter DEMO Watermarks*******

Activity 1: Risk Management
Process Overview
Directions: Read the ten true or false questions below. Answers can be found in
Appendix A.

True
Question or
False
Project risk is normally highest during the project Executing Process
1.
Group.
2. The first step in the Risk Management Process is Identify Risks.
The Plan Risk Responses activity occurs in the Project Planning
3.
Process Group.
Three of the most common constraints that determine stakeholder
4.
tolerance levels include scope, resources, and stakeholder expectations.
The Project Manager must attempt to attain an organizational
5.
commitment to the value of risk management.
Management Reserves are defined as reserves to address unknown
6.
risks.
A risk that is identified early in the Risk Management Process is called
7.
an Emergent Risk.
8. Pure Risks are always classified as negative.
Stakeholder risk attitudes and tolerances can impact overall risk
9.
prioritization and response efforts.
The Risk Register is initiated as part of the Plan Risk Management
10.
activity of the Risk Management Process.

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Chapter 2: Plan Risk Management

******ebook converter DEMO Watermarks*******

Step 1: Plan Risk Management
Plan Risk Management is the first step in the Risk Management Process. The
ultimate goal is to define processes and a strategy to guide the end-to-end Project
Risk Management Process in a Risk Management Plan. At a high-level, the Plan
Risk Management Process provides:

A tailored Risk Management Process and strategy applicable to the project and
adapted to meet stakeholder requirements, expectations, and attitudes.

Rules that will govern and guide the execution of all Project Risk Management
Processes. Direction on how Project Risk Management will be integrated with
all other project management processes.

Key thresholds that will guide subsequent risk management activities.

******ebook converter DEMO Watermarks*******

Plan Risk Management Process
The Plan Risk Management Process consists of inputs, tools and techniques, and
outputs as shown below:

******ebook converter DEMO Watermarks*******

Plan Risk Management: Inputs
A number of inputs are required to accomplish the Plan Risk Management
activity. Each of these inputs will improve the overall quality of the Risk
Management Plan.

Input Applicability
Project Scope Defines range of possibilities for a project and deliverables.
Statement Lists project objectives and assumptions.
Cost Defines how risk budgets and contingency/Management Reserves
Management will be reported and assessed. Defines budget
Plan tolerance/thresholds.
Schedule
Defines how schedule contingencies will be reported and
Management
assessed. Defines schedule tolerance/thresholds.
Plan
Communications
Defines interactions among stakeholders. Outlines who is
Management
available to share risk information with.
Plan
Enterprise
Risk attitudes and tolerances. The degree of risk an organization
Environmental
is willing to tolerate.
Factors
Includes risk categories, definitions, templates, roles and
Organizational
responsibilities, information on organizational risk tolerances,
Process Assets
etc.

******ebook converter DEMO Watermarks*******

Plan Risk Management: Tools and
Techniques
There is only one tool and technique to remember. This tool is Planning
Meetings and Analysis.

Conducting planning meetings is the responsibility of the Project Manager. A

best practice to ensure a quality result is to invite key stakeholders to participate
in the meetings. A Risk Team may be assigned to your project. These are
individuals who are specifically assigned risk management activities. They
should be part of all planning meetings as well.

Meeting participants should include the Project Manager, selected team

members, other key stakeholders, selected Subject Matter Experts (SME), and
stakeholders with risk management responsibilities on the Risk Team.

Discussions at the initial planning meeting may include risk responsibilities,

definitions of methodology, clarification of definitions and terms, and the impact
of risks on project objectives. In addition, standard templates which will be
used should be explained and introduced. Future meetings will likely be
required to help finalize the Risk Management Plan.

******ebook converter DEMO Watermarks*******

Plan Risk Management Output:
Risk Management Plan
The Risk Management Plan guides the end-to end Risk Management Process for
the project. It defines pertinent terminology and ensures shared understanding and
buy-in of terms and methodology. In addition, it defines roles, responsibilities, and
advises stakeholders of specifics regarding expected involvement.

A comprehensive Risk Management Plan addresses key people, tools, and

business considerations.

People: People considerations may include risk attitudes, tolerances, and

thresholds. It is highly recommended that risk management roles and
responsibilities be defined. Another people consideration is communications. A
methodology for communicating risk should be considered, discussed, defined,
and used throughout the project. The results of these conversations should be
reflected in the project Communications Management Plan.

Tools: There are many tools that can be used to support the overall Project Risk
Management Process. This includes rules of use, definitions, terms, etc.
Matching the right tool and technique to the right process is also highly
recommended.

Business: Any key constraints or boundaries should be addressed and

documented. Priority of scope, time, and cost should be documented and agreed
upon. These priorities will impact future risk prioritization activities. In
addition, the amount of effort planned for expenditure on risk management based
on the project’s attributes must be considered as well.

The Risk Management Plan addresses two types of criteria:

Project Related Criteria: What are the required results for cost, time, scope,
and quality? How can risk impact these results?

******ebook converter DEMO Watermarks*******

 Process Related Criteria: What are the key processes that must be followed to
ensure success? What are the risks that may impact these processes?

The Risk Management Plan becomes part of the Project Baseline and must be
approved by management. The table that follows provides a breakout of
recommended entries that should be considered.

Risk
Management
Comments
Plan
Consideration
What approach will be used to manage risk? What tools or data
Methodology sources might be leveraged? Consider a Risk Breakdown Structure
(RBS).
Roles and Define lead support, and team membership for risk planning.
Responsibilities Define the Risk Team.
How will the cost of risk be incorporated in the Cost Performance
Budgeting
Baseline? How will Contingency Planning occur?
How often will risk management be performed? Weekly is the
Timing
norm.
Risk Which risk categories impact the project? A common method is
Categories assigning risk by time, scope, quality, and/or cost.
Probability equals the chances a risk event will occur. Impact
Definitions of
equals the consequences of the risk event to the project. Be able to
Probability and
define both and determine how risks will be prioritized based on
Impact
these indicators.
What levels of risk are acceptable?

Attitudes impact tolerances, thresholds, and expected levels

of commitment and support. What are the factors to be
considered?
Stakeholder
Attitudes,
Tolerances and Tolerance is a measure of risk levels that management is
Thresholds willing to accept. Use the seven (7) constraints model.

Thresholds are specific ranges, i.e., variations ranging

between + or - 5%.
******ebook converter DEMO Watermarks*******
 Reporting What reports, templates, documents are used to record risk? How
Formats will risk management activities be communicated?
How will risk activities be recorded and shared? How will the
Tracking risk process be audited? How will Lessons Learned be captured
and shared?

******ebook converter DEMO Watermarks*******

Plan Risk Management: Other Key
Concepts
Risk Breakdown Structure (RBS): Many organizations use an RBS that lists risk
categories and sub-categories in hierarchical order to help identify risks. An
RBS places risks in categories and defines specific risks applicable to the type
of project being managed in that category. An example of an RBS that shows
financial risks follows:

Financial
Factor Low Risk Medium Risk High Risk
Returns on this and Returns on this
Returns on this project
similar projects will project will be
will be subject to major
be calculated, and assessed to be within
assumptions and wide
exceed the financial normal business
Return variances in possible
criteria. Cash inflow practices. Cash flow
outcomes. Cash flow is
will be large and will be continuous
uncertain. Returns cannot
early in the project throughout the
be easily measured.
life. project life.
All costs are known. Cost estimates for
Cost analysis has not
Costs are set and not some components are
Costs been done. Estimates are
expected to exceed not known or not
difficult to attain.
budget. quantified.
Budget Sufficient budget is Questionable budget Doubtful budget is
Size allocated. allocated. sufficient.
Some questions Source of funds in doubt
Budget Funds allocated
about availability of or subject to change
Constraints without constraints.
funds. without notice.
Cost Well established and System in place, System lacking or
Controls in place. weak in some areas. nonexistent.

Assumptions: The Risk Management Plan should include a process to validate

assumptions. Remember that an assumption is something believed to be true, but
not yet confirmed.

******ebook converter DEMO Watermarks*******

 Constraints: Constraints are defined as anything that might limit the team’s
options. Constraints are boundaries that must be acknowledged and addressed.
The seven (7) sided constraint model shared earlier provides categories of
constraints that should be considered.

There is key terminology to consider in this step as well:

Risk Tolerance Areas: These are areas where key stakeholders are willing
to accept risk. These areas should be identified.

Risk Averse: This indicates a stakeholder’s unwillingness to accept risk.

Risk Thresholds: This is a measure of the risk a stakeholder is willing to

accept. Risk thresholds can be a percentage or a figure such as +/- 1 week,
etc. Risk thresholds help determine the responses to risk events.

Risk Utility: The Risk Utility function describes a person or organization’s

willingness to accept risk.

******ebook converter DEMO Watermarks*******

Plan Risk Management: Keys to
Success
Look for and Address Barriers: Identify barriers or factors that may impact the
Risk Management Process.

Define Project Objectives: Define objectives to include time, cost, scope, and
quality that may be impacted by risk as accurately and clearly as possible.
Avoid ambiguity.

Stakeholder Involvement: Do not develop a Risk Management Plan without

soliciting input and perspectives from multiple sources. Gain commitment and
buy in.

Compliance: Ensure key organizational policies and procedures are adhered to.
Accommodate key governance criteria and methods.

Categorization: Categorizing risks allows the ability to group risks based on

common causes. Categorization improves the quality of risk responses.

Organizational Process Assets: Ensure key templates, historical records,

Lessons Learned, etc. are understood and leveraged. Make certain all the inputs
you need are available to develop a viable Risk Management Plan.
- Share the Risk Management Plan: Share the plan with all stakeholders.
Ensure the plan becomes part of the overall Project Management Plan.
******ebook converter DEMO Watermarks*******
 Share the Risk Management Plan: Share the plan with all stakeholders. Ensure
the plan becomes part of the overall Project Management Plan.

******ebook converter DEMO Watermarks*******

Activity 2: Plan Risk Management
Directions: There are a number of key definitions and concepts that should be
understood. Match the scenario or definition to the potential responses provided.

Plan Risk Management Definition and Concept Activity Response

The primary tool and technique used to Plan Risk Management and
1.
generate required outputs.
A term that describes a person or an organization’s willingness to
2.
accept risk.
A practice that allows for identification of risks with common causes
3.
that normally leads to more effective responses.
Any factor that can limit the team’s options. Boundaries that must be
4.
addressed and planned for.
A key deliverable that defines the overall strategy to be used to
5.
support the project’s end-to-end Risk Management Process.
Key input to the Plan Risk Management activity. Includes Lessons
6. Learned, stakeholder tolerance information, templates, policies,
and/or procedures.
A tool that breaks out potential risks by category. Shows potential
7.
risks and risk thresholds for risks within each category.
8. Something the team believes to be true but has not yet validated.

Activity 2: Choose from the following:

1. Organizational Process Assets

2. Categorization

3. Risk Utility

4. Assumptions

5. Risk Management Plan

******ebook converter DEMO Watermarks*******

 6. Risk Breakdown Structure (RBS)

7. Planning Meetings and Analysis

8. Constraints

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Chapter 3: Identify Risks

******ebook converter DEMO Watermarks*******

Step 2: Identify Risks
Identify Risks is the second step in the Risk Management Process. The ultimate
output of Identify Risks is the initial Risk Register. This output records risks and their
characteristics.

This activity will produce the first iteration of the Risk Register. The Risk
Register should include the risk, cause and triggers, Risk Owner, categories, and
initial risk response. The initial iteration of the Risk Register will NOT include risk
prioritization, analysis, Risk Scores, or detailed responses. Some key points to
remember:

Each risk should have a single Risk Owner. The Risk Owner will be validated
and possibly changed during the Plan Risk Responses activity. The Project
Manager acts as the default Risk Owner if another Risk Team member is not
identified.

There is no limit to the number of risks identified. The more risks identified, the
better!

The Identify Risks activity should include input from multiple stakeholders.
Team members need to be included in the Identify Risks activity as well.
Creating a sense of ownership with the stakeholders responsible for managing
risk is critical.

The Risk Register serves as a key input for all Risk Management Process
activities to follow. The Risk Register will be updated as the Risk Management
Process progresses through the PIER-C process. Risk Register creation is an
iterative process.

PMI defines risk meta-language as a method that enables the Project Manager
to effectively identify and describe risks. This three-step method to develop a
risk statement is illustrated:

******ebook converter DEMO Watermarks*******

Example: As a result of a lack of stakeholder buy-in (cause), the scope statement may
not be accepted in its entirety (uncertain event), and schedule delays may result
(effect).

******ebook converter DEMO Watermarks*******

Identify Risks Process
The Identify Risks process consists of inputs, tools and techniques, and outputs
which are shown below:

******ebook converter DEMO Watermarks*******

Identify Risks: Inputs
There are a number of inputs that should be available when beginning the
Identify Risks activity. A list of key inputs along with their applicability follows:

Input Applicability
Risk Defines processes and strategy to accomplish end-to-end Project
Management Risk Management. Defines methodology, roles, and availability of
Plan Resource Breakdown Structures.
Activity Cost Where there are cost estimates, there is risk. Consider stakeholder
Estimates tolerances and thresholds when costs are estimated.
Activity
Where there are time duration estimates, there is risk. Consider
Duration
stakeholder tolerances and thresholds.
Estimates
Includes Scope Statement, WBS, and WBS Dictionary. Scope
Statement lists assumptions. WBS defines activities at the
Scope Baseline
summary, control account, or work package levels. WBS also
defines the nature of a project as a first of its kind or recurring.
Includes key information about stakeholders. Normally includes:

Identification Information
Stakeholder
Register Assessment Information: Requirements, expectations, interest
and influence factors

Classification: Internal/External. Supporter/Neutral, etc.

Cost Defines how risk budgets and Contingency/Management Reserves

Management will be reported and assessed. Also defines approach to cost
Plan management.
Schedule
Defines how schedule contingencies will be reported and assessed.
Management
Also defines approach to time management.
Plan
Quality Defines specific approach to quality to include metrics, targets,
Management standards, checklist for Quality Control, process improvement
******ebook converter DEMO Watermarks*******
 Plan opportunities, etc.
Project Includes Assumption Log, Work Performance Reports, Earned
Documents Value Technique metrics, Network Diagrams, Baselines, etc.
Enterprise
Includes published information, studies, checklists, risk attitudes,
Environmental
benchmarking, and industry studies.
Factors
Organizational Includes project files, documented controls, Lessons Learned,
Process Assets templates, and other historical information.

******ebook converter DEMO Watermarks*******

Identify Risks: Tools and
Techniques
Tools and techniques used to Identify Risks include looking at the past, present,
and the future. Historical information allows a Project Manager to compare current
projects with past projects. This information provides valuable information that can
be used to identify risks, issues, and benefits. Creativity techniques help to identify
future risks.

Documentation Reviews: Read through all project documentation. Is it clear?

Is it understandable? Do documented methods match the goals of the project?
Ensure documents are reviewed, edited, and clearly communicated to all
stakeholders.

Checklist Analysis: Lessons Learned allow for the development of checklists

supporting a variety of project types. The Checklist Analysis approach
identifies potential risks and helps plan for them ahead of time.

Checklist Analysis is a quick and simple approach used to perform an

initial highlevel analysis of risks. Checklist Analysis will not identify new
risks that are not on the checklist. This is a limitation.

Assumptions Analysis: Assumptions are risks waiting to happen. By virtue of

their definition, “those factors thought to be true without certain proof,” they are
dangerous. Assumptions Analysis NEEDS to occur on every project. All
assumptions must be validated or dismissed through analysis and research.

Diagramming Techniques: PMI shares some common diagramming methods

that can be used for risk identification. Many of these techniques support the
project Quality Management Process. They include:

Cause and Effect Diagrams: Each cause of a potential effect is a risk

factor that should be considered. Alternate names for Cause and Effect
Diagrams are Ishikawa Diagrams or Fishbone Diagrams.

******ebook converter DEMO Watermarks*******

 System of Process Flow Charts: Every Project Manager should learn how
to map and analyze processes. Process flowcharts reveal how systems
function, interrelate, and serve as a superb means of identifying potential
risks.

Influence Diagrams: This method includes graphical representations of

situations showing causal influences, time ordering of events, and other
relationships between variables and outcomes.

Information Gathering Techniques: PMI lists a number of potential methods

for gathering information. A number of questions from this area appear on the
exam. More importantly, these are tools and techniques that all managers need to
understand and leverage on an everyday basis.

Brainstorming: Open forum where members generate ideas and solve

problems. A facilitator logs inputs. Brainstorming is one method used for
attaining expert input. Refrain from evaluating responses during the
brainstorming session. This could impact the success of this information
gathering session.

Delphi Technique: Gain inputs and consensus through anonymous inputs.

Reduces fear of reprisal. Delphi Technique is also a method used to attain
expert input.

Surveys and questionnaires are two common methods used to solicit

information.

A key goal of Delphi Technique is to share the end results with all
who participated. Sharing information allows the experts who
participated to expand their knowledge base. In addition, feedback
will likely be generated that assists in identifying more risks than
initially identified.

Delphi Technique is a tool that provides social intelligence. It

reduces fear and intimidation factors.

Interview: This is a one-on-one interview with key stakeholders or experts

******ebook converter DEMO Watermarks*******
 in a given field. A drawback of this technique is that it takes time and is
slow.

Root Cause Identification: This is the same as Cause and Effect Analysis
(Synonymous with Ishikawa Diagramming and Fishbone Diagramming.)
Grouping risks by common causes can aid in developing more effective
risk responses.

Nominal Group Technique: This technique is similar to brainstorming.

Input is collected from a select group. This input is analyzed and rank
ordered by the group.

SWOT: Analyze opportunities and threats based on strengths and weaknesses.

Strengths and weaknesses are internal. Opportunities and threats are

external.

Strengths lead to opportunities or positive risks. Weaknesses lead to threats

or negative risks.

Affinity Diagramming: This method uses the intellectual power of a group to

place risks into categories. This is the best method to use when it is believed
that all possible risks were not identified.

Pre-Mortem: This is a method used to identify potential risks before a project

begins. Review your project and compare it to past projects that were similar.
Try to determine what could go right or wrong with your project before the
project begins. Key sources of information that can be leveraged include expert
input, historical records, Lessons Learned, etc.

Prompt List: This is a generic list of categories where risks may be found. This
list is used to “prompt” ideas and risk identification.

FMEA: Failure Modes and Effect Analysis (FMEA) is a tool that identifies
potential failure modes, determines effects of each failure, and seeks ways to
******ebook converter DEMO Watermarks*******
 mitigate the probability and impact of each failure.

Tools and techniques applicable to the Identify Risks activity should be defined
in the Project Risk Management Plan. In addition, roles, responsibilities, and key
stakeholders who should participate in the Identify Risks activity should be defined
as well.

******ebook converter DEMO Watermarks*******

Identify Risks Output: Risk Register
The key output of the Identify Risks activity is the initial Risk Register. This
Risk Register will become a part of the formal Project Management Plan when
approved and accepted and will become part of the Project Baseline.

Remember this key point: The initial Risk Register will be updated during the
next steps in the Risk Management Process. The Risk Register acts as an input for all
Risk Management Process steps that follow.

Risk Cause and Triggers Risk Owner Category Risk Response

Initial Initial

The initial Risk Owner and Risk Response are defined during the Identify Risks
activity. This information will be revisited and validated during the Plan Risk
Responses activity.

Testing Note: Remember the entries recommended for inclusion in the initial Risk
Register. They include:

1. Definition of the Risk (Event and Consequence)

2. Causes and Triggers for the Individual Risk

3. Initial Risk Owner (This will be revisited and validated later)

4. Risk Categorization

5. Initial Risk Response (This will be revisited and validated later)

******ebook converter DEMO Watermarks*******

Identify Risks: Keys to Success
Timing: Risk identification should occur as early in the project as possible.
Known risks can be analyzed and responded to. Unknown risks may catch
stakeholders by surprise. Remember, manage risk or it will manage you.

Frequency: The Identify Risks activity is a recurring or iterative process.

Repeat the process periodically when it makes sense or adds value. This often
depends upon situations within the project. Emergent Risks are waiting to be
identified.

Sources: Use multiple sources to find and identify risks—the more sources the
better. In addition, solicit inputs from multiple stakeholders to obtain multiple
perspectives.

New Risk Validation: Always ask for as much information as needed to clearly
define any new risks reported. Always share new risks with as many
stakeholders as needed in an effort to learn as much as possible about the cause,
risk, and effects.

Risk Statements: Remember that the best risk definition uses the risk meta-
language methodology; cause-risk-effect. Goals are to achieve the proper level
of detail and reduce ambiguity.

Link Risks to Objectives: Remember that each risk should have the potential to
impact a key project objective. (Scope, Time, Cost, Quality). Do not list a risk
that does not impact a project objective.

Risk Types: Remember to identify both positive risks and negative risks. We
tend to key on the negatives and often forget to identify the positives. Avoid lost
opportunities!

Ownership: Initial Risk Owners are assigned during the Identify Risks activity.
Remember that each risk should have a specific owner. There should only be
one Risk Owner for each risk. Every agreed to, and funded risk response, must
have a Risk Owner.
******ebook converter DEMO Watermarks*******
 Visibility: The Risk Register needs to be made available to all project
stakeholders for review. In addition, the Risk Register should be used as a
primary tool to review risks at periodic project status meetings.

******ebook converter DEMO Watermarks*******

Activity 3: Identify Risks Review
Directions: Read the ten true or false questions below. Answers are listed in
Appendix A.

True
Question or
False
The Identify Risks activity produces the final iteration of the Risk
1.
Register.
Checklist Analysis is a fast and efficient means of identifying new risks
2.
missed during the initial review.
Another term for Delphi Analysis is group intelligence. It allows
3.
experts to review the final results and provide additional feedback.
SWOT analysis is a practical means to gather information from a group
4.
of selected stakeholders and rank order the inputs.
The Stakeholder Register provides a strategy for managing stakeholder
5.
expectations.
The worst thing to do during a brainstorming session is to evaluate
6.
participant responses.
The Risk Register should have restricted access and not be made
7.
available to all project stakeholders.
The Risk Register is an essential input that will allow for development
8.
of a comprehensive Risk Management Plan.
Roles and responsibilities supporting the Identify Risks activity are
9.
defined during the Plan Risk Management activity.
10. Emergent Risks should be added to the Risk Register.

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Chapter 4: Perform Qualitative Risk
Analysis

******ebook converter DEMO Watermarks*******

Step 3: Perform Qualitative Risk
Analysis
Perform Qualitative Risk Analysis is the third step in the Risk Management
Process. The focus of this activity is to prioritize risks for further actions. Qualitative
Risk Analysis results are subjective. This analysis uses the Risk Management Plan
and Risk Register to assess probability and impact for each risk.

The ultimate goal of Perform Qualitative Risk Analysis is to update the initial
Risk Register.

Outputs of Qualitative Risk Analysis can lead to a Go/No Go decision. It may

be determined that a project is too risky to pursue as a result of this activity.

Considering causes of risk when calculating probability and impact is helpful

during this step. It is not uncommon for a single cause to result in multiple
potential events and effects/consequences.

Path Convergence is a prioritization consideration as well. Path convergence is

defined as multiple activities flowing into or from a central activity.

The Project Network Diagram shows dependencies for all activities and
identifies where paths converge. In the figure below, multiple activities
flow from Activity A. Greater levels of path convergence increase risk
probability and impact.

Refer to the diagram below. Activities B, C, and D are dependent upon

completion of Activity A. A risk that impacts Activity A potentially has a
greater impact to the project.

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Perform Qualitative Risk Analysis
Process
The Perform Qualitative Risk Analysis process consists of inputs, tools and
techniques, and outputs shown below:

******ebook converter DEMO Watermarks*******

Perform Qualitative Risk Analysis:
Inputs
Outputs from the two previous risk management activities act as key inputs to
the Perform Qualitative Risk Analysis activity. The Risk Management Plan from the
Plan Risk Management activity is an input, along with the Risk Register completed
during the Identify Risks activity. Note the hard dependency. This step cannot be
performed until the previous Project Risk Management steps are complete.

Input Applicability
Risk Defines roles, responsibilities and methodologies to evaluate risks.
Management Also provides definitions for probability and impact that are the
Plan core of this activity.
Provides the initial list of risks to be evaluated. The Risk Register
Risk Register
will be updated during this activity.
Scope Defines project objectives and assumptions. Provides a detailed
Statement definition of project scope. Lists constraints.
Includes risk databases, historical information, studies of previous
Organizational
projects, templates, Lessons Learned, etc. May include Risk Rating
Process Assets
rules.

******ebook converter DEMO Watermarks*******

Perform Qualitative Risk Analysis:
Tools and Techniques
Tools and techniques are designed to help achieve the final result of Perform
Qualitative Risk Analysis. Perform Qualitative Risk Analysis is a fast and effective
method to prioritize risks on the Risk Register for further action as necessary.

Risk Probability and Impact Assessment: All risks should be evaluated and
scored for probability (also called likelihood) and impact (also called
consequence or effect). A consistent scoring system for all risks should be used.
Remember that the values for probability and risk should already be defined in
the Risk Management Plan.

