Preview Extract
Chapter 6 Risk Management
6.1 True False
1) With careful planning, project risk can be reduced to zero.
Answer: False
Rationale:
It's practically impossible to reduce project risk to zero, no matter how careful the planning.
There will always be unforeseen factors and uncertainties that can introduce risk.
2) Risk is the degree of probability of a loss or failure.
Answer: True
Rationale:
This definition aligns with the common understanding of risk as the likelihood of an adverse
event occurring.
3) Risks can be positive.
Answer: True
Rationale:
Positive risks, also known as opportunities, represent favorable outcomes that can result in
benefits for the project if they occur.
4) Project risk and professional risk are two risk categories pertaining to project managers.
Answer: True
Rationale:
Project risk refers to the uncertainties associated with project activities and outcomes, while
professional risk relates to risks faced by individuals in their professional roles.
5) A project has more risks later in its lifespan, as persisting risks become more lethal and
detrimental in later phases.
Answer: False
Rationale:
Risks can evolve and change throughout a project's lifespan, but it's not necessarily true that
they become more lethal or detrimental in later phases.
6) Risk management means that the project manager and upper management need to have
realistic expectations of the people who will be doing the work.
Answer: True
Rationale:
Effective risk management involves understanding the capabilities and limitations of the
project team and setting realistic expectations to mitigate risks.
7) A work breakdown structure is a hierarchical structure of potential risk sources that can be
used effectively to structure, identify, and understand risks.
Answer: False
Rationale:
A work breakdown structure (WBS) is a hierarchical decomposition of the work to be done
on a project, not specifically a structure for identifying and understanding risks.
8) When using an RBS for a construction project, clients, project team, targets, budget, and
strategy contribute to environmental risks.
Answer: False
Rationale:
The Risk Breakdown Structure (RBS) is a hierarchical framework that helps categorize and
organize project risks. Environmental risks in a construction project would typically include
factors such as weather, soil conditions, and regulatory requirements.
9) When using an RBS for a software development project, development risks relate to
development, organization, and work environment.
Answer: False
Rationale:
Development risks in a software project would typically include factors such as technology
selection, requirements volatility, and skill levels of the development team, rather than
organization or work environment.
10) Project risks can be classified as internal or external.
Answer: True
Rationale:
Project risks can be categorized as internal risks, which arise from within the project, or
external risks, which originate from external sources outside the project.
11) Delivery challenges, scaling of product or service, and complexity in processes are
examples of functional risk.
Answer: False
Rationale:
These examples are more aligned with operational or project management risks, rather than
functional risks, which typically relate to the functionality and performance of a product or
service.
12) Not meeting time, scope, and resource requirements are examples of external risks.
Answer: False
Rationale:
Not meeting time, scope, and resource requirements are typically considered internal risks, as
they are related to the project's execution and management rather than external factors.
13) Equipment risks are external risks.
Answer: False
Rationale:
Equipment risks are often considered internal risks, as they relate to the availability,
reliability, and suitability of equipment used in the project.
14) Overly optimistic forecasts including project plans result from external risks.
Answer: False
Rationale:
Overly optimistic forecasts are a result of internal factors such as biased estimates or
inadequate risk assessment, rather than external risks.
15) Labor strikes and walkouts are examples of external risks.
Answer: True
Rationale:
Labor strikes and walkouts are events that originate from outside the project and are beyond
the control of the project team, making them external risks.
16) Checklists are one of several common tools and techniques used for developing a list of
project risks.
Answer: True
Rationale:
Checklists are commonly used in risk management to ensure that potential risks are not
overlooked and that a comprehensive list of risks is developed.
17) Checklists are never complete; they are ever growing and expansive.
Answer: True
Rationale:
Checklists are dynamic tools that should be continuously updated as new risks are identified
or as the project environment changes.
18) Risk factor refers to the overall risk or exposure of the project at a particular timeframe.
Answer: False
Rationale:
Risk factor typically refers to a specific element or aspect of risk, such as the likelihood or
impact of a particular risk event.
19) Risk identification should address every possible negative event.
