CH 7
CH 7
CH 7
In the context of projects, risk is an uncertain event or condition that, if it occurs, has a
positive or negative effect on project objectives.
2. The chances of a risk event occurring as a project proceeds through its life cycle tends to
A. Slowly rise
B. Drop sharply and then level out
C. Rise sharply and then level out
D. Remain about the same
E. Slowly drop
7-1
Chapter 07 - Managing Risk
3. The cost impact of a risk event occurring as a project proceeds through its life cycle tends
to
A. Slowly rise
B. Drop sharply and then level out
C. Rise sharply and then level out
D. Remain about the same
E. Slowly drop
The cost impact of a risk event in the project is less if the event occurs earlier rather than later.
4. The attempt to recognize and manage potential and unforeseen trouble spots that may occur
when a project is implemented is known as
A. Risk forecasting
B. Risk management
C. Contingency planning
D. Scenario analysis
E. Disaster protection
Risk management attempts to recognize and manage potential and unforeseen trouble spots
that may occur when the project is implemented.
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Risk Management Process
Level: Easy
7-2
Chapter 07 - Managing Risk
5. Which of the following is not one of the steps in the risk management process?
A. Risk response development
B. Risk assessment
C. Risk identification
D. Risk tracking
E. Risk response control
7-3
Chapter 07 - Managing Risk
One common mistake that is made early in the risk identification process is to focus on
objectives and not on the events that could produce consequences.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Step 1: Risk Identification
Level: Easy
The focus at the beginning should be on risks that can affect the whole project as opposed to a
specific section of the project or network.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Step 1: Risk Identification
Level: Medium
7-4
Chapter 07 - Managing Risk
The cost of mismanaged risk control early on in the project is magnified by the ill-fated 1999
NASA Mars Climate Orbiter.
There are sources external to the organization, such as inflation, market acceptance, exchange
rates, and government regulations. In practice, these risk events are often referred to as
"threats" to differentiate them from those that are not within the project manager's or team's
responsibility area.
AACSB: Analytic
Bloom's: Synthesis
Learning Objective: Risk Management Process
Level: Difficult
7-5
Chapter 07 - Managing Risk
11. A list of questions that address traditional areas of uncertainty on a project is termed a
risk
A. Risk profile
B. Questionnaire
C. Research
D. Query
E. Checklist
A risk profile is a list of questions that address traditional areas of uncertainty on a project.
Risk profiles recognize the unique strengths and weaknesses of the firm; also risk profiles
address both technical and management risks.
7-6
Chapter 07 - Managing Risk
13. All of the following are included in the risk identification process except
A. Customers
B. Subcontractors
C. Competitors
D. Vendors
E. None of these are included
The risk identification process should not be limited to just the core team. Input from
customers, sponsors, subcontractors, vendors, and other stakeholders should be solicited.
While a "can do" attitude is essential during implementation, project managers have to
encourage critical thinking when it comes to risk identification.
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Step 1: Risk Identification
Level: Medium
7-7
Chapter 07 - Managing Risk
15. The easiest and most commonly used technique for analyzing risks is _____ analysis.
A. Probability
B. Scenario
C. Payback
D. Risk/reward
E. Impact
Scenario analysis is the easiest and most commonly used technique for analyzing risks.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Step 2: Risk Assessment
Level: Easy
16. A risk profile is a list of questions that address traditional areas of uncertainty on a project
that answers developed from:
A. When the event might occur in the project
B. Chances of the event occurring
C. Interaction with other parts of the project or with other projects
D. From previous, similar projects
E. Magnitude or severity of the event's impact
7-8
Chapter 07 - Managing Risk
17. The risk management tool that is divided into three color-coded zones representing major,
moderate, and minor risks is the risk
A. Assessment form
B. Responsibility matrix
C. Scenario assessment
D. Impact assessment
E. Risk severity matrix
The risk severity matrix provides a basis for prioritizing which risks to address. Red zone
risks receive first priority followed by yellow zone risks. Green zone risks are typically
considered inconsequential and ignored unless their status changes.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Step 2: Risk Assessment
Level: Medium
18. The risk assessment form contains all of the following except
A. Likelihood of the risk event occurring
B. Potential impact of the risk event
C. Who will detect the occurrence of the risk event.
D. Difficulty of detecting the occurrence of the risk event
E. When the risk event may occur
7-9
Chapter 07 - Managing Risk
The risk matrix presented in Figure 7.7 on page 218 consists of a 5 x 5 array of elements with
each element representing a different set of impact and likelihood values.
