Free Practice Questions for PMI PMI-RMP Exam

Assigning a risk owner is a foundational principle in risk management, ensuring that each risk has someone fully accountable for monitoring, controlling, and responding to the risk. According to the PMBOK® Guide:

"Risk owners should be assigned to each risk. The risk owner is the person responsible for planning an appropriate risk response and ensuring it is implemented as planned."

— PMBOK® Guide, 6th Edition, Section 11.3.2.1

Without a clearly assigned risk owner, responsibility can be ambiguous, leading to gaps in monitoring and response.

The project manager should have updated the project schedule by adding risk owner implementation tasks. This would have ensured that the planned risk responses were implemented in a timely manner and tracked as part of the project schedule. This would also have allowed the project manager to monitor the progress of risk response implementation and take corrective action if necessary.

According to the PMI-RMP Exam Content Outline and Specifications1, one of the tasks under Domain 4: Risk Monitoring and Reporting is to “update project schedule, budget, and risk register with risk response outcomes”. This implies that the project manager should have added the risk owner implementation tasks to the project schedule, so that they can be tracked and monitored. By doing so, the project manager could have ensured that the planned risk responses were executed as intended, and that the opportunities were not missed. References: PMI-RMP Exam Content Outline and Specifications, page 10.

If a risk requires external help and the contracting process is long, it is prudent to start the process immediately to avoid delays. This proactive approach ensures that the necessary resources will be available when needed. According to PMI guidelines, early action to address risk is essential, especially when external dependencies are involved. Documenting the risk in the risk register or analyzing it further can be done concurrently, but starting the contracting process mitigates the risk of delay​.

The most effective and transparent approach is for the risk manager to collaborate with the project manager to communicate risk levels to stakeholders. According to PMI's PMBOK® Guide and Practice Standard for Project Risk Management, communication of risk should be timely, consistent, and include all relevant stakeholders—not only those who are supportive. Risk information must not be withheld or selectively communicated as this could damage trust and the integrity of the risk process.

"Effective risk communication involves collaborating with the project manager and stakeholders to ensure risks are reported honestly and objectively... Failure to communicate risks in a timely and complete manner can lead to stakeholder dissatisfaction and jeopardize project objectives."

— PMBOK® Guide, 6th Edition, Section 11.5.2.6 (Project Document Updates: Risk Report, Communications Management)

Also, the Practice Standard for Project Risk Management states that risk communication should be performed collaboratively to ensure the right message, context, and tone are used.

The process of assessing the likelihood and impact of each identified risk is part of the Perform Qualitative Risk Analysis process. This process helps prioritize risks based on their probability and impact, allowing the project team to focus on the most significant risks. By doing so, the project manager and team can allocate resources and effort to address the risks that pose the greatest threat or opportunity to the project.

The process of assessing the likelihood and impact of each risk is part of the Perform Qualitative Risk Analysis process, which is the process of prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other characteristics. This process helps the project manager and the team to focus on the high-priority risks that have the most influence on achieving the project objectives. The other processes are not relevant to the question scenario. Plan Risk Management is the process of defining how to conduct risk management activities for a project. Perform Quantitative Risk Analysis is the process of numerically analyzing the effect of identified risks on overall project objectives. Monitor and Control Risk is the process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project. References: PMI Risk Management Professional (PMI-RMP) Examination Content Outline and Specifications, page 71. A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, pages 397-3982.

In complex projects with multiple deliverables, locations, and stakeholders, best practice is to combine individual risk identification (e.g., interviews, surveys) with group-based methods (e.g., focus groups, workshops) to ensure comprehensive risk coverage and diverse input. According to the PMBOK® Guide:

“Both individual and group risk identification techniques are valuable. Combining interviews (individual) with facilitated workshops or focus groups (group) can help identify risks at all levels and build a comprehensive risk register for the overall project.”