Answer: False
Rationale:
Risk identification should focus on identifying significant and relevant risks that could affect
the project's objectives, rather than attempting to address every conceivable negative event.
20) A potential benefit of risk identification activities is that management can use the results
to evaluate the performance of individuals.
Answer: False
Rationale:
The primary purpose of risk identification is to identify and assess potential risks to the
project, not to evaluate individual performance.
21) Risk mode measures the likelihood that an event described in the risk consequence
portion of the risk statement will actually occur.
Answer: False
Rationale:
Risk mode is not a standard term in risk management. It seems to be a typo or a
misunderstanding. The likelihood of an event occurring is typically measured by the
probability or likelihood component of a risk assessment.
22) FMEA is a process in product development and is used in managing operations by
analysis of potential failure modes within a system.
Answer: True
Rationale:
Failure Mode and Effects Analysis (FMEA) is a structured approach used in product
development and operations management to identify and mitigate potential failure modes
within a system.
23) PFMEA is based on computing a risk score based on occurrence of a risk, outcome of a
project if the risk event occurs, and the possibility of detection of that risk event.
Answer: True
Rationale:
Process Failure Mode and Effects Analysis (PFMEA) is a variation of FMEA that focuses on
analyzing potential failure modes within a manufacturing or business process. It involves
computing a risk score based on occurrence, outcome, and detection criteria.
24) The risk score can be computed as Occurrence ÷ Detection.
Answer: False
Rationale:
The risk score is typically computed as the product of the likelihood (or occurrence), severity
(or outcome), and detection ratings, not the division.
25) The risk priority number is computed as Occurrence ∗ Outcome ∗ Detection.
Answer: True
Rationale:
The Risk Priority Number (RPN) is a numerical value used to prioritize risks based on their
occurrence, outcome, and detection ratings. It is computed by multiplying these three ratings
together.
26) Quantitative risk assessment methods include simulation and modeling techniques.
Answer: True
Rationale:
Quantitative risk assessment involves using numerical or statistical methods to quantify risks,
which can include simulation and modeling techniques.
27) Accepting risk, transferring risk, and avoiding risks are ways of managing risk.
Answer: True
Rationale:
These are common strategies for managing risks: accepting the risk, transferring the risk to
another party (e.g., through insurance), or avoiding the risk altogether by changing the project
scope or approach.
28) Exploiting, sharing, enhancing, and accepting are four ways to deal with positive risks.
Answer: True
Rationale:
Positive risks, or opportunities, can be managed by exploiting them to maximize the benefit,
sharing them with other parties, enhancing them to increase the likelihood of occurrence, or
accepting them as they are.
29) Risk milestones are indicators that a risk has occurred or is about to occur.
Answer: False
Rationale:
Risk milestones are specific points in time during a project when certain risks are expected to
be realized or when specific actions related to risk management are scheduled to occur.
30) A risk register is an input to risk monitoring and control.
Answer: True
Rationale:
A risk register is a document that contains information about identified risks, their likelihood
and impact, and planned responses. It is an important input to the risk monitoring and control
process.
6.2 Multiple Choice
1) A function of the likelihood of a given threat and the resulting impact of that adverse event
on the organization best defines
A) risk.
B) problem.
C) occurrence.
D) threat.
Answer: A
Rationale:
Risk is often defined as a function of the likelihood of an event occurring and the impact of
that event on the organization. It combines the probability of an event with its consequences.
2) An uncertain event that if it occurs will have a positive or negative effect on the objectives
of the project best defines
A) project weakness.
B) project risk.
C) project threat.
D) project opportunity.
Answer: B
Rationale:
Project risk refers to uncertain events or conditions that, if they occur, may have a positive or
negative effect on project objectives. It encompasses both threats and opportunities.
3) Risks that remain after the implementation of new or enhanced controls are called
A) implementation risks.
B) planning risks.
C) residual risks.
D) design risks.
Answer: C
Rationale:
Residual risks are risks that remain after controls have been put in place to mitigate or
manage them. These are the risks that are accepted or retained by the organization.
4) The process that allows project managers to balance operational and economic costs of
protective measures to achieve project success best defines
A) risk identification.
