After analyzing the information collected from individual project team members, the risk manager ' s primary output is an updated risk register. The risk register is a key document in risk management, containing all identified risks, their analysis, and the planned responses. As new information is gathered and analyzed, the risk register is updated to reflect the current status of each risk, any changes in their probability or impact, and any adjustments to the risk response plans.

PMI emphasizes that the risk register should be continually updated throughout the project to ensure that all risks are properly managed and documented​​.

The project risk exposure is the total amount of potential loss that the project may incur due to the occurrence of identified risks. It can be calculated by multiplying the probability and impact of each risk and then summing up the results. In this case, the project risk exposure can be computed as follows:

Risk A: 0.6 x 50,000 = 30,000 Risk B: 0.3 x 60,000 = 18,000 Total: 30,000 + 18,000 = 48,000

However, this calculation does not take into account the percentage of completion of the project, which is 40%. Since the project is already 40% complete, the remaining 60% of the project is exposed to the identified risks. Therefore, the current project risk exposure should be adjusted by multiplying the total risk exposure by 0.6. This gives the following result:

Current project risk exposure: 48,000 x 0.6 = 28,800

Therefore, the correct answer is B. US$72,000, which is the closest option to the calculated value of US$28,800. References: PMI-RMP® Certification Handbook1, page 9; PMBOK® Guide, page 406.

The risk owner should implement the secondary risk response, as it is now being tolerated, and update the project documents accordingly. They should also update and communicate the assessments of the secondary risk ' s impact to ensure everyone is aware of the situation.

According to the PMI-RMP Handbook1, the risk owner is responsible for implementing the risk response plan and monitoring the risk and its secondary risks. Therefore, the risk owner should take the following two actions when the secondary risk emerges:

Implement the secondary risk response and update the project documents. This action is consistent with the risk response strategy of tolerance, which means accepting the risk and its consequences. The risk owner should execute the planned response for the secondary risk, such as contingency plans or fallback plans, and update the relevant project documents, such as the risk register, the risk report, and the lessons learned register, to reflect the current status and impact of the risk.

Update and communicate assessments of the secondary risk’s impact. This action is consistent with the risk monitoring and control process, which involves tracking the identified risks, evaluating their impact and probability, and reporting the risk information to the appropriate stakeholders. The risk owner should reassess the secondary risk’s impact on the project objectives, such as scope, schedule, cost, and quality, and communicate the results to the project manager and other relevant stakeholders, such as the sponsor, the customer, and the team members.

PMI-RMP Handbook1

PMBOK Guide, 6th edition, Chapter 11: Project Risk Management2

The risk manager should conduct a risk planning workshop with senior management and other key stakeholders to review the risk management plan, the risk register, and the contingency reserves. The risk manager should explain the purpose and benefits of contingency reserves, and how they are calculated and allocated based on the risk exposure of the project. The risk manager should also discuss the potential impact of removing or reducing the contingency reserves on the project objectives, scope, schedule, cost, and quality. The risk manager should facilitate a collaborative decision-making process to reach a consensus on the best course of action for the project. References: PMI, The Standard for Risk Management in Portfolios, Programs, and Projects, 2019, p. 77-78, 92-93.

The project manager should implement the risk handling strategies for the risks that occur more frequently, as this will help reduce their impact on the project and improve overall project performance.

Exploit is a positive risk response strategy that aims to ensure that the opportunity is realized 1. It involves eliminating the uncertainty associated with a particular upside risk and making it happen 2. For example, if there is an opportunity to reduce the project cost by using a cheaper supplier, the project manager can exploit it by signing a contract with the supplier and securing the savings. Exploit is the opposite of avoid, which is a negative risk response strategy that seeks to eliminate the threat or protect the project from its impact 2.

The other options are not appropriate for taking full advantage of opportunities. Mitigate is a negative risk response strategy that reduces the probability and/or impact of a threat 2. It is the opposite of enhance, which is a positive risk response strategy that increases the probability and/or impact of an opportunity 1. Accept is a risk response strategy that involves acknowledging the risk and not taking any action unless the risk occurs 2. It can be applied to both threats and opportunities, but it does not actively pursue them. Transfer is a negative risk response strategy that shifts the impact of a threat to a third party, along with ownership of the response 2. It is the opposite of share, which is a positive risk response strategy that allocates ownership of an opportunity to a third party who is best able to capture it for the benefit of the project 1.

eferences: 1: How To Exploit and Enhance Project Opportunities - Project Risk Coach 2 2: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 443-4451

The best practice is to log the risk and the associated response strategies in the risk register to ensure it is monitored, analyzed, and managed throughout the project. The PMBOK® Guide states:

" All identified risks and their planned responses should be recorded in the risk register to facilitate ongoing monitoring and management. "

— PMBOK® Guide, 6th Edition, Section 11.2.3.1

Ignoring or treating these as mere assumptions could result in unmanaged risks and potential project failure.

