The Risk Management Plan (RMP)
Date: Jul 3, 2023
In this sample chapter from Risk Management Professional (PMI-RMP)® Cert Guide, you will learn the structure and elements of a risk management plan, as well as the project manager's (or risk manager's) roles in developing the RMP.
This chapter covers the following topics:
The Three R’s: RAM, RACI, and RBS
Risk Responsibility and Accountability
Risk Communication Documentation
Risk Education and Training
As any project begins, the risk management plan (RMP) should begin at the same time. The RMP is one of the first documents that a project or risk manager generates, and it covers a wealth of information about how the project should be managed from a risk perspective. A common misunderstanding about the RMP is that the document lists all the project risks. It does not. It should not list any of them, except for reference purposes. Its role in the process is to affirm how risk will be managed and what the risk norms of the enterprise are.
As discussed in Chapter 4, “Strategic Risk,” the RMP echoes organizational risk strategy and is approved by the project sponsor. It documents enterprise and stakeholder tolerances, as well as their associated thresholds (and in some cases, triggers). The RMP serves primarily from the macro view of the project, although some micro issues might also be addressed. For example, the structure of risk statements and how risks will be tracked and reported will be incorporated in the RMP (whereas the actual, individual risk statements will not).
In many organizations, there is a standard template for their RMPs, often owned by the project management office (PMO). Although each RMP will be unique to the project, the layout of that document should be consistent with other RMPs for other projects. Informational elements that need to be included reflect organizational culture and strategy. If the organization is sufficiently risk-mature, there could be an enterprise risk management office, which would ultimately own the risk management plan template.
This chapter examines the structure and elements of a risk management plan. It also addresses the project manager’s (or risk manager’s) roles in developing the document.
During the life of the project, some of these considerations may evolve. It is incumbent on the effective risk manager to document and communicate any such evolution to the relevant stakeholders.
This chapter addresses the following objectives from the PMI-RMP® Exam Content Outline:
Domain |
Task # |
Exam Objective |
Risk Strategy and Planning |
Task 5 |
Document the Risk Management Plan |
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 5-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.”
Table 5-1 “Do I Know This Already?” Section-to-Question Mapping
Foundation Topics Section |
Questions |
The Three R’s: RAM, RACI, and RBS |
1, 2 |
Risk Responsibility and Accountability |
1, 2 |
Risk Communication Documentation |
3, 4, 5 |
Risk Education and Training |
6, 7 |
1. Stakeholders play a significant role in all steps of the risk process, whether they are employees of the organization or not. How will your risk management plan ensure that engagement happens?
Assign specific roles to specific individuals to make sure they understand their participation and their deliverables.
Assign specific risks to specific individuals to make sure they understand their participation and their deliverables.
Spell out the risk processes that involve both inside and outside parties and encourage them to select processes germane to their roles.
Spell out the risks that involve both inside and outside parties and encourage them to select processes germane to their roles.
Create a RACI chart for the internal personnel and a RAM for all stakeholders, and distribute them widely.
2. What’s wrong with the RACI chart displayed in the table that follows?
Process |
Responsible |
Accountable |
Consult |
Inform |
Data Capture |
Chris |
Miguel |
Carl |
Janine |
Archiving |
Chris, Janine |
Laura |
Carl |
Miko |
Lexicon Maintenance |
Chris, Carl |
Laura, Carl |
Miko |
Janine |
RMP Review and Update |
Chris |
Martin |
Miko |
Evelyn |
Chris cannot be responsible for more than one process.
Accountability can be assigned to only one person per process.
Carl cannot be both responsible and accountable for the same process.
Laura cannot be accountable for more than one process.
Miko cannot have both consulting and informing roles.
3. The risk management plan integrates with the rest of the project plans. How?
The risk management plan leverages information from the other management plans to create a master list of process areas and their risks.
As multiple stakeholders are involved in developing the RMP, natural integration occurs through their experiences with different aspects of the project.
The risk management plan is one of a number of management plans that combine to form the project management plan.
All the other plans draw on the risk management plan to inform their processes.
The risk management plan is overarching and thus integrates naturally with the other management plans.
4. You always conduct a SWOT analysis to better understand your project environment from a risk perspective. This process will manifest itself in the risk management plan. How?
The details of the strengths, weaknesses of the project and the opportunities and threats of the organization will be spelled out in the RMP.
