Exam
Name___________________________________
MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.
1)
________ are reviews designed to review existing risk activities and to monitor any changes to the
project.
1)
A)
Periodic project risk reviews
B)
Project risk response audits
C)
Periodic risk assessments
D)
Project risk assessments
Answer:
A
A)
B)
C)
D)
2)
________ is the establishment of probabilities regarding both the impact and the likelihood of
specific risk occurrence.
2)
A)
Impact/likelihood analysis
B)
Probability/impact analysis
C)
Qualitative risk analysis
D)
Quantitative risk analysis
Answer:
C
A)
B)
C)
D)
3)
The assessment of the quality of the data used to assess risk is called:
3)
A)
risk assessment data testing.
B)
risk data precision estimation.
C)
risk data quality assessment.
D)
project assumption testing.
Answer:
C
A)
B)
C)
D)
4)
________ is the analysis of the probability of occurrence and impact of risk on project objectives
using numerical techniques.
4)
A)
Quantitative risk analysis
B)
Probability/impact risk rating matrix
C)
Qualitative risk analysis
D)
Impact/likelihood risk rating matrix
Answer:
A
A)
B)
C)
D)
1
5)
Project risk is an uncertain event or condition that, if it occurs, has a ________ effect on a project
objective.
5)
A)
negative
B)
positive or negative
C)
positive
D)
devastating
Answer:
B
A)
B)
C)
D)
6)
Which of the following is NOT a decision technique used during quantitative risk analysis?
6)
A)
Setting realistic targets in terms of scope, cost, and schedule
B)
Identifying the most problematic project requirements in terms of scope
C)
Identifying the most salient risk in terms of the project
D)
Risk quantification in terms of additional scheduling and cost needs
Answer:
B
A)
B)
C)
D)
7)
Risk ________ is the process of monitoring identified risks for change and controlling those
changes.
7)
A)
monitoring and control
B)
management
C)
execution
D)
assessment
Answer:
A
A)
B)
C)
D)
8)
________ is a risk response strategy designed to transfer risk to another party, often through the use
of contracts.
8)
A)
Risk transference
B)
Risk removal
C)
Risk related contractual agreements
D)
Risk mitigation
Answer:
A
A)
B)
C)
D)
9)
All of the following are elements of a risk response plan EXCEPT:
9)
A)
the roles and responsibilities of any risk owners.
B)
the roles and responsibilities of project stakeholders.
C)
budget and schedule information in terms of risk response.
D)
a list of actions to be used to implement the risk response strategies.
Answer:
B
A)
B)
C)
D)
2
10)
A technique used during qualitative risk analysis to test the assumptions made during risk
identification is called:
10)
A)
project assumption testing.
B)
risk quality assessment.
C)
project quality testing.
D)
risk assumption testing.
Answer:
A
A)
B)
C)
D)
11)
________ are designed to evaluate the effectiveness of risk response strategies and risk owners.
11)
A)
Project risk response audits
B)
Periodic project risk reviews
C)
Project risk assessments
D)
Periodic risk assessments
Answer:
A
A)
B)
C)
D)
12)
The most wellknown simulation technique is called:
12)
A)
Bellagio analysis.
B)
Venetian analysis.
C)
Monte Carlo analysis.
D)
Monaco analysis.
Answer:
C
A)
B)
C)
D)
13)
________ is a risk response strategy designed to avoid potential project risks.
13)
A)
Risk acceptance
B)
Risk avoidance
C)
Risk mitigation
D)
Risk transference
Answer:
B
A)
B)
C)
D)
14)
The process of identifying risks to a project and documenting them is called:
14)
A)
risk elaboration.
B)
risk management.
C)
risk documentation.
D)
risk identification.
Answer:
D
A)
B)
C)
D)
3
15)
Events that serve as early warnings of risk are called:
15)
A)
risk advisories.
B)
triggers.
C)
warnings.
D)
actuators.
Answer:
B
A)
B)
C)
D)
16)
Risk ________ is concerned with the consequences of the occurrence of a certain risk.
16)
A)
strength
B)
likelihood
C)
probability
D)
impact
Answer:
D
A)
B)
C)
D)
17)
Which of the following is NOT among the four types of risk specifically associated with IS projects?