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Step 2: Risk Assessment
Level: Medium
20. Which of the following is not one of the probability analysis tools?
A. Ratio/range analysis
B. Decision tree
C. PERT simulation
D. PERT
E. All of these are probability analysis tools
Decision trees have been used to assess alternative courses of action using expected values
PERT (program evaluation and review technique) and PERT simulation can be used to review
activity and project risk.
7-10
Chapter 07 - Managing Risk
21. This risk assessment tool is a variation of the risk severity matrix that includes the ease of
detection for each of the identified risks.
A. PERT simulation
B. FMEA analysis
C. Ratio/range analysis
D. Probability analysis
E. Semi-quantitative analysis
Failure Mode and Effects Analysis (FMEA) extends the risk severity matrix by including ease
of detection in the equation: Impact x Probability x Detection = Risk Value.
22. Which of the following is not included in a Failure Mode and Effects Analysis?
A. Impact
B. Probability
C. Detection
D. Risk value
E. All of these are included
Failure Mode and Effects Analysis (FMEA) extends the risk severity matrix by including ease
of detection in the equation: Impact x Probability x Detection = Risk Value.
7-11
Chapter 07 - Managing Risk
23. Which of the following is used to review activity and project risk?
A. NPV
B. S-curves
C. PERT
D. Decision trees
E. All of these can be used
PERT (program evaluation and review technique) and PERT simulation can be used to review
activity and project risk.
24. Which of the following is not one of the potential responses to a specific risk event?
A. Mitigating
B. Retaining
C. Ignoring
D. Transferring
E. Sharing
When a risk event is identified and assessed, a decision must be made concerning which
response is appropriate for the specific event. Responses to risk can be classified as
mitigating, avoiding, transferring, sharing, or retaining.
7-12
Chapter 07 - Managing Risk
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Contingency Planning
Level: Medium
26. The demolition of the Seattle Kingdome (Snapshot from Practice) is an example of which
of the following?
A. Mitigating
B. Retaining
C. Ignoring
D. Transferring
E. Sharing
Reducing risk is usually the first alternative considered. There are basically two strategies for
mitigating risk: (1) reduce the likelihood that the event will occur and/ or (2) reduce the
impact that the adverse event would have on the project. Most risk teams focus first on
reducing the likelihood of risk events since, if successful, this may eliminate the need to
consider the potentially costly second strategy. The Dome to Dust Snapshot from Practice
details the steps Controlled Demolition took to minimize damage when they imploded the
Seattle Kingdome.
7-13
Chapter 07 - Managing Risk
27. The risk associated with one of the key members being stuck by lightning would most
likely be handled by which of the following?
A. Mitigating
B. Retaining
C. Ignoring
D. Transferring
E. Sharing
The risk of a project manager being struck by lightning at a work site would have major
negative impact on the project, but the likelihood is so low it is not worthy of consideration.
Conversely, people do change jobs, so an event like the loss of key project personnel would
have not only an adverse impact but also a high likelihood of occurring in some organizations.
If so, then it would be wise for that organization to be proactive and mitigate this risk by
developing incentive schemes for retaining specialists and/or engaging in cross-training to
reduce the impact of turnover.
28. Funds that are for identified risks that have a low probability of occurring and that
decrease as the project progresses are called ______ reserves.
A. Management
B. Budget
C. Contingency
D. Padded
E. Just in case
Budget reserves are set up to cover identified risks; these reserves are those allocated to
specific segments or deliverables of the project.
7-14
Chapter 07 - Managing Risk
Technical risks are problematic; they can often be the kind that cause the project to be shut
down.
30. Detailing all identified risks, including descriptions, category, and probability of
occurring, impact, responses, contingency plans, owners and current status is called:
A. Management reserves
B. Change control
C. Contingency reserves
D. Risk register
E. Risk profiles
A risk register details all identified risks, including descriptions, category, and probability of
occurring, impact, responses, contingency plans, owners and current status.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Step 4: Risk Response Control
Level: Medium
7-15
Chapter 07 - Managing Risk
31. Which of the following is identified to cover major unforeseen risks and, hence, are
applied to the total project?