The strengths, weaknesses, opportunities, and threats of the project will be spelled out in the RMP.
The strengths, weaknesses, opportunities, and threats of the organization will be spelled out in the RMP.
The format for the SWOT and the appropriate application thereof will be spelled out in the RMP.
The strengths and weaknesses of the organization and the opportunities and threats of the project will be spelled out in the RMP.
5. Several paragraphs in your risk management plan explain the risk sources that will be used for your risk breakdown structure. These are sources that are used consistently across the enterprise to build out RBSs. As you evaluate them, you come to the realization that _____.
This is an important inclusion because the RMP is about the structure of risk processes and how they’re done.
This is an important inclusion because the RMP needs to incorporate detail on risk sources.
This is an important inclusion because the RMP needs to incorporate them to fill out the RBS.
This is wrong because the RMP needs to be project specific, rather than reflecting the rest of the enterprise.
This is wrong because the RMP needs to address specific risks.
6. For your project, who’s responsible for ensuring that proper risk management training is conducted for the proper stakeholders?
The project/risk manager is responsible and accountable on all projects.
The project management office (PMO) is responsible and accountable across projects.
The project management office (PMO) with guidance from the project/risk manager is responsible for ensuring that proper risk management training is conducted for the proper stakeholders.
The project/risk manager, with guidance from the project management office (PMO), is responsible for ensuring that proper risk management training is conducted for the proper stakeholders.
Human Resources.
7. When it comes to the risk management plan (RMP), you wonder whether some of the descriptions of tolerances and triggers might upset some team members. You fear that the lexicon incorporated in the document might become a point of contention, thanks to the ambiguity of some of the terms. Your best solution to this problem would be to do which of the following?
Rewrite the lexicon in plain language.
Have the team rewrite the lexicon in plain language.
Leave the lexicon consistent with the rest of the organization and know that the stakeholders will figure it out over time.
Rewrite the lexicon in plain language, knowing that the stakeholders will then be able to figure it out.
Leave the lexicon consistent with the rest of the organization and host training sessions that incorporate the terms generously.
Foundation Topics
The Three R’s: RAM, RACI, and RBS
The risk management plan is rooted in the notion of providing management guidance. It is less about what work is being performed and more about how processes are ultimately going to be managed. Roles and responsibilities for these processes need to be clearly delineated. The clearer the understanding of what roles need to be filled, the easier it will be to minimize bias within the process. Bias often asserts itself when roles are established ad hoc and when consistency doesn’t exist across RMP approaches.
Consistency is much easier to achieve when the same documents exist within an enterprise to identify the roles essential to carrying out risk management planning. Key among those documents are
The responsibility assignment matrix
The responsibility/accountability/consultation/information grid
The risk breakdown structure
Responsibility Assignment Matrix (RAM)
The responsibility assignment matrix (RAM) in risk management is a simple list of the risk processes to be implemented and the roles (or individuals) responsible for carrying them out. Ideally, to make the RAM function more effectively, the responsibilities are assigned by role, rather than individual names. Although individuals will fill those roles, the use of the role affords the project the ability to absorb team member loss or organizational shifts more readily.
One of the major advantages of the RAM is its simplicity. It doesn’t require extensive education to understand or interpret what the chart means. Table 5-2 provides an example of a simple RAM.
Table 5-2 Risk Management Plan Responsibility Assignment Matrix
Process |
Martine |
Executive Sponsor |
Project Manager |
Product Owner |
Data Capture |
X |
|
|
|
Archiving |
X |
|
||
Lexicon Maintenance |
X |
|
|
|
Escalation Protocol |
|
X |
|
|
To apply the RAM, one needs to go no further than to identify the process and look for the “X.” Note that the only named individual in the sample chart is Martine. If something should happen to Martine, this document will have to be updated. For the other processes, if there are organizational shifts, the roles become all important, rather than named individuals. When an individual is critical to the process, the individual should be named.
For a risk manager, this document facilitates the assignment of process owners, making it easier to track down responsible parties and get their help in serving those process steps.
RACI (Responsible Accountable Consult Inform) Chart
The RACI chart in risk management is an expansion of the traditional (simpler) RAM. For most managers, the RACI is better known by its acronym than the words the acronym represents. In an exam where most of the acronyms have been abolished, RACI remains. The major difference between a RAM and a RACI is that the RACI has additional information regarding the other participants in any risk process. In addition to responsibility