17)
A)
Finding and assigning skilled personnel
B)
Gaining user acceptance
C)
Finishing on time and on budget
D)
Ongoing changes in technology
Answer:
C
A)
B)
C)
D)
18)
The review of organizational information to aid during risk identification is called:
18)
A)
project file review.
B)
reviews of published information.
C)
risk review.
D)
documentation review.
Answer:
D
A)
B)
C)
D)
19)
________ is a diagramming technique used to evaluate courses of action in terms of their potential
cost and benefits relative to other courses of action.
19)
A)
Decision tree analysis
B)
Tornado analysis
C)
Simulation
D)
EMV analysis
Answer:
A
A)
B)
C)
D)
4
20)
Legal events are an example of:
20)
A)
technical, quality, or performance risks.
B)
organizational risks.
C)
external risks.
D)
project management risks.
Answer:
C
A)
B)
C)
D)
21)
________ is a statistical technique that captures the average value of potential projects by analyzing
the likelihood of possible project outcomes as well as each outcome’s financial consequences.
21)
A)
Tornado analysis
B)
Decision tree analysis
C)
Simulation
D)
EMV analysis
Answer:
D
A)
B)
C)
D)
22)
Information gathering techniques commonly used during risk identification include:
22)
A)
Delphi technique.
B)
brainstorming.
C)
interviewing.
D)
all of the above.
Answer:
D
A)
B)
C)
D)
23)
Poor project planning is an example of:
23)
A)
external risks.
B)
organizational risks.
C)
project management risks.
D)
technical, quality, or performance risks.
Answer:
C
A)
B)
C)
D)
24)
The systematic approach to planning the risk management activities of a given project is called:
24)
A)
risk mitigation planning.
B)
risk management planning.
C)
risk response planning.
D)
risk identification.
Answer:
B
A)
B)
C)
D)
5
25)
Risk ________ is concerned with the likelihood that a certain risk will occur.
25)
A)
probability
B)
likelihood
C)
impact
D)
strength
Answer:
A
A)
B)
C)
D)
26)
A ________ is a documented plan for risk response.
26)
A)
risk response register
B)
risk document
C)
risk response plan
D)
risk management plan
Answer:
C
A)
B)
C)
D)
27)
Inconsistent goals are an example of:
27)
A)
technical, quality, or performance risks.
B)
project management risks.
C)
external risks.
D)
organizational risks.
Answer:
D
A)
B)
C)
D)
28)
Diagramming tools commonly used during risk identification include:
28)
A)
system or process flow charts.
B)
cause and effect diagrams.
C)
influence diagrams.
D)
all of the above.
Answer:
D
A)
B)
C)
D)
29)
Project team members responsible for specific risk activity decisions are called:
29)
A)
risk managers.
B)
risk mitigators.
C)
risk owners.
D)
risk deciders.
Answer:
C
A)
B)
C)
D)
30)
Which of the following is NOT a risk management process as identified by the PMBOK guide?
30)
A)
Risk transference
B)
Risk management planning
C)
Risk response planning
D)
Risk identification
Answer:
A
A)
B)
C)
D)
6
31)
The formal record listing all project risks, explaining the nature of the risk, and management of the
risk is called:
31)
A)
risk register.
B)
risk list.
C)
risk file.
D)
risk record.
Answer:
A
A)
B)
C)
D)
32)
The process of developing methods for responding to project risks is called:
32)
A)
risk mitigation planning.
B)
risk reaction planning.
C)
risk response planning.
D)
risk management.
Answer:
C
A)
B)
C)
D)
33)
Risk management ________ are used to provide organizational standards for project risk
management.
33)
A)
templates
B)
plans
C)
matrices
D)
schedules
Answer:
A
A)
B)
C)
D)
34)
________ is a tool used to determine whether important technical milestones are being met.
34)
A)
Technical performance measurement
B)
Technical milestone measurement
C)
Technical performance review
D)
Technical milestone review
Answer:
A
A)
B)
C)
D)
35)
Tornado analysis is a form of:
35)
A)
graphical analysis.
B)
simulation.
C)
EMV analysis.
D)
sensitivity analysis.