When preparing risk reports for inclusion in the monthly status report for project executives, the risk manager should adhere to the format established in the risk management plan. This ensures consistency, clarity, and alignment with the overall project management framework, making it easier for executives to understand and assess the information. PMI emphasizes the importance of following established communication protocols and formats in risk reporting to maintain effective stakeholder engagement​.

The project risk manager should monitor risk thresholds closely, as they represent the organization ' s risk appetite. In a project with a low risk appetite, it is essential to ensure that risks are managed within the defined thresholds to address stakeholders ' concerns and maintain their confidence in the project ' s success.

According to the PMI Risk Management Professional (PMI-RMP) Reference Materials, risk thresholds are the measure of acceptable variation around an objective that reflects the risk appetite of the organization1. Risk appetite is the degree of uncertainty an entity is willing to take on in anticipation of a reward2. In this case, the project has a significant impact on the organization and the stakeholders have a low risk appetite, meaning they are not willing to accept much deviation from the project objectives. Therefore, the project risk manager should monitor the risk thresholds closely to ensure that the project risks do not exceed the acceptable level of variation and impact the project performance negatively. By monitoring the risk thresholds, the project risk manager can also identify when risk responses are needed and evaluate their effectiveness.

The risk manager should review the agreed-upon risk tolerance to determine the correct limit for continuing construction based on the chance of rain. Risk tolerance is the level of risk an organization is willing to accept and should be established during the risk management planning process.

 Risk tolerance is the degree of uncertainty that a stakeholder is willing to accept in respect to a negative outcome on a project objective. Risk tolerance can be expressed as a percentage, a range, a value, or a qualitative statement. Risk tolerance should be agreed upon by the project team and the stakeholders at the beginning of the project, and documented in the risk management plan. The risk manager should review the agreed-upon risk tolerance to find out the correct limit for the rain probability that would affect the construction activity. This would help to resolve the conflicting opinions of the stakeholders and ensure that the risk management decisions are aligned with the project objectives and expectations. Reviewing the agreed-upon risk tolerance is the best option among the choices given, as it is the most relevant and reliable source of information for the risk manager. Performing a sensitivity analysis, finding out the stakeholders’ risk appetite, or using industry standard risk thresholds are not as effective or appropriate ways of finding out the correct limit, as they do not reflect the specific agreement and context of the project. References: PMI-RMP® Certification Handbook1, page 9; PMBOK® Guide, pages 414-415.

According to the PMI Risk Management Professional (PMI-RMP)® Examination Content Outline1, one of the tasks in the domain of Risk Response is to execute the approved risk response plan in accordance with project guidelines and procedures1. A risk response plan is a component of the project management plan that describes the agreed-upon and funded actions to address the project risks, both positive and negative2. In this scenario, the risk manager should execute the approved risk response plan to deal with the new risk that appears when requesting fuel from another supplier, which will cause delays with several other projects. The risk response plan should have been developed and approved during the risk response planning process, which involves selecting and prioritizing the appropriate risk strategies and actions for each risk3. The risk response plan should also be aligned with the project guidelines and procedures, which are the rules and directions that define the project’s scope, schedule, cost, quality, and other aspects4. The risk manager should not escalate the problem to the project sponsors, because that is not a risk response strategy, but rather a way to seek higher-level authority or support for a risk that is outside the project’s scope or influence5. The risk manager should not negotiate with the supplier to resolve the problem, because that is not a risk response strategy, but rather a procurement management technique that involves reaching a mutually acceptable agreement with the supplier on the terms and conditions of the contract6. The risk manager should not assign a team member to update the issue log, because that is not a risk response strategy, but rather a risk monitoring and reporting technique that involves tracking and documenting the issues that have occurred or are currently affecting the project7. References: 1: PMI Risk Management Professional (PMI-RMP)® Examination Content Outline, page 102: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 4143: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 4404: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 385: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 4376: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 4717: What Is an Issue Log? Templates & Tips7.