B) risk assessment.
C) risk avoidance.
D) risk management.
Answer: D
Rationale:
Risk management is the process of identifying, assessing, and prioritizing risks, and then
coordinating and applying resources to minimize, monitor, and control the probability or
impact of adverse events or to maximize the realization of opportunities.
5) Project managers or organizations may be viewed as
A) risk-averse decision makers.
B) risk-seeking decision makers.
C) risk-neutral decision makers.
D) all of the above.
Answer: D
Rationale:
Project managers or organizations may adopt different attitudes towards risk. Some may be
risk-averse, preferring to avoid or minimize risks, while others may be risk-seeking, willing
to take on more risk for potentially higher rewards. Still, others may be risk-neutral, weighing
risks and rewards equally.
6) Categories of risk pertaining to project managers include
A) professional risk.
B) personal risk.
C) environmental risk.
D) cultural risk.
Answer: A
Rationale:
Professional risk refers to risks faced by individuals in their professional roles, including
project managers. This can include risks related to performance, reputation, or career
advancement.
7) A hierarchical structure of potential risk sources that can be used effectively to structure,
identify, and understand risks best defines
A) opportunity breakdown structure.
B) project work breakdown structure.
C) risk breakdown structure.
D) risk iteration structure.
Answer: C
Rationale:
A Risk Breakdown Structure (RBS) is a hierarchical framework that helps categorize and
organize potential risk sources. It is used to structure, identify, and understand risks in a
systematic way.
8) When preparing an RBS for a construction project, the environment may be attributed to
A) funding factors that may affect the project.
B) budget factors that may affect the project.
C) project team factors that may affect the project.
D) legal factors that may affect the project.
Answer: D
Rationale:
In the context of a construction project, the environment category in an RBS may include
legal factors that could affect the project, such as regulations, permits, or environmental
impact assessments.
9) For a construction project, ill-defined responsibilities are associated with the
A) team factor of the subcontractors category.
B) site factor of the environment category.
C) tactics factor of the subcontractors category.
D) control factor of the project category.
Answer: A
Rationale:
In the context of a construction project, ill-defined responsibilities would be associated with
the team factor of the subcontractors category in an RBS. This refers to uncertainties or risks
related to the responsibilities of subcontractors on the project.
10) On an RBS for a software development project, product risks are related to
A) corporate and stakeholders.
B) requirements and design.
C) cultural and economic.
D) project team and control.
Answer: B
Rationale:
In a software development project, product risks would be related to factors such as
requirements and design. These risks could include issues with requirements gathering,
changes in project scope, or technical challenges in the software design.
11) On an RBS for a software development project, development risks are related to
A) corporate and stakeholders.
B) requirements and design.
C) organization and work environment.
D) project team and control.
Answer: C
Rationale:
Development risks in a software project are related to factors such as the organization's
structure, work environment, and development processes, which can impact the successful
completion of the project.
12) Project risks can be classified as
A) qualitative risks.
B) quantity risks.
C) low-volume risks.
D) internal risks.
Answer: D
Rationale:
Project risks can be classified as internal (arising from within the project) or external (arising
from outside the project). Internal risks include factors like project team dynamics, while
external risks include factors like market conditions.
13) Which of the following is not an internal risk?
A) material shortage
B) technology
C) equipment
D) time
Answer: A
Rationale:
Material shortage is typically considered an external risk, as it is related to external factors
such as supply chain disruptions or market conditions.
14) Common tools and techniques used for developing a list of project risks include
A) cause-and-effect diagrams.
B) checklists.
C) mind mapping.
D) all of the above.
Answer: D
Rationale:
All of the listed tools and techniques are commonly used in risk management to identify and
analyze project risks.
15) Common tools and techniques used for developing a list of project risks include each of
the following except
A) network diagrams.
B) nominal group technique.
C) Delphi technique.
D) brainstorming.
Answer: A
Rationale:
Network diagrams are used for scheduling and sequencing project activities, not specifically
for identifying project risks.
16) The overall risk or exposure of the project at a particular timeframe best defines
A) investment cost.
B) rate of exposure.
C) total cost of ownership.