Answer:
D
A)
B)
C)
D)
7
36)
________ are risks resulting from the application of a risk response strategy.
36)
A)
Secondary risks
B)
Resultant risks
C)
Resulting risks
D)
Derived risks
Answer:
A
A)
B)
C)
D)
37)
________ is a technique used to perform whatif analyses to determine the impact of a given
situation on a project objective.
37)
A)
Decision tree analysis
B)
Simulation
C)
EMV analysis
D)
Tornado analysis
Answer:
B
A)
B)
C)
D)
38)
________ are risks that remain after avoidance, transfer, or mitigation strategies have been applied.
38)
A)
Residual risks
B)
Enduring risks
C)
Outstanding risks
D)
Remaining risks
Answer:
A
A)
B)
C)
D)
39)
________ is a technique to examine the potential impact of specific risks to a project.
39)
A)
Impact analysis
B)
Sensitivity analysis
C)
Decision tree analysis
D)
Risk analysis
Answer:
B
A)
B)
C)
D)
40)
Changing industry standards are an example of:
40)
A)
project management risks.
B)
external risks.
C)
technical, quality, or performance risks.
D)
organizational risks.
Answer:
C
A)
B)
C)
D)
8
41)
________ is a risk response strategy in which steps are taken to mitigate risks.
41)
A)
Risk avoidance
B)
Risk reduction
C)
Risk minimization
D)
Risk mitigation
Answer:
D
A)
B)
C)
D)
42)
The overall plan used to outline risks and the strategies used to manage them is called:
42)
A)
risk management plan.
B)
risk response plan.
C)
risk outline.
D)
risk baseline.
Answer:
A
A)
B)
C)
D)
43)
________ is a technique used to analyze project risk in terms of its probability of occurrence and its
impact on project outcomes.
43)
A)
Qualitative risk analysis
B)
Probability/impact risk rating matrix
C)
Impact/likelihood risk rating matrix
D)
Quantitative risk analysis
Answer:
B
A)
B)
C)
D)
44)
Risk management planning meetings should be attended by:
44)
A)
project team leaders.
B)
stakeholders.
C)
senior managers.
D)
all of the above.
Answer:
D
A)
B)
C)
D)
45)
During initiation, risk most often occurs in the ________ stage.
45)
A)
project integration
B)
project initiation
C)
project evaluation
D)
project selection
Answer:
D
A)
B)
C)
D)
9
46)
________ is a risk response strategy in which risks are simply accepted and contingency strategies
are planned.
46)
A)
Risk response
B)
Risk contingency planning.
C)
Risk acceptance
D)
Risk adoption
Answer:
C
A)
B)
C)
D)
SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question.
47)
________ is a risk response strategy in which risks are simply accepted and contingency
strategies are planned.
47)
Answer:
Risk acceptance
48)
Project risk is an uncertain event or condition that, if it occurs, has a ________ effect on a
project objective.
48)
Answer:
positive or negative
49)
Risks associated with poor project planning are an example of ________.
49)
Answer:
project management risks
50)
________ is a statistical technique that captures the average value of potential projects by
analyzing the likelihood of possible project outcomes as well as each outcome’s financial
consequences.
50)
Answer:
EMV analysis
51)
________ are those risks that remain after avoidance, transfer, or mitigation strategies have
been applied.
51)
Answer:
Residual risks
52)
A ________ is a documented plan for risk response.
52)
Answer:
risk response plan
53)
Data precision ranking can be used for risk data ________.
53)
Answer:
quality assessments
54)
________ is a term for any contracts for the purpose of risk transference during the project.
54)
Answer:
Riskrelated contractual agreements
10
55)
________ analysis is the most recognized form of simulation analysis.
55)
Answer:
Monte Carlo
56)
________ involves the establishment of probabilities regarding both the impact and the
likelihood of specific risk occurrence.
56)
Answer:
Qualitative risk analysis
57)
Risk owners are project team members responsible for specific ________.
57)
Answer:
risk activity decisions
58)
________ graphically represent potential problems while accounting for causal influences,
time, and other relationships between project activities and outcomes.
58)
Answer:
Influence diagrams
59)
A ________ matrix is used analyze project risk in terms of its probability of occurrence and
its impact on project outcomes.
