PMI PMI-RMP - PMI Risk Management Professional (PMI-RMP) Exam

Regression analysis is a data analysis tool that helps identify variables that impact the schedule and determine how these factors interact. It is used to forecast future performance based on historical data and the relationship between variables. (Reference: PMBOK Guide, 6th Edition, p. 248)

According to the PMI Risk Management Professional (PMI-RMP) Reference Materials, regression analysis is a data analysis tool that examines the relationship between one or more independent variables and a dependent variable1. Regression analysis can be used to forecast future performance based on historical data and trends2. In this case, the risk manager wants to identify which variables will impact the schedule (the dependent variable) and determine how these factors interact (the independent variables). Therefore, the risk manager should use regression analysis to create a mathematical model that can predict the schedule performance based on the values of the variables. Regression analysis can also help the risk manager to assess the significance and strength of the relationship between the variables and the schedule3.

Residual risks are the risks that remain after the risk response plan has been implemented. They are the risks that are accepted by the project team and stakeholders as part of the project. Residual risks may have low probability or impact, but they still need to be monitored and controlled throughout the project. The first thing that the risk manager should do when a risk owner identifies and reports some residual risks is to analyze, document, and communicate them to the relevant stakeholders. The risk manager should assess the probability and impact of the residual risks, and determine if they require any further response or contingency plan. The risk manager should also update the risk register and the risk report with the information about the residual risks, and share them with the stakeholders who need to be aware of them. This will help the project team and stakeholders to be prepared for any potential occurrence of the residual risks, and to take appropriate actions if needed. References: PMI, The Standard for Risk Management in Portfolios, Programs, and Projects, 2019, p. 94-95, 101.

The project manager should have performed risk identification exercises for the full lifecycle of the project, including the construction phase, to ensure that all potential risks were identified and addressed in the risk register.

Risk identification is the process of determining the risks that may affect the project and documenting their characteristics. Risk identification should be performed throughout the project lifecycle, as new risks may emerge or change over time. Risk identification should also consider all aspects of the project, such as scope, schedule, cost, quality, resources, stakeholders, and procurement. By performing risk identification exercises for the full lifecycle of the project, the project manager could have identified and planned for the potential risks associated with the construction phase, such as delays, material shortages, quality issues, or safety hazards. This would have helped to prevent or mitigate the impact of the risk event that occurred, and to ensure that the risk register is updated and comprehensive. Performing a Monte Carlo sensitivity analysis, adding generic construction risks, or reviewing the assumptions/exclusions register are not sufficient or effective ways of identifying the specific risks that may affect the project during the construction phase. These are either tools for risk analysis, risk response planning, or project initiation, but not risk identification. References: PMI-RMP® Certification Handbook1, page 9; PMBOK® Guide, pages 397-398.

A risk owner is the person assigned to manage, monitor, and report on a specific risk. When the IT manager has unique insight or control over risks associated with IT infrastructure, they should be formally assigned as a risk owner for those risks. The PMBOK® Guide emphasizes:

“Risk owners are identified during the risk management planning process and should be engaged in relevant meetings and risk discussions. Assigning the IT manager as a risk owner ensures proper accountability for IT-related risks.”

— PMBOK® Guide, 6th Edition, Section 11.3.2.1 (Risk Register: Risk Owner)

This promotes ownership, accountability, and effective risk management.

The risk manager should first check the risk register for proper risk classification, probability, and impact (C), as these are essential components of an effective risk management process. Next, the risk manager should ensure that the risk origin, triggering events, and ownership are identified (D), as this information helps in assigning responsibilities and taking appropriate actions for each risk. References to these steps can be found in the Project Management Institute ' s (PMI) A Guide to the Project Management Body of Knowledge (PMBOK Guide), Sixth Edition.

 The risk manager should check for risk classification and that probability and impact are identified, as these are essential elements of a risk register. Risk classification helps to group risks into categories based on their sources, types, or impacts, which can facilitate risk analysis and response planning. Probability and impact are the two dimensions of risk assessment, which help to measure the likelihood and severity of a risk event, and to prioritize risks based on their significance. The risk manager should also check to ensure that risk origin, triggering event, and ownership is identified, as these are also important components of a risk register. Risk origin refers to the root cause or source of a risk, which can help to understand the nature and characteristics of a risk, and to devise effective risk responses. Triggering event is a specific occurrence or condition that indicates that a risk event has occurred or is about to occur, which can help to monitor and control risks. Ownership is the assignment of a risk to a person or a group who is responsible for managing the risk, which can help to ensure accountability and communication. The risk manager should not check to ensure that the risk is supported by a Monte Carlo simul-ation, as this is not a mandatory or universal requirement for a risk register. Monte Carlo simul-ation is a quantitative risk analysis technique that uses computer-generated random scenarios to model the possible outcomes of a project, based on the probability distributions of the input variables. While this technique can provide useful information about the overall project risk exposure and the probability of achieving project objectives, it is not a necessary or sufficient condition for an effective risk register. The risk manager should not check to ensure that the risks are gathered using Delphi technique, as this is also not a compulsory or exclusive requirement for a risk register. Delphi technique is a qualitative risk identification technique that uses a panel of experts to anonymously provide their opinions on potential risks, which are then aggregated and refined through a series of rounds until a consensus is reached. While this technique can help to elicit expert judgment and reduce bias, it is not the only or the best way to identify risks. The risk manager should not check to ensure the risk meeting agenda and supporting documents are distributed, as this is not a relevant or appropriate action for analyzing the effectiveness of a risk register. The risk meeting agenda and supporting documents are part of the risk management plan, which describes how the project team will conduct risk management activities, such as identifying, analyzing, responding, and monitoring risks. The risk meeting agenda and supporting documents are useful for planning and conducting risk meetings, but they are not part of the risk register, which is the output of the risk identification process and the input for the risk analysis and response processes. References: PMI. (2017). A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition. Chapter 11: Project Risk Management, pp. 395-454. 5