Probability: Probability is the potential for a risk to occur. Scoring

systems include percentages, or a numeric scale (1-5 for example). The
assigned score is called a Risk Rating. If a Risk Rating is too high, try to
find ways to eliminate the cause . This method is called avoidance.

Impact: Impact is defined as the consequences the risk event will have on
the project. Impact should be linked to project objectives. Remember that
primary project objectives are scope, time, cost, and quality. Scoring can
be based on many factors specific to the project. It is not uncommon to use
weighted impact ratings that may assign higher values to higher impact
risks. For example, if schedule is the number one project priority, rate risks
impacting schedule higher than others. The numeric score used for impact
is also called a Risk Rating.

Multiply probability x impact to calculate a Risk Score. The Risk Score

may determine whether or not risk responses are developed. The Risk
Score also dictates the level of detail responses should have. Higher Risk
Scores dictate higher levels of response detail and vice-versa. See the
example below. Risk A has the highest priority based on achieving the
highest Risk Score. Risk D is the lowest priority risk despite having the
highest impact score.

******ebook converter DEMO Watermarks*******

Risk Probability Risk Rating Impact Risk Rating Risk Score
A 4 4 16
B 3 4 12
C 2 4 8
D 1 5 5

Probability and Impact Matrix: Many organizations develop a standard

Probability and Risk Matrix that shows Risk Ratings and overall priority
determinations. A Probability and Impact Risk Matrix can be simple or
elaborate depending upon the prioritization methodology you select.

This tool is sometimes referred to as a “Lookup Table.”

Focusing on high priority risks is the best means to improve overall project
performance.

Remember this key concept: Describing your Risk Rating criteria and
developing a Probability and Impact Matrix reduces potential for bias and
improves overall analysis.

Here is an example of a simple Probability and Impact Matrix:

Probability and Impact Low Moderate High

Scoring Probability Probability Probability
Low Impact 1 2 3
Moderate Impact 2 4 6
High Impact 3 6 9
Place all risks with score of 4 or below on “Watch List” Develop responses for all
risks with score of 6 or higher

Risk Data Quality Assessment: Review data used to determine probability

and impact scores to ensure it is accurate and unbiased. Data used may not be
******ebook converter DEMO Watermarks*******
 sufficient to accurately define a Risk Score (probability x impact). If this is the
case, annotate the risk as requiring further information to improve understanding
before final analysis can be complete. In addition, always correct a risk
assessment that was impacted by bias.

Types of bias that should be understood, as well as some concepts impacting

bias include:

Motivational Bias: This occurs when stakeholders intentionally try to bias

ratings one way or another.

Cognitive Bias: This is bias based on perceptions. It is said, “Perception is

reality.”

Bias may be desired. It may be desirable to create bias toward high priority
risks. For example, if schedule is the number one priority, rules that rate
schedule risks higher than other types or categories should be established and
implemented.

The best way to reduce bias during Qualitative Risk Analysis is to define levels
for probability and impact, and provide a Probability and Impact Matrix to
reduce subjectivity of results.

Risk Categorization: Grouping risks by category assists in defining better

risk responses as the Risk Management Process moves forward. This practice
also allows for a determination of common causes that impact multiple risks.

Risk Urgency Assessment: The desired output of Perform Qualitative Risk

Analysis is a prioritized list of risks. There are a number of questions that need
to be responded to. Which risks must be addressed immediately? Which risks
can be placed on a “Watch List” as low priority? A risk urgency assessment
prioritizes your risk response activities.

Risks requiring an immediate response are placed on an “Urgent List”. The

Risk Rating determines the level of urgency. Risks may be listed separately
based on scope, time, cost, or quality objectives.
******ebook converter DEMO Watermarks*******
 Risks that do not require immediate responses based on low Risk Score
are placed on the “Watch List”. In essence, these risks are accepted in the
near term. Responses will only be developed if Risk Score increases.

******ebook converter DEMO Watermarks*******

Perform Qualitative Risk Analysis
Output: Update the Risk Register
The project Risk Register is updated at the conclusion of the Perform
Qualitative Risk Analysis process. Potential updates may include, but are not limited
to:

Ranking or prioritizing risks: Risk Ratings for all risks should be added to the
Risk Register. Each risk probability and impact is assigned a Risk Rating.
Multiply the probability and impact Risk Ratings to calculate a Risk Score.

Project Risk Score: Add all individual Risk Scores to calculate the Project Risk
Score. Risk Exposure is a term that defines the level of risk on a project. The
Project Risk Score determines Risk Exposure. Acceptable levels of Risk
Exposure are based on stakeholder attitudes, tolerances, and thresholds.

Example: Project A has a Risk Score of 113. Acceptable levels of Risk

Exposure may be defined as projects with Risk Exposure of less than 90. In
this case, the Project Manager needs to take action to lower the Risk Score.
If this is not possible, the Risk Score may lead to a Go/No Go decision for
the project.

Grouping by risk category: Validate the categorization completed during the

Identify Risks activity.

Risks requiring near-term responses: These are risks on the “Urgent List”. The
higher the Risk Score, the more urgent the risk.

Risks requiring additional analysis: Additional information may be necessary to

score certain risks. Mark these risks for further analysis.

“Watch Lists” of low priority risks: The Project Manager is the primary owner
of risks on the Watch List.

******ebook converter DEMO Watermarks*******

 Risk trends—Example: Are more risks developing in a particular category?

This table shows how the Risk Register evolves at the completion of Perform
Qualitative Risk Analysis. Note that key terms and concepts are underlined and in
italics on this example. A number of updates are applied to the Risk Register at the
end of this step.

Probability Impact
Risk Risk
Risk Cause Category Risk Risk Risk Score
Owner Response
Rating Rating
Add in Add in
Initial Initial Add in Step 3
Step 3 Step 3
This is the “Urgent List” for high priority risks.
Risk Rating within
project: Where the
risk is prioritized
based on Risk
Score.
Draw the line on the Risk Register at the conclusion of Perform Qualitative Risk
Analysis. Risks that are high priority fall on the “Urgent List”. Responses are
developed. Low priority risks are placed on the “Watch List”. Responses are
developed if Risk Score increases.
This is the “Watch List” for low priority risks.
Project Risk Score =
Total of all Risk
Scores

Note 1: Step 3 is the Perform Qualitative Risk Analysis process.

Note 2: The entries in this example are the basic Risk Register entries recommended
by PMI. An actual Risk Register is not restricted to these entries. Remember that the
Project Manager determines what needs to be represented on the Risk Register. Do,
however, remember these entries and this format for test taking purposes.

Note 3: Interviews and meetings are the two most effective means to Perform
Qualitative Risk Analysis.

******ebook converter DEMO Watermarks*******

Perform Qualitative Risk Analysis:
Keys to Success
Probability and Impact Scoring: Probability and impact scoring criteria are
listed in the Risk Management Plan. Scoring systems should be approved and
accepted by all stakeholders. Pre-determined scoring systems may be included
in Organizational Process Assets in the form of a Probability and Impact Matrix.

Define probability and impact criteria in the Risk Management Plan. For
example, if scoring probability on a 1 to 5 scale, what factors would
constitute a score of four? This practice eliminates bias and improves the
quality of your analysis.

Here is a scenario to remember. A risk was initially identified for a twelve

month project to have a probability of 20%. The project is now in its
seventh (7th) month. What is the probability the risk will occur? Hint: Do
not over analyze this scenario! If there is no new information, nothing
changed. The 20% probability in month one is still a 20% probability in
month seven (7)!

Urgency: Urgency levels should be documented and agreed upon. Create some
type of Probability and Impact Matrix that allows prioritization based on score.
Some organizations have a standard Probability and Impact Matrix available as
part of Organizational Process Assets. The matrix does not need to be elaborate.
Here is a second example of a Probability and Impact Matrix in simpler form.

Low Priority Score Moderate Priority Score High Priority Score

8 or below. 9-12 13 to 25

Quality Data: Qualitative Risk Analysis is subjective. However, it is important

to ensure data used to make probability x impact scoring decisions is of the
highest quality and reliability.

******ebook converter DEMO Watermarks*******

 Frequency: Perform Qualitative Risk Analysis is an iterative process.
Guidelines should be defined in the Risk Management Plan. Remember that
Perform Qualitative Risk Analysis is always performed. If a new risk is
identified, Perform Qualitative Risk Analysis is your next step.

Bias: It is important to reduce cognitive and motivational bias as defined

earlier. Try to find unbiased sources to help score risks as accurately as
possible. Qualitative Risk Analysis requires accurate and unbiased data if it is
to be credible.

******ebook converter DEMO Watermarks*******

Activity 4: Perform Qualitative Risk
Analysis
Directions: There are a number of key definitions and concepts you need to
understand. Match the definition or scenario to the potential responses provided.

Perform Qualitative Risk Analysis Definition and Concept Activity Response

1. The product of multiplying probability times impact.
A situation where multiple activities feed into a single activity.
2.
Increases risk.
A numeric value that shows how an individual Risk Score compares
3.
with other individual Risk Scores.
4. The chances that a risk event may occur.
5. A list of risks determined to be very high priority.
The amount of risk determined numerically that is acceptable for a
6.
project.
Situation where stakeholder Risk Ratings and Risk Scores are
7.
impacted by perceptions.
The two most effective ways to accomplish Perform Qualitative Risk
8.
Analysis.
9. The cumulative value of all Risk Scores.
A key planning tool that must be updated at the completion of
10.
Perform Qualitative Risk Analysis.
A key input that facilitates performance of the Perform Qualitative
11.
Risk Analysis activity.
Situation occurs when stakeholders intentionally try to manipulate
12.
and impact Risk Ratings and Risk Scores.
13. A list of risks determined to be a lower priority than others.
The numeric values assigned to show the probability and impact of a
14.
risk event.
Standard Probability and Risk Matrix that shows ratings and overall
15.
priority determinations.
A numeric Risk Rating that expresses the consequences to a project if
16.
a risk occurs.

Activity 4: Choose from the following:

******ebook converter DEMO Watermarks*******
 1. Path Convergence

2. Meetings and Interviews

3. Watch List

4. Urgent List

5. Risk Exposure

6. Risk Rating

7. Project Risk Score

8. Risk Score

9. Risk Rating within Project

10. Motivational Bias

11. Cognitive Bias

12. Lookup Table

13. Probability

14. Impact

15. Risk Register

16. Scope Statement

******ebook converter DEMO Watermarks*******
******ebook converter DEMO Watermarks*******
******ebook converter DEMO Watermarks*******
Chapter 5: Perform Quantitative
Risk Analysis

******ebook converter DEMO Watermarks*******

Step 4: Perform Quantitative Risk
Analysis
Perform Quantitative Risk Analysis is the fourth step in the Risk Management
Process and keys on numerical analysis. Perform Quantitative Risk Analysis uses
the updated Risk Register from Perform Qualitative Risk Analysis and provides an
objective analysis of risk factors and their potential to impact a project.

Here are specific objectives of Quantitative Risk Analysis as defined in the

PMBOK® Guide:

Quantify possible project outcomes and probabilities. Quantitative Risk

Analysis considers the impact of multiple risks on desired project objectives
or outcomes simultaneously. This activity analyzes the effects of risk that may
substantially impact the project’s competing demands.

Analyze pessimistic, most likely and optimistic scenarios using Three-Point

Estimating methods. (Includes Program Evaluation Review Technique or PERT)

Assess the probability of achieving specific project objectives. Tools such as

Monte Carlo which provides specific timeframes or points when risk potential
is highest, or Standard Deviation Analysis are quite effective for simulating
probabilities of response.

Identify risks requiring the most attention by quantifying their relative

contribution to overall project risk.

Identify realistic and achievable cost, schedule, scope, and quality targets in
light of risk. Determine Contingency Reserves required for responses to risks.

Determine the best project management decision when some conditions or

outcomes are uncertain. Make decisions based on objective, rather than
subjective data.

******ebook converter DEMO Watermarks*******

Note that Perform Quantitative Risk Analysis is not always accomplished. Perform
Qualitative Risk Analysis is always mandatory. Considerations to perform
Quantitative Risk Analysis include:

Cost, length, or relative priority of the project.

Time and effort required versus benefits to be received.

Complexity of the project and decisions to make a Go/No Go decision.

******ebook converter DEMO Watermarks*******

Perform Quantitative Risk Analysis
Process
The Perform Quantitative Risk Analysis process consists of inputs, tools and
techniques, and outputs shown below:

******ebook converter DEMO Watermarks*******

Perform Quantitative Risk Analysis:
Inputs
There are a number of inputs required to successfully Perform Qualitative Risk
Analysis. These are defined in the table below.

Input Applicability
Risk
Defines roles and responsibilities and methodologies to evaluate
Management
risks.
Plan
Provides the initial list of risks to be evaluated. The Risk Register
Risk Register
will be updated during this activity.
Cost Sets format and criteria for planning, structuring, estimating,
Management budgeting, and controlling project costs. Controls help establish
Plan approach to Quantitative Risk Analysis of the budget or cost plan.
Sets format and criteria for developing and controlling the project
Schedule
schedule. Controls and nature of the schedule itself will help
Management
structure an approach to Quantitative Risk Analysis of the
Plan
schedule.
Includes risk databases, historical information, studies of previous
Organizational
projects, templates, Lessons Learned, etc. May include Risk Rating
Process Assets
rules.

******ebook converter DEMO Watermarks*******

Perform Quantitative Risk Analysis:
Tools and Techniques
PMI divides tools and techniques into two broad categories.

******ebook converter DEMO Watermarks*******

Data Gathering and Representation
Techniques
Interviewing: Interviewing expert stakeholders is a common method used to
determine risk impact. Generally, interviews are used to determine optimistic,
most likely, and pessimistic scenarios for time and cost estimates. These
estimates are used when estimating using Three Point Estimating methods such
as PERT.

Try to include a mix of open ended and prepared questions when

conducting interviews. Begin with open ended questions to gain insight
from the interviewer. Follow up with prepared questions.

Remember interviewing takes more time than other tools and techniques. It
takes time to conduct interviews with each individual stakeholder.

Probability distributions: Probability distribution estimates the potential of a

risk event to occur over a pre-described range. There are a number of
distribution types that impact risk management.

Normal Distributions: Estimating using Three-Point methods assume a

“normal” distribution. The normal distribution curve is also referred to as
the “Bell Curve”. A normal distribution model uses averages and “Sigma”
intervals to show the potential range of values over the length of the curve.

The higher the Standard Deviation, the greater the risk. Standard Deviation
is a numeric indicator that helps calculate the range of potential results. It
represents the distance we travel from the mean as we extend across a
normal distribution. The greater the range, the greater the risk. For
example, let’s assume a mean of 20. See how the range changes in the table
below when we compare a Standard Deviation of 2 to a Standard
Deviation of 3.

******ebook converter DEMO Watermarks*******

 Optimistic Most Likely Pessimistic
Sigma 3 Sigma 2 Sigma 1 Mean Sigma 1 Sigma 2 Sigma 3
14 16 18 20 (SD=2) 22 24 26
11 14 17 20 (SD=3) 23 26 29

The following represents the percentage of returns that fall within each Sigma
range assuming a normal distribution or bell curve.

1 Sigma: Results occur within 1 Sigma 68.26% of the time. In estimating,

we assume returns fall within 1 Sigma of the mean 4 out of 6 times. In the
example above, results using a Standard Deviation of 2 range from 18 to
22 at 1 Sigma. The range of 1 Sigma results increase from 17 to 23 when
the Standard Deviation is changed to 3. This is a greater range of results
which increases overall risk of achieving objectives.

2 Sigma: Results occur within 2 Sigma 95.46% of the time. In the example
above, results using a Standard Deviation of 2 are 16 to 24 at 2 Sigma. The
range in 2 Sigma increases from 14 to 26 when Standard Deviation is
increased to 3. Risk increases as the Standard Deviation increases.

3 Sigma: Results occur within 3 Sigma 99.73% of the time. In estimating,

we assume returns fall within the 2 and 3 Sigma range on each side of the
mean one out of six times. In the example above, results using a Standard
Deviation of 2 range from 14 to 26 at 3 Sigma. However, the range
increases from 11 to 29 when the Standard Deviation is increased to 3.
Risk increases even more.

******ebook converter DEMO Watermarks*******

 6 Sigma: Equals 99.99985 (3.4 defects per million). Know this value for
test taking purposes.

Uniform Distributions are used in Perform Quantitative Risk Analysis as well.

Risk is normally uniform in the early design stages of a project. Distribution
becomes non-uniform in the later stages. Here is an illustration of a uniform
distribution model:

Triangular Distributions illustrate where probability peaks at the mean. There

is a fast decrease in probability as results move away from the mean.

******ebook converter DEMO Watermarks*******

 Beta Distributions show where probability peaks on either side of the mean.

Three Point Estimating and PERT: Three Point Estimating uses the optimistic,
most likely, and pessimistic vales provided by experts to determine the best
estimate. The following example illustrates this concept.

******ebook converter DEMO Watermarks*******

Estimate to Complete Activity Number of Days Estimated
Optimistic 5 Days
Most Likely 10 Days
Pessimistic 21 Days

Three Point Averaging takes the three estimates and averages them to
determine the best estimate. Using the example above, add 5 + 10 + 21 = 36.
Divide by 3 to determine the average (36/3 = 12). The best estimate equals 12
days. This is the default method on the PMI-RMP certification test.

PERT: A second iteration of Three-Point Estimating is a weighted average

using PERT. PERT assumes results fall within a standard distribution. The
formula for calculating an estimate using PERT follows:

Standard Deviation: Standard Deviation can be calculated using optimistic,

most likely, and pessimistic values. The formula follows:

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Quantitative Risk Analysis and
Modeling Techniques
Sensitivity Analysis: Sensitivity Analysis uses several what if scenarios to
calculate potential results. Sensitivity Analysis is a modeling technique that
helps determine which risks have the greatest impact on a project. Sensitivity
Analysis and What If Scenario Analysis both use Monte Carlo as a tool and
technique.

Monte Carlo uses optimistic, most likely and pessimistic estimates to

determine the probability of meeting cost and/or schedule objectives.

A Tornado Diagram is generally the result of Sensitivity Analysis. A

Tornado Diagram shows a single factor such as Net Present Value (NPV).
It then visually displays variables that can impact the single variable. Here
is an example:

Monte Carlo: The results of data gathering and representation techniques are
often recorded using a variety of modeling techniques An example of a typical

******ebook converter DEMO Watermarks*******

 model that shows a project’s potential to satisfy certain organizational cost
objectives follows:

Expected Monetary Value (EMV): This is a method used widely to establish

Contingency Reserve requirements for both budget and schedule. EMV is
quantified by multiplying probability times the best or worst case cost/time
scenario. Recall that risk can be positive or negative. EMV provides the
“Expected Monetary Value” of risk. Here is a sample scenario to illustrate
EMV.

Four risks impact Project XYZ. They are risks A, B, C, and D.

Risk A has a 30% chance of occurring and will cost the project
$40,000. This is a negative risk. Using EMV, calculate the required
Contingency Reserves for risk A as (.3 x $40,000 = $12,000). Add
this amount to the project budget.

******ebook converter DEMO Watermarks*******

 Risk B has a 40% chance of occurring and will save the project
($10,000). (Numbers in parenthesis indicate a positive risk. Dollars
are subtracted from your overall Contingency Reserve totals). This is
a positive risk. Calculate (.4 x $10,000 = $4000). Subtract this
amount from the project budget.

Risk C has 75% chance of occurring and will cost the project
$60,000. This is a negative risk. Calculate (.75 x $60,000 = $45,000).
Add this amount.

Risk D has a 50% chance of occurring and will cost the project
$30,000. Calculate (.5 x $30,000 = $15,000). Add this amount.

How much in Contingency Reserves is needed for this project? Add up all
negative and positive risk EMV totals. Total Contingency Reserve requirements
equal $68,000.

Contingency $
Risk Probability Maximum Dollar Impact of Risk
Required
A 30% $40,000 $12,000
B 40% ($10,000) ($4,000)
C 75% $60,000 $45,000
D 50% $30,000 $15,000
We add $68,000 to our project budget for Contingency
Total $68,000
Reserve needs.

Here is a variation to the previous scenario. If Risk D occurs, how much is left
in Contingency Reserves? The project started with $68,000 in Contingency
Reserves. A total of $30,000 was required to pay for negative Risk D. There is
now $38,000 remaining in Contingency Reserves.

Here is a second variation. If Risk B occurs, how much is left in the contingency
fund? The project started with $68,000 in Contingency Reserves. The project
gained $10,000 from positive Risk B. There is now $78,000 remaining in
******ebook converter DEMO Watermarks*******
 Contingency Reserves after this credit is added.

Decision Tree Analysis: Decision Tree Analysis describes a scenario under

consideration and uses available data to determine the most economic approach.
The primary objective of Decision Tree Analysis is selecting the scenario that
provides the best overall Expected Monetary Value (EMV). This is the highest
EMV return, or lowest EMV costs. It should be noted that Decision Tree
Analysis is considered as the most effective tool for development of
appropriate risk responses.

The following are some basic EMV scenarios:

Return + Return: A project has a fixed return of $100,000. There is a 20%

chance of additional returns of $50,000 if the project finishes ahead of schedule.
What is the value?

($100,000 + (.2 x $50,000)) = ($100,000 + $10,000) = $110,000.

Return - Cost: A project has a guaranteed return of $200,000. There is a 40%

chance that returns will be reduced by $80,000 due to cost overruns. What is the
revised return projection?

($200,000 - (.4 x $80,000)) = ($200,000 - $32,000) = $168,000.

Cost + Cost: A project has a set cost of $60,000. There is a 60% chance of
incurring additional costs of $40,000 due to shipping delays. What is the total
cost estimate?

($60,000 + (.6 x $40,000)) = ($60,000 + $24,000) = $84,000.

Comparisons: Two scenarios may be presented on the exam. Always choose the
option with the lowest costs or highest returns.

A Decision Tree Diagram may be presented. Test takers will be asked to

******ebook converter DEMO Watermarks*******
 analyze the scenarios presented, and choose the option providing highest returns
or lowest costs. The following example illustrates a “make or buy” decision.
The make value is $17M. The buy value is $32M. In this case, you choose the
buy scenario.

Make Decision: (.3 x $180M) + (.7 x $90M) - $100M = $17M

Buy Decision: (.3 x $120M) + (.7 x $80M) - $60M = $32M

******ebook converter DEMO Watermarks*******

Perform Quantitative Risk Analysis
Output: Update the Risk Register
The Risk Register is updated once again at the end of this step. Quantitative
Risk Analysis defines the probabilities of meeting defined cost and/or schedule
goals. Update probability and impact of the risks that most influence project goals
either positively or negatively.

Potential Risk Register updates may include, but are not limited to:

Probabilistic analysis of a project: What are potential time and cost outcomes
based on mathematical criteria and analysis?

Probability of achieving cost and time objectives: Quantitative Risk Analysis

allows factoring risk of into budget and schedule estimates. Adjusted data can
be compared against original cost and time estimates.

Prioritized list of quantified risks: What risks are most likely to occur based on
new numeric analysis results?

Trends in quantified risk analysis: A trend of mathematical outcomes may be

necessitated to determine if the impact of risk is decreasing or increasing as the
project progresses.

The Risk Register is updated based on the results of Perform Quantitative Risk
Analysis as shown in the figure below. Note that Perform Quantitative Risk
Analysis is Step 4 in the Risk Management Process.

Risk Risk Probability Impact Risk Risk

Risk Cause Category
Owner Response Risk Rating Rating Score
Update in Step Update in Update in
Initial Initial
4 Step 4 Step 4
Update in Step Update in Update in
4 Step 4 Step 4
******ebook converter DEMO Watermarks*******
 The Risk Register is updated at the conclusion of Perform Quantitative Risk
Analysis.

******ebook converter DEMO Watermarks*******

Perform Qualitative Risk Analysis:
Keys to Success
Perform Qualitative Risk Analysis: Perform Qualitative Risk Analysis before
accomplishing Perform Quantitative Risk Analysis. Ensure the highest priority
risks are evaluated during this activity for their impact on the project. Perform
Qualitative Risk Analysis provides initial risk prioritization.

Modeling: Quantitative Risk Analysis uses models. Select the right model that
supports project analysis needs such as project schedules, individual cost
estimates, decision trees, etc.

Quality Data: Quantitative Risk Analysis is objective. Ensure data sources are
accurate and unbiased. Use tools and techniques such as interviews that help
attain expert input.

Bias: It is important to reduce cognitive and motivational bias as defined

earlier. Try to find unbiased sources to help score risks as accurately as
possible.

Relationships: Look for relationships between multiple risks. Know how one
risk may impact or lead to others.

Repeating: It is a best practice to re-accomplish Quantitative Risk Analysis at

the completion of Plan Risk Responses. This iterative practice is part of the
Monitor and Control Risks process.

******ebook converter DEMO Watermarks*******

Qualitative Versus Quantitative Risk
Analysis
Perform Qualitative Risk Analysis is always performed. Perform Quantitative
Risk Analysis is situational. The table below shares key distinctions between the two
risk analysis processes. These distinctions must be understood for testing purposes.