59)
Answer:
probability/impact risk rating
60)
________ are useful during risk identification as they allow managers to identify potential
risks and trace them back to their root causes.
60)
Answer:
Causeandeffect diagrams/fishbone diagrams
61)
Environmental concerns are an example of ________.
61)
Answer:
external risks
62)
________ is a technique used to examine the potential impact of specific risks to a project.
62)
Answer:
Sensitivity analysis
63)
________ is used to test the assumptions made during risk identification.
63)
Answer:
Project assumption testing
64)
Changing industry standards are an example of ________.
64)
Answer:
technical, quality, or performance risks
65)
________ involves a systematic approach to planning the risk management activities of a
given project.
65)
Answer:
Risk management planning
11
66)
It is important to plan a risk management strategy that ________ the type of risk that may
be encountered along with the importance of the project to the organization.
66)
Answer:
matches
67)
________ are those risks resulting from the application of a risk response strategy.
67)
Answer:
Secondary risks
68)
Risk identification consists of identifying potential risks to a project and ________.
68)
Answer:
documenting them
69)
________ involves an analysis of the probability of occurrence and impact of risk on project
objectives using numerical terms.
69)
Answer:
Quantitative risk analysis
70)
A tornado analysis shows, in descending order, which risk causes the ________ on some
outcome.
70)
Answer:
greatest variability
71)
The risk ________ is a formal record listing all project risks, explaining the nature of the
risk and management of the risk.
71)
Answer:
register
72)
Periodic risk response audits are designed to evaluate the effectiveness of ________ and
risk owners.
72)
Answer:
risk response strategies
73)
________ are events that serve as early warnings of risks.
73)
Answer:
Triggers
74)
Risks associated with ongoing changes ________ are unique to IS projects.
74)
Answer:
in technology
75)
Tornado analysis is an example of a ________.
75)
Answer:
sensitivity analysis
76)
Conflicting priorities among users is an example of ________.
76)
Answer:
organizational risks
12
77)
________ is a risk response strategy in which steps are taken to mitigate project risk.
77)
Answer:
Risk mitigation
78)
________ is the process of developing methods for responding to risks.
78)
Answer:
Risk response planning
79)
Periodic project risk reviews are designed to review existing ________ and to monitor any
changes to the project.
79)
Answer:
risk activities
80)
________ is a strategy designed to avoid potential risks.
80)
Answer:
Risk avoidance
81)
________ depict the interrelations among project activities and can be used to help
managers determine the risks associated with those interrelations.
81)
Answer:
System or process flow charts
82)
Risk management ________ are used to provide organizational standards for project risk
management.
82)
Answer:
templates
83)
Risk monitoring and control is the process of monitoring identified risks for change and
________.
83)
Answer:
controlling those changes
84)
A graphical depiction of EMV can be captured in a ________.
84)
Answer:
decision tree analysis
85)
________ is a risk response strategy designed to transfer risk to another party.
85)
Answer:
Risk transference
86)
Brainstorming, the Delphi technique, or interviewing are ________ used during risk
identification.
86)
Answer:
information gathering techniques
13
TRUE/FALSE. Write ‘T’ if the statement is true and ‘F’ if the statement is false.
87)
Decision tree analysis is a statistical technique that captures the average value of potential projects
by analyzing the likelihood of possible project outcomes as well as each outcome’s financial
consequences.
87)
Answer:
True
False
88)
Monte Carlo simulation is a wellknown simulation analysis.
88)
Answer:
True
False
89)
Extensive project risk management planning should be conducted for all ISD projects.
89)
Answer:
True
False
90)
Lack of top management commitment to the project is one of the top software project risks.
90)
Answer:
True
False
91)
Quantitative risk analysis is the analysis of the probability of occurrence and impact of risk on
project objectives using numerical techniques.
91)
Answer:
True
False
92)
Legal events are an example of external risks.
92)
Answer:
True
False
93)
Tornado analysis is a form of sensitivity analysis.
93)
Answer:
True
False
94)
Lack of funding is an example of project management risks.
94)
Answer:
True
False
95)
Process flow charts depict the interrelationships among project activities and can be used to help
managers determine risks associated with those interrelations.