A. Budget reserves
B. Management reserves
C. Time buffers
D. Both B and C are correct
E. A, B, and C are all correct
Management reserve funds are needed to cover major unforeseen risks and, hence, are applied
to the total project.
32. Change management systems are designed to accomplish all of the following except:
A. Track all changes that are to be implemented
B. Review, evaluates, and approve/disapprove proposed changes formally
C. Identify expected effects of proposed changes on schedule and budget
D. Reflect scope changes in baseline and performance measures
E. All of the above are correct
7-16
Chapter 07 - Managing Risk
33. The ________ impact of a risk event in a project is less if the event occurs earlier rather
than later.
cost
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Risk Management Process
Level: Easy
34. The likelihood of a risk event occurring ________ as a project goes through its life cycle.
decreases
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Risk Management Process
Level: Easy
7-17
Chapter 07 - Managing Risk
36. Risk events such as inflation, market acceptance, and government regulations are referred
to as ________.
threats
The sources of project risks are unlimited. There are sources external to the organization, such
as inflation, market acceptance, exchange rates, and government regulations. In practice, these
risk events are often referred to as "threats" to differentiate them from those that are not
within the project manager's or team's responsibility area.
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Risk Management Process
Level: Medium
37. A ________ is a list of questions that address traditional areas of uncertainty on a project.
risk profile
A risk profile is a list of questions that address traditional areas of uncertainty on a project.
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Step 1: Risk Identification
Level: Medium
38. The easiest and most commonly used technique for analyzing risks is ________.
scenario analysis
Scenario analysis is the easiest and most commonly used technique for analyzing risks.
7-18
Chapter 07 - Managing Risk
39. The ________ form identifies each risk event, the likelihood of it occurring, the potential
impact, when it may occur, and the degree of difficulty in detecting it.
risk assessment
40. The ________ matrix is divided into red, yellow, and green zones representing major,
moderate, and minor risks.
risk severity
The risk severity matrix provides a basis for prioritizing which risks to address. Red zone
risks receive first priority followed by yellow zone risks. Green zone risks are typically
considered inconsequential and ignored unless their status changes.
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Step 2: Risk Assessment
Level: Medium
41. The vertical scale on the Risk Severity Matrix measures the _________ of a potential risk
event.
likelihood
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Step 2: Risk Assessment
Level: Difficult
7-19
Chapter 07 - Managing Risk
42. The horizontal scale on the Risk Severity Matrix measures the _________ of a potential
risk event.
impact
AACSB: Analytic
Bloom's: Synthesis
Learning Objective: Step 2: Risk Assessment
Level: Difficult
43. In __________ the Risk Severity Matrix is extended by including the ease of detecting a
risk event occurring.
Failure Mote and Effects Analysis (FMEA)
Failure Mode and Effects Analysis (FMEA) extends the risk severity matrix by including ease
of detection in the equation: Impact x Probability x Detection = Risk Value.
44. In a ________, three different estimates of activity times are used to statistically predict
the time an activity will take to complete.
probability analysis
There are many statistical techniques available to the project manager that can assist in
assessing project risk. Decision trees have been used to assess alternative courses of action
using expected values. Statistical variations of net present value (NPV) have been used to
assess cash flow risks in projects. Correlations between past projects' cash flow and S-curves
(cumulative project cost curvebaselineover the life of the project) have been used to
assess cash flow risks.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Step 3: Risk Response Development
Level: Medium
7-20
Chapter 07 - Managing Risk
45. The "Snapshot from Practice" case where Ellipsus Systems developed parallel prototype
systems (WAP and JAVA) is an example of _________ a risk.
avoiding
Risk avoidance is changing the project plan to eliminate the risk or condition. Although it is
impossible to eliminate all risk events, some specific risks may be avoided before you launch
the project. Rikard Kjellberg's solution was to have projects in his company's portfolio based
on both standards. Ellipsus built early prototypes of both systems and took them to a trade
show, with both systems sitting side by side. "We knew within an hour which way to go,"
says Douglas Davies, the COO. Ellipsus began securing million dollar contracts to supply its
Java-based system to leading U.S. operators.