Perform Qualitative Risk

Perform Quantitative Risk Analysis
Analysis
Subjective. Objective.
Accomplished when there is value to expend time and
Always accomplished.
effort.
Fast. Takes time and expertise.
Addresses individual Predicts likely outcomes based on review of multiple
risks. risks.
Scores risks using Uses numerical analysis such as Probability
probability x impact. Distribution, EMV, Decision Trees, etc.
Prioritizes individual Identifies risks with greatest impact to project
risks. objectives.
Output is a prioritized list Output is probability of meeting defined project
of risks. outcomes.
Risk Register is updated at the conclusion of both activities.

******ebook converter DEMO Watermarks*******

Activity 5: Perform Quantitative
Risk Analysis
Directions: Complete the activities below. Answers are provided in Appendix A.

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Part I: Three Point Estimating
Three estimates are given. Calculate the best estimate using Three Point averaging
and Three Point PERT. Then calculate the Standard Deviation.

Estimate to Complete Activity Number of Days Estimated

Pessimistic 28 Days
Most Likely 12 Days
Optimistic 8 Days

Three Point Averaging

PERT
Standard Deviation

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Part II: EMV
Five risks impacting your project are identified as follows. How much in total
Contingency Reserves should be requested?

RISK PROBABILITY IMPACT EMV

A 10% ($20,000)
B 40% $30,000
C 30% $27,000
D 50% $18,000
E 25% $44,000
TOTAL

Risk D occurs. How much remains in the Contingency Reserves?

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Part III: Monte Carlo Analysis
What is the probability of achieving a goal of spending $40M?

The organization wants to have an 80% probability of achieving cost objectives.

What is the cost to achieve 80%?

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Part IV: Decision Tree
What is the EMV of the Make decision?

What is the EMV of the Buy decision?

What is the best decision based on EMV?

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Chapter 6: Plan Risk Responses

******ebook converter DEMO Watermarks*******

Step 5: Plan Risk Responses
Plan Risk Responses is the fifth step in the Risk Management Process. The
primary objectives are to validate risk responses and Risk Owners identified during
the Identify Risks activity, or develop risk responses for risks on the Urgent List and
assign Risk Owners if not previously accomplished.

Seven distinct responses can be taken to address risk. Three responses are
reserved for negative risks. Three responses are reserved for positive risks. One
response is used for both negative and positive risks. An in-depth review of each
response will be discussed in the tools and techniques section.

Risk Owners are confirmed or assigned during Plan Risk Responses. Risk
Owners develop responses, monitor risk status, and implement Contingency
Plans and Fallback Plans if required. Risk Owners can be any stakeholder in the
project. They are BEST used during Plan Risk Responses and Monitor and
Control Risks.

You may encounter a definition of a Risk Action Owner. This individual is

assigned by a Risk Owner to help implement approved risk responses.

The primary response to a risk is referred to as either a Contingency Plan or a

Risk Response Plan. You may wish to develop a secondary plan should the
Contingency Plan fail called a Fallback Plan. There may be times when
Contingency Plans or Fallback Plans cannot be developed. The risk must be
accepted when this is the case.

Document Secondary Risks in the Risk Register as well. A Secondary Risk is

one that results from a risk response. For example, a response to use a vendor to
perform project work could lead to potential vendor management risks.
Document the vendor management risks as Secondary Risks. A Secondary Risk
should NEVER have a higher Risk Rating than the primary risk it is associated
with.

Residual Risks must be accounted for as well. A Residual Risk is one that
remains after a Risk Response Plan or Contingency Plan is implemented. For

******ebook converter DEMO Watermarks*******

 example, a response may address 80% of the risk impact. The remaining 20%
represents the Residual Risk. Contingency Plans or Fallback Plans should be in
place to respond to known Residual Risks. New Residual Risks may be
discovered during a Risk Audit. If so, log the Residual Risk on the Risk
Register and Perform Qualitative Risk Analysis.

The Plan Risk Response activity can lead to a Go/No Go decision. A No Go

decision could occur if there are critical risks for which no responses can be
developed. A No Go decision could also result if the Project Risk Score was
well above acceptable thresholds and there was little you could do to address
the situation.

The level of detail defined in a risk response should be based on the priority
of the risk. A high priority risk would warrant greater levels of detail than a
lower priority risk.

Risk responses may lead to additional work that could cause the Schedule
Baseline and/or Cost Performance Baseline to change. Solicit approval for this
type of risk response from the Project Sponsor.

An overview of the end to end Plan Risk Response Process follows:

1. All risks should be identified in the Risk Register. Generally, responses are

******ebook converter DEMO Watermarks*******

 developed for those risks listed on the Urgent List.

2. Risk Owners are identified initially during the Identify Risks activity. They are
confirmed during the Plan Risk Responses activity.

3. Risk Owners develop Contingency Plans or Risk Response Plans. They also
identify potential triggers. Triggers are any event that provide an early warning
that a risk is about to occur. The response plan is implemented when a trigger
occurs.

4. Fallback Plans are also developed by the Risk Owner. These plans are
implemented if the Contingency Plan does not provide the desired response.

5. Risk Owners monitor all risks they are assigned as owners for. They provide
periodic status updates as required. They respond to risks when required. They
team with Risk Action Owners when responding.

******ebook converter DEMO Watermarks*******

Plan Risk Responses Process
The Plan Risk Responses process consists of inputs, tools and techniques, and
outputs shown below:

******ebook converter DEMO Watermarks*******

Plan Risk Responses: Inputs
There are only two inputs required to complete the Plan Risk Responses
activity. Both are outputs of previous Risk Management Process activities.

Input Applicability
Risk
Defines roles and responsibilities and methodologies to evaluate
Management
risks.
Plan
Provides the initial list of risks to be evaluated. The Risk Register
Risk Register
will be updated during this activity.

******ebook converter DEMO Watermarks*******

Plan Risk Responses: Tools and
Techniques
Tools and techniques are used to develop risk responses. Here is a list of
applicable tools and techniques supporting this activity.

Contingent Response Strategies: There are times when events happen that
indicate a risk will soon occur. These events are called predefined conditions
or triggers. When triggers occur, initiate your Risk Response Plan. For
example, the project defines a contingency response strategy to order 10,000
spare parts from vendor B if vendor A misses planned shipments of spare parts
by more than two days. The trigger occurs when vendor A misses the shipment
by more than two days.

Strategies for Negative Risks and Threats: There are four strategies for
dealing with negative risks. They include:

Avoid (Avoidance): The focus of this strategy is to eliminate the cause of

the risk. Try to take action to ensure the risk does not occur. This is often
accomplished by removing people and/or activities.

Transfer (Transference): This response transfers accountability and

responsibility of a risk to a third party. The third party actually performs
the work or takes accountability. There is normally a cost incurred when
using the transfer or transference response. A prime example of
transference is the purchase of insurance.

Mitigate (Mitigation): This response takes actions to reduce the

probability of the risk occurring, or the impact of risk if it occurs. This
could be thought of as developing a Plan B. An example is training. We try
to reduce the probability and impact of employees performing poorly on
the job by training them.

Accept (Acceptance): This response entails taking no immediate action

until the risk occurs. There are two types of acceptance strategies listed
below. One is passive and the other is active.
******ebook converter DEMO Watermarks*******
 Acceptance is a response strategy appropriate for BOTH negative and
positive risks.

A Contingency Plan or Fallback Plan may be developed for a risk you

plan to accept. However, the response will not be initiated until the
risk occurs.

Acceptance is often the only choice when risks are generated from
external sources, or when risk responses are beyond the control of the
Project Manager.

Passive Acceptance: This type of acceptance occurs when no

Contingency Plans are created to address the risk.

Active Acceptance: Develop Contingency Plans to address the risk

when it occurs. Active Acceptance is a solid option when necessary
to convince risk averse stakeholders that a response plan for accepted
risks is in place.

Strategies for Positive Risks or Opportunities: There are four strategies for
dealing with positive risks. They include:

Exploit (Exploitation): This is a response that takes action to make a

cause occur. Steps are taken to ensure the risk happens. It may require
additional time or resources to use the exploit response method. This is the
opposite of the avoid response.

Share (Sharing): This response enlists the support of a third party to take
advantage of the opportunities presented by a positive risk event.
Partnering with a third party allows both parties to share in the benefits.
This is the opposite of the transfer response.

Teaming Agreements are an example of a share response. These

agreements are quite common between established sellers and buyers
with a long-term relationship. Teaming can occur between external
******ebook converter DEMO Watermarks*******
 and internal stakeholders.

Enhance (Enhancing): This response aims to increase the probability of

the risk occurring or the impact of a risk if it occurs. Incentives are a
common example of an enhance response. This is the opposite of the
mitigate response.

Crashing is a common form of enhancement or mitigation. However,

crashing can increase costs of the project.

Accept (Acceptance): Acceptance is a feasible risk response for both

negative and positive risks.

Here is a visual to aid in understanding specific risk response types and when
they are potentially applied. Plan Risk Responses is Step 5 in the Risk Management
Process as defined in the PMBOK® Guide Chapter 11.

******ebook converter DEMO Watermarks*******

Plan Risk Responses: Outputs
There are four outputs from the Plan Risk Responses activity.

Risk Register Updates: We update the “Risk Owner” and “Risk Response”
sections of the Risk Register at the completion of this step. Residual Risks and
Secondary Risks are also documented.

Risk Related Contractual Decisions: Some responses may result in the need
for third party support. Contractual decisions outline the need for a third party to
support a Risk Response Plan.

Project Management Plan Updates: Update the Risk Register and/or the Risk
Management Plan as required at the conclusion of Plan Risk Responses. A
number of other key project management planning documents are also updated
as a result of Risk Management Process activities.

Project Document Updates: Risk integrates with many other areas. Updating
project documents is a potential result of Plan Risk Responses.

The figure below shows specific areas in the Risk Register updated after step 5
of the Risk Management Process.

Risk Risk Probability Impact Risk

Risk Cause Category
Owner Response Risk Rating Risk Rating Score
Update in Update Update Step Update
Update Step 5
Step 5 Step 5 5 Step 5
Update in Update Update Step Update
Update Step 5
Step 5 Step 5 5 Step 5
Risk Owners and risk responses may be updated at the conclusion of the Plan Risk
Responses activity. Risk Ratings and Risk Scores may be updated based on
responses developed as well.

******ebook converter DEMO Watermarks*******

Plan Risk Responses: Keys to
Success
People: Ensure risk responses are communicated with impacted stakeholders.
Ensure all key stakeholders understand their specific roles and responsibilities.
Do not assume!

Planning: Base the detail of risk responses on the priority of the risk. Ensure
key criteria as timing, resource needs, budget impacts, and schedule
implications are addressed. Remember that the Risk Owner should develop,
manage, and implement risk responses. Risk Action Owners assist Risk Owners
during responses.

Consistency: Ensure responses are consistent with organizational values,

project objectives, and stakeholder expectations. Ensure responses are
technically feasible and can be accomplished as planned.

Analysis: Ensure the link between the risk and the risk response is clear. Solicit
agreement and buy-in for all responses from applicable stakeholders.

Opportunities and Threats: Remember there are two classifications of risk.

Develop responses for both positive and negative risks.

Documentation Updates: Ensure that agreed upon responses are integrated into
the Project Management Plan. Ensure technical documentation is updated as new
information becomes available through risk responses.

Project Manager Support: The Risk Owner is responsible to implement

Contingency Plans. The Project Manager should respect this role and not get
involved unless absolutely necessary. The Project Manager should adjust the
severity of the Risk Response Plan if necessary during implementation.

******ebook converter DEMO Watermarks*******

Activity 6: Plan Risk Responses
Read the scenarios. Which risk strategy should be used in each scenario? Answers
are found in Appendix A. Choose Avoid, Transfer, Mitigate, Accept, Exploit,
Share, or Enhance.

Response
Scenario Being
Used
You determine a planned feature is not technically feasible. You
A.
eliminate the feature from the project scope.
You can get a 10% discount from a key supplier if you order 100,000
units. Your project requires 80,000 units. You contact other Project
B.
Managers to determine if there are needs for the additional units to
gain the discount.
There is an opportunity to save over $10,000 if you accept a seller’s
C. offer. Your team agrees the offer is good, but determines not to pursue
it at this time.
You learn of an opportunity to cut three weeks off your project
D. schedule. Resources are available that allow you to crash key critical
activities to increase the probability of achieving the time savings.
You learn that a competitor is attempting to replicate one of your key
products. You add additional technical features that cannot be
E.
duplicated which will prevent the competitor from building a like
product.
You add incentives to increase the probability of early completion of
F.
a key work package by a critical vendor.
Your team does not have the expertise to eliminate a key safety risk.
G. You spend $10,000 to enlist the support of a third party vendor who
will respond to the risk.
You learn that a new external regulation was discovered that adds
H. risk to completing your project within budget. You determine that you
will deal with any risks that materialize when they occur.
A new Project Manager heard there is a risk response that can be
I.
used to address both positive and negative risks.
There are two key risks to your project schedule. You develop a
J. training program to respond to the first. For the second risk, you
develop a prototype which will enhance testing.

******ebook converter DEMO Watermarks*******

K. You develop some Teaming Agreements with a key supplier to
improve levels of cooperation and improve Return on Investment.
You are told there are four potential responses to address negative
L. risks or threats. You remember accept, transfer, and avoid. Which did
you miss?
You add an additional vendor at a cost of $25,000 with the expertise
M. to ensure an identified risk event occurs that will lead to
opportunities to reduce time spent on critical path activities.

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Chapter 7: Monitor and Control
Risks

******ebook converter DEMO Watermarks*******

Step 6: Monitor and Control Risks
Monitor and Control Risks is the sixth and final step in the Risk Management
Process. This activity is the “C” in the PIER-C methodology.

Risk is an iterative process. Risk factors come and go and conditions continually
change. Note that risk is not a one-time activity! The ultimate goal of Monitor and
Control Risks is to stay current on project risk. Risk Monitoring and Control is the
process of:

Ensuring the effectiveness of the Project Risk Management Process

Tracking identified risks

Monitoring Residual Risks and Secondary Risks

Identifying, analyzing, and planning for new risks

Keeping track of risks listed on the Risk Register “Watch List”

Reanalyzing existing risks as conditions change

Monitoring risk trigger conditions

Implementing Risk Response Plans as needed

Evaluating effectiveness of risk responses

Updating the Risk Register as required

Submitting formal changes when necessary to update Contingency Plans

******ebook converter DEMO Watermarks*******

A Project Manager may be called upon to respond to a previously unidentified or
unknown risk. This response is defined as a workaround.

It should be noted that this is the only activity in Project Risk Management that is not
part of the Planning Process Group. Monitor and Control Risks falls under the
Monitoring and Controlling Process Group.

******ebook converter DEMO Watermarks*******

Monitor and Control Risk Process
The Monitor and Control Risk process consists of inputs, tools and techniques,
and outputs shown below:

******ebook converter DEMO Watermarks*******

Monitor and Control Risk: Inputs
There are four inputs required to conduct the Monitor and Control Risk activity.

Input Applicability
Risk Provides the initial list of risks to be evaluated. The Risk Register
Register will be added to during this activity.
Project
This is the approved plan that contains the Risk Management Plan
Management
which describes methodology, roles, reserve considerations, etc.
Plan
Work This is an activity or work package based status that describes
Performance deliverable status, schedule progress, and costs incurred. You can
Information determine if risk is a factor.
These reports include Earned Value Technique data such as schedule
Performance
and cost status. They also include forecasting data which is critical to
Reports
recognition and control of risks.

******ebook converter DEMO Watermarks*******

Monitor and Control Risks: Tools
and Techniques
There are key tools and techniques that are used to Monitor and Control Risk.

Risk Reassessment: Risk Monitoring and Control often identifies new risks
and requires reassessment of existing risks. In addition, risks that are outdated
should be closed. Risk Reassessment also ensures new risks are identified when
changes to the project are made.

A Risk Review is used to analyze potential risk responses to see if they are
still appropriate. This is a part of Risk Reassessment. A Risk Review may
include changing the order or priority of risks, adjusting the severity of
existing risks, or monitoring Residual Risks.

Many events can drive the need for Risk Reassessment. These events
include occurrences of unknown risks, evaluation of change requests,
project replanning, or conducting a phase end review. Requirements for
Risk Reassessment should be included in the Risk Management Plan.

Risk Audits: Risk Audits examine responses to risk and answer the question,
“How did we do?” Risk Audits also measure the overall effectiveness of the
Risk Management Process. Periodic Risk Audits should be performed to
evaluate the strengths and weaknesses of the overall Risk Management Process.
Risk Audit requirements are also identified in the Risk Management Plan.

Variance and Trend Analysis: Trends should be observed and deviations

noted. This tool and technique compares planned results with actual results.
PMI contends that Earned Value Technique is an effective method to perform
this analysis.

Technical Performance Measurement: The Quality Management Plan defines

targets, metrics, etc. Technical performance measurement determines if the
actual technical performance achieved matches planned technical performance
specifications.
******ebook converter DEMO Watermarks*******
 Reserve Analysis: Management Reserves or Contingency Reserves for risk
may or may not be granted. If provided, the Project Manager must manage the
reserves and ensure they are allocated ONLY in the event of risk occurrence.
There are some who will look upon this reserve as a great source for extras.
Remember that Management Reserves are designated for unknown unknowns
(Unknown Risks) while Contingency Reserves are designated for known
unknowns (Known Risks).

Status Meetings: Some portion of status meetings, or a separate meeting, is

essential to address risks. Risks should be treated with importance, rather than
as a “by the way” subject. PMI recommends a weekly meeting to discuss risk.
Periodic meetings will allow stakeholders to identify newly discovered risks
throughout the life of the project.

******ebook converter DEMO Watermarks*******

Monitor and Control Risks: Outputs
The key outputs of the Monitor and Control Risk activity include updates and change
requests. A review of each output in more detail follows:

Risk Register Updates: The outcomes of Risk Reassessment and Risk Audits
may lead to updates. Actual outcomes from responses may require changes to
the Risk Register.

Organizational Process Asset Updates: Lessons Learned may lead to updated

Risk Breakdown Structures. Other project management templates may require
updates as well.

Change Requests: Corrective or preventative change requests may be required

to change Contingency Plans or Fallback Plans.

Change requests may also be required to bring a project into compliance

with the Project Management Plan. This is especially true when Gold
Platers cause Scope Creep. We discuss these two definitions further during
our discussion of Project Scope Management in Chapter 9 of this book.

Project Management Plan and Document Updates: The Risk Management

Plan, Risk Register, and other key project management planning documents may
require updates. These are all living documents.

******ebook converter DEMO Watermarks*******

Monitor and Control Risks: Keys to
Success
Integration: Ensure Monitor and Control Risk processes are included as part of
the approved and accepted Project Management Plan. The Risk Management
Plan should define key Monitor and Control Risk activities.

Communication: Maintain open and honest communications with Risk Owners

and Risk Action Owners.

Include all key stakeholders when communicating risk status information.

The project Risk Register should be available anytime to all stakeholders.

Watch for triggers that signal the onset of risks. Add new triggers for risks
as they are identified. Develop Contingent Response Strategies.

Awareness: Ensure current risk status is included as an agenda item in project

status meetings. Ensure that the value of risk management activities is
evangelized in a manner that helps maintain stakeholder commitment to the
process.

Reserve Management: Track Contingency Reserves and Management Reserves.

Ensure there are adequate reserves remaining and are used for their designated
purpose. Request additional Contingency Reserves when needed. Return
Contingency Reserves no longer required when risks are closed.

Updates: Ensure all changes are reflected in the Risk Register. Add new risks,
reprioritize existing risks, and eliminate risks no longer applicable.

Lessons Learned: Take the time to record what is learned for the use of future
Project Managers. Record both positive and negative risk related lessons. PMI
recommends that Lessons Learned sessions be conducted when completing key
project phases or meeting essential project milestones. History does repeat
itself! Lessons Learned help ensure positive history is repeated and negative
history is prevented.
******ebook converter DEMO Watermarks*******
 history is prevented.

******ebook converter DEMO Watermarks*******

Activity 7: Monitor and Control Risk
Concepts
Directions: There are key definitions and concepts discussed in the Monitor and
Control Risks activity. Match the definition to the responses provided. Answers are
found in Appendix A.

Monitor and Control Risk Definition and Concept Activity Response

1. Provides reserves to support risk identified on the Risk Register.
Examines and documents the effectiveness of risk responses and the
2.
overall Risk Management Process.
Risks that result directly from implementing a planned Contingency
3.
Plan.
4. Provides funds to support Emergent Risks.
May be required to request reserves for a newly identified risk
5.
response.
Part of a Risk Reassessment that may include changing the order or
6. priority of risks, adjusting the severity of existing risks, or monitoring
residual risks.
Risks that remain after implementing a planned Risk Response Plan.
7.
They must be accounted for on the Risk Register.
Compares project technical accomplishments to the schedule defining
8.
when technical achievement is required.
A process that identifies new risks, reassesses current risks, and
9.
closes out risks that are no longer applicable.

Activity 7: Choose from the following:

1. Risk Review

2. Risk Audit

3. Risk Reassessment

4. Residual Risks
******ebook converter DEMO Watermarks*******
 5. Secondary Risks

6. Change Requests

7. Management Reserves

8. Contingency Reserves

9. Technical Performance Measurement

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Chapter 8: Risk Governance
Risk Governance is a specific area in the PMI-RMP Body of Knowledge. This
section provides general concepts covered in the PMI-RMP certification exam.

******ebook converter DEMO Watermarks*******

General Risk Governance Concepts
Risk Governance is the process of ensuring risk policies and procedures are
understood, followed, consistently applied, and effective. Risk Governance may be
implemented by the Project Manager, a PMO, or even a specific organizational Risk
Governance body. Actual ownership is based on the priority, size, and importance of
the project.

Risk Governance includes any tools, techniques and outputs from the Monitor
and Control Risks activity.

Risk Governance looks at the complex web of actors, rules, policy, procedures,
and methods regarding risk information collection, communication, analysis, and
how decisions are made.

Risk Governance keys on consistent risk assessment, risk management, and risk
communication.

Risk Governance ensures the goals and objectives of the Board of Directors and
company stockholders are met.

Risk Governance may include creation of standard policies and procedures to

ensure risk compliance. These policies may impact areas such as:

Required levels of sponsorship based on key considerations such as cost of

projects, priorities, etc.

Standard templates, Resource Breakdown Structures, Organizational Process

Assets, or risk processes.

Organizational risk tolerance standards and/or risk category thresholds.

Standardized quality management planning to include metric, target, and Process

Improvement Plan development.
******ebook converter DEMO Watermarks*******
 Creation of metrics to guide organizational risk management activities.

Standardized Risk Management Planning to include Risk Breakdown Structures

and methods to identify risks. Standardized processing of Lessons Learned. Data
collection and standard Corporate Knowledge Base direction.

Standardized policies and procedures regarding Risk Reassessments, Risk

Reviews, and Risk Audits.

Policies and procedures to conduct and share Lessons Learned. Lessons

Learned should include what went well, what can go better, and what can be
done differently in the future.

There are two organizations that impact Risk Governance to be aware of:

Risk Governance may follow principles defined by the International Risk

Governance Council (IRGC). This organization’s primary goal is to facilitate
understanding and manage risks that impact society, human health, safety, and the
environment as a whole.

PMI strives to be compatible with approaches defined by the International

Organization for Standardization or ISO. ISO develops standards based on
best practices and encourages their use by all who subscribe to ISO
methodology. ISO guides the PMI basic approach to quality management to
include standardized tools as Six Sigma, Total Quality Management (TQM), and
FMEA.

Risk Governance ensures risk management efforts are focused to meet

organizational needs. It ensures there is a cultural norm that supports risk
management activities.

******ebook converter DEMO Watermarks*******

Other Governance Areas
Earned Value Technique

A key consideration of Risk Governance is performance reporting. Earned Value

Technique is PMI’s preferred method of performance reporting.

There are a few key terms that must be understood to calculate Earned Value
Technique.

Earned Value (EV) is the value of work performed. A typical calculation may
look like this: 65% of a $100,000 project is complete. Multiply .65 x $100,000
to determine the EV. EV = $65,000.

Planned Value (PV) is the amount of budget planned to be used at a given point
in the project. It is determined that the project should be 70% complete to this
point. Multiply .7 x $100,000 to determine the PV. PV = $70,000.

Actual Costs (AC) are the actual cost of the project to date. For example, actual
costs for the sample project referenced above are $75,000.

Budget at Completion (BAC) is an expression of the total budget for the project.
Assume BAC is $100,000 for this project scenario.