D) risk landscape.
Answer: D
Rationale:
The risk landscape refers to the overall risk profile of a project, including the nature and
extent of risks present at a particular point in time.
17) Steps involved for the nominal group technique for risk management include each of the
following except
A) using JAD sessions to capture user requirements.
B) gathering the core team for a risk workshop.
C) using a flip chart or whiteboard to collect information from the team.
D) begin by asking each person to identify potential areas of risk.
Answer: A
Rationale:
The nominal group technique for risk management does not involve using Joint Application
Development (JAD) sessions to capture user requirements, as it is focused on identifying and
prioritizing risks.
18) The determination of the quantitative or qualitative value of the risks in a project best
defines
A) risk assessment.
B) risk probability.
C) risk investigation.
D) risk feasibility.
Answer: A
Rationale:
Risk assessment involves determining the quantitative or qualitative value of risks in a
project, including factors such as likelihood, impact, and potential mitigation strategies.
19) Defining each risk by a set of standard parameters including likelihood or probability,
severity or impact, detection process, and mitigation plans best defines
A) quantitative risk management.
B) qualitative risk management.
C) risk probability.
D) risk regression.
Answer: B
Rationale:
Qualitative risk management involves defining and categorizing risks based on standard
parameters such as likelihood, severity, detection, and mitigation plans, without assigning
specific numerical values to these parameters.
20) Which of the following helps to identify critical project parameters that affect project
schedule the most, determine project success rate, and make decisions about viable project
alternatives?
A) document analysis
B) Six Sigma
C) quantitative risk analysis
D) CMMI
Answer: C
Rationale:
Quantitative risk analysis helps identify critical project parameters that affect project
schedule, determine project success rate, and make decisions about viable project alternatives
by quantifying the impact of risks on these parameters.
21) Which of the following is an analysis that specifically investigates the potential effects of
both the negative and positive risks with regards to project schedule, cost, or performance
quality?
A) Six Sigma
B) CMMI
C) DMAIC
D) risk probability assessment
Answer: D
Rationale:
Risk probability assessment, also known as risk impact assessment, evaluates the potential
effects of both negative and positive risks on project schedule, cost, or performance quality.
22) A measure of the likelihood that an event described in the risk consequence portion of the
risk statement will actually occur best defines
A) risk assessment.
B) risk probability.
C) risk actuality.
D) risk urgency.
Answer: B
Rationale:
Risk probability is a measure of the likelihood that an event described in the risk consequence
portion of the risk statement will actually occur.
23) Risk Priority Number is computed as
A) opportunity ∗ risk score ∗ threat.
B) occurrence ∗ outcome.
C) occurrence ∗ outcome ∗ detection.
D) overall cost + (occurrence ∗ threat level score ∗ detection score).
Answer: C
Rationale:
Risk Priority Number (RPN) is computed as the product of occurrence, outcome, and
detection ratings, used to prioritize risks for further action in risk management.
24) Types of Failure Mode and Effects Analysis include
A) Design FMEA.
B) Risk FMEA.
C) Agile FMEA.
D) Object FMEA.
Answer: A
Rationale:
Failure Mode and Effects Analysis (FMEA) can be applied in various contexts, including
Design FMEA, which focuses on potential failures in the design stage of a product or
process.
25) Which of the following can be described as a systemized group of activities intended to
recognize and evaluate the potential failure of a product or a process and its effects?
A) SWOT
B) FMEA
C) SDLC
D) OOAD
Answer: B
Rationale:
Failure Mode and Effects Analysis (FMEA) is a systematic method for identifying and
evaluating potential failure modes in a product or process, as well as their effects.
26) Which of the following expands the concept of a simple risk score based on occurrence,
outcome, and detection of risks by adding the detection attribute to a risk event?
A) SWOT
B) PFMEA
C) JAD
D) RRPD
Answer: B
Rationale:
Process Failure Mode and Effects Analysis (PFMEA) expands the concept of a simple risk
score by adding the detection attribute to a risk event, in addition to occurrence and outcome.
27) When using PFMEA, the suggested value for an occurrence of risk without warning is
A) 10.