95)
Answer:
True
False
96)
The probability/impact risk rating matrix is used during quantitative risk analysis.
96)
Answer:
True
False
97)
Residual risks are those risks resulting from the application of a risk response strategy.
97)
Answer:
True
False
14
98)
There are at least four types of project risk specifically associated with IS projects.
98)
Answer:
True
False
99)
Risk transference is a risk response strategy to transfer risk to another party.
99)
Answer:
True
False
100)
Risks associated with poor project planning are an example of organizational risks.
100)
Answer:
True
False
101)
Performance goals that cannot be easily met are an example of organizational risks.
101)
Answer:
True
False
102)
Triggers are events that serve as early warnings of risk.
102)
Answer:
True
False
103)
Project risk is an uncertain event or condition that, if it occurs, has a negative effect on a project
objective.
103)
Answer:
True
False
104)
Project risk response audits are designed to evaluate the effectiveness of risk response strategies
and owners.
104)
Answer:
True
False
105)
Risk avoidance is not a valid risk response strategy.
105)
Answer:
True
False
106)
It is usually sufficient if the project team leaders attend risk management planning meetings.
106)
Answer:
True
False
107)
During initiation, risk most often occurs in the project selection stage.
107)
Answer:
True
False
108)
Process flow charts allow managers to identify potential risks and trace them back to their root
causes.
108)
Answer:
True
False
15
ESSAY. Write your answer in the space provided or on a separate sheet of paper.
109)
List the risk categories identified by the PMI and provide examples for each.
Answer:
·Technical, quality, or performance risks. The first of these, technical risk, is especially significant during
IS development. As has been continually reiterated throughout the previous chapters, reliance on new,
unproven or unreliable technology is one of the many challenges faced by IS development project
managers. Quality and performance risk categories include performance goals that cannot easily be met
and changing industry standards.
·Project management risks. This category includes risks associated with project management, including
risks associated with poor project planning, and poor use of recognized project management processes.
·Organizational risks. This category includes risks that are organizationally driven; it can include
inconsistent goals, lack of funding, and conflicting priorities, among others.
·External risks. A category that can be easily overlooked, external risks include legal events,
environmental concerns, and natural disasters such as earthquakes and floods.
110)
What are the components of a risk management plan? List and describe each component.
Answer:
·Methodology. The methodology should discuss the approach to the management of risk during the
project.
·Roles and responsibilities. This component of the risk management plan should establish project
members’ roles and responsibilities for the risk activities identified in the risk management plan.
·Budgeting. This is simply the preparation of a riskmanagement budget for the project.
·Timing. This section of the risk management plan should outline how the risk management activities
will fit within the project life cycle.
·Scoring and interpretation. This section describes the scoring parameters and their associated
interpretation from the qualitative and quantitative risk analyses to be performed during the project.
·Thresholds. This component of the risk management plan determines the criteria according to which
risks will be acted upon. It is consistent with the toleranceforrisk section that serves as an input to risk
management planning.
·Reporting formats. This section outlines the format for the risk response plan and describes how risk
management processes will be documented and communicated during the project.
·Tracking. Project risk planning activities should be tracked, documented, and archived for use during
future projects.
16
111)
Briefly describe each of the four risk response strategies.
Answer:
Risk avoidance is designed to avoid any identified risks to the project. Within an IS development project,
this may include avoiding the use of an untested technology or avoiding changes to the scope of the
system.
Risk transference involves the transfer of risk to another party. Risk transference is often facilitated
through the use of contracts in which the risk associated with a given activity is transferred to another
party. Depending on the type of contract being used, risk may be transferred from the seller to the buyer
or from the buyer to the seller.
Risk mitigation is used to reduce, eliminate, or transfer the chances of risk occurrence or to reduce the
impact of the risk on project objectives. An example of risk mitigation during an IS development project is
the use of a known technology provider rather than reliance on a less established vendor.
Risk acceptance occurs when managers simply decide that an effective response cannot be developed for
a specific risk. In this case, a decision is made to accept that a given risk may occur and either to do
nothing (passive response) or to plan alternative strategies (active response) should the risk occur. For
example, an active response during an IS development project may mean accepting that a new version of
a particular software may not function as intended and developing an alternative plan to use a previous
version of the software.
17