The Earned Value Technique values described above are used to perform
Earned Value Technique calculations. A review of our values follows:

1. EV = $65,000

2. PV = $70,000

3. AC = $75,000

******ebook converter DEMO Watermarks*******

 4. BAC = $100,000

The illustration that follows uses these values to perform Earned Value
Technique calculations:

Earned Value Technique

Formula
Calculation
Earned Value (EV) - Planned Value (PV) $65,000 -
1. Schedule Variance (SV)
$70,000 = -$5,000
Earned Value (EV) - Actual Costs (AC) $65,000 -
2. Cost Variance (CV)
$75,000 = -$10,000
3. Schedule Performance
EV/PV $65,000/$70,000 = .93
Index (SPI)
4. Cost Performance Index
EV/AC $65,000/$75,000 = .87
(CPI)
5. Estimate to Completion Budget at Completion (BAC)/CPI $100,000/.87 =
(ETC) $114,943

Earned Value Technique notes:

1. Schedule Variance: A SV of 0 is an indicator that the project is on schedule.

Negative SV is an indicator that the project is behind schedule. The example
above of -$5,000 fits this definition. Positive SV is an indicator that the project
is ahead of schedule.

2. Cost Variance: A CV of 0 is an indicator that the project is on budget. Negative

CV is an indicator that the project is behind budget. The example above of -
$10,000 fits this definition. Positive CV is an indicator that the project is ahead
of budget.

3. Schedule Performance Index: A SPI of 1.0 is an indicator that the project is on

schedule. An SPI less than 1.0 is an indicator that the project is behind schedule.
The example above of .93 fits this definition. A SPI greater than 1.0 is an
indicator that the project is ahead of schedule.

******ebook converter DEMO Watermarks*******

 4. Cost Performance Index: A CPI of 1.0 is an indicator that the project is on
budget. A CPI less than 1.0 is an indicator that the project is behind budget. The
example above of .87 fits this definition. A CPI greater than 1.0 is an indicator
that the project is ahead of budget.

5. Estimate to Completion: The project in this scenario is behind on both

schedule and budget. The ETC based on the current trend is $114,943. This
represents a $14,943 cost overrun unless actions to counteract the situation are
taken.

******ebook converter DEMO Watermarks*******

Contract Types
Some organizations dictate certain contract type requirements as part of their
Risk Governance policy and procedure. Remember who assumes the Cost Risk for
the following contracts:

Fixed Price: A Fixed Price Contract is a price provided by a seller to complete

a contract. Cost Risk is on the seller.

A Fixed Price Contract is used when the project service or product is well
defined. A seller provides a price proposal to perform the work exactly as
described by a potential buyer. A Fixed Price Contract may be adjusted.

A Firm Fixed Price (FFP) Contract is a stricter version of a basic Fixed

Price Contract. An FFP Contract is not normally changed. The contract
price remains unchanged throughout the life of the contract.

Cost Reimbursement: A buyer proposes work and contracts the seller’s

expertise. Total costs are not known until the end of the contract. Cost Risk is on
the buyer.

A Cost Reimbursement Contract is generally used when a buyer knows the

functionality they need from a product. However, they do not have the
expertise to build the project. They are purchasing this expertise.

A Cost Plus Percentage of Cost poses highest Cost Risk to a buyer.

Time and Material: This type of contract is similar to Cost Reimbursement.

Cost Risk is on the buyer.

Time and Material Contracts are quick, short in duration, and are generally
used for services.

******ebook converter DEMO Watermarks*******

Activity 8: Risk Governance
Directions: Read the statements below. Determine if the statements are true or false.
Answers are listed in Appendix A.

True
Statement or
False
Risk Governance is accomplished primarily during the Plan Risk
1.
Management activity of the Risk Management Process.
ISO is an organization developed to inspect final project deliverables
2.
for technical compliance.
A $50,000 project is 50% complete. Actual Costs are $30,000. CPI is
3.
.83.
The buyer accepts the Cost Risk for a Cost Reimbursement type of
4.
contract.
A Cost Plus Percentage of Cost contract poses the lowest level of risk to
5.
a buyer.
Identify Risks is the process of ensuring risk policies and procedures are
6.
understood, followed, consistently applied, and effective.
A key Risk Governance activity is the development of metrics to guide
7.
organizational risk management activities.
Risk Governance is concerned with how policies and procedures are
8.
implemented rather than the creation of policies and procedures.
The primary goal of the IRGC is to facilitate understanding and manage
9. risks that impact society, human health, safety, and the environment as a
whole.
Lessons Learned meetings should be limited to discuss solely what went
10.
well and what could go better.
A quick review of your project reveals a CPI of 1.2. You should
11.
conclude your project is behind on budget.

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Chapter 9: Other Key Concepts
from the PMBOK® Guide

******ebook converter DEMO Watermarks*******

Introduction to Project
Management
There are three key areas to remember from Chapters 1 through 4 of the PMBOK®
Guide. They include:

Steps in the PMI Framework

Integrated Change Control Functions

Types of Organizations

Understand Project Environments

PMI Framework: Know the five Process Groups in the order they occur beginning
with the Initiating Process Group through the Closing Process Group.

Integrated Change Control Functions: Remember the following facts regarding

Integrated Change Control:

Integrated Change Control procedures must be defined for every project.

Procedures for reviewing changes should include identifying any new risks that
may be introduced by a recommended change.

A Change Control Log should be created as well. The Change Control Log lists
******ebook converter DEMO Watermarks*******
 all change requests processed in support of the project. It also provides status of
changes to include those approved and declined. The project Change Control
Log should be reviewed as a potential source of risks.

Communicating approval or denial of recommended changes is a vital activity

of Integrated Change Control.

Configuration Management is part of Integrated Change Control. It focuses on

controlling changes to the functional and physical characteristics of the project’s
product or service.

Types of Organizations: There are three primary organizational models to be aware

of:

Organizational Structure Key Attributes

Each employee has one manager

Staff members are grouped by specialty

FUNCTIONAL (Most
Common Form) For functional organizations, think “silo”

Team members normally communicate up and

down the silo

Team members are collocated

Organization focus is projects

PROJECTIZED Project Managers have high levels of authority

and independence

******ebook converter DEMO Watermarks*******

 Personnel are assigned and report to a Project
Manager

A blend of functional and projectized

organizations

Resources are borrowed from other functions

MATRIX (The Default for
PMI Questions)
Team members report to two bosses; Project
Manager and the Functional Manager

Three Matrix types: Strong, Balanced, and Weak

Understand Project Environments: Major considerations in this area that impact

the Risk Management Process include understanding of:

1. Cultural and Social Environment: Recognize how the project affects people
and how people affect the project. Risk that stakeholders will not buy-in to
overall project goals increases if this environment is not addressed.

2. International and Political Environment: Be familiar with applicable laws

and understand current political climates.

3. Physical Environment: Understand how the project will impact or be impacted

by the surrounding physical environment.

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Activity 9A: PMBOK® Guide
Chapter 1 through 4 Review
Read the eight true or false questions below. Answers can be found in Appendix A.

True
Question or
False
All change requests should be listed on a master Issues Log that supports
1.
the project.
The Monitoring and Controlling Process Group follows the Planning
2.
Process Group.
Configuration Management focuses on controlling changes to the project’s
3.
product or service’s functional and physical characteristics.
Team members may be obligated to report to two managers in a Matrix
4.
organizational model.
5. The focus of the Functional organizational model is on projects.
6. “Silo” is a term often associated with the Matrix organizational model.
Stakeholders are refusing to buy-in to overall project goals. In all
7. likelihood, more time should have been spent on the Cultural and Social
Environment.
The PMI Framework consists of six interrelated Process Groups
8.
beginning with Initiating and ending with Closing.

******ebook converter DEMO Watermarks*******

Project Scope Management
It is important to understand the concept of the Scope Baseline and Scope Creep
from Chapter 5 of the PMBOK® Guide.

Scope Baseline: The Scope Baseline is a key input that supports many risk
management activities. Remember the three components:

Scope Statement: This is the most defined version of the project’s deliverables.
The Scope Statement defines the type of project as well. The project may be
recurring which makes risk management easier. The project may also introduce
many new variables which increase the level of risk management difficulty.

Work Breakdown Structure (WBS): The WBS lists project activities and work
packages that must be accomplished to complete the project. The WBS may
require updating to reflect additional work required for risk responses. Using
the WBS as a tool in risk management allows identification and tracking of risks
at the summary, control account, and work package levels.

Work Breakdown Structure Dictionary: Lists the attributes of activities and

work packages in the WBS.

Scope Creep: Scope Creep refers to changes to the project’s scope that is not
processed through the formal change control process. Individuals who implement
Scope Creep are referred to as “Gold Platers”.

******ebook converter DEMO Watermarks*******

Project Time Management
There are a number of areas from Chapter 6 of the PMBOK® Guide to be
aware of. They include:

Key Documents Generated from Project Time Management

Estimating Methods

Buffer Analysis

Sources of Conflict

Key Documents Generated from Time Management: There are a number of

documents completed during Project Time Management that influence the Risk
Management Process.

Project Schedule Network Diagrams are produced during Sequence Activities.

Network diagrams show key activity dependencies and provide a visual view of
potential path convergence issues. They are also a required input for Monte
Carlo analysis.

The Resource Breakdown Structure is an output of the Estimate Activity

Resources activity. This output shows what resources are required for the
project. This is an important document used during initial risk identification.

The Schedule Baseline is the primary output of project time management and
represents the approved and accepted project schedule. The Schedule Baseline
may be adjusted through the project’s formal Integrated Change Control process
to account for risk.

Estimating Methods: There are three basic types of estimating methods used. The
table below provides a brief review of these methods.

******ebook converter DEMO Watermarks*******

 Estimating Key Characteristic
Type

Also referred to as Expert or Top Down Estimating

Best when a project is repeating or recurring

Analogous
Requires expertise and knowledge

Fast—requires only a summary level WBS

Objective estimating method

Uses numeric data. For example: Units x Time Required =

Parametric
Estimate

Must have accurate numerical data

Analyzes data at activity or work package level

Information provided by those doing the work

Bottom Up
Requires time, effort, and detailed WBS

Best for projects with ambiguity or unknowns

Buffer Analysis: A buffer is defined as non-working time added between two

activities to account for identified risks. For example: pour concrete, wait two days
for the concrete to set, and then begin construction. The buffer in this case is the two
******ebook converter DEMO Watermarks*******
day wait. Buffers are used in conjunction with the Critical Chain Method when you
are aware of constraints before a final project schedule is published.

Sources of Conflict: Remember that the number one source of conflict encountered
is due to scheduling issues.

******ebook converter DEMO Watermarks*******

Project Quality Management
Project Quality Management is described in Chapter 8 of the PMBOK®
GUIDE. Quality standards impact the Risk Analysis and Risk Governance domains.
The Quality Management Plan is an input used to accomplish the Identify Risks
activity. Remember these key outputs:

Quality
Quality Management Plan Entries
Consideration
What quality standards are pertinent to this project? How will the
team ensure they are met? Examples:

OSHA: Safety

Quality ISO 9000: Recommended quality standards

Standards

Sarbanes-Oxley

Industry Standards and Codes

Who will help manage project quality?

Responsibilities
What are their specific responsibilities?
Quality What steps must be performed that require specific verification?
Checklists Quality Checklists support the project.
Quality What metrics must be measured? Are the metrics “SMART”?
Metrics (Specific, Measurable, Accountable, Realistic, Timely)
What are current performance levels that must be improved upon
Targets
by this project?
Process
Improvement How will waste and non-value activity be identified and reported?
Plan
Quality What standards will be checked to prevent problems?
Assurance How will changes and preventative actions be addressed?
How will inspections be managed?
Quality
******ebook converter DEMO Watermarks*******
 Quality What will be measured and reported?
Control How will changes and corrective actions be addressed?

******ebook converter DEMO Watermarks*******

Activity 9B: Project Scope, Time,
and Quality Management Review
Directions: There are key definitions and concepts discussed in PMBOK® GUIDE
Chapters 5 (Scope), 6 (Time), and 8 (Quality). Match the definition to the responses
provided. Answers are found in Appendix A.

Scope, Time, and Quality Management Definition and Concept

Response
Activity
Estimation method used when exact units and time requirements are
1.
known.
2. Defines attributes of project activities and work packages.
3. The approved and accepted project’s start and finish times.
4. Adding additional functionality through informal channels.
Estimation method that requires a detailed WBS. Analyzes risks at
5.
the work package level.
The detailed description of project objectives. Describes critical
6.
assumptions and constraints.
A formal or informal plan that defines how waste and non-value
7.
project activities will be identified and reported.
Sequence Activities output that shows key activity dependencies and
8.
path convergence issues.
Non-working time added to a project schedule between activities to
9.
account for risk factors.
Type of estimation based on expert knowledge. Best for repeating
10.
type projects.
Allows for identification and tracking of risks at the summary,
11.
control account, and work package levels.
12. The number one documented source of conflict.
Displays the resources required for a project to include people,
13.
supplies, materials, and equipment.
Risk Management Process input that describes project targets,
14.
metrics, checklists, and process improvement objectives.
15. Consists of the WBS, WBS Dictionary, and Scope Statement.
Used to develop a schedule when constraints are known ahead of

******ebook converter DEMO Watermarks*******

 time that must be addressed.
Individuals or groups responsible for adding additional functionality
17.
through informal channels.
Key concepts that dictate project activities. Examples include OSHA
18.
and Sarbanes-Oxley.

Activity 9B: Choose from the following:

1. Scope Baseline

2. Scope Statement

3. WBS

4. WBS Dictionary

5. Scope Creep

6. Gold Platers

7. Project Network Diagrams

8. Resource Breakdown Structure

9. Schedule Baseline

10. Analogous Estimating

11. Parametric Estimating

12. Bottom Up Estimating

13. Buffers
******ebook converter DEMO Watermarks*******
13. Buffers

14. Critical Chain Method

15. Quality Management Plan

16. Quality Standards

17. Process Improvement Plan

18. Schedules

******ebook converter DEMO Watermarks*******

Project Human Resource
Management
There are a number of pertinent topics covered in Chapter 9 of the PMBOK®
Guide under Project Human Resource Management. They include:

Motivational Theories

Leadership Styles

Leadership Style Applicability

Negotiation Methods

Motivational Theories: Motivation impacts stakeholder attitudes. Be aware of the

following motivational theories and the individuals responsible for each when
applicable.

Motivational
Key Points
Theory
Employees believe effort leads to performance. Performance should
Expectancy
be rewarded based on individual expectations. Rewards promote
Theory
further productivity.
All workers fit into 1 of 2 groups. Theory X managers believe
McGregor’s
people are not to be trusted and must be watched. Theory Y
Theory X and
managers believe people should be trusted, want to achieve success,
Y
and are self-directed.
Maslow’s
Maslow stated that motivation occurs in a hierarchal manner. Each
Hierarchy of
level must be attained before moving to the next. (Physiological -
Needs
Safety - Social - Esteem - Self Actualization)
Theory
Achievement
Motivation David McClelland states that there are three needs that must be met
Theory for people to be satisfied. They include achievement, affiliation, and

******ebook converter DEMO Watermarks*******

(Three Needs power.
Theory)
There are hygiene factors and motivating agents. Hygiene factors
such as salary, working conditions, benefits, etc. destroy motivation.
Hertzberg’s
They do not increase motivation. Motivating factors such as
Theory
responsibility, growth, and achievement are those that increase
motivation.

Leadership Styles: Leadership styles also impact stakeholder support of the Risk
Management Process. Each style must be used on a situational basis.

Leadership
Definition
Style
Directive Tell people what to do.
Coordinate and solicit the input of others. A good Project Manager
Facilitative
is facilitative.
Coaching Train and instruct others on how to perform the work.
Supporting Provide assistance and support as needed to achieve project goals.
Consensus Solve problems based on group input. Strive for decision buy in
Building and agreement.
Consultative Invite others to provide input and ideas.
Autocratic Make decisions without input from others.

Tuckman Model: Teams go through a step-by-step growth process. The Tuckman

Model is a common five-step model used to depict growth of a team from the moment
it is formed. This model is used to determine appropriate situation leadership styles.

Stage Characteristics
Team meets and learns about the project. Roles are discussed. Expect
Forming hesitancy, confusion, anxiety, lack of purpose, and lack of identity.
Productivity is low.
Team begins to address work, technical decisions, and project
management approaches. Conflict can occur which may disrupt the
Storming
team. Leadership is challenged, cliques form, etc. Productivity
decreases.
Team members begin to work together. They adjust individual habits to
Norming accommodate the team. There is open communication, purpose,
confidence, motivation, etc. Productivity improves.
Performing Teams are independent, self-directed, and work through issues quickly
******ebook converter DEMO Watermarks*******
Performing and smoothly. There is pride and trust. Productivity peaks.

Adjourning Team completes all work and moves on.

Leadership Style Applicability: Each leadership style can be used to support a

variety of situations. The table below provides common situations and recommended
leadership styles.

Situation Best Leadership Style

Team is forming and new. They need direction and
Directive, Coaching
task oriented information.
Team is storming. There is much conflict, frustration, Facilitative, Consensus
and confusion. Building, Consultative
A decision must be made quickly. Time is of the
Autocratic
essence. There is little time for input.
The team is well established and skilled. They are in
Supporting
the norm or perform stages.

Negotiation: This is one of the Project Manager’s key interpersonal skills. Use this
in conjunction with influencing. Here are some important points:

Functional Manager is the term associated with managers who own the project
human resources needed. The Project Manager must negotiate with the
Functional Manager to attain resources and support. Functional Managers may
not always be “willing” providers. There are normally competing projects in an
organization.

The ability to influence multiple stakeholders to attain support for the Project
Risk Management Plan is important. Note these tips for effective negotiating.

Tips to Negotiate with Stakeholders

Understand and be able to explain the needs of the project. Be able to specifically
spell out “what, why, who, where, when, and how factors” impacting project risk.
Be able to explain the business need for the project in an effort to gain support. The
Functional Manager may not recognize project risks, benefits, etc.
Understand that key stakeholders have other jobs to do. Understand their work
situations. Be realistic.

******ebook converter DEMO Watermarks*******

situation surrounding the need for their support.
Be willing to compromise. Be flexible.

******ebook converter DEMO Watermarks*******

Project Communications
Management
There are a number of areas from Chapter 10 of the PMBOK® Guide under
Project Communications Management that are pertinent. They include:

Identifying Stakeholders

The Communications Management Plan

Calculating Communications Channels

The Communications Model

Lessons Learned

Identify Stakeholders: Remember that a successful Project Manager spends at least

90% of his or her time communicating. Communications skills have been identified
as the number one interpersonal skill that can impact project success or failure.
Expect questions on the Identify Stakeholders activity.

Identify Stakeholders is a two-step approach. Step 1 identifies stakeholders and

finalizes a Stakeholder Register. This register is developed through
brainstorming and interviews. The Stakeholder Register is a document that can
be used to identify stakeholders who can and should be involved in risk
management activities. The Stakeholder Register includes:

Identification information for all stakeholders

Stakeholder needs, requirements, expectations, etc.

Stakeholder roles and responsibilities

******ebook converter DEMO Watermarks*******

 Step 2 of Identify Stakeholders is to develop a Stakeholder Management
Strategy. Review methods to accomplish this output. The most common model
used is the Power/Interest model. There are others as well such as the “Salience
Model”. The salience model keys on power, urgency, and legitimacy of
stakeholder actions.

The Communications Management Plan: The Communications Management Plan is

a key document that supports the Risk Management Process. The Communications
Management Plan should define who needs to receive risk related communications to
include information, responses, status, meetings, etc. Contents should include:

1. What: What information needs to be communicated?

2. Who: Who must we communicate with? Who owns the communications item?
Who authorizes communications? Address stakeholder communications
requirements, including who will receive information, and who is responsible
to ensure information is communicated.

3. Why: Why is the communication important? Why should the receiver care about
the communication? What is the value proposition?

4. How: What media, methods, language, and technology will be used to

communicate? Are there templates, formats, etc.? How will version control be
addressed? Flowcharts of the process may be included for clarity.

5. When and Where: When should communication occur? What is the optimal
frequency for communications? Where will the communications occur?

Communications Channels: Remember how to calculate the number of

communications channels. The formula is defined below:

Communications Channels = n(n-1)/2

If there are 8 stakeholders
8(8-1)/2 = 28 channels

In this instance, 28 different channels of communications exist. In other words,

******ebook converter DEMO Watermarks*******
there are potentially 28 different interpretations of a key project item. The Project
Manager must maintain control of communications! The Project Manager’s goal is to
filter rumors, provide, and maintain the reality of the project.

Communications Model: Understand the communications model as well.

The sender is responsible to encode the message and selects the proper medium
to get it to the receiver. Examples include e-mail, fax, face-to-face, etc. The
sender may use a number of communications methods or technology to encode.

The receiver is responsible to decode the message and selects the proper
medium to provide feedback. The receiver may use a number of
communications methods or technology to decode.

Feedback is the primary output of encoding.

Noise factors may distort and interfere with understanding, transmission, or

block the message. PMI refers to noise as communications blockers. The goal
of communications management is to overcome noise factors to enhance the
flow of communication. The most likely result of noise (communications
blockers) is conflict.

Lessons Learned: The primary purpose of Lessons Learned is to help future Project
Managers improve performance. Lessons Learned should be accomplished at the end
of each project phase. Lessons Learned are sometimes referred to as the “Post
******ebook converter DEMO Watermarks*******
Mortem”. Lessons Learned support the Risk Management Process as follows:

Provide past risk communication Lessons Learned and provide ideas to improve
risk communications on future projects.

Improve risk analysis on future projects through review of Lessons Learned.

You will save future Project Teams countless hours of research and reduce
assumptions.

Review past risk responses and Contingency Plans. Evaluate what went well,
what can be done better, and implement improvement ideas.

Conduct Lessons Learned as soon as possible at the completion of a phase

or a project. This is when experiences are freshest in the team’s mind.

Refine risk policies and practices in order to improve risk management

effectiveness.

Project Management Offices often collect Lessons Learned and incorporate

best practices into future Risk Governance policies and procedures.

******ebook converter DEMO Watermarks*******

Activity 9C: Project Human
Resource and Communications
Management Review
Read the twelve true or false questions below. Answers can be found in Appendix A.

True or
Question
False
A Theory X manager is one who believes people should be trusted and
1.
are self-directed.
David McClelland is responsible for developing the Achievement
2.
Motivation Theory.
According to Hertzberg’s Theory, salary is a hygiene factor and
3.
responsibility is a motivating agent.
Maslow created the Hierarchy of Needs Theory which places Esteem
4.
on the top rung.
Training and instructing others is an attribute of the Consensus
5.
Building leadership style.
Autocratic leaders generally make decisions with little or no input
6.
from others.
A team entered the Storming phase. Facilitative and Consensus
7.
Building leadership styles are optimal in this phase.
8. Performing is normally a step that a team achieves prior to Norming.
A Functional Manager is a stakeholder who authorizes the Project
9.
Manager.
A Project Manager should spend up to 90% of his or her time
10.
communicating.
A Communications Management Plan should list key stakeholders who
11.
should receive risk related information.
The Stakeholder Register is an output of the Identify Stakeholders
12.
activity and occurs in Initiating.

******ebook converter DEMO Watermarks*******

Risk Management Process
Outputs: Impact other Areas of
Project Management
Outputs of the Risk Management Process are key inputs to other key activities
that support a project. The table below shows the risk output, where it acts as an
input, and the significance of this relationship.

Risk
Management Acts as Input To Significance
Output
Estimate Costs
Considers impact of risk on project cost
Risk Register PMBOK® Guide
estimating.
Chapter 7
Plan Quality Considers impact of risks on performance
Risk Register PMBOK® Guide metrics, targets, Quality Assurance, and
Chapter 8 Quality Control.
Plan Procurements
Considers impact of risk on end-to-end
Risk Register PMBOK® Guide
procurement process.
Chapter 12
Risk Related Plan Procurements May drive additional procurements to
Contractual PMBOK® Guide provide for third party responses to risk
Decisions Chapter 12 events.

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
APPENDIX A: Activity Solutions

******ebook converter DEMO Watermarks*******

Activity 1: Risk Management
Process

Question True or False

Project risk is normally highest during the False. Risk is highest during
1.
project Executing Process Group. the Initiating Process Group.
The first step in the Risk Management Process False. The first step is Plan
2.
is Identify Risks. Risk Management.
True. The first five steps in the
The Plan Risk Responses activity occurs in the
3. Risk Management Process
Project Planning Process Group.
occur in Project Planning.
Three of the most common constraints that False. Stakeholder
4. determine stakeholder tolerance levels include expectations are not one of the
scope, resources, and stakeholder expectations. seven constraints.
The Project Manager must attempt to attain an True. This can make or break
5. organizational commitment to the value of risk the potential for a successful
management. risk management function.
Management Reserves are defined as reserves True. This is a correct
6.
to address unknown risks. definition.
A risk that is identified early in the Risk False. Emergent Risks are
7. Management Process is called an Emergent those identified as the project
Risk. progresses.
True. Another name for Pure
8. Pure Risks are always classified as negative.
Risks are Insurable Risks.
Stakeholder risk attitudes and tolerances can True. Attitudes and tolerances
9. impact overall risk prioritization and response can also impact the amount of
efforts. reserves available as well.
The Risk Register is initiated as part of the Plan False. The Risk Register is
10. Risk Management activity of the Risk completed as an output of the
Management Process. Identify Risks activity.