B) 9.
C) 6.
D) 5.
Answer: A
Rationale:
In PFMEA, a suggested value of 10 is often used for the occurrence rating of a risk without
warning, indicating a high likelihood of occurrence.
28) When using PFMEA, the suggested value for low possibility of detection is
A) 8.
B) 6.
C) 4.
D) 2.
Answer: B
Rationale:
In PFMEA, a suggested value of 6 is often used for the detection rating of a risk with low
possibility of detection.
29) When using PFMEA, the suggested value for no significant impact on cost is
A) 10.
B) 7.
C) 1.
D) 2.
Answer: C
Rationale:
In PFMEA, a suggested value of 1 is often used for the severity rating of a risk with no
significant impact on cost.
30) When using PFMEA, the suggested value for the temporary shutdown of the project due
to scope change negotiations is
A) 2.
B) 4.
C) 6.
D) 8.
Answer: D
Rationale:
In PFMEA, a suggested value of 8 is often used for the severity rating of a risk that could
lead to the temporary shutdown of the project due to scope change negotiations.
31) When using PFMEA, the suggested value for schedule changes not impacting major
milestones is
A) 5.
B) 4.
C) 3.
D) 10.
Answer: A
Rationale:
In PFMEA, a suggested value of 5 is often used for the severity rating of a risk related to
schedule changes that do not impact major milestones, indicating a moderate impact.
32) A measure used when assessing risk in a project equal to the product of likelihood,
impact, and detection of risk events best defines
A) risk detection percentage.
B) risk detection score.
C) risk assessment score.
D) risk priority number.
Answer: D
Rationale:
The risk priority number (RPN) is calculated as the product of the likelihood, impact, and
detection ratings of a risk event, providing a numerical value to prioritize risks for mitigation.
33) The likelihood that an event will occur times the impact of that occurrence best defines
A) risk score.
B) risk percentage.
C) threat level.
D) weakness assessment measure.
Answer: A
Rationale:
The likelihood times impact calculation is commonly used to determine the risk score of a
particular risk event, which helps prioritize risks based on their potential impact.
34) Quantitative risk assessment methods include
A) quantitative risk analysis.
B) data gathering and representation techniques.
C) expert judgment.
D) all of the above.
Answer: D
Rationale:
Quantitative risk assessment methods include techniques such as quantitative risk analysis,
data gathering, and representation techniques like Monte Carlo simulation, as well as expert
judgment.
35) A computerized mathematical technique that furnishes the decision-maker with a range of
possible outcomes and the probabilities of occurrence for any choice of action best defines
A) Monte Carlo simulation.
B) SWOT analysis.
C) Six Sigma.
D) DMAIC.
Answer: A
Rationale:
Monte Carlo simulation is a computerized mathematical technique used to model the impact
of risk and uncertainty in project management, providing decision-makers with a range of
possible outcomes and their probabilities.
36) Options and actions that mitigate risks and reduce project threats best defines
A) risk awareness.
B) risk responses.
C) risk triggers.
D) risk activation.
Answer: B
Rationale:
Risk responses are options and actions taken to mitigate risks and reduce project threats,
aiming to minimize the impact of potential adverse events.
37) Risks are managed by
A) transferring risk.
B) avoiding risk.
C) accepting risk.
D) all of the above.
Answer: D
Rationale:
Risks can be managed by transferring them to another party (transferring risk), avoiding the
risk altogether (avoiding risk), or accepting the risk and managing its impact (accepting risk).
38) Risks associated with scope can be reduced by each of the following except
A) setting deadlines and making sure to achieve those deadlines.
B) defining the needs of each task clearly.
C) defining the deliverables clearly.
D) anticipating defects and problems during integration.
Answer: A
Rationale:
Setting deadlines and ensuring their achievement is more related to schedule management
than risk management for scope. Clear definition of needs, deliverables, and anticipating
defects are more directly related to reducing scope-related risks.
39) Risks associated with costs can be reduced by each of the following except
A) considering many design alternatives before choosing the design.
B) creating a project schedule and striving to adhere to it.
C) identifying and monitoring the key cost drivers.
