D.7 Risk management

Question 1

What is the definition of risk according to the International Organization for Standardization (ISO)?

Answer 1

The effect of uncertainty on objectives

An effect can be any deviation from the expected, whether positive or negative.

Question 2

What percentage of respondents believe the volume and complexity of risks are increasing extensively over time?

Answer 2

59%

Findings from the 2020 Report on the Current State of Enterprise Risk Oversight.

Question 3

What defines the level of risk?

Answer 3

The magnitude of a risk or combination of risks, expressed in terms of the combination of consequences and their likelihood

Defined by ISO.

Question 4

What is a consequence in the context of risk?

Answer 4

The outcome of an event affecting objectives

Consequences can be certain or uncertain and have positive or negative effects.

Question 5

What is residual risk?

Answer 5

The risk remaining after risk treatment

Defined by ISO.

Question 6

What is the role of a risk manager?

Answer 6

Responsible for operating the risk management process and the custodian of the risk management plan and risk register.

Question 7

What are inherent risks?

Answer 7

Risks associated with the nature of the project objectives and scope

Example: A ‘big bang’ approach to a health information system deployment.

Question 8

What are acquired risks?

Answer 8

Risks resulting from the selected organisation, approach, technology, methods, tools, techniques, skills, and experience applied to the project.

Question 9

What is the definition of risk management?

Answer 9

Coordinated activities to direct and control an organisation with regard to risk

Defined by ISO.

Question 10

What is the first step in the risk management process?

Answer 10

Establish the risk scope, context, and criteria.

Question 11

What should be included in a risk management plan?

Answer 11

Procedures, practices, responsibilities, activities, sequencing, and timing.

Question 12

True or False: Risk identification is not everyone’s business.

Answer 12

False

Risk identification is crucial and requires input from various perspectives.

Question 13

What are contextual risks?

Answer 13

Risks resulting from events, circumstances, or inter-relationships outside or across the project or system boundary.

Question 14

Fill in the blank: Risk is commonly associated with __________ or hazards.

Answer 14

threats

Question 15

What is a risk register?

Answer 15

The record, under formal change control, of all identified risks, their risk assessment, risk treatments, and outcomes.

Question 16

What is the significance of documenting risks consistently?

Answer 16

To avoid confusion between risk sources and events, and risks and their consequences.

Question 17

What are the basic phases of the risk management process?

Answer 17

• Identification
• Analysis
• Evaluation
• Response selection.

Question 18

How is the likelihood of a risk defined?

Answer 18

The chance of something happening

Defined by ISO.

Question 19

What is a business owner in the context of project management?

Answer 19

The business case owner for the project, representing the agency or business unit’s business needs.

Question 20

What are the six levels of maturity in the Australian Government’s Risk Management Capability Maturity Model?

Answer 20

• Fundamental
• Developed
• Systematic
• Integrated
• Advanced
• Optimal.

Question 21

What should be considered when identifying risks?

Answer 21

• Brainstorming
• Interviewing
• Surveying
• Documentation from other projects.

Question 22

What is the general principle regarding quantifiable risk sources?

Answer 22

The more quantifiable a risk source, the better.

Question 23

Why is it important to quantify risk sources early?

Answer 23

The earlier a risk source can be quantified, the better.

Question 24

What should be included when assigning probabilities to risk sources?

Answer 24

Likelihood ranges.

Question 25

What is the three-category scale for likelihood of occurrence?

Answer 25

Unlikely, Likely, Highly Likely.

Question 26

What does the 'Unlikely' category indicate?

Answer 26

Unlikely to occur within the relevant time horizon; <20% likelihood.

Question 27

What does the 'Likely' category indicate?

Answer 27

Can reasonably be expected to occur; 20–75% likelihood.

Question 28

What does the 'Highly Likely' category indicate?

Answer 28

Generally expected to occur; >75% likelihood.

Question 29

What is the five-category scale for likelihood of occurrence?

Answer 29

Rare, Unlikely, Possible, Likely, Almost Certain.

Question 30

What does the 'Rare' category indicate?

Answer 30

Highly unlikely to occur; <10% likelihood.

Question 31

What does the 'Possible' category indicate?

Answer 31

May well occur; 35 - <60% likelihood.

Question 32

What does the 'Almost Certain' category indicate?