******ebook converter DEMO Watermarks*******

Activity 2: Plan Risk Management

Plan Risk Management Definition and Concept Activity Response

The primary tool and technique used to Plan Risk Management and
1. G
generate required outputs.
A term that describes a person or an organization’s willingness to
2. C
accept risk.
A practice that allows for identification of risks with common causes
3. A
that normally leads to more effective responses.
Any factor that can limit the team’s options. Boundaries that must be
4. H
addressed and planned for.
A key deliverable that defines the overall strategy to be used to
5. E
support the project’s end-to-end Risk Management Process.
Key input to the Plan Risk Management activity. Includes Lessons
6. Learned, stakeholder tolerance information, templates, policies, B
and/or procedures.
A tool that breaks out potential risks by category. Shows potential
7. F
risks and risk thresholds for risks within each category.
8. Something the team believes to be true but has not yet validated. D

Activity 2: Choose from the following:

1. Organizational Process Assets

2. Categorization

3. Risk Utility

4. Assumptions

5. Risk Management Plan

6. Risk Breakdown Structure (RBS)

******ebook converter DEMO Watermarks*******
 7. Planning Meetings and Analysis

8. Constraints

******ebook converter DEMO Watermarks*******

Activity 3: Identify Risks

Question True or False

The Identify Risks activity produces the False. This is the initial Risk Register
1.
final iteration of the Risk Register. which will be updated in later steps.
Checklist Analysis is a fast and efficient False. Checklist Analysis is quick.
2. means of identifying new risks missed However, it does not identify risks
during the initial review. not on the checklist.
Another term for Delphi Analysis is
group intelligence. It allows experts to True. A key output of Delphi Analysis
3.
review the final results and provide is the consensus of the group.
additional feedback.
SWOT analysis is a practical means to
gather information from a group of False. This is a great definition for
4.
selected stakeholders and rank order the Nominal Group Technique.
inputs.
The Stakeholder Register provides a False. The Stakeholder Management
5. strategy for managing stakeholder Strategy provides instructions to
expectations. manage expectations.
The worst thing to do during a True. All responses should be
6. brainstorming session is to evaluate documented without analysis to
participant responses. ensure success.
The Risk Register should have restricted False. The Risk Register should be
7. access and not be made available to all shared and visible to all key
project stakeholders. stakeholders.
False. The Risk Management Plan is
The Risk Register is an essential input
an input from Plan Risk Management
8. that will allow for development of a
that facilitates development of a Risk
comprehensive Risk Management Plan.
Register.
Roles and responsibilities supporting the
True. Roles and responsibilities are
9. Identify Risks activity are defined during
part of the Risk Management Plan.
the Plan Risk Management activity.
True. Emergent Risks are new risks
Emergent Risks should be added to the
10. identified later in the project. Add
Risk Register.
them to the Risk Register.

******ebook converter DEMO Watermarks*******

Activity 4: Perform Qualitative Risk
Analysis

Perform Qualitative Risk Analysis Definition and Concept Activity Response

1. The product of multiplying probability times impact. H
A situation where multiple activities feed into a single activity.
2. A
Increases risk.
A numeric value that shows how an individual Risk Score compares
3. I
with other individual Risk Scores.
4. The chances that a risk event may occur. M
5. A list of risks determined to be very high priority. D
The amount of risk determined numerically that is acceptable for a
6. E
project.
Situation where stakeholder Risk Ratings and Risk Scores are
7. K
impacted by perceptions.
The two most effective ways to accomplish Perform Qualitative Risk
8. B
Analysis.
9. The cumulative value of all Risk Scores. G
A key planning tool that must be updated at the completion of
10. O
Perform Qualitative Risk Analysis.
A key input that facilitates performance of the Perform Qualitative
11. P
Risk Analysis activity.
Situation occurs when stakeholders intentionally try to manipulate
12. J
and impact Risk Ratings and Risk Scores.
13. A list of risks determined to be a lower priority than others. C
The numeric values assigned to show the probability and impact of a
14. F
risk event.
Standard Probability and Risk Matrix that shows ratings and overall
15. L
priority determinations.
A numeric Risk Rating that expresses the consequences to a project if
16. N
a risk occurs.

Activity 4: Choose from the following:

******ebook converter DEMO Watermarks*******

 1. Path Convergence

2. Meetings and Interviews

3. Watch List

4. Urgent List

5. Risk Exposure

6. Risk Rating

7. Project Risk Score

8. Risk Score

9. Risk Rating within Project

10. Motivational Bias

11. Cognitive Bias

12. Lookup Table

13. Probability

14. Impact

15. Risk Register

16. Scope Statement

******ebook converter DEMO Watermarks*******
******ebook converter DEMO Watermarks*******
Activity 5: Perform Quantitative
Risk Analysis

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Part I: Three Point Estimating
Three estimates are given. Calculate the best estimate using Three Point averaging
and Three Point PERT. Then calculate the Standard Deviation.

Estimate to Complete Activity Number of Days Estimated

Pessimistic 28 Days
Most Likely 12 Days
Optimistic 8 Days

Three Point Averaging 16

PERT 14
Standard Deviation 3.33

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Part II: EMV
Five risks impacting your project are identified as follows. How much in total
Contingency Reserves should be requested?

RISK PROBABILITY IMPACT EMV

A 10% ($20,000) ($2,000)
B 40% $30,000 $12,000
C 30% $27,000 $8,100
D 50% $18,000 $9,000
E 25% $44,000 $11,000
TOTAL $38,100

Risk D occurs. How much remains in the Contingency Reserves? (Impact is

$18,000)

$38,100 - $18,000 = $20,100

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Part III: Monte Carlo Analysis
What is the probability of achieving a goal of spending $40M?

40%

The organization wants to have an 80% probability of achieving cost objectives.

What is the cost to achieve 80%?

$80M

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
Part IV: Decision Tree
What is the EMV of the Make decision?

((.4 x $80) + (.6 x $40)) - $50M = $6M

What is the EMV of the Buy decision?

((.4 x $70) + (.6 x $20)) - $30M = $10M

What is the best decision based on EMV?

Buy Decision has best EMV

******ebook converter DEMO Watermarks*******

Activity 6: Plan Risk Responses

Response
Scenario Being
Used
You determine a planned feature is not technically feasible. You
A. Avoid
eliminate the feature from the project scope.
You can get a 10% discount from a key supplier if you order 100,000
units. Your project requires 80,000 units. You contact other Project
B. Share
Managers to determine if there are needs for the additional units to
gain the discount.
There is an opportunity to save over $10,000 if you accept a seller’s
C. offer. Your team agrees the offer is good, but determines not to pursue Accept
it at this time.
You learn of an opportunity to cut three weeks off your project
D. schedule. Resources are available that allow you to crash key critical Enhance
activities to increase the probability of achieving the time savings.
You learn that a competitor is attempting to replicate one of your key
products. You add additional technical features that cannot be
E. Avoid
duplicated which will prevent the competitor from building a like
product.
You add incentives to increase the probability of early completion of
F. Enhance
a key work package by a critical vendor.
Your team does not have the expertise to eliminate a key safety risk.
G. You spend $10,000 to enlist the support of a third party vendor who Transfer
will respond to the risk.
You learn that a new external regulation was discovered that adds
H. risk to completing your project within budget. You determine that you Accept
will deal with any risks that materialize when they occur.
A new Project Manager heard there is a risk response that can be
I. Accept
used to address both positive and negative risks.
There are two key risks to your project schedule. You develop a
J. training program to respond to the first. For the second you develop a Mitigate
prototype which will enhance testing.
You develop some Teaming Agreements with a key supplier to
K. Share
improve levels of cooperation and improve Return on Investment.

******ebook converter DEMO Watermarks*******

 You are told there are four potential responses to address negative
L. risks or threats. You remember accept, transfer, and avoid. Which did Mitigate
you miss?
You add an additional vendor at a cost of $25,000 with the expertise
M. to ensure an identified risk event occurs that will lead to Exploit
opportunities to reduce time spent on critical path activities.

******ebook converter DEMO Watermarks*******

Activity 7: Monitor and Control Risk
Concepts

Monitor and Control Risk Definition and Concept Activity Response

1. Provides reserves to support risk identified on the Risk Register. H
Examines and documents the effectiveness of risk responses and the
2. B
overall Risk Management Process.
Risks that result directly from implementing a planned Contingency
3. E
Plan.
4. Provides funds to support Emergent Risks. G
May be required to request reserves for a newly identified risk
5. F
response.
Part of a Risk Reassessment that may include changing the order or
6. priority of risks, adjusting the severity of existing risks, or monitoring A
residual risks.
Risks that remain after implementing a planned Risk Response Plan.
7. D
They must be accounted for on the Risk Register.
Compares project technical accomplishments to the schedule defining
8. I
when technical achievement is required.
A process that identifies new risks, reassesses current risks, and
9. C
closes out risks that are no longer applicable.

Activity 7: Choose from the following:

1. Risk Review

2. Risk Audit

3. Risk Reassessment

4. Residual Risks

******ebook converter DEMO Watermarks*******

 5. Secondary Risks

6. Change Requests

7. Management Reserves

8. Contingency Reserves

9. Technical Performance Measurement

******ebook converter DEMO Watermarks*******

Activity 8: Risk Governance

Statement True or False

Risk Governance is accomplished primarily during False. Risk Governance is
1. the Plan Risk Management activity of the Risk accomplished primarily in
Management Process. Monitor and Control Risks.
False. ISO develops
ISO is an organization developed to inspect final
2. standards that drive
project deliverables for technical compliance.
success.
A $50,000 project is 50% complete. Actual Costs True. EV (25K)/AC (30K)
3.
are $30,000. CPI is .83. = .83.
The buyer accepts the Cost Risk for a Cost
4. True.
Reimbursement type of contract.
A Cost Plus Percentage of Cost contract poses the False. It poses the highest
5.
lowest level of risk to a buyer. level of risk.
Identify Risks is the process of ensuring risk
False. This is a definition
6. policies and procedures are understood, followed,
for Risk Governance.
consistently applied, and effective.
A key Risk Governance activity is the development
7. of metrics to guide organizational risk management True.
activities.
False. Risk Governance
Risk Governance is concerned with how policies
creates policies and
8. and procedures are implemented rather than the
monitors their
creation of policies and procedures.
implementation.
The primary goal of the IRGC is to facilitate
understanding and manage risks that impact society,
9. True
human health, safety, and the environment as a
whole.
Lessons Learned meetings should be limited to False. Always add what
10. discuss solely what went well and what could go can be done better next
better. time.
A quick review of your project reveals a CPI of False. A CPI of greater than
11. 1.2. You should conclude your project is behind on 1.0 indicates a project is
budget. ahead on budget.

******ebook converter DEMO Watermarks*******

Activity 9A: PMBOK® Guide
Chapter 1 through 4 Review

Question True or False

False. All change requests should be
All change requests should be listed on listed on a Change Control Log. Issues
1. a master Issues Log that supports the Logs are reserved for risks that became
project. issues or questions that must be
answered.
The Monitoring and Controlling False. The Monitoring and Controlling
2. Process Group follows the Planning Process Group follows the Executing
Process Group. Process Group.
Configuration Management focuses on
True. Configuration Management may be
controlling changes to the project’s
3. added to the project’s Integrated Change
product or service’s functional and
Control function.
physical characteristics.
Team members may be obligated to
True. This is a characteristic of the
4. report to two managers in a Matrix
Matrix organizational model.
organizational model.
False. Focus on projects is a
The focus of the Functional
5. characteristic of the Projectized
organizational model is on projects.
organizational model.
“Silo” is a term often associated with False. The “Silo” term is associated with
6.
the Matrix organizational model. the Functional organizational model.
Stakeholders are refusing to buy-in to True. A failure to achieve stakeholder
overall project goals. In all likelihood, buy-in normally is indicative of a lack of
7.
more time should have been spent on attention on the Cultural and Social
the Cultural and Social Environment. Environment.
The PMI Framework consists of six
False. There are five interrelated
8. interrelated Process Groups beginning
Process Groups.
with Initiating and ending with Closing.

******ebook converter DEMO Watermarks*******

Activity 9B: Project Scope, Time,
and Quality Management Review

Scope, Time, and Quality Management Definition and Concept

Response
Activity
Estimation method used when exact units and time requirements are
1. K
known.
2. Defines attributes of project activities and work packages. D
3. The approved and accepted project’s start and finish times. I
4. Adding additional functionality through informal channels. E
Estimation method that requires a detailed WBS. Analyzes risks at
5. L
the work package level.
The detailed description of project objectives. Describes critical
6. B
assumptions and constraints.
A formal or informal plan that defines how waste and non-value
7. Q
project activities will be identified and reported.
Sequence Activities output that shows key activity dependencies and
8. G
path convergence issues.
Non-working time added to a project schedule between activities to
9. M
account for risk factors.
Type of estimation based on expert knowledge. Best for repeating
10. J
type projects.
Allows for identification and tracking of risks at the summary,
11. C
control account, and work package levels.
12. The number one documented source of conflict. R
Displays the resources required for a project to include people,
13. H
supplies, materials, and equipment.
Risk Management Process input that describes project targets,
14. O
metrics, checklists, and process improvement objectives.
15. Consists of the WBS, WBS Dictionary, and Scope Statement. A
Used to develop a schedule when constraints are known ahead of
16. N
time that must be addressed.
Individuals or groups responsible for adding additional functionality
17. F
through informal channels.
******ebook converter DEMO Watermarks*******
18. Key concepts that dictate project activities. Examples include OSHA P
and Sarbanes-Oxley.

Activity 9B: Choose from the following:

1. Scope Baseline

2. Scope Statement

3. WBS

4. WBS Dictionary

5. Scope Creep

6. Gold Platers

7. Project Network Diagrams

8. Resource Breakdown Structure

9. Schedule Baseline

10. Analogous Estimating

11. Parametric Estimating

12. Bottom Up Estimating

13. Buffers

14. Critical Chain Method

******ebook converter DEMO Watermarks*******

15. Quality Management Plan

16. Quality Standards

17. Process Improvement Plan

18. Schedules

******ebook converter DEMO Watermarks*******

Activity 9C: Project Human
Resource and Communications
Management Review

Question True or False

A Theory X manager is one who
False. This definition fits a Theory Y
1. believes people should be trusted and
manager.
are self-directed.
David McClelland is responsible for True. McClelland states that there are
2. developing the Achievement three needs that motivate. They include
Motivation Theory. achievement, affiliation, and power.
According to Hertzberg’s Theory, True. Salary as a hygiene factor is not
3. salary is a hygiene factor and agreed upon by many who review
responsibility is a motivating agent. Hertzberg’s Theory.
Maslow created the Hierarchy of False. Maslow did create the theory.
4. Needs Theory which places Esteem on However, Self-Actualization is the top
the top rung. level.
Training and instructing others is an
False. This is an attribute of the
5. attribute of the Consensus Building
Coaching leadership style.
leadership style.
Autocratic leaders generally make
True. This is an attribute of the
6. decisions with little or no input from
Autocratic leadership style.
others.
A team entered the Storming phase.
Facilitative and Consensus Building True. A third choice in Storming is use
7.
leadership styles are optimal in this of the Consultative leadership style.
phase.
False. The steps in the Tuckman model
Performing is normally a step that a
8. are Forming, Storming, Norming,
team achieves prior to Norming.
Performing and Adjourning.
A Functional Manager is a stakeholder False. A Functional Manager provides
9.
who authorizes the Project Manager. human resources for the project.
A Project Manager should spend up to True. Communications is a key to
10.
90% of his or her time communicating. success. 90% is the magic number!
A Communications Management Plan True. This is a key reason why the
******ebook converter DEMO Watermarks*******
11. should list key stakeholders who should Communications Management Plan is
receive risk related information. an input to Plan Risk Management.
The Stakeholder Register is an output
True. The Stakeholder Register is an
12. of the Identify Stakeholders activity and
input to the Identify Risks activity.
occurs in Initiating.

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
APPENDIX B: Final 125 Question
Test
Congratulations on completing all activities. Are you ready to take a challenging 125
question test that is representative of actual questions that will be encountered on the
PMI-RMP test?

Read each question and answer carefully. Answers with explanations are provided at
the end of the test. Try to achieve 75% or approximately 94 questions correct. Take
the test again and again until you can reach and achieve this goal or higher. Can you
achieve 90% (Approximately 113 questions correct)? Go for it!

Question
Question Responses Response
#

1. An objective
process that
assesses the
probabilities and
impacts of risks.

2. A subjective
process that
assesses the
probability of
achieving
specific project
Which of the following statements objectives.
1. regarding Perform Qualitative Risk
Analysis is correct?
3. An objective
process that
analyzes
possible
outcomes and
probabilities.

******ebook converter DEMO Watermarks*******

 4. A subjective
process that uses
a Probability and
Impact Matrix.

1. Contingency
Reserves

You are analyzing reserve requirements 2. Expected

for your project. You want to identify Monetary Value
reserves for unknown risks you suspect
2.
will materialize by the end of the
project. What type of reserves do you 3. Management
need to identify? Reserves

4. Discretionary
Reserves

1. Define
Probability and
Impact Rating
Systems

2. List categories
You are beginning the Plan Risk of risks
3. Management activity. What is the first
thing you should do? 3. Set up a planning
meeting

4. Determine
available
organizational
process assets

******ebook converter DEMO Watermarks*******

 1. Expected
Monetary Value
analysis

2. Detailed risk
Which of the following areas should be responses
4.
documented in an initial Risk Register?
3. Risk Ratings for
all risks

4. Risk description
and causes

1. Risk A

There are four identified risks. Risk A

has a probability (P) of 5 and impact 2. Risk B
5. (I) of 2. Risk B has P-3, I-4. Risk C has
P-4, I-4. Risk D has P-2, I-5. Which 3. Risk C
risk has the highest priority?

4. Risk D

1. It addresses
individual risks

2. It provides an
objective
analysis

Which of the following statements is

3. It is performed
6. correct regarding the Perform
******ebook converter DEMO Watermarks*******
 6. correct regarding the Perform when the priority
Qualitative Risk Analysis activity? of a project
warrants it

4. It provides a
numerical
analysis of cost
and schedule
probabilities

1. 75%

A Project Manager should normally 2. 82%

7. spend what percentage of his or her
time communicating? 3. 90%

4. 95%

1. Risk Related
Contract
Decisions and
the Risk
Management
Plan

2. Risk Register
and Risk
Key inputs from Project Risk Management
8. Management to the Plan Procurements Plan
activity include:
3. Risk
Management

******ebook converter DEMO Watermarks*******

 4. Risk Related
Contract
Decisions and
the Risk Register

There are four risks identified for

Project XYZ. Probability and impact 1. ($2,900)
for each risk is: Risk A: 40%
probability with $8,000 impact
Risk B: 20% probability with $5,000 2. $8,000
impact
9.
Risk C: 10% probability with
($10,000) impact 3. ($8,000)
Risk D: 80% probability with $6,000
impact
What amount of Contingency Reserves 4. $10,000
is required for this project?

1. $2,000

Use the information from Question 9 2. $2,400

10. above. Risk B occurred. How much
Contingency Reserves remain? 3. $3,000

4. $7,000

1. Coaching

Your team is established and is

working well together. For the most 2. Supportive
11. part, they know the work to be done
and remain focused. Which leadership
3. Facilitative
style is best suited for this team?
******ebook converter DEMO Watermarks*******
 style is best suited for this team?
4. Autocratic

1. Include all
stakeholders in
risk management
and solicit input
from multiple
sources.

2. Support of risk
management
functions can be
expected from
all stakeholders
based on the
Which of the following statements priority of risk
12. management.
regarding risk management is true?

3. Manage each
risk. It only takes
one risk to
destroy a
project.

4. Anticipate
stakeholder’s
risk tolerance
and plan
responses
accordingly.

1. Time, Cost,
Scope, Quality
******ebook converter DEMO Watermarks*******
 2. Time, Cost,
Scope,
Communications
You want to ensure all risks are linked
13. to project objectives. Which objectives
3. Scope,
should be considered?
Communications,
Quality,
Resources

4. Communications,
Quality,
Resources,
Schedules

1. An uncertain
event that can
impact the
project
negatively

2. An uncertain
event that can
impact at least
one project
objective
14. Risk is best defined as:

3. An unknown
event that can
impact project
objectives

4. An uncertain
event that occurs
during Project
Executing

******ebook converter DEMO Watermarks*******

 Executing

1. 100%

It is said that a solid risk management 2. 90%

15. program can reduce project problems
and issues by as much as: 3. 80%

4. 70%

1. Part of
Enterprise
Environmental
Factors and
documented in
the Risk Register

2. Part of
Organizational
Process Assets
and documented
in the Risk
Register

Which of the following statements is 3. Part of

16.
true regarding a Look Up Table? Enterprise
Environmental
Factors and
documented in
the Risk
Management
Plan

******ebook converter DEMO Watermarks*******

 Organizational
Process Assets
and documented
in the Risk
Management
Plan

1. Risk Register

2. Risk Breakdown
Structure
You want to determine the process and
strategy for accomplishing the overall
17. 3. Risk
Risk Management Process. Where can
this information be found? Management
Plan

4. Stakeholder
Register

1. Perform
Qualitative Risk
Analysis

2. Earned Value
Analysis
A number of Emergent Risks were
18. identified. You listed them in the Risk
Register. What is the next logical step? 3. Perform
Quantitative
Risk Analysis

4. Expected
Monetary Value

******ebook converter DEMO Watermarks*******

 1. Adds structure to
the Risk Register

2. Allows for
development of
better responses
What is the BEST reason to categorize
19.
risks? 3. Removes
ambiguity and
improves clarity

4. Satisfies risk
meta-language
requirements

1. Add the new

risks to the Risk
Register.

2. Evaluate and
qualify the risk
immediately to
determine follow
up actions.
A number of new risks were
discovered during execution of a major
20. 3. Develop a
project deliverable. What should you
response plan
do first to address these new risks?
and brief all key
stakeholders as
soon as possible.

4. Perform a Risk
******ebook converter DEMO Watermarks*******
 determine the
potential impact
of each risk.

1. Functional
A Project Manager works in an
organization where many resources 2. Projectized
must come from external groups. At
21.
times, he feels he works for two
bosses. What organizational model is 3. Matrix
being described?
4. Silo

1. 30%
You determined that there is a 60%
chance a risk may occur during month
two of the project. The project is now 2. 24%
22. in its fifth month and a team member
asks what the current probability of the 3. Unknown
risk occurring is now. You should
respond as:
4. 60%

1. 8

2. 28
There are a total of eight stakeholders a
23. project. How many total
communications channels exist? 3. 36

4. 56

******ebook converter DEMO Watermarks*******

 1. 11
You are told that the optimistic
schedule estimate to complete a key 2. 6
activity is 6 days. The most likely
24.
scenario is 9 days. The pessimistic
estimate is 18 days. Calculate the 3. 2
Standard Deviation for this scenario.
4. 1.5

1. Integrated
Change Control

2. Configuration
You want to ensure that risks are Management
analyzed for all new proposed change
25.
requests. What component ensures this 3. Risk
will occur? Management
Process

4. Project Scope
Management

1. Stakeholder
Register

2. Stakeholder
Management
You want to ensure you provide project Strategy
risk status to the right stakeholder
26.
******ebook converter DEMO Watermarks*******
 Management
Plan

4. Risk Breakdown
Structure

1. Beta Distribution

You are looking at a graph that shows a 2. Uniform

number of specific events and the Distribution
frequency in which they occurred. This
27. chart shows how the number of events
peaked on the low cost side of the 3. Triangular
mean. What type of graph are you most Distribution
likely looking at?
4. Normal
Distribution

1. Team

2. Past Project
You completed your Risk Register and Managers
are assigning initial Risk Owners. What
28.
is the BEST source from which to find
appropriate Risk Owners? 3. Sponsors

4. Project
Stakeholders

1. Track as a
Residual Risk.

******ebook converter DEMO Watermarks*******

 1. Track as a
Residual Risk.

2. Add the risk to

You identified a new risk as low
the Watch List.
priority and low impact. You are
29. confident that the Data Quality
Assessment supports this Risk Rating. 3. Develop a
What should be done? Fallback Plan

4. Quantify using
Probability x
Impact.

1. Budgeting,
timing, tracking,
change
management

2. Budgeting,
timing, risk
categories,
change
Which of the following areas should be management
30.
addressed in a Risk Management Plan?