D) identifying critical tasks and their interdependencies.
Answer: B
Rationale:
While creating a project schedule is important for managing project costs, it is not a direct
measure for reducing cost-related risks. Considering design alternatives, identifying cost
drivers, and understanding critical tasks are more directly related to cost risk management.
40) A systematic approach to identify what can go wrong in a project and be prepared with
plans, strategies, and approaches to mitigate and manage risks best defines
A) SWOT analysis.
B) contingency planning.
C) risk assessment.
D) risk avoidance.
Answer: B
Rationale:
Contingency planning involves a systematic approach to identify potential risks in a project
and develop plans, strategies, and approaches to mitigate and manage those risks, ensuring
that the project can adapt to unforeseen circumstances.
41) A process to manage risks in a project is
A) risk monitoring and control.
B) SWOT analysis.
C) configuration management plan.
D) TMAP.
Answer: A
Rationale:
Risk monitoring and control is a process within risk management that involves tracking
identified risks, monitoring residual risks, identifying new risks, executing risk response
plans, and evaluating their effectiveness in managing risks throughout the project lifecycle.
42) Indications or warning signs that a risk has occurred or is about to occur best defines
A) risk alerts.
B) monitor alerts.
C) project triggers.
D) risk triggers.
Answer: D
Rationale:
Risk triggers are indications or warning signs that a risk event has occurred or is about to
occur, prompting the project team to take appropriate action to address the risk.
43) A log of identified risks along with its owners, risk scores, RPNs, risk responses, triggers,
residual and secondary risks, and contingency plans for cost and schedule best defines
A) risk register.
B) risk charter.
C) risk matrix.
D) contingency plan.
Answer: A
Rationale:
A risk register is a comprehensive document that includes all identified risks, their owners,
risk scores (including Risk Priority Numbers - RPNs), risk responses, triggers, residual and
secondary risks, and contingency plans for cost and schedule impacts.
44) The difference between the planned and the actual budget best defines
A) trend.
B) variance.
C) average.
D) mode.
Answer: B
Rationale:
Variance refers to the difference between the planned or budgeted amount and the actual
amount for a particular metric, such as cost or schedule.
45) A comparison of the contingency reserves of schedule, resources, and budget at a
particular time during the progress of a project with the original schedule, resources, and
budget to determine if there are enough reserves in schedule, resources, or budget best
defines
A) total operating cost.
B) feasibility study.
C) reserve analysis.
D) risk analysis.
Answer: C
Rationale:
Reserve analysis involves comparing the contingency reserves of schedule, resources, and
budget at a particular time during the project with the original reserves to determine if there
are enough reserves to cover potential risks and uncertainties.
6.3 Essay
1) What is risk? What is risk management? Identify three types of tolerance for project
managers or organizations.
Answer: Risk is a function of the likelihood of a given threat and the resulting impact of that
adverse event on the organization. Risk management is the process that allows project
managers to balance the operational and economic costs of protective measures to achieve
project success. Risk tolerance of project managers and organizations can be classified as
risk-averse, risk-seeking, and risk-neutral.
2) Identify seven common tools and techniques for developing a list of project risks.
Answer: Common tools and techniques include brainstorming; cause-and-effect diagrams;
checklists; nominal grouping technique; mind mapping; Delphi technique; and lessons
learned from similar projects.
3) How can qualitative risk assessment be accomplished?
Answer: Qualitative risk assessment is accomplished by risk probability and impact
assessment; probability and impact matrix; risk data quality assessment; risk categorization;
risk urgency assessment; and expert judgment.
4) Identify five ways that risks associated with resources can be reduced.
Answer: Risks associated with resources can be reduced by aligning the best individuals with
the requirements to complete a task; assigning staffing to all tasks and leaving no task
unassigned; understanding commitment levels of all resources; establishing teamwork and
trust among team members; and rewarding the right people.
5) What are the outputs of risk monitoring and control?
Answer: The outputs are risk register updates, organization process assets updates, change
requests, project management plan updates, and project document updates.
Test Bank for Project Management: Process, Technology and Practice
Ganesh Vaidyanathan
9780132807180