Answer 32

Can be expected to occur; 85–100% likelihood.

Question 33

What is the purpose of assessing the likelihood of each risk source?

Answer 33

To achieve greater precision in risk assessment.

Question 34

What should consequence groupings be aligned with?

Answer 34

Specific objectives, the organisation's values and goals.

Question 35

What is an example of a five-category scale for consequences?

Answer 35

Insignificant, Minor, Moderate, Major, Critical.

Question 36

What does the 'Insignificant' consequence category indicate?

Answer 36

Minor impacts on deadlines and budget; no significant clinical impacts.

Question 37

What does the 'Critical' consequence category indicate?

Answer 37

Termination of the project; serious adverse clinical events.

Question 38

What is the purpose of validating risk assessments?

Answer 38

To seek stakeholder feedback and independent review.

Question 39

What does a risk matrix map?

Answer 39

Risk sources in terms of likelihood and consequences.

Question 40

What is an extreme risk combination in a risk matrix?

Answer 40

Almost certain likelihood and critical consequence.

Question 41

What factors influence risk prioritization?

Answer 41

* Assessed risk levels * Organisation's risk tolerance * Immediacy of the risk * Resources available

Question 42

What methods support the articulation of risk criteria?

Answer 42

* Scenario analysis * Trade-off analysis * Positional analysis * Comparative analysis

Question 43

What are the categories for risk treatment?

Answer 43

* Rejected * Acceptable * Significant * Inconsequential * Referred * Monitored * Treated * Escalated

Question 44

What is the main goal of risk treatment strategies?

Answer 44

To deal with prioritised project risks cost-effectively.

Question 45

What does 'Avoiding' a risk entail?

Answer 45

Avoiding the activities that give rise to the risk.

Question 46

What does 'Transferring' a risk involve?

Answer 46

Sharing or outsourcing the risk or insuring against it.

Question 47

What are the common mitigation strategies?

Answer 47

* Avoiding * Accepting * Transferring * Controlling * Terminating

Question 48

What is the role of risk owners in risk treatment?

Answer 48

Developing treatment plans for assigned risks.

Question 49

What is the importance of monitoring and reviewing risks?

Answer 49

To provide ongoing learning and increase risk management maturity.

Question 50

What is the goal of recording and reporting in risk management?

Answer 50

To communicate risk management activities and outcomes across the organization.

Question 51

What are the essential functions of risk evaluation?

Answer 51

* Determine risk priorities * Allocate responsibilities for prioritised risks

Question 52

What is the aim of recording and reporting in risk management?

Answer 52

To communicate risk management activities and outcomes across the organization, provide information for decision-making, improve risk management activities, and assist interaction with stakeholders.

Question 53

What are the responsibilities of executive management in risk management?

Answer 53

Ensure development and awareness of risk management policies, demonstrate leadership and support for policies, and ensure appropriate resources are available.

Question 54

What is the role of the business owner (project sponsor) in risk management?

Answer 54

Ensure appropriate risk management resources are available, encourage stakeholder involvement, express risks in meaningful terms, manage external risks, and monitor risk management.

Question 55

What is the primary responsibility of a project manager in risk management?

Answer 55

Overall management and coordination of risks within the project, including escalation as required.

Question 56

What is the role of risk owners in risk management?

Answer 56

Develop and implement treatment plans for prioritized risks and ensure risk management is measured and reported.

Question 57

What does a risk manager ensure in the context of risk management?

Answer 57

Effective application of risk management processes and capturing learnings to enhance the organization’s risk management maturity.

Question 58

What responsibilities do all other stakeholders have in risk management?

Answer 58

Notify perceived risks and collaborate in developing, implementing, and monitoring risk management and treatment plans.

Question 59

True or False: The responsibilities in risk management should be vaguely articulated.

Answer 59

False

Question 60

What factors contribute to effective risk management?

Answer 60

* Strong commitment from the CEO * Open communication and collaboration * Effective policies and procedures * Risk ownership at motivated levels * Continuity in risk management processes * Appropriate resourcing

Question 61

Fill in the blank: Risk management is a continuous and _______ process.

Answer 61

[iterative]

Question 62

What must not disrupt project risk management according to effective practices?

Answer 62

Changes in staff, such as risk owners.