3. Budgeting,
timing, tracking,
risk categories

4. Change
management,
timing, tracking,
risk categories

******ebook converter DEMO Watermarks*******

 Plan

Part of your governance process is to 2. Scope Baseline

identify and leverage standards
31. consistent with organizational norms.
Where can the standards that impact 3. Risk
your project most likely be found? Management
Plan

4. Stakeholder
Register

1. Root Cause
Analysis

Pierre needs to solicit ideas from 2. Sensitivity

experts located in multiple geographic Analysis
32. areas. He plans to use a questionnaire
to collect feedback. Which information 3. Delphi
gathering technique will he use? Technique

4. Nominal Group
Technique

1. Probability and
Impact Matrix

You are looking for a tool that defines 2. Risk Urgency

risk categories and breaks out each Assessment
33. category into potential low, moderate,
and high risks. What tool is being
described? 3. Risk Register

******ebook converter DEMO Watermarks*******

 described? 3. Risk Register

4. Risk Breakdown
Structure

1. Risk Averse

What is an overall term that describes a 2. Risk Utility

34. stakeholder’s willingness to accept
risk? 3. Risk Threshold

4. Risk Bias

1. Cause, Effect,
Cost

2. Risk, Effect,
Risk Meta-Language uses a three step Cost
35. approach to identify and define risks.
This approach includes: 3. Cause, Risk,
Effect

4. Cause, Risk,
Cost

1. Interviews

2. Affinity Charting
You are reviewing Identify Risk tools
******ebook converter DEMO Watermarks*******
 Technique

4. SWOT

1. WBS

2. WBS Dictionary

What document would you refer to

37. determine the greatest potential for path 3. Activity
convergence? Duration
Estimates

4. Project Network
Diagram

1. Pre-Mortem

2. Prompt List
Which tool and technique provides a
38. high-level list of generic categories to
be considered for risk identification? 3. FMEA

4. Root Cause
Identification

1. Risk increases
as Standard
Deviation and
Variance
increase

******ebook converter DEMO Watermarks*******

 Variance
increase

2. Risk decreases
as Standard
Deviation and
Variance
increase
Which of the following statements is
39. true regarding Risk, Variance and 3. Risk decreases
Standard Deviation? as Standard
Deviation
decreases and
Variance
increases

4. Risk increases
as Standard
Deviation
decreases and
Variance
increases

1. Develop a Risk
Response and
assign a Risk
Owner

2. Update the Risk

Breakdown
You just identified a new external risk
Structure
during the executing phase that may
40.
impact your project positively. What is
your first step? 3. Perform
Qualitative Risk
Analysis

******ebook converter DEMO Watermarks*******

 Risk Analysis

1. Analogous
You are managing a complex project
that introduces deliverables and
processes new to the organization. 2. Bottom Up
41. There are a number of ambiguities that
need to be addressed as potential risks. 3. Parametric
Which estimating method will serve
this project best?
4. Expert

1. Identifies risks
with the greatest
impact on
project
objectives and
takes time.

2. It is a fast and
objective
analysis
methodology.
Which of the following statements is
42. true regarding Perform Qualitative Risk
Analysis? 3. It is only
accomplished
only as required
and provides a
prioritized list of
risks.

4. Uses numerical
analysis and
scores risks by
probability and
******ebook converter DEMO Watermarks*******
 analysis and
scores risks by
probability and
impact.

1. Delphi
Technique

Your team wants to analyze threats and 2. SWOT Analysis

opportunities to identify both negative
43.
and positive risks. Which tool is best 3. Nominal Group
suited for this objective? Technique

4. Root Cause
Analysis

1. Planning
Meetings

You have been tasked to complete a 2. Expert Judgment

Risk Management Plan as soon as
44. possible to support your project. Which 3. Technical
tool and technique will best serve your Performance
needs? Measurement

4. Project Scope
Statement

1. Project Manager

******ebook converter DEMO Watermarks*******

 45. responsibility to develop Risk
Response Plans and `monitor status. 3. Risk Owner
You assign this to the:
4. Risk Activity
Manager

1. The probability
that a risk will
occur

2. Any risk that has

not yet been
A team member wants to know the identified
46. definition of a trigger. What should you
tell her? 3. Any risk event
with potential
impact

4. Any event that

predicts a risk
will occur

1. Monitor and
Control Risks

2. Identify Risks
Risk Governance policy and procedure
47. is applied during which Risk 3. Plan Risk
Management Process activity? Responses

4. Plan Risk

******ebook converter DEMO Watermarks*******

 4. Plan Risk
Management

1. Qualitative Risk
Analysis

2. Subjective Risk
What type of analysis will allow you to Analysis
predict the potential impact of multiple
48.
risks on key project schedule and cost 3. Risk Breakdown
objectives? Structure
Analysis

4. Quantitative
Risk Analysis

1. 24 Days
You are asked to use a weighted
estimation method given a pessimistic 2. 23 Days
estimate of 33 days, most likely
49.
estimate of 25 days, and optimistic
estimate of 11 days. What should you 3. 25 Days
estimate for the duration?
4. 33 Days

1. With the highest

success
probability

2. With the lowest

******ebook converter DEMO Watermarks*******
 50. scenarios and recommends selection of probability
the option:

3. With the highest

EMV

4. With the lowest

EMV

1. They are best

conducted at the
closure of the
project.

2. They aid in
refining risk
policies.

Which statement regarding Lessons 3. They are always

51. conducted
Learned is most correct?
formally to assist
future Project
Managers.

4. They address
past and future
situations that
will likely
impact future
projects .

1. Residual Risk

You completed a risk response activity

and are left to act upon a part of the risk 2. Secondary Risk
******ebook converter DEMO Watermarks*******
 You completed a risk response activity
and are left to act upon a part of the risk 2. Secondary Risk
52. impact that the response did not
address. How do you refer to the
remaining risk? 3. Emergent Risk

4. Risk Trigger

1. Fixed Price with

Incentives

2. Time and
Your Risk Governance rules require Material
you to strive for contracts that reduce
53. cost and schedule risk to the buyer.
Which contract type should you try to 3. Cost Plus
avoid? Percentage of
Costs

4. Cost Plus Award

Fee

1. Mitigation

You determine that excessive rain could

delay your project by weeks. You 2. Avoidance
54. determine to deal with the event if it
occurs but develop a Contingency Plan. 3. Transference
Which risk response did you use?

4. Acceptance

1. Triangular
******ebook converter DEMO Watermarks*******
 2. Tornado
A tool that shows the impact of multiple Diagram
55.
factors on a single variable is called:
3. Uniform
Distribution

4. PERT

1. It must be
performed to
analyze all risks.

2. It always occurs
prior to the
Perform
Qualitative
Analysis
Which statement is true regarding the Activity.
56.
Perform Quantitative Analysis activity?

3. Requires the
Stakeholder
Register as a key
input.

4. May not be
performed on
every project.

1. 15 Days
You are given three estimates to
complete a key project activity. The 2. 16 Days
******ebook converter DEMO Watermarks*******
 complete a key project activity. The 2. 16 Days
57. pessimistic estimate is 25 days. Most
likely is 16 days and the optimistic
estimate is 10 days. How much time 3. 17 Days
should you plan for the activity?
4. 19 Days

1. Provides
standard Risk
Breakdown
Structures for
use in all project
types.

2. Provides best
practices and
standards to
improve risk.
management
The primary benefit to consider ISO as performance
58. part of your Risk Governance policy
is?
3. Provides
inspections of
projects to score
risk management
effectiveness.

4. Describes
standard risk
tolerance ratings
for various
project
priorities.

1. Plan Risk
******ebook converter DEMO Watermarks*******
 You found some key deficiencies in the
Project Management Plan as a result of 2. Identify Risks
a Risk Review. You need to generate
59. formal change requests for additional
Contingency Reserves. Which Risk 3. Plan Risk
Management Process activity did you Responses
perform?

4. Monitor and
Control Risks

1. Mitigation
You reviewed the WBS and an activity
must be completed that your team may 2. Transference
not have the expertise to accomplish.
60.
You find another team who is willing to
take on the work and do the job. What 3. Avoidance
risk response did you use?
4. Acceptance

1. Risk

2. Communications
Project Managers must understand and
61. balance all of the following constraints
except: 3. Customer
Satisfaction

4. Quality

1. Perform
Qualitative Risk
******ebook converter DEMO Watermarks*******
 Qualitative Risk
Analysis

2. Perform
You are in the process of reviewing Quantitative
performance reports to determine Risk Analysis
62.
overall risk management effectiveness.
Which activity are you performing?
3. Monitor and
Control Risks

4. Plan Risk
Responses

1. Risk
Reassessment

2. Risk Audit
You identified new risks and updated
the probability on two risks on the
63. 3. Variance
Watch List. What action did you
complete? Analysis

4. Technical
performance
Measurement

1. Enhance
There is an opportunity to improve
return on investment from your project
by 20% from potential supplier 2. Share
discounts. You will need to order more
64.
supplies to achieve the discount. You
found another Project Manager who 3. Exploit
needs the same supplies. Which risk
******ebook converter DEMO Watermarks*******
 1. Plan Risk
Management

2. Monitor and
Which of the following Risk Control Risks
Management Process activities does
65.
not occur in the project planning
Process Group? 3. Perform
Qualitative Risk
Analysis

4. Identify Risks

1. Mitigate,
Enhance, Accept

2. Avoid, Exploit,
Your team is debating which risk Share
responses are most appropriate for
66.
opportunities. Which responses fit this
categorization? 3. Accept, Transfer,
Exploit

4. Exploit,
Enhance, Accept

1. Initiating

A Project Manager was reviewing a 2. Planning

Stakeholder Register as part of her risk
******ebook converter DEMO Watermarks*******
 Stakeholder Register as part of her risk
67. management duties. During which
Process Group is the Stakeholder 3. Executing
Register developed?
4. Monitoring and
Controlling

1. Root Cause
Analysis

2. Sensitivity
You want to use a group creativity Analysis
technique that enhances brainstorming
68.
and uses a voting process to rank order
ideas. Which technique will work best? 3. Delphi
Technique

4. Nominal Group
Technique

1. Risk
Management
Plan

You are identifying risks and want to

consider risks at both the micro and 2. Published
macro levels. Which input will allow Checklists
69.
you to identify and track risks at a
summary, control account, or work 3. Work
package level? Breakdown
Structure

4. Scope Statement

******ebook converter DEMO Watermarks*******

 1. Ishikawa
Diagram
A Project Manager is analyzing the
potential effects of product failures to
70. determine potential project risks. 2. Flow Chart
Which is the most appropriate tool and
technique to use for this purpose?
3. SWOT

4. FMEA

1. $50,000
Molly is reviewing the return potential
for proposed projects. She knows that
there is a guarantee of a $50,000 return 2. $80,000
if she selects Project A. Based on risk,
71.
there is a 20% possibility of an
additional 3. $20,000
$30,000 return as well. Molly
should list total returns potential as:
4. $56,000

1. Assumptions
Analysis during
Identify Risks

2. Assumptions
Analysis during
Qualitative Risk
A Project Manager identified a number Analysis
of new risks that developed due to
misconceptions and erroneous 3. Risk Data
72. information received during the project Quality
planning stage. What was probably not Assessment
accomplished at the appropriate level? during Identify
Risks
******ebook converter DEMO Watermarks*******
 accomplished at the appropriate level? during Identify
Risks

4. Risk Data
Quality
Assessment
during
Qualitative Risk
Analysis

1. Risk
Management

2. Risk Governance
Which process ensures risk policies
73. and procedures are understood,
followed, applied, and effective? 3. Configuration
Management

4. Organizational
Process Assets

1. Contingent
Response
Strategy

You were surprised by a risk event that

was not recorded on your Risk 2. Fallback Plan
74.
Register. The first thing you should do
is to implement a: 3. Workaround

4. Emergency Task
Plan

******ebook converter DEMO Watermarks*******

 1. Mitigate

You are looking for a response that will

reduce the probability of exceeding 2. Enhance
75.
allocated budget on a project activity.
Which type of response is best?
3. Avoid

4. Exploit

1. Strategies for
Positive Risks or
Opportunities

You are developing Contingency Plans 2. Risk Urgency

to respond to risk when a trigger is Assessment
76.
identified. This type of strategy is
referred to as a : 3. Fallback Plan

4. Contingent
Response
Strategy

1. Exploit

You have an opportunity to expedite

2. Mitigate
project schedules if you spend an
77. additional $25,000 to ensure a potential
event occurs. What response should 3. Transfer
you use?

4. Enhance

******ebook converter DEMO Watermarks*******

 1. Risk Action
Owner

A Risk Team member who is tasked to 2. Project Manager

78. specifically implement risk responses
is referred to as a:
3. Risk Response
Specialist

4. Risk Owner

1. Residual Risk

You identified a risk that will result 2. Secondary Risk

from a Contingency Plan to generate a
79.
contract with a secondary parts
supplier. How do you refer to this risk? 3. Emergent Risk

4. Risk Trigger

1. Perform
Qualitative Risk
Analysis

2. Monitor and
A Project Manager is sharing a copy of Control Risks
the Cost Management Plan with her
80. team. Which Project Risk Management
activity is the Project Manager 3. Plan Risk
preparing to perform? Responses

******ebook converter DEMO Watermarks*******

 Quantitative
Risk Analysis

1. Sensitivity
Analysis, Delphi
Method, and
Brainstorming

2. Delphi Method,
Brainstorming,
Sarah is seeking input to help perform a and Interviewing
risk identification activity for a critical
81.
IT project. Which information gathering 3. Sensitivity
techniques should she consider? Analysis, Delphi
Method, and
Interviewing

4. Sensitivity
Analysis,
Brainstorming,
and Interviewing

1. Identify Risks,
Perform
Qualitative Risk
Analysis, Plan
Risk Responses

2. Perform
Quantitative
Risk Analysis,
Plan Risk
Responses,
Monitor and

******ebook converter DEMO Watermarks*******

 Monitor and
Control Risks
Which of the following activities
82.
update the Risk Register? 3. Perform
Quantitative
Risk Analysis,
Plan Risk
Responses,
Identify Risks

4. Perform
Qualitative Risk
Analysis,
Identify Risks,
Perform
Quantitative
Risk Analysis

1. $14,000

The cost of a project is $32,000. There

is a 40% chance of returns of $25,000 2. $53,000
83. and a 60% chance of returns of
$60,000. What is the potential value of 3. $46,000
this project?

4. $28,000

1. Budget

2. Personalities
Which is the greatest source for
84. potential conflict you may encounter in
a project? 3. Leadership
Styles
******ebook converter DEMO Watermarks*******
 4. Schedules

1. Risk probability
has a tendency to
increase as the
project
progresses.

2. Most risks are

identified during
the Project
Executing phase.

85. Which statement regarding risk is true?

3. Risk of not
completing a
project
successfully is
highest at the
beginning.

4. Quantitative
Risk Analysis is
mandatory for all
projects.

1. Report the issue

to the sponsor
and request
assistance to
ensure the
situation does
not occur again.

2. Update the Risk

******ebook converter DEMO Watermarks*******
 2. Update the Risk
Management
Plan to ensure
A Project Manager discovered that risk thresholds
certain probability and impact Risk are clearly
86. Ratings were biased. What action defined.
should be taken initially by the Project
Manager?
3. Take action to
correct the
biased Risk
Ratings to better
reflect the true
analysis of the
risks.

4. Create a bias to
reflect the initial
results by
weighting higher
priority risks.

1. All responses
should provide a
high-level
overview of the
required
response.

2. Responses
should provide
an appropriate
level of detail to
implement
Contingency
You are asked to provide input on the
Plans.
level of detail specific risk responses
87.
should contain. What is the best advice
******ebook converter DEMO Watermarks*******
 must be
validated by the
Project Manager
and sponsorship
team.

4. Risk response
details should
vary based on
the overall
priority of the
risk itself.

1. Risk Audit

A Project Manager just completed an 2. Risk

extensive review to measure the Reassessment
88. effectiveness of the overall Risk
Management Process. What activity did
he perform? 3. Risk Response

4. Risk Review

1. Risk
Management
Plan

Technical Performance Measurement is 2. Quality

a key function of the Monitor and Management
89. Plan
Control Risk process. What is the best
source to use this tool and technique?
3. Scope Baseline

******ebook converter DEMO Watermarks*******

 4. Risk Register

1. Communications

A Project Manager is attempting to 2. Conflict

define the risk tolerance of key
90.
stakeholders. Which of the following is 3. Customer
a risk tolerance category? Satisfaction

4. Adoption

1. Parametric

Nicole is using an estimation technique 2. Analogous

that uses estimates from prior projects
91.
similar to hers. What estimating
technique is she using? 3. Three Point

4. Bottom Up

1. PMO

2. Project Manager
Consistent risk assessment, risk
92. management, and risk communication
are primary goals of the: 3. Sponsor

4. Risk Governance
******ebook converter DEMO Watermarks*******
 1. Enterprise
Environmental
Factors

A Project Manager is developing a 2. Organizational

Probability and Impact Matrix and Process Assets
wants to ensure that the risk-rating rules
93.
are tailored to the project. What is the
best source to find specific guidance on 3. Earned Value
risk-rating rules? Reports

4. Quality
Management
Plan

1. $170,000
The cost of a potential option to
complete a key activity is $90,000. If
this option is adopted, there is a 70% 2. $50,000
chance of returns of $120,000. There is
94.
a 30% chance of returns of
$140,000. What is the 3. $36,000
Expected Monetary Value of this
option?
4. $40,000

1. Risk Breakdown
Structure

2. Communications
Project assumptions are a major source Management
of potential risks. Which document Plan
95.
defines key assumptions impacting a
project?
******ebook converter DEMO Watermarks*******
 95. of potential risks. Which document Plan
defines key assumptions impacting a
project?
3. Scope Statement

4. Stakeholder
Register

1. Stakeholder
Register

2. Stakeholder
You want to identify key customers to Management
ensure they are interviewed and Strategy
96. participate in the Risk Management
Process. Which input will provide you
with this information? 3. Communications
Management
Plan

4. Lessons Learned

1. Plan Risk
Management

2. Perform
A number of Risk Related Contractual Quantitative
Decisions were identified as pertinent Risk Analysis
97.
to a project. These decisions were
developed as a result of: 3. Plan Risk
Responses

4. Monitor and
******ebook converter DEMO Watermarks*******
 1. Perform
Sensitivity
Analysis
activities

2. Implement Risk
Responses as
Which goal is not associated with the needed
98.
Monitor and Control Risks process?
3. Monitor
Residual and
Secondary Risks

4. Monitor risk
trigger
conditions

1. Provides an in-
depth analysis of
project risks

2. Analysis is time
consuming but
well worth the
time investment
You are performing a Checklist
Analysis to identify potential risks.
99. 3. Technique is not
Which fact is true regarding Checklist
Analysis? used to provide
an initial high
level analysis

4. Checklists are
generally
******ebook converter DEMO Watermarks*******
 4. Checklists are
generally
developed based
on Lessons
Learned

1. Qualitative Risk
Analysis

2. Expected
Monetary Value
You are not confident that you have Analysis
solid probability and cost impact data
100.
for each risk. Based on this assessment,
which technique should not be used? 3. Risk
Categorization

4. Risk Data
Quality
Assessment

1. Lag

You identified a risk that requires you 2. Lead

to add nonproject time between two
101.
activities to mitigate. What is this non-
project time referred to as? 3. Buffer

4. Break

1. 18 to 22

******ebook converter DEMO Watermarks*******

 102. Deviation is 2. Within what range can
you expect results to occur
approximately 68% of the time? 3. 14 to 26

4. 8 to 32

1. Plan Risk
Responses and
Plan Risk
Management

2. Plan Risk
Responses and
Monitor and
Control Risks

The Cost Management Plan is a key

103. 3. Perform
input required to effectively complete:
Quantitative
Risk Analysis
and Monitor and
Control Risks

4. Plan Risk
Management and
Perform
Qualitative Risk
Analysis

1. Plan Risk
Management

2. Perform
Qualitative Risk
Analysis
******ebook converter DEMO Watermarks*******
 2. Perform
A Risk Data Quality Assessment is a Qualitative Risk
tool and technique used in which risk Analysis
104.
management activity?
3. Perform
Quantitative
Risk Analysis

4. Monitor and
Control Risks

1. Firm Fixed Price

2. Time and
Material
A Project Manager wants to develop a
contract that poses the least amount of
105. 3. Cost Plus
Cost Risk to the buyer. Which contract
best suits this purpose? Percentage of
Cost

4. Request for
Quote

1. Project is behind
schedule

A project has a budget at completion of 2. Project is ahead

$60,000. As of today, it is 40% on budget
complete. This is better than the 30%
106. planned completion level forecast for
this point in the project. A total of 3. Schedule
$25,000 has been expended for the Variance is
project. Which statement is true? negative
******ebook converter DEMO Watermarks*******
 4. Cost Variance is
negative

1. .96

2. 1.33
Using the information in question 106,
107.
what is the project’s current SPI?
3. -$1,000

4. $6,000

1. Risk Utility

A Project Manager is concerned that 2. Motivational

the stakeholder7 s scoring of Bias
108. probability and impact was affected by
erroneous perceptions of project goals.
What does this situation represent? 3. Conceptual Bias

4. Cognitive Bias

1. Risk Rating

The overall project Risk Score for the 2. Risk Exposure

ABC project is higher than acceptable
109.
by stakeholders. What risk metric is
3. Risk Probability
excessive?

4. Risk Impact

******ebook converter DEMO Watermarks*******

 1. Identify Risks

2. Plan Risk
Management
The Risk Management Plan is a key
110. input for all of the following activities 3. Perform
except: Quantitative
Risk Analysis

4. Plan Risk
Responses

1. Develop a
workaround to
deal with this
occurrence.

2. Perform
variance and
trend analysis to
ensure the risk
An unexpected risk occurred that will does not occur
impact the project’s Schedule and Cost again.
111.
Performance Baselines. What is your
best response to this circumstance?
3. Initiate an
immediate Risk
Audit to
respond.

4. Determine levels
of reserve
analysis to
******ebook converter DEMO Watermarks*******
 1. Risk Response
Planning

2. Risk
Management
Gilmere is developing strategies to Planning
112. deal with threats to her project. What
activity is Gilmere performing?
3. Risk Monitoring
and Control

4. Quality
Assurance

1. Management
Reserve

Patti’s sponsor stated he will accept a 2. Control

113. budget variation of + or - 5%. This is Threshold
an example of a:
3. Risk Tolerance

4. Heuristic

1. Acceptance or
Mitigation

You encounter a risk that could allow 2. Mitigation or

you to reduce time to complete a key Exploitation
project activity by two weeks. You
******ebook converter DEMO Watermarks*******
 You encounter a risk that could allow 2. Mitigation or
114. you to reduce time to complete a key Exploitation
project activity by two weeks. You
want to take action to respond to this
risk. Which risk responses are most 3. Exploitation or
appropriate? Enhancement

4. Enhancement or
Acceptance

1. Schedule delays

2. Conflict
What is the most likely result of
115.
communications blockers? 3. Cost overruns

4. Information
delays

There are hygiene factors and 1. Maslow

motivating agents. Hygiene factors such
as salary, working conditions, benefits,
etc. can only destroy motivation. They 2. McClelland
116. do not increase motivation. Motivating
factors such as responsibility, growth, 3. McGregor
and achievement are those that increase
motivation. Who is responsible for this
theory? 4. Hertzberg

1. Risk
Communication

******ebook converter DEMO Watermarks*******

 The process of refining risk practices
117.
and policies by using Lessons Learned
is a key task that falls under: 3. Risk Response
Planning

4. Risk Governance

1. Perform
Qualitative Risk
Analysis

You just completed a Risk Data Quality 2. Plan Risk

Assessment and determined there are Management
three risks that require additional
118.
information prior to determining their
overall priority. Which process step 3. Perform
did you perform? Quantitative
Risk Analysis

4. Plan Risk
Reponses

1. Issue
You developed an enhance response to
a risk on the Risk Register. The risk 2. Problem
occurred and you are now
119.
implementing the Contingency Plan.
What is the term used to define this 3. Benefit
event?
4. Residual Risk

******ebook converter DEMO Watermarks*******

 1. Facilitative

A stakeholder manages using what is 2. Consultative

best described as a “hands off” style.
120.
Which leadership type best describes
this manager? 3. Participative

4. Laissez-Faire

1. Planning

A risk event occurred and a risk 2. Executing

response was implemented. You
121. scheduled a Risk Audit. Which Project
Management Process Group are you 3. Monitoring and
performing? Controlling

4. Closing

1. Evaluated all
ideas

You completed a brainstorming session 2. Used sticky

with key stakeholders. You did not notes
122. attain the information you required.
What action may have impacted the 3. Requested
effectiveness of this session? experts to attend

4. Took time to log

all inputs

******ebook converter DEMO Watermarks*******

 1. Forming and
Storming

2. Norming and
You are using a Supporting Leadership Performing
Style to manage your team. Which
123.
stages of team development is best
suited to this leadership style? 3. Forming and
Norming

4. Performing and
Storming

1. Plan Risk
Management and
Identify Risks

2. Identify Risks
and Perform
Qualitative Risk
You have new information that needs to Analysis
be documented on the project Risk
124. Register. Which Risk Management 3. Perform
Process activities require Risk Register Qualitative Risk
updates? Analysis and
Plan Risk
Management

4. Plan Risk
Responses and
Monitor and
Control Risks

******ebook converter DEMO Watermarks*******

 1. Nominal Group
Technique

You need critical input from experts to

plan a controversial IT project. You 2. Interviews
plan to use a tool and technique which
reduces fear of reprisal. You will
125. 3. Sensitivity
consolidate all inputs and provide a
Analysis
final report to all who contribute.
Which tool and technique are you
using? 4. Delphi
Technique

******ebook converter DEMO Watermarks*******

Final Test Solutions and
Explanations

Question
Response Rationale
#
Qualitative risk analysis is subjective. This eliminates options
A and C. Option B is incorrect. Assessing the probability of
1. D
achieving specific project objectives is quantitative. Option D
using a Probability and Impact Matrix is qualitative.
Management Reserves are reserves for unknown unknowns or
2. C unknown risks. Contingency Reserves are for known risks.
Options B and D are not types of reserves.
Remember to follow the input-tool and technique-output method
of performing activities. Options A and B are outputs in the
3. D
Risk Management Plan. Option C is the tool and technique after
you have the inputs. Option A is a key input. Gather inputs first.
The initial Risk Register lists risk, cause, initial Risk Owners,
categories, and responses. Option D satisfies these criteria. All
4. D
other activities occur in later steps of the Risk Management
Process.
Risk C has the highest priority based on its overall Risk Score
5. C of 16. Risk A scores 10, Risk B scores 12, and Risk D scores
10.
Option A is true regarding the Perform Qualitative Risk
Analysis activity. Qualitative Risk Analysis addresses
6. A
individual risks. All other options are true for the Perform
Quantitative Risk Analysis activity.
A Project Manager spends approximately 90% of his or her
7. C
time communicating.
Risk Related Contract Decisions and the Risk Register are key
8. D
inputs which drive the Plan Procurements activity.
Expect some Expected Monetary Value (EMV) questions on the
certification exam. To calculate Contingency Reserve
requirements, multiply the probability times the impact for each
risk and sum the total. Keep in mind that there are positive and
negative risks. In this scenario, total Contingency Reserve
******ebook converter DEMO Watermarks*******
 requirement is:

Risk A: 40% probability with $8,000 impact = -$3,200

Risk B: 20% probability with $5,000 impact = -$1,000

9. B Risk C: 10% probability with ($10,000 impact) = ($

1,000)

Risk D: 80% probability with $6,000 impact = $4,800

Total = $8,000

We need $8,000 added to our project for contingency

funds.

