Risk Management Practice Questions

Explanation: EMV = Probability × Impact. For example, a 30% chance of a $50,000 cost overrun has an EMV of $15,000. EMV is used in quantitative risk analysis and decision tree analysis to evaluate risk reserves and make risk-informed decisions.

Explanation: A risk is an uncertain future event that may or may not occur. When a risk event occurs, it becomes an issue that requires immediate response. Issues are logged in the issue log and require resolution. Risks are tracked in the risk register.

Explanation: Transferring risk shifts the financial impact of a risk to a third party — most commonly through insurance, bonds, warranties, or fixed-price contracts. The risk still exists but the financial consequence is borne by another party.

Explanation: Residual risks are risks that remain after risk responses have been applied — risks that have not been fully eliminated. For example, mitigating the probability of a server failure still leaves a residual risk of some server failure probability. Residual risks are monitored throughout the project.

Explanation: Exploit is the opportunity equivalent of Avoid — it eliminates uncertainty by ensuring the opportunity definitely occurs. For example, assigning the best-skilled resources to a task to guarantee a performance gain. Enhance increases the probability of the opportunity; Share brings in a partner to realize the opportunity.

Explanation: EMV = Probability × Impact. For this risk: 0.30 × (-$100,000) = -$30,000. Negative EMV represents a threat (potential cost). Positive EMV represents an opportunity. EMV is used in decision tree analysis and risk reserve calculations.

Explanation: Risk transfer shifts the financial consequence of a risk to another party — typically through insurance, fixed-price contracts (passing cost overrun risk to the vendor), or performance bonds. Transfer does not eliminate the risk; it assigns responsibility for consequences to someone else.

Explanation: Risk prioritization considers both probability AND impact. A high-probability/low-impact risk (bottom-left of a probability-impact matrix) is relatively low priority compared to high-probability/high-impact (top-right) risks. It should be monitored and may be accepted passively.

Explanation: Secondary risks emerge as a consequence of risk responses. For example, hiring a subcontractor to transfer a technical risk creates a new secondary risk: the subcontractor may fail to perform. Both primary and secondary risks must be identified and managed.

Explanation: Residual risk is the risk remaining after planned risk responses have been applied. No response eliminates 100% of a risk. Residual risk is typically managed through contingency reserves and passive acceptance — the project manager monitors it throughout the project.