Selected PMI-RMP PMI Certification Questions Answers

The project manager should have performed risk identification exercises for the full lifecycle of the project, including the construction phase, to ensure that all potential risks were identified and addressed in the risk register.

Risk identification is the process of determining the risks that may affect the project and documenting their characteristics. Risk identification should be performed throughout the project lifecycle, as new risks may emerge or change over time. Risk identification should also consider all aspects of the project, such as scope, schedule, cost, quality, resources, stakeholders, and procurement. By performing risk identification exercises for the full lifecycle of the project, the project manager could have identified and planned for the potential risks associated with the construction phase, such as delays, material shortages, quality issues, or safety hazards. This would have helped to prevent or mitigate the impact of the risk event that occurred, and to ensure that the risk register is updated and comprehensive. Performing a Monte Carlo sensitivity analysis, adding generic construction risks, or reviewing the assumptions/exclusions register are not sufficient or effective ways of identifying the specific risks that may affect the project during the construction phase. These are either tools for risk analysis, risk response planning, or project initiation, but not risk identification. References: PMI-RMP® Certification Handbook1, page 9; PMBOK® Guide, pages 397-398.

Biases during risk identification can skew the perception of potential risks and their triggers. To mitigate this, the risk manager should rely on objective data, such as published operational experience reports, which provide historical data and insights into what has triggered risks in similar projects. This approach reduces the influence of biases and ensures that risk identification is based on empirical evidence rather than subjective judgments. Using these reports aligns with best practices in risk management, where decisions are data-driven and supported by documented experiences, reducing the likelihood of overlooking critical risk triggers​​.

The correct answer is B. The new technology ' s impact on existing controls.

The scenario explains that a major technological change was introduced as part of a risk response, and that this change later caused GPS errors for customers. It also states that the issue had been recognized as high risk and that secondary risk identification was required but never completed . This means the missing step was evaluating how the new solution could affect the existing system, controls, or operating environment. In other words, the project failed to identify and assess the impact of the new technology on existing controls and related processes.

Secondary risks often arise when a response action, design change, or technology update introduces new vulnerabilities or weakens current safeguards. Proper identification would have examined how the update might interfere with accuracy, compatibility, validation, deployment controls, or downstream system performance.

Why the other options are incorrect:

A. The identification of the business driver. The business reason for making the update is not the key issue. The problem was not lack of purpose, but failure to identify and assess the new risk introduced by the technological change.

C. The risk management strategy quality assurance. This is too broad and indirect. The scenario points more specifically to missed secondary risk identification associated with the implemented change.

D. Project environmental factors. Environmental factors may influence risk, but the question specifically points to a missed evaluation related to the technology update itself and the need for secondary risk identification.

Best-practice reasoning:

When implementing risk responses involving significant technological change, the risk manager must assess how the new change affects existing controls, processes, interfaces, and users. Failure to do so can allow secondary risks to emerge and affect customers or operations.

Reference-aligned basis:

This answer is consistent with standard risk management guidance that emphasizes:

risk responses may introduce secondary risks,

major changes should be assessed for impacts on existing controls and systems,

secondary risks must be identified and managed as part of ongoing risk monitoring and response implementation.

An Ishikawa diagram (also known as a fishbone or cause-and-effect diagram) is a tool used to identify and analyze the root causes and sources of a risk. It helps the risk manager gain a deeper understanding of the risk source and likelihood. (Reference: PMBOK Guide, 6th Edition, p. 139)

 An Ishikawa diagram, also known as a fishbone diagram or a cause-and-effect diagram, is a tool that can help the risk manager to analyze the root causes of a risk and to identify the factors that influence its occurrence and impact. An Ishikawa diagram can also help to visualize the relationships among different causes and to prioritize the most significant ones. By developing and employing an Ishikawa diagram, the risk manager can gain a deeper understanding of the source and likelihood of the risk and plan appropriate responses accordingly. References: The Standard for Risk Management in Portfolios, Programs, and Projects, page 72; PMBOK Guide, 6th edition, page 398.