— PMBOK® Guide, 6th Edition, Section 11.2.2.2 (Data Gathering: Interviews, Facilitation)

ISO 31000 also recommends a mix of approaches to ensure risks are not overlooked due to limited perspectives.

When conflicts arise in a complex project, performing an assumptions and constraints analysis is the first step in identifying potential risks. This analysis helps clarify the underlying assumptions and constraints that might be contributing to the conflicts, allowing the risk manager to assess whether they are still valid or if they need to be revisited. Addressing these factors can help mitigate conflicts and prevent new risks from emerging​.

The risk manager should perform a quantitative risk analysis to determine the potential impact of risks on the project's completion date. This will help in providing a more accurate project completion date to the customer, considering the risks and their potential effects on the project schedule.

 According to the PMI Risk Management Professional (PMI-RMP)® Examination Content Outline1, one of the tasks in the domain of Risk Analysis is to perform quantitative risk analysis using techniques such as Monte Carlo simul-ation, decision tree analysis, sensitivity analysis, etc., to quantify the possible outcomes for the project and their probabilities, and to evaluate the cost and schedule impacts of risks1. In this scenario, the risk manager should perform a quantitative risk analysis and update the results, because the project costs have increased significantly and the customer has imposed a strict deadline for the project completion. A quantitative risk analysis will help the risk manager to estimate the probability of meeting the project objectives, such as cost and schedule, and to determine the appropriate contingency reserves for the project. A quantitative risk analysis will also provide more accurate and reliable information for the customer and the project team, and will support the risk response planning process2. References: 1: PMI Risk Management Professional (PMI-RMP)® Examination Content Outline, page 92: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, pages 431-432.

The project manager should consult or review project contracts, lessons learned registers from analogous projects, and the risk management plan to develop an effective risk planning for the project.

According to the PMBOK® Guide, the risk management plan is one of the key inputs for the plan risk management process, which is the first process in the project risk management knowledge area. The risk management plan describes how risk management activities will be structured and performed throughout the project. It includes information such as the methodology, roles and responsibilities, budget, timing, risk categories, definitions of risk probability and impact, probability and impact matrix, revised stakeholders’ risk tolerances, reporting formats, and tracking (page 409). Therefore, option D is the correct answer.

The project contracts are also an important input for the plan risk management process, as they may contain terms and conditions that can create or affect various project risks. For example, contracts may include clauses related to penalties, incentives, warranties, intellectual property rights, termination, force majeure, arbitration, indemnification, etc. The project manager should review the project contracts to identify any potential sources of risk and plan appropriate responses (page 410). Therefore, option A is the correct answer.

The lessons learned registers from analogous projects are another valuable input for the plan risk management process, as they provide historical information and knowledge that can help the project manager identify and analyze risks, as well as plan risk responses. The lessons learned registers may contain information such as the risks that occurred, the root causes of the risks, the risk triggers, the effectiveness of the risk responses, the residual and secondary risks, the risk owners, the risk ratings, the risk trends, etc. The project manager should consult the lessons learned registers from similar or comparable projects to learn from past experiences and avoid repeating mistakes (page 411). Therefore, option B is the correct answer.

The risk register is not an input for the plan risk management process, but an output. The risk register is a document that contains the list of identified risks, their causes, potential responses, and other relevant information. The risk register is created during the identify risks process, which is the second process in the project risk management knowledge area. The risk register is then updated and refined throughout the project as more information becomes available and new risks emerge (page 414). Therefore, option C is incorrect.

The code of regulations is not an input for the plan risk management process, but a type of enterprise environmental factor. Enterprise environmental factors are the conditions, not under the control of the project team, that influence, constrain, or direct the project. The code of regulations refers to the rules and standards that govern the project’s industry, domain, or sector. The code of regulations may affect the project’s scope, schedule, cost, quality, resources, communications, procurement, and risk management. The project manager should consider the code of regulations when planning risk management activities, but it is not an artifact that needs to be reviewed or consulted (page 38). Therefore, option E is incorrect.