Risks A, B, and D are negative risks. Risk C is a positive

risk.

Risk B occurred. We used $5,000 from our Contingency

10. C
Reserves. This leaves us with $8,000 - $5,000 = $3,000 left.
The team described is most likely in the norming stage. A
supporting leadership style is best suited to this team. Coaching
11. B is best when the team is forming. Facilitative is best during
storming. Autocratic leadership is best when a decision must be
made quickly.
Option A is correct. Option B is wrong. You need to gain buy-in
—it’s not automatic. Option C is incorrect. You need to
12. A prioritize risks and manage the top risks. Otherwise you’ll burn
out your team. Option D is not correct as well. Don’t anticipate
risk tolerances—know them.
There are four key project objectives. They include Scope,
Time, Cost, and Quality. Communications is not a project
13. A
objective. It is a knowledge area that supports achievement of
objectives.
Option B is the best answer. Option A is partially correct. Risks
can also impact a project positively. Option C is not correct.

******ebook converter DEMO Watermarks*******

 14. B Risk is not always an unknown. However, it is always
uncertain. Option D is not totally correct. Risks can occur
during all Process Groups.
90% is a popular number. A good risk management program can
15. B
reduce problems by that much!
A Look Up Table is synonymous with a Probability and Impact
16. D Matrix. This is an Organizational Process Asset. The Look Up
Table is documented in the Risk Management Plan.
Your overall processes and strategy to support risk management
17. C
are documented in the Risk Management Plan.
Remember the PIER-C acronym? You identified risks and listed
newly found risks, or Emergent Risks in the Risk Register. The
18. A
next step is evaluation. The first evaluation method to employ is
Qualitative Risk Analysis.
Categorization of risks normally leads to improved and more
19. B
focused risk responses. This is the best answer.
Always add newly identified risks to the Risk Register. You can
20. A
evaluate and develop responses after they are listed.
A Matrix organizational model uses resources from across the
organization. It seems as if you work for two bosses. A
21. C Projectized organization consists solely of Project Managers
doing project work. A functional, or silo, organization uses
resources from strictly within the organization.
The probability of a risk occurring in the second month is the
22. D same as in subsequent months unless something has changed.
The scenario did not mention any changes.
Communications channels are calculated as ((n*(n-1))/2. In this
23. B
case, the solution is (8*7)/2 = 28.
Standard Deviation is calculated as (Pessimistic -Optimistic)/6.
24. C
The solution is (18-6)/6 = 2.
The Integrated Change Control component ensures all changes
are reviewed from a risk standpoint. Configuration Management
25. A
looks only at the functional and physical characteristics of the
project’s product.
The Communications Management Plan defines which
stakeholders require specific information. It defines the
26. C
communications activity, preferred media, frequencies, and
impacted stakeholders.
The beta distribution shows results or events that peak on either

******ebook converter DEMO Watermarks*******

 side of the mean. A uniform distribution would show an equal
27. A probability of any event to occur as depicted on the graph. A
triangular distribution shows results peaking at the mean and
falling off rapidly as you move from the mean. The normal
distribution represents the typical bell curve.
Option A is a good answer. Many Risk Owners are assigned
from the team. However, the team is not the only source from
which to find Risk Owners. Past Project Managers may or may
28. D
not be candidates for Risk Owners. Sponsors could be Risk
Owners, but that is a low probability scenario. The best answer
is Option D. A Risk Owner can be any stakeholder.
Add all low probability and low impact risks to the “Watch
29. B
List”. The other options are not applicable to the question.
You need to understand the contents of the Risk Management
Plan. Change management is not a category defined in the Risk
30. C
Management Plan. Therefore, Options A, B, and D are
incorrect.
The Quality Management Plan is an output of Plan Quality that
31. A defines applicable standards for a project. It is an input to the
Identify Risks process step.
Option C is correct. Using questionnaires to solicit input from
experts match the Delphi Technique approach. Root Cause
Analysis uses cause and effect analysis tools to find the root
32. C cause of a specific problem. Sensitivity analysis is “What if”
using variations of inputs. Nominal Group Technique breaks
groups into smaller groups to control brainstorming, prevent
domination by an individual, and rank orders inputs.
A Risk Breakdown Structure breaks risks into categories. It then
33. D
identifies specific risks to consider in each category.
Risk Utility is a term used to describe stakeholder’s willingness
to accept risk. Risk averse means stakeholders have a low
34. B tolerance for risk. A risk threshold is a numeric indicator of
tolerance levels. Risk bias is a measure of how attitudes and/or
perceptions can alter Risk Ratings.
Risk meta-language is a definition that describes the best
practice for developing a risk statement. The three components
35. C
are cause, risk, and effect. Options B, C, and D do not state the
three criteria.
Application of all tools and techniques take time. However,
36. A interviews normally take the most time to complete. Interviews
require time to discuss risk with each expert individually.
******ebook converter DEMO Watermarks*******
 Path convergence occurs when multiple activities flow into or
37. D out of a single activity. The Project Network Diagram shows
activity dependencies and how all activities interrelate.
A Prompt List is nothing more than a list of potential risk
38. B
categories to consider for project risk identification.
Risk increases as Standard Deviation increases. Standard
39. A Deviation and Variance have a positive correlation. As one
increases, the other increases and vice versa.
Always Perform Qualitative Risk Analysis when a new risk is
40. C identified. Determine the probability, impact, and calculate a
Risk Score.
Bottom Up Estimating is best when a project type is new, or
there are ambiguities that must be addressed. Parametric is a
41. B math model that depends on accurate unit and impact data.
Analogous, also known as top down or expert, is best for
recurring projects where there are few ambiguities.
There is only one option that is 100% correct. Make sure you
read all answers before responding. It is not a fast method
which rules out Option B. It does not provide a list of
42. A prioritized risks. That occurs during Qualitative Risk Analysis.
This makes C an incorrect response. Option D is also incorrect.
Scoring risks by probability x impact is a function of
Qualitative Risk Analysis.
SWOT analysis is a tool and technique that allows you to
43. B determine strengths that may lead to opportunities and
weaknesses that may lead to threats.
Planning meetings and analysis is the only tool and technique
associated with Plan Risk Management. The primary output of
44. A Plan Risk Management is a Risk Management Plan. Options B
and C are not tools used in Plan Risk Management. The Project
Scope Statement is an input and not a tool and technique.
The Project Manager assigns Risk Owners to all risks. The Risk
45. C Owner is responsible for developing responses, monitoring
status, and leading the response effort.
A trigger is an event that precedes a risk. For example, clouds
46. D and thunder would be a trigger that lets you know rain is on its
way.
The Monitor and Control activity of the Risk Management
47. A
Process is when governance activities are conducted.
Quantitative Risk Analysis looks at multiple risks and assesses
******ebook converter DEMO Watermarks*******
 48. D their cumulative impact on satisfying schedule and cost
objectives.
The only weighted estimation method you need to remember is
PERT. In this case, you apply the formula of (O +4ML +P)/6 =
49. A
Estimate. When you do the math, you end up with 144/6 which
equals 24 Days.
Decision Tree Analysis looks at multiple scenarios and tries to
50. C determine the option that provides the best overall Expected
Monetary Value (EMV).
Lessons Learned should be accomplished at the end of each
project phase. Lessons Learned may be conducted formally or
51. B informally, and document only those events that have occurred
or are now occurring. They allow for updates of risk policy and
practices.
Residual risks are risks that remain after a risk response is
52. A implemented. It is best to develop Contingency Plans for
Residual Risks and highlight them on Risk Registers.
The Cost Plus Percentage of Cost contract is the one that poses
53. C the greatest Cost Risk to a buyer. Note that the Fixed Price
Contract places the Cost Risk on the seller.
Determining to deal with an event if it occurs is an acceptance
response strategy. In this scenario, you are applying active
54. D
acceptance. This is development of a Contingency Plan to deal
with a risk if it occurs.
A Tornado Diagram shows the impact of multiple factors on a
55. B single variable. Note that Tornado Diagrams are the result of
applying the Sensitivity Analysis tool and technique.
Quantitative Risk Analysis is not always performed. The
56. D decision to Perform Quantitative Risk Analysis depends on
project priority, benefits of performing the analysis, etc.
Always use Three-Point averaging unless you are directed to
use PERT or a weighted estimation method. To solve this
57. C
problem, add the 3 estimates given together and divide them by
three to calculate the average. ( 25+16+10 = 51/3 = 17)
ISO is an organization that shares standards and best practices
58. B
that may apply to your project. It is a governance tool.
Remember the inputs, tools and techniques, and outputs of all
59. D Risk Management Process activities. Change Requests are only
generated as an output of Monitor and Control Risks.
Transference is a risk response strategy that transfers work or
******ebook converter DEMO Watermarks*******
 60. B accountability to a third party. This scenario defines a transfer
action.
Remember the seven constraints model? This includes Time,
Cost, Scope, Customer Satisfaction, Resources, Risk, and
61. B
Quality. Communications is an important knowledge area, but
not a constraint.
Performance reports are a key input required to perform the
62. C
Monitor and Control Risks activity.
Risk Reassessment is the action of identifying new risks and
63. A reassessing current risks on the Risk Register. This technique is
performed during Monitor and Control Risks.
The share response enlists the support of a third party to
participate and share in an opportunity. In this scenario, the
64. B opportunity is a 20% ROI increase. You are sharing the
opportunity with the other Project Manager who will benefit
from the discount.
All Risk Management Process activities occur in planning with
65. B one exception. Monitor and Control Risks occurs in the
Monitoring and Controlling Process Group.
There are four strategies to respond to positive risks or
66. D
opportunities. They include exploit, share, enhance, and accept.
The Stakeholder Register is an input to Identify Risks. It is
67. A
developed during the project initiating phase.
Option D provides a “by the book” definition of Nominal Group
68. D Technique. This is a great method to use when identifying and
evaluating risks.
The Work Breakdown Structure breaks activities out to a
69. C summary, control account, or work package level. This key
input to the Identify Risks activity satisfies the scenario best.
Failure Modes and Effect Analysis (FMEA) is a tool that
identifies potential failure modes and determines the effects of
70. D
each failure. Understand acronyms for the test. Not all acronyms
are spelled out!
This is a Decision Tree question that calculates Return +
Return. We have a fixed return of $50, 000 PLUS a Risk
71. D Adjusted Return using Expected Value of (20% x $30,000). Add
the two together and we end up with $50,000 + $6,000 =
$56,000.
Assumptions Analysis occurs during the Identify Risks activity.
72. A This analysis reviews information believed to be true and
******ebook converter DEMO Watermarks*******
 verifies the information as either true or false.
This question provides the exact definition of Risk Governance.
73. B
Remember the definition.
A workaround is the first action you take when you need to
74. C respond to an unknown risk that catches you by surprise. It is
accomplished during Monitor and Control Risks.
Mitigation is a response strategy that reduces either the
75. C
probability or impact of a negative risk event.
Risk responses initiated when a trigger event occurs are
76. D
referred to as Contingent Response Strategies.
Exploit is a response strategy implemented in an attempt to
77. A make a risk cause or event to occur. It is used for positive risks
or opportunities.
A Risk Action Owner is assigned by a Risk Owner. Their
78. A
specific job is to implement Contingency Plans.
Secondary Risks are risks that result as a direct result of a
planned risk response. Secondary Risks should always be listed
79. B
in the Risk Register and should never have a higher priority than
the primary response they are linked to.
Here is another case of emphasizing the importance of knowing
the inputs, tools and techniques, and outputs of all Risk
80. D Management Process activities. The Cost Management Plan can
be an input for either Plan Risk Management or Perform
Quantitative Risk Analysis.
Delphi Method, Brainstorming, and Interviewing are three
81. B
information gathering techniques used as tools of Identify Risks.
The Risk Register is created during Identify Risks. Therefore,
options A, C, and D were not correct. The Risk Register is
82. B updated during Perform Qualitative Risk Analysis, Perform
Quantitative Risk Analysis, Plan Risk Responses, and Monitor
and Control Risks.
This is an Expected Monetary Value question. To solve, add up
the EMV values which represent returns and subtract the cost.
83. A The result is the value of the project. Doing the math: .4 x
$25,000 = $10,000 .6 x $60,000 = $36,000 Total: $ 46,000 -
$32,000 = $14,000
84. D Schedules are the number one cited source of potential conflict.
The only correct statement is Option C. The risk of not
completing a project successfully is highest at the beginning of a
85. C
******ebook converter DEMO Watermarks*******
 project.
Biased Risk Ratings will occasionally occur. The priority is to
86. C adjust the Risk Rating as soon as possible to eliminate bias and
reflect accurate analysis of probability and impact.
The detail of risk responses is based on the overall priority of
87. D
the risk itself. Not all risks require equal levels of detail.
The correct response is a Risk Audit. Risk Reassessment is a
reassessment of individual risks. A Risk Review looks at
88. A
potential risk responses to ensure they are still appropriate.
Risk responses are accomplished when a risk occurs.
Technical Performance Measurement determines if actual
performance matches planned performance. Targets, metrics,
89. B
etc. are used to perform this tool and technique. This
information is documented in the Quality Management Plan.
Risk tolerance categories reflect the seven constraint model.
90. C Measure Risk, Customer Satisfaction, Resources, Scope, Cost,
Time, and Quality tolerance levels.
Analogous uses information from similar past projects for
91. B estimating. Analogous is also referred to as Expert or Top
Down estimating.
Consistent risk assessment, risk management, and risk
92. D
communication are primary goals of the Risk Governance Body.
According to the PMBOK® Guide, risk-rating rules for an
93. B organization are generally specified in Organizational Process
Assets.
You are investing $90,000. There is a 70% chance of returns of
$120,000. Using EMV, this equates to (70% x $120,000) =
$84,000. There is a 30% chance of returns of $140,000. Using
94. C
EMV, this equates to (30% x $140,000) = $42,000. Add the
EMV values ($84,000 + $42,000) = $126,000. Subtract the
investment of $90,000. The result is a value of $36,000.
95. C Assumptions can be found in the Project Scope Statement.
The Stakeholder Register provides key information on all
96. A
project stakeholders including customers.
Risk Related Contractual Decisions are an output of the Plan
97. C
Risk Responses process.
Sensitivity Analysis is a tool and technique of Quantitative Risk
98. A Analysis. Options B through D reflect objectives of the Monitor
and Control Risks process.

******ebook converter DEMO Watermarks*******

 Checklists are generally developed based on Lessons Learned.
99. D It is a fast process that provides an initial high level analysis of
risks. It does not provide an in-depth review.
Options A, C, and D are all associated with Qualitative Risk
Analysis which is always performed. Expected Monetary Value
100. B analysis depends on solid probability and dollar/schedule
impact data. You do not have this data. Therefore you cannot
use Expected Monetary Value analysis.
A buffer is non-project time that is added between two
101. C activities to mitigate risk. This is normally a function of the
Critical Chain method of scheduling.
Results occur approximately 68% of the time within one Sigma
of the mean. To determine the range at one Sigma, subtract the
Standard Deviation from the mean to determine the low end
102. A estimate. This is 20-2 = 18. Add the Standard Deviation to the
mean to determine the high end estimate. This is 20+2 = 22. A
range of 16 to 24 would reflect two Sigma. A range of 14 to 26
reflects three Sigma, etc.
The Cost Management Plan and Schedule Management Plan are
103. D inputs to both Plan Risk Management and Perform Qualitative
Risk Analysis.
The Risk Data Quality Assessment is a tool and technique used
104. B
during the Perform Qualitative Risk Analysis activity.
The Fixed Price family of contracts puts the Cost Risk on the
seller. Cost Reimbursement and Time and Material type
contracts put the Cost Risk on the buyer.
You may be presented with an Earned Value Technique
question. This type of question is typical.

BAC is $60,000.

Since the project is 40% complete, your Earned Value

105. A (EV) is (40% x $60,000) = $24,000.

You had planned to be 30% complete at this point in the

project, Planned Value (PV) is (30% x $60,000) =
$18,000.

******ebook converter DEMO Watermarks*******

 Your Actual Costs (AC) is $25,000.

Option A is not correct. The project is not behind schedule.

Calculate Schedule Variance as (EV-PV). The result is +$6,000.
The project is ahead of schedule.
Option B is also not correct. The project is not ahead on budget.
106. D Calculate Cost Variance as (EV-AC). The result is -$1,000. The
project is behind on budget.
Option C is incorrect. The Schedule Variance (SV) is positive.
Option D is the answer. The Cost Variance (CV) is indeed
negative.
The Schedule Performance Index (SPI) is calculated by EV/PV.
Options C and D are the Cost Variance and Schedule Variance
107. B
results. Option A is the Cost Performance Index (EV/AC).
Option B is correct. The SPI is ($24,000/$18,000) = 1.33.
Cognitive bias occurs when individual stakeholder perceptions
impact Risk Ratings. Risk Utility is a measure of overall
stakeholder risk tolerance. Motivational bias occurs when
108. D
stakeholders intentionally bias Risk Ratings to satisfy ulterior
motives. Conceptual bias is not a recognized form of bias in the
PMBOK® Guide.
The Risk Exposure of a project is the sum of all individual Risk
Scores. Risk Ratings are assigned to probability and impact
109. B
estimates for individual risks. Multiply Risk Ratings for
probability and impact to achieve an individual Risk Score.
The Risk Management Plan is a key output of Plan Risk
110. B Management. It is an input for all other Project Risk
Management activities.
A workaround is defined as the response to an unplanned risk.
111. A
Keep the project moving is always a first priority.
Risk Response Planning is the activity that requires you to
112. A develop strategies for positive risks (opportunities) and/or
negative risks (threats).
Risk tolerance is a broad statement of acceptable risk. A control
113. C threshold defines the acceptable level of variation in numeric
terms.
The risk of saving time is a positive risk. This eliminates
Options A and B. Mitigation is a negative risk response. The
114. C scenario indicates you want to act on this risk. This eliminates
Acceptance as an option presented in Option D. Enhancement
******ebook converter DEMO Watermarks*******
 and Exploitation are both viable responses to a positive risk.
Communications blockers or noise factors most likely result in
115. B
conflict. The Project Manager must mitigate these blockers.
Hertzberg is responsible for the motivational theory that deals
116. D
with hygiene factors and motivating agents.
The process of refining risk practices and policies by using
117. D Lessons Learned is a key task that falls under the Risk
Governance domain.
The Risk Data Quality Assessment is a tool and technique used
118. A
when you Perform Qualitative Risk Analysis.
A positive risk that occurs is called a Benefit. This is the
119. C
opposite of a negative risk that occurs which is called an issue.
Laissez-Faire is a leadership style that is best explained as
120. D hands-off. All other styles listed in the responses involve of
interaction.
A Risk Audit occurs during the Monitor and Control Risks
121. C activity. This activity occurs in the Monitoring and Controlling
Process Group.
Do not evaluate ideas during brainstorming. The goal of
122. A
brainstorming is to solicit ideas you will evaluate later.
The Supporting Leadership Style is best used during the
123. B Norming and Performing stages of the Tuckman Model for team
development.
Risk Register updates occur during the Perform Qualitative
124. D Risk Analysis, Perform Quantitative Risk Analysis, Plan Risk
Responses, and Monitor and Control Risks activities.
Delphi Technique helps you attain expert input and mitigates
125. D
stakeholder fears.

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
APPENDIX C: Acronyms

Acronym Long Title

AC Actual Costs
BAC Budget at Completion
CP Critical Path
CPI Cost Performance Index
CV Cost Variance
EAC Estimate at Completion
EMV Expected Monetary Value
ETC Estimate to Complete
EV Earned Value
FMEA Failure Mode and Effect Analysis
IRGC International Risk Governance Council
ISO International Organization for Standardization
NPV Net Present Value
PDCA Plan, Do, Check, Act
PIER-C Plan, Identify, Evaluate, Respond, Control
PERT Program Evaluation and Review Technique
PMBOK® Guide Project Management Body of Knowledge
PMI Project Management Institute
PMO Project Management Office
PMP Project Management Professional
PV Planned Value
RBS Risk Breakdown Structure
RMP Risk Management Professional
SD Standard Deviation
SME Subject Matter Expert
SPI Schedule Performance Index
SWOT Strengths, Weaknesses, Opportunities, and Threats
SV Schedule Variance
******ebook converter DEMO Watermarks*******
WBS Work Breakdown Structure

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
APPENDIX D: Glossary of Terms

Term Definition
This response entails taking no immediate action until the risk
Acceptance
occurs. There are two types of acceptance strategies. One is
(Accept)
passive and the other is active.
Achievement David McClelland’s theory states that there are three (3) needs
Motivation that must be satisfied for people to be satisfied. They include
Theory achievement, affiliation, and power.
Contingency Plans are developed to address risks when they
Active
occur. This step may be necessary to increase stakeholder
Acceptance
confidence that you have an approach for risks you accepted.
Activity Cost
Output of Estimate Costs. Provides Cost Estimates for the project.
Estimates
Activity
Output of Estimate Activity Durations. Provides time durations
Duration
for a project.
Estimates
Method uses the intellectual power of a group to place risks into
Affinity
categories. This is the best method to use if all possible risks
Diagramming
have not been identified.
An estimating method where time and cost estimates are provided
Analogous
by an expert source. Also referred to as Top-Down or Expert
Estimating
estimating.
Information believed to be true but not yet validated. Assumptions
Assumption
are always risks until validated.
Assumptions Action of validating or dismissing an assumption through analysis
Analysis and research.
Leadership style where you make decisions without input from
Autocratic
others.
The focus of this risk response strategy is to eliminate the cause
Avoidance
of the risk. Take actions to ensure the risk does not occur. This is
(Avoid)
often accomplished by removing people and/or activities.
Benefit Term that depicts a positive risk or opportunity that occurred.
Beta
Probability peaks on either side of the mean.
Distribution