46. Testing a new project on a smaller isolated area prior to installing it for the entire
organization is an example of ________ a risk.
mitigating
Reducing risk is usually the first alternative considered. There are basically two strategies for
mitigating risk: (1) reduce the likelihood that the event will occur and/ or (2) reduce the
impact that the adverse event would have on the project. Most risk teams focus first on
reducing the likelihood of risk events since, if successful, this may eliminate the need to
consider the potentially costly second strategy.
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Step 3: Risk Response Development
Level: Medium
7-21
Chapter 07 - Managing Risk
47. Performance bonds, warranties, and insurance are examples of ________ a risk.
transferring
Passing risk to another party is common; this transfer does not change risk. Passing risk to
another party almost always results in paying a premium for this exemption. Fixed-price
contracts are the classic example of transferring risk from an owner to a contractor.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Step 3: Risk Response Development
Level: Medium
48. When the entertainment industry formed a consortium to define a common operating
format for DVD it was ________ the risk.
sharing
This strategy involves allocating some or all of the ownership of an opportunity to another
party who is best able to capture the opportunity for the benefit of the project. Examples
include establishing continuous improvement incentives for external contractors or joint
ventures.
49. If a risk event is very unlikely to occur the project owner would probably ________ the
risk.
retain
Some risks are so large it is not feasible to consider transferring or reducing the event (e.g., an
earthquake or flood). The project owner assumes the risk because the chance of such an event
occurring is slim.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Step 3: Risk Response Development
Level: Medium
7-22
Chapter 07 - Managing Risk
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Contingency Planning
Level: Medium
51. ________ reserves are identified for specific work packages and cover risks that have a
low probability of occurring.
Budget
These reserves are identified for specific work packages or segments of a project found in the
baseline budget or work breakdown structure. For example, a reserve amount might be added
to "computer coding" to cover the risk of "testing" showing a coding problem. The reserve
amount is determined by costing out the accepted contingency or recovery plan. The budget
reserve should be communicated to the project team.
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Contingency Funding and Time Buffers
Level: Medium
52. ________ reserves are controlled by the project manager and used to cover major
unforeseen risks to the entire project.
Management
These reserve funds are needed to cover major unforeseen risks and, hence, are applied to the
total project. For example, a major scope change may appear necessary midway in the project.
7-23
Chapter 07 - Managing Risk
53. A ____________ is an alternative that will be used if a possible foreseen risk event
becomes a reality.
contingency plan
A contingency plan is an alternative plan that will be used if a possible foreseen risk event
becomes a reality.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Contingency Planning
Level: Easy
54. A ____________ is useful for summarizing how the project team plans to manage risks
that have been identified.
Risk Response Matrix
Risk response matrices such as the one shown in Figure 7.8 on page 225 are useful for
summarizing how the project team plans to manage risks that have been identified.
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Contingency Planning
Level: Easy
55. The probability that a risk event will occur is higher during the initial stages of a project.
TRUE
The chances of a risk event occurring (e.g., an error in time estimates, cost estimates, or
design technology) are greatest in the concept, planning, and start-up phases of the project.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Risk Management Process
Level: Easy
7-24
Chapter 07 - Managing Risk
56. Due to the impact over a long period of time, risk events that occur in the early stages of a
project will have a greater cost impact than those that occur in later stages.
FALSE
The cost impact of a risk event in the project is less if the event occurs earlier rather than later.
57. During risk identification the smaller risks should be identified first because they will
naturally lead to identifying the larger risks.
FALSE
The focus at the beginning should be on risks that can affect the whole project as opposed to a
specific section of the project or network.
58. One common mistake that is made early on in the risk identification process is to focus on
consequences and not on the events that could produce consequences.
TRUE
One common mistake that is made early in the risk identification process is to focus on
objectives and not on the events that could produce consequences.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Step 1: Risk Identification
Level: Medium
7-25
Chapter 07 - Managing Risk
59. Risks such as inflation and monetary exchange rates are not usually included in a project's
risk assessment.
TRUE
The sources of project risks are unlimited. There are sources external to the organization, such
as inflation, market acceptance, exchange rates, and government regulations. In practice, these
risk events are often referred to as "threats" to differentiate them from those that are not
within the project manager's or team's responsibility area.