 

Once the contingency plan has been executed (e.g., the backup resource has shadowed the experienced developer), it is crucial to continuously monitor and manage any residual or secondary risks that may arise. These risks could include the backup resource ' s ability to perform effectively or the potential impact of the original developer ' s absence on project timelines. By updating the risk register and maintaining communication with the project team, the risk manager ensures that the project remains on track and that any new risks are promptly addressed, in alignment with PMI’s best practices for ongoing risk management​.

 

To ensure an effective risk management plan, the risk manager needs to consider aligning the plan to project constraints and priorities and obtaining stakeholder acceptance, as these factors will help ensure that the plan is relevant and supported by the project team and stakeholders.

 According to the PMI-RMP Handbook, the risk management plan is a document that describes how risk management activities will be structured and performed on the project. It is one of the main outputs of the Plan Risk Management process. The risk management plan should consider the following factors to ensure its effectiveness:

Aligning to project constraints and priorities: The risk management plan should be aligned with the project objectives, scope, schedule, cost, quality, resources, and stakeholder expectations. It should also reflect the project’s risk appetite, tolerance, and threshold levels, which indicate the degree of uncertainty that the project can accept. The risk management plan should prioritize the risk management activities based on the project’s critical success factors and key performance indicators.

Obtaining stakeholder acceptance: The risk management plan should be developed with the involvement and input of key stakeholders, such as the project sponsor, customer, team members, subject matter experts, and other relevant parties. The risk management plan should be communicated and approved by the stakeholders to ensure their commitment and support for the risk management process. The risk management plan should also define the roles and responsibilities of the stakeholders in risk management, as well as the reporting and escalation mechanisms.

The other options are not valid factors for ensuring an effective risk management plan:

Applying modern risk management techniques: The risk management plan should apply the appropriate risk management techniques that suit the project’s context, complexity, and characteristics. The techniques should be based on the best practices and standards of the profession, such as the PMBOK® Guide and the Practice Standard for Project Risk Management. The techniques do not have to be modern or innovative, as long as they are effective and efficient.

Ensuring risk response strategies mitigate all risks: The risk management plan should define the risk response strategies that will be used to address the identified risks. However, the risk response strategies do not have to mitigate all risks, as some risks may be accepted, transferred, or avoided. The risk response strategies should be based on the risk analysis and evaluation, which consider the probability and impact of the risks, as well as the cost and benefits of the responses.

Minimizing implementation costs: The risk management plan should consider the budget and resources available for the risk management activities. However, the risk management plan should not aim to minimize the implementation costs at the expense of the quality and effectiveness of the risk management process. The risk management plan should balance the costs and benefits of the risk management activities, and ensure that they provide value to the project.

PMI-RMP Handbook1, PMBOK® Guide2, Practice Standard for Project Risk Management2

The project manager should evaluate the risk with the team and update the issueing to address the concerns of the stakeholders and local businesses.

This concern is a potential risk that could affect the project’s reputation, stakeholder satisfaction, and profitability. The project manager should evaluate the risk with the team and update the issue log, which is a tool for documenting and monitoring the resolution of issues that arise during the project. The issue log should include information such as the issue description, the priority, the owner, the status, and the actions taken. The project manager should also communicate with the stakeholders and the local businesses to address their concerns and seek a mutually beneficial solution. The project manager should not ignore the concern, as it could escalate into a bigger problem. The project manager should not discuss the concern with the local business owners alone, as this could bypass the stakeholders and create more conflicts. The project manager should not update the key risks and perform a quantitative risk analysis, as this is a time-consuming and complex process that may not be necessary for this type of risk. The project manager should not adjust the construction work hours to after business hours, as this could incur additional costs, disrupt the project schedule, and affect the workers’ safety and productivity. References: PMI, 2017. A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition. Newtown Square, PA: Project Management Institute, Inc., pp. 115-116, 408-4091

If the project manager realizes that some risks have not been updated recently, they should review the risk register to check for new risks and ensure that all risks are accurately documented and updated.

The risk register is a document that contains information about the identified risks, their analysis, and their response plans. It is updated throughout the project life cycle as new risks emerge, existing risks change, or risks are closed. The project manager should review the risk register regularly to ensure that the project data is accurate and reflects the current risk situation. Reviewing the risk register also helps the project manager to identify any new risks that may have occurred since the last update, and to plan appropriate responses for them. References: PMI, Project Risk Management, 2nd edition, 2019, p. 67-681

Brainstorming is an effective information-gathering technique used during risk planning sessions to identify potential risks, opportunities, and responses. It encourages open dialogue among team members, fostering the generation of diverse ideas and perspectives. This collaborative approach ensures a comprehensive identification of risks, as participants build upon each other ' s insights, leading to a more robust risk management plan.

PMI Risk Management Study Guide References:

The PMI-RMP Exam Preparation Study Guide emphasizes the value of brainstorming in risk identification, noting that it " promotes the free flow of ideas, enabling teams to uncover a wide array of potential risks and responses. "