******ebook converter DEMO Watermarks*******

 Bias Any event or attitude that can skew a probability or impact Risk
Rating.
A form of estimating that aggregates individual work package
Bottom Up information from the people who are performing the project
work.
Open forum where members generate ideas and solve problems.
Brainstorming A facilitator logs inputs. Brainstorming is one method used for
attaining expert input.
Non-working time added between two activities to account for
identified risks. For example, concrete is laid, a two-day wait
Buffer
allows the concrete to set, and then construction follows. The
buffer is the two day wait.
Category of risks that can be opportunities or threats. They can
Business Risk
cause either profit or loss.
Grouping of risks based on common causes. Allows for
Categorization
development of better responses.
Graphic depictions of risk causes and potential effects on a
Cause and
project. Also called Ishikawa Diagrams, Root Cause
Effect Diagrams
Identification, or Fishbone Diagrams.
Quick and simple approach which can be used for an initial high-
Checklist
level analysis of risks. Checklist Analysis will identify new risks
Analysis
that are not on the checklist. This is a limitation.
Management style that trains and instructs others on how to
Coaching
perform the work.
Bias based on perceptions. The perception becomes a reality that
Cognitive Bias
influences the Risk Rating.
Communications
Anything that can interfere with the communications model. Leads
Blockers
to conflict.
(Noise)
Communications The number of potential conversations that can occur within a
Channels project team. Formula: n(n-1)/2
Communications Output from Plan Communications. Defines interactions among
Management stakeholders. Identifies who is available to share risk information
Plan with.
Ensures key organizational policy and procedure is adhered to.
Compliance
Accommodate key governance criteria and methods.
Consensus Leadership style where you solve problems based on group input.
Building Strives for decision buy in and agreement from stakeholders.
Anything that can limit the team’s options. Boundaries that must
******ebook converter DEMO Watermarks*******
 Constraints be acknowledged and addressed. The seven sided constraint
provides categories of constraints to consider.
Consultative Management style that invites others to provide input and ideas.
Contingency
Primary response plan to address a risk.
Plan
Contingency Extra time or budget added to the project to account for known
Reserves risks. Also referred to as reserves for known unknowns.
A risk response strategy that calls for implementation of a
Contingent
Contingency Plan when a trigger indicates the risk is about to
Response Plan
occur.
Cost
Defines how Contingency Reserves or Management Reserves
Management
will be reported and assessed. Points to cost data sources.
Plan
Cost A buyer proposes work and contracts the seller’s expertise. Total
Reimbursement costs are not known until the end of the contract. Cost Risk is on
Contract the buyer.
A compression technique that uses resources from one activity
Crashing and applies them to another. This is a common form of
enhancement or mitigation.
Describes a scenario under consideration and uses available data
Decision Tree to determine the most economic approach. The primary objective
Analysis is to determine which scenarios provide the best overall
Expected Monetary Value (EMV).
Gain inputs and consensus through anonymous inputs. Reduces
Delphi
fear of reprisal. Delphi Technique is also a method used to attain
Technique
expert input. Surveys and questionnaires are popular methods.
Directive Management style that directs or tells people what to do.
PMI’s preferred method of performance reporting. Analyzes
Earned Value
Planned Vale, Actual Costs, and Earned Value to determine
Technique
schedule and budget performance.
Risks that are not identified during the initial Identify Risk
Emergent Risk
process step. Risk is discovered after the project begins.
Enhancement Risk response that aims to increase the probability of the risk
(Enhance) occurring or the impact of a risk if it occurs.
Enterprise
Risk attitudes and tolerances. The degree of risk an organization
Environmental
is willing to tolerate. Also, systems you use and cultural factors.
Factors
Expectancy Employees believe effort leads to performance. Performance
******ebook converter DEMO Watermarks*******
 Theory should be rewarded based on expectations. Rewards promote
further productivity.
Expected Method used to establish Contingency Reserve requirements for
Monetary Value both budget and schedule. EMV is quantified by multiplying
(EMV) probability times the best or worst case cost/time scenario.
Expert
See Analogous
Estimating
Risk response where action is taken to make a cause occur. Goal
Exploitation
is to make the risk happen. It may require additional time or
(Exploit)
resources to use the Exploit response method.
Management style that coordinates and solicits the input of others.
Facilitative
A good Project Manager is facilitative.
Failure Modes
Tool that identifies potential failure modes, determines effects of
and Effect
each failure, and seeks ways to mitigate the probability and
Analysis impact of each failure.
(FMEA)
A plan implemented if your primary Risk Response Plan or
Fallback Plan
Contingency Plan fails. A secondary plan.
Fishbone
See Cause and Effect Diagrams
Diagram
Fixed Price A Fixed Price Contract is a price provided by a seller to
Contract complete a contract. Cost Risk is on the seller.
Groups or individuals that try to add additional functionality
Gold Platers without using the formal change management process. Gold
Platers are the primary perpetuators of Scope Creep.
Governance
The process of ensuring risk policies and procedures are
(Risk
understood, followed, consistently applied, and effective.
Governance)
There are hygiene factors and motivating agents. Hygiene factors
Hertzberg’s
can only destroy motivation. Motivating factors are those that
Theory
increase motivation.
A qualification of the consequences to the project if a risk event
Impact
occurs.
Method includes graphical representations of situations showing
Influence
causal influences, time ordering of events, and other relationships
Diagrams
between variables and outcomes.
Information Methods for gathering information. Includes brainstorming,
Gathering Delphi Technique, interviews, Root Cause Identification, and

******ebook converter DEMO Watermarks*******

 Techniques Nominal Group Technique.

Also called “Pure Risks”. Negative risks or threats outside the

Insurable Risk Project Manager’s control. Examples are natural disasters, fire,
theft, etc.
International
Organization
The ISO develops standards based on best practices and
for
encourages their use by all who subscribe to ISO methodology.
Standardization
(ISO)
International
The IRGC’s primary goal is to facilitate understanding and
Risk
manage risks that impact society, human health, safety, and the
Governance
environment as a whole.
Council (IRGC)
One-on-one meetings with key stakeholders or experts in a given
Interview field. A drawback of this technique is that it takes time and is
slow.
Ishikawa
See Cause and Effect Diagrams
Diagram
Issue Term that depicts a negative risk or threat that occurred.
Any activity or process that is repeated. The Risk Management
Iterative
Process is iterative.
Formal or informal Lessons Learned from past projects. Lessons
Lessons
Learned should be documented and shared in an effort to improve
Learned
the effectiveness of Project Managers on future projects.
Lookup Table See Probability and Impact Matrix
Management Extra time or budget added to the project to account for unknown
Reserves risks. Also referred to as reserves for unknown unknowns.
Maslow’s Maslow stated that motivation occurs in a hierarchal manner.
Hierarchy of Physiological - Safety - Social - Esteem - Self Actualization
Needs Theory needs must be satisfied in this order.
Theory X managers believe people are not to be trusted and must
McGregor’s
be watched. Theory Y managers believe people want to achieve
Theory X and Y
and can be self-directed.
Risk response that takes actions to reduce the probability of a risk
Mitigation
occurring, or the impact of risk if it occurs. This could be thought
(Mitigate)
of as developing Plan B.
A form of What if Scenario Analysis. Uses Optimistic, Most

******ebook converter DEMO Watermarks*******

 meeting cost and/or schedule objectives.
Motivational
Occurs when stakeholders intentionally try to bias ratings.
Bias
Negative Risk Any risk event that may result in a threat to project objectives.
Nominal Group Technique is similar to brainstorming. Input is collected from a
Technique select group. Inputs are analyzed and results are rank ordered.
Normal distribution is also referred to as the “Bell Curve”. A
Normal
normal distribution model uses averages and “Sigma” intervals to
Distribution
show the potential range of values over the length of a bell curve.
Measureable goals a project aims to accomplish. They include
Objectives
scope, time, cost, and quality.
Includes risk categories, definitions, templates, roles and
Organizational
responsibilities, information on organizational risk tolerances,
Process Assets
etc.
Parametric An objective estimating method that uses defined cost, time and
Estimating unit data.
Passive This type of acceptance occurs when a Contingency Plan is not
Acceptance created to address the risk.
Path Defined as multiple activities flowing into or from a central
Convergence activity. Increases risk.
These reports include Earned Value Technique data such as
Performance
schedule and cost status. They also include forecasting data
Report
which is critical to recognition and control of risks.
PERT: Program
A form of Three Point Estimating that uses a weighted method to
Evaluation and
calculate the best estimate based on Pessimistic, Most Likely, and
Review
Optimistic estimates. Calculated as: (O+(4ML)+P)/6
Technique
Planning
The key tool and technique used to develop a Risk Management
Meetings and
Plan during Plan Risk Management.
Analysis
Any risk event that may result in an opportunity to project
Positive Risk
objectives.
Method used to identify potential risks before a project begins.
Compare the current project to similar past projects. Try to
Pre-Mortem
determine what could go right or wrong with the current project
before it begins.
Probability Potential for a risk to occur. Scoring systems include percentages
or a numeric scale such as 1-5 for example.
******ebook converter DEMO Watermarks*******
 Matrix that shows ratings and overall priority determinations. The
Probability and Risk Matrix you use can be simple or elaborate depending upon
Impact Matrix the prioritization methodology selected. Also called a “Lookup
Table”.
Probability Type of distribution that estimates the potential of a risk event to
Distributions occur over a pre-described range.
Reveals how systems function and interrelate. Serves as a superb
Process Flow
means of identifying potential risks. Includes inputs, activities,
Chart
and outputs.
Process Related Required processes that must be followed to ensure project
Criteria success.
Project Includes Assumption Log, Work Performance Reports, Earned
Documents Value Technique metrics, Network Diagrams, Baselines, etc.
Project
Organization that may share risk policies and procedures, best
Management
practices, ensure Risk Governance, etc.
Office (PMO)
Project
Output of Sequence Activities. Shows dependencies for all
Network
activities and where paths converge.
Diagram
Project Related Required project results for cost, time, scope, and quality
Criteria objectives.
An uncertain event or condition that, if it occurs, has a positive or
Project Risk
negative effect on at least one of the project’s objectives.
Project Risk This score reflects the uncertainty of the project as a whole by
Score summing the total of all individual Risk Scores.
Project Scope Key output of Define Scope. Defines range of possibilities for
Statement project and deliverables. Lists assumptions.
Generic list of categories where risks may be found. Used to
Prompt List
“prompt” ideas and risk identification.
Pure Risk See Insurable Risk
Subjective risk evaluation process where risks are scored and
Qualitative Risk
prioritized by probability times impact. Activity is always
Analysis
performed.
Quality Defines specific approach to quality to include metrics, targets,
Management standards, checklist for Quality Control, process improvement
Plan opportunities, etc.
Quality A plan developed during the Plan Quality activity that defines
Management project standards, metrics, and targets.
******ebook converter DEMO Watermarks*******
 Quality A plan developed during the Plan Quality activity that defines
Management project standards, metrics, and targets.
Plan
Objective risk evaluation process that numerically analyzes the
Quantitative impact of multiple risks to the project. Helps determine
Risk Analysis probability that stated budgetary and schedule outcomes can be
met.
Reserve Process of reviewing Management Reserves and Contingency
Analysis Reserves to ensure they support project needs.
Extra time or budget added to the project to account for risks.
Reserves Effective risk management provides a basis for identifying and
requesting reserves.
These are risks that remain after a response is implemented. For
Residual Risk example, a response may address 80% of the risk impact. The
remaining 20% is the Residual Risk.
Resource Output of the Estimate Activity Resources activity. This output
Breakdown shows what resources are required for the project. This is a
Structure document used during the Identify Risk process.
Risk Action This individual is assigned by a Risk Owner to help implement
Owner approved risk responses.
Risk Averse Indicates stakeholder unwillingness to accept risk.
Audits that examine responses to risk and answer the question,
Risk Audit “How did we do?” Risk Audits also measure the overall
effectiveness of the Risk Management Process.
Lists risk categories and sub-categories in hierarchical order to
Risk
help identify risks. Places risks in categories and defines specific
Breakdown
risks applicable to the type of project being managed in that
Structure (RBS) category.
Tool to determine if probability and impact scores are accurate
Risk Data
and unbiased. If it is determined that the data used is not
Quality
sufficient, annotate the risk as requiring additional information to
Assessment improve understanding.
Term that defines the level of risk on a project. The Project Risk
Score determines Risk Exposure. Acceptable levels of Risk
Risk Exposure
Exposure are based on stakeholder attitudes, tolerances, and
thresholds.
Risk
See Governance
Governance
Risk
******ebook converter DEMO Watermarks*******
 Plan
Risk
A six (6)-Step approach designed to help manage end-to-end
Management
project risk.
Process
Stakeholders assigned to manage risks. They develop responses,
monitor risk status, and implement Contingency Plans and
Risk Owner
Fallback Plans if required. Risk Owners can be any stakeholder
in the project.
A score that reflects the probability or impact of an individual
Risk Rating
risk.
Risk Monitor and Control activity that identifies new risks and
Risk requires reassessment of existing risks. Ensures outdated risks are
Reassessment closed. Also ensures that new risks are identified when changes
to the project are made.
Output created during Identify Risks. Includes risk definition,
Risk Register
owner, causes, initial responses, and categorization.
Output created during Identify Risks. Includes risk definition,
Risk Register
owner, causes, initial responses, and categorization.
Risk Related Some responses may result in the need for third party support.
Contractual Contractual decisions outline the need for a third party to support
Decisions a Risk Response Plan.
A review to analyze potential risk responses to see if they are
still appropriate. Part of Risk Reassessment. May include
Risk Review
changing order or priority of risks, adjusting severity of risks, or
monitoring residual risks.
A score that reflects the uncertainty of an individual risk by
Risk Score multiplying the probability Risk Rating times the impact Risk
Rating.
An objective statement of risk tolerance. For example,
Risk Threshold
stakeholders are willing to accept up to 5% of cost overruns.
A statement of how much risk a stakeholder is willing to tolerate.
Risk Tolerance
Generally stems from risk attitudes.
Risk Urgency Analysis of all risks to determine their relative priority based on
Assessment probability and impact Risk Ratings.
Risk Utility Describes a person or organization’s willingness to accept risk.
Method to effectively identify and describe risks. The three-step
Risk-Meta- method to develop a risk statement is to define the cause, risk,
Language and effect of the risk.

******ebook converter DEMO Watermarks*******

 Identification
The primary output of Project Time Management. This is the
Schedule approved and accepted project schedule. The Schedule Baseline
Baseline may be adjusted through the project’s formal Integrated Change
Control process to account for risk.
Schedule
Output from Develop Project Management Plan. Defines how
Management
schedule contingencies will be reported and assessed.
Plan
Includes Scope Statement, Work Breakdown Structure (WBS),
Scope Baseline
and WBS Dictionary. Scope Statement lists assumptions.
Changes to the project’s scope that are not processed through the
Scope Creep
formal change control process. (See Gold Platers)
A risk that results from a risk response. For example, a response
Secondary Risk to use a vendor to perform project work could lead to potential
vendor management risks.
Modeling technique that helps determine which risks have the
Sensitivity
greatest impact on the project. Similar to What if Scenario
Analysis
Analysis.
Seven (7)
Model that drives risk tolerance levels. Includes scope, time,
Constraint
cost, quality, risk, customer satisfaction, and resources.
Model
This risk response enlists the support of a third party to take
advantage of the opportunities presented by a positive risk event.
Sharing (Share)
Sharing involves partnering with a third party and sharing in the
benefits.
Any individual or organization with an interest in the project.
Stakeholder Stakeholders are both internal and external. Includes Project
Team.
Define the strategy for managing stakeholders listed on the
Stakeholder
Stakeholder Register. Most common model is the Power/Interest
Management
model. The Salience Model focuses on power, urgency, and
Strategy legitimacy of stakeholder actions.
Includes key information about stakeholders. Normally includes:
Stakeholder
identification information, assessment information, and
Register
classification.
A statistical measure of distance from a calculated mean. Risk
Standard
increases as the Standard Deviation number increases. Similarly,
Deviation
risk decreases as the Standard Deviation number decreases.
A leadership style that provides assistance and support as needed
Supporting
******ebook converter DEMO Watermarks*******
 Deviation increases as the Standard Deviation number increases. Similarly,
risk decreases as the Standard Deviation number decreases.
A leadership style that provides assistance and support as needed
Supporting to achieve project goals.

Acronym stands for Strengths, Weaknesses, Opportunities, and

SWOT Threats. Analyze opportunities and threats based on strengths and
weaknesses.
An informal or formal working agreement between a buyer and
Teaming
seller. These agreements are common between established sellers
Agreement
and buyers who share a long-term relationship.
Technical Tool and technique that determines if the actual technical
Performance performance achieved matches planned technical performance
Measurement schedules.
Three Point A method of estimating that calculates the best estimate based on
Estimating Pessimistic, Most Likely, and Optimistic Estimates.
Top Down
See Analogous
Estimating
Generally the result of Sensitivity Analysis. A Tornado Diagram
Tornado
shows a single factor such as Net Present Value (NPV). It then
Diagram
visually displays variables that can impact the single variable.
Risk response that transfers accountability and responsibility of a
Transference
risk to a third party. The third party actually performs the work or
(Transfer)
accepts accountability. Normally incurs a cost.
Triangular Probability peaks at the mean. There is a fast decrease in
Distribution probability as results occur away from the mean.
An early warning sign that a risk is about to occur. Initiates a
Trigger
Contingent Response Strategy.
Uniform Risk is normally uniform in the early design stages of a project.
Distribution Distribution becomes non-uniform in the later stages.
Urgent List Risks requiring an immediate response.
Risks with a low Risk Score that you do not need to develop
Watch List
responses for.
What if
Scenario See Sensitivity Analysis
Analysis
Work Output of Create Work Breakdown Structure and part of the
Breakdown Scope Baseline. WBS defines activities at summary, control
Structure account, or work package levels. WBS also defines nature of
******ebook converter DEMO Watermarks*******
 Breakdown Part of the Scope Baseline. Provides attributes of an individual
Structure work package in the WBS.
(WBS)
Dictionary
Workaround A response to an unplanned or unknown risk.

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
APPENDIX E: Index

******ebook converter DEMO Watermarks*******

Index: Assumptions - Closing
Process Group
Assumptions - Closing Process Group Pages
Assumptions 4, 15
Accept (Acceptance) 61
Achievement Motivation Theory 87
Active Acceptance 61
Activity Cost Estimates 21
Activity Duration Estimates 21
Actual Costs (AC) 75
Adjourning 88
Affinity Diagramming 24
Analogous Estimating 83
Assumptions Analysis 22
Autocratic Leadership Style 88
Avoid (Avoidance) 60
Bell Curve 41
Benefit 6
Beta Distribution 44
Bottom Up Estimating 83
Brainstorming 23
Buffer 83
Business Risks 6
Categorization 16, 33
Cause 19
Cause and Effect Diagrams 22
Change Control Log 79
Change Requests 70
Checklist Analysis 40
Closing Process Group 79

******ebook converter DEMO Watermarks*******

Index: Coaching Leadership Style -
Domains
Coaching Leadership Style - Domains Pages
Coaching Leadership Style 88
Cognitive Bias 33
Communications Blockers 92
Communications Channels 91
Communications Management Plan 12, 91
Communications Model 92
Compliance 16
Configuration Management 80
Conflict 92
Consensus Building Leadership Style 88
Constraints 15
Consultative Leadership Style 88
Contingency Plan 57
Contingency Reserves 7, 39, 48
Contingent Response Strategy 60
Corporate Knowledge Base 74
Cost Management Plan 12, 21, 40
Cost Performance Index (CPI) 76
Cost Plus Percentage of Cost Contract 77
Cost Reimbursement Contract 77
Cost Risk 77
Cost Variance 76
Crashing 62
Critical Chain Method 83
Cultural and Social Environment 80
Decision Tree Analysis 49
Delphi Technique 23
Diagramming Techniques 22
******ebook converter DEMO Watermarks*******
Directive Leadership Style 88
Documentation Reviews 22
Domains xxiii

******ebook converter DEMO Watermarks*******

Index: Earned Value - Insurable
Risks
Earned Value - Insurable Risks Pages
Earned Value (EV) 75
Earned Value Technique 75
Effect 19
Emergent Risks 3, 5
Enhance (Enhancing) 62
Enterprise Environmental Factors 12, 21
Estimate to Completion (ETC) 76
Executing Process Group 79
Expectancy Theory 87
Expected Monetary Value (EMV) 48
Expert Estimating 83
Exploit (Exploitation) 61
Facilitative Leadership Style 88
Fallback Plan 57
Fault Modes and Effect Analysis 24
Firm Fixed Price Contract (FFP) 77
Fixed Price Contract (FP) 77
Forming 88
Functional Manager 89
Functional Organization 80
Go/No Go 29, 58
Gold Platers 82
Hertzberg’s Theory 87
Identify Risks 2, 19
Identify Stakeholders 90
Impact 29
Influence Diagrams 22
Information Gathering Techniques 23
******ebook converter DEMO Watermarks*******
Initiating Process Group 79
Inputs 3
Insurable Risks 6

******ebook converter DEMO Watermarks*******

Index: Integrated Change Control -
Outputs
Integrated Change Control - Outputs Pages
Integrated Change Control 79
Integration 7
International and Political Environment 80
International Organization for Standardization 74
International Risk Governance Council 74
Interview 23, 35, 41
Issue or Problem 6
Iterative 5, 19
Known Risks 4
Lookup Table 32
Management Reserves 7, 21, 69
Maslow’s Hierarchy of Needs 87
Matrix Organization 80
McGregor’s Theory X and Y 87
Mitigate (Mitigation) 60
Monitor and Control Risks 3, 67
Monitoring and Controlling Process Group 79
Monte Carlo 39, 46, 47
Motivational Bias 33
Motivational Theories 87
Negative Risks 60
Negotiation 89
Nominal Group Technique 23
Normal Distribution 41
Norming 88
Objective 39
Opportunities 5
Organizational Process Assets 12, 16, 21, 30, 40, 70
******ebook converter DEMO Watermarks*******
Outputs 3

******ebook converter DEMO Watermarks*******

Index: Parametric Estimating -
Program
Parametric Estimating - Program Pages
Parametric Estimating 83
Passive Acceptance 61
Path Convergence 29
PDCA 1
Perform Qualitative Risk Analysis 2, 29, 53
Perform Quantitative Risk Analysis 2, 39, 53
Performance Reports 68
Performing 88
PERT 39, 45
Physical Environment 80
PIER-C 1, 67
Plan Risk Management 2, 11
Plan Risk Responses 2
Planned Value (PV) 75
Planning Meetings and Analysis 12
Planning Process Group 79
PMI Framework 79
PMO 6
Portfolio 4
Positive Risks 60
Power/Interest Model 90
Pre-Mortem 24
Probability 29
Probability and Impact Matrix 32
Probability Distributions 41
Process Flowcharts 22
Process Improvement Plan 84
Process Related Criteria 13
******ebook converter DEMO Watermarks*******
Program 4

******ebook converter DEMO Watermarks*******

Index: Project Documents - Risk
Communication
Project Documents - Risk Communication Pages
Project Documents 21, 63
Project Management Plan 8, 16, 25, 63, 64, 68, 70
Project Network Diagram 29, 83
Project Objectives 1, 16
Project Related Criteria 13
Project Risk 1
Project Risk Score 4, 34
Project Scope Statement 12
Projectized Organization 80
Prompt List 24
Pure Risks 6
Quality Assurance 84
Quality Checklists 84
Quality Control 84
Quality Management Plan 21, 84
Quality Metrics 84
Quality Standards 84
Recurrent Projects 1
Reserve Analysis 69
Reserves 7
Residual Risk 57
Resource Breakdown Structure 83
Risk 1, 19
Risk Action Owner 57
Risk Analysis xxiv
Risk Attitude 5
Risk Audit 69
Risk Averse 15
******ebook converter DEMO Watermarks*******
Risk Breakdown Structure (RBS) 15
Risk Communication xxiii

******ebook converter DEMO Watermarks*******

Index: Risk Data Quality
Assessment - Scope Creep
Risk Data Quality Assessment - Scope Creep Pages
Risk Data Quality Assessment 32
Risk Exposure 34
Risk Governance xxv, 8, 73, 74
Risk Management Department 6
Risk Management Plan 11, 13, 14, 39, 21, 40, 60
Risk Management Process 1, 4
Risk Meta Language 19
Risk Owner 19, 57
Risk Probability and Impact Assessment 31
Risk Rating 31, 34
Risk Reassessment 69
Risk Register 19, 25, 30, 40, 60, 68, 95
Risk Register Update 34, 51, 63, 70
Risk Related Contractual Decisions 63, 95
Risk Response Plan 57
Risk Response Planning xxiv
Risk Score 31, 34
Risk Team 12
Risk Threshold 5, 16
Risk Tolerance 5, 15
Risk Urgency Assessment 33
Risk Utility 16
Root Cause Identification 23
Salience Model 90
Schedule Baseline 83
Schedule Management Plan 12, 21, 40
Schedule Performance Index (SPI) 76
Schedule Variance (SV) 76
******ebook converter DEMO Watermarks*******
Scope Baseline 21, 82
Scope Creep 82

******ebook converter DEMO Watermarks*******

Index: Scope Statement - Tuckman
Model
Scope Statement - Tuckman Model Pages
Scope Statement 30, 82
Secondary Risk 57
Sensitivity Analysis 46
Seven Constraint Model 7
Share (Sharing) 61
Sigma 41
Stakeholder Management Strategy 90
Stakeholder Register 21, 90
Standard Deviation 42, 45
Status Meetings 70
Storming 88
Subject Matter Experts (SME) 12
Subjective 29
Supporting Leadership Style 88
SWOT 24
Targets 84
Teaming Agreements 61
Technical Performance Measurement 69
Threats 5
Three Point Averaging 44
Three Point Estimating 39, 44
Time and Material Contract 77
Tools and Techniques 3
Top Down Estimating 83
Tornado Diagram 46
Transfer (Transference) 60
Triangular Distribution 43
Triggers 3, 60
******ebook converter DEMO Watermarks*******
Tuckman Model 88

******ebook converter DEMO Watermarks*******

Index: Uniform Distribution -
Workaround
Uniform Distribution - Workaround Pages
Uniform Distribution 43
Unknown Risks 4
Urgent or Short List 33
Variance and Trend Analysis 69
Watch List 32, 33, 34, 35
Work Breakdown Structure (WBS) 82
Work Breakdown Structure Dictionary 82
Work Performance Information 68
Workaround 67

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******
******ebook converter DEMO Watermarks*******