60. The first step in the risk management process is Risk Assessment.
Refer to Figure 7.2
FALSE
See Figure 7.2 on Page 213. The first step is Risk Identification. Risk Assessment is the
second step.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Step 1: Risk Identification
Level: Easy
61. A risk profile is a list of questions that have been developed and refined from previous,
similar projects.
TRUE
A risk profile is a list of questions that address traditional areas of uncertainty on a project.
These questions have been developed and refined from previous, similar projects.
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Step 1: Risk Identification
Level: Medium
7-26
Chapter 07 - Managing Risk
62. The risk identification process should be limited to just the core project team.
FALSE
The risk identification process should not be limited to just the core team. Input from
customers, sponsors, subcontractors, vendors, and other stakeholders should be solicited.
63. Since the goal is to find problems before they happen, the project manager should
encourage critical thinking when it comes to risk identification.
TRUE
One of the keys to success in risk identification is attitude. While a "can do" attitude is
essential during implementation, project managers have to encourage critical thinking when it
comes to risk identification. The goal is to find potential problems before they happen.
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Step 1: Risk Identification
Level: Medium
64. The Risk Severity Matrix rates risk events based upon schedule and cost.
Refer to Figure 7.7
FALSE
See Figure 7.7 on Page 218. The Risk Severity Matrix events are based on likelihood and
impact.
7-27
Chapter 07 - Managing Risk
65. In a Risk Severity Matrix a green zone risk is considered inconsequential and ignored
unless their status changes.
TRUE
The risk severity matrix Green zone risks are typically considered inconsequential and
ignored unless their status changes.
66. The quality and credibility of the risk analysis process requires that different levels of risk
probabilities and impacts be defined.
TRUE
The quality and credibility of the risk analysis process requires that different levels of risk
probabilities and impacts be defined.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Step 2: Risk Assessment
Level: Easy
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Step 3: Risk Response Development
Level: Medium
7-28
Chapter 07 - Managing Risk
68. The FMEA method calculates a risk value by assigning ease of detection ratings to the key
risk elements.
TRUE
Failure Mode and Effects Analysis (FMEA) extends the risk severity matrix by including ease
of detection in the equation: Impact x Probability x Detection = Risk Value.
69. Performance bonds, warranties, and guarantees are financial instruments used to share
risk.
FALSE
Performance bonds, warranties, and guarantees are other financial instruments used to transfer
risk.
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Step 3: Risk Response Development
Level: Medium
70. Fixed price contracts are an example of transferring risk from an owner to a contractor.
TRUE
Fixed-price contracts are the classic example of transferring risk from an owner to a
contractor.
7-29
Chapter 07 - Managing Risk
71. Scheduling outdoor work in the summer, investing in up front safety training, and
choosing high quality materials are examples of retaining a risk.
FALSE
An example of reducing the probability of risks occurring are scheduling outdoor work during
the summer months, investing in up-front safety training, and choosing high-quality materials
and equipment.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Step 3: Risk Response Development
Level: Medium
72. Budget reserves are setup to cover identified risks associated with specific segments of a
project while management reserves are set up to cover unidentified risks associated with the
total project.
TRUE
Budget reserves are set up to cover identified risks; these reserves are those allocated to
specific segments or deliverables of the project. Management reserves are set up to cover
unidentified risks and are allocated to risks associated with the total project.
73. Change management systems involve reporting, controlling, and recording changes to the
project baseline.
TRUE
Change management systems involve reporting, controlling, and recording changes to the
project baseline. (Note: Some organizations consider change control systems part of
configuration management.)
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Change Control Management
Level: Easy
7-30
Chapter 07 - Managing Risk
74. Project managers need to establish an environment in which participants feel comfortable
raising concerns and admitting mistakes.
FALSE
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Constructing a Project Network
Level: Easy
In practice, the contingency reserve fund is typically divided into budget and management
reserve funds for control purposes.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Contingency Funding and Time Buffers
Level: Easy
76. Describe the relationship between the likelihood of a risk event occurring and the cost of
fixing the risk event as a project proceeds through its life cycle.
In the early stages of the project life cycle the probability of a risk event occurring is greater
than at any other time and the cost to fix it is lower than at any other point. As time passes the
probability of occurrence drops lower and lower while the cost rises. See figure 7-1.
7-31
Chapter 07 - Managing Risk
77. Identify and briefly describe the four steps in risk management.
1. Risk Identification; all possible risks are identified, 2. Risk Assessment; risks are assessed
in terms of importance and need for attention, 3. Risk Response Development; plans are
developed to respond if the risk actually occurs, and 4. Risk Response Control; the actual
response to the risk and controlling changes associated with the risks.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Step 1: Risk Identification
Level: Medium
The project manager pulls together a risk management team consisting of core team members
and other relevant stakeholders and uses brainstorming and other techniques to identify
project risks. Focus should be on the WBS and the risks associated with the deliverables.
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Step 1: Risk Identification
Level: Medium
79. What is a risk profile and what benefits does it provide to risk management?
A risk profile is a list of questions that address traditional areas of uncertainty on a project.
The questions have been developed and refined from previous, similar projects. These profiles
are generated and maintained by the project office and are updated and refined during the life
of the project. This historical file assists in identifying risks for future projects.
AACSB: Analytic
Bloom's: Synthesis
Learning Objective: Step 1: Risk Identification
Level: Difficult
7-32
Chapter 07 - Managing Risk
80. Identify at least six items that may be included on a Risk Profile.
AACSB: Analytic
Bloom's: Knowledge
Learning Objective: Step 1: Risk Identification
Level: Medium
Not all identified risks deserve attention, some are trivial and others are serious threats. The
Scenario analysis is the easiest and most commonly used technique for analyzing risks. Each
risk is assessed in terms of 1. what the risk are, 2. the outcomes of the event's occurrence, 3.
the severity of the event's impact, 4. the probability of the event occurring, 5. when the event
may occur, and 6. the interaction with other parts of the project or other projects.
AACSB: Analytic
Bloom's: Synthesis
Learning Objective: Step 2: Risk Assessment
Level: Difficult
Risks are placed on a matrix that has Likelihood as the vertical axis and Impact as the
horizontal axis. Risks in the upper right corner are considered major, those further left are
considered moderate, while the rest are considered minor. The matrix is usually color-coded
with the major risks in red, moderate risks in yellow and minor risks in green. It is an easily
read graphical representation of a project's risks.
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Step 2: Risk Assessment
Level: Medium
7-33
Chapter 07 - Managing Risk
83. Identify and briefly describe the five ways to respond to identified risks.
1. Mitigate the risk; duplicate systems, backup systems, alternate technology development, 2.
Avoid the risk; changing the project plan to eliminate the risk, 3. Transfer the risk; fixed-price
contract, insurance, 4. Sharing the risk; find others to share the costs of the risk, and 5. Retain
the risk; take preventative measures to reduce the risk such as training.
AACSB: Analytic
Bloom's: Synthesis
Learning Objective: Step 3: Risk Response Development
Level: Medium
84. What is the difference between budget reserves and management reserves?
Budget reserves are controlled by team participants and have been identified for known risks
that have a low chance of occurring and are directly associated with specific work packages.
Management reserves are controlled by the project manager and cover items which were
unforeseen usually at the total project level.
AACSB: Analytic
Bloom's: Comprehension
Learning Objective: Contingency Funding and Time Buffers
Level: Medium
85. What is Change Control Management and what function does it perform?
Change Control Management is the formal process for making and tracking changes once a
project has started. Any changes must be detailed and accepted by the project team. Risks
associated with making changes are thus assessed and documented.
AACSB: Analytic
Bloom's: Synthesis
Learning Objective: Change Control Management
Level: Difficult
7-34
Chapter 07 - Managing Risk
86. Identify and briefly describe the parts of a Risk Response Matrix and explain how one
would be used.
The parts are: the risk event, the response, contingency plan, trigger, and who is responsible.
It is used for summarizing how the project team plans to manage risks that have been
identified.
AACSB: Analytic
Bloom's: Synthesis
Learning Objective: Step 3: Risk Response Development
Level: Difficult
Budget reserves are for known risks associated with specific work packages and controlled by
the project managers. Management reserves are for unforeseen risks associated with the
overall project and are controlled by upper management.
AACSB: Analytic
Bloom's: Synthesis
Learning Objective: Contingency Funding and Time Buffers
Level: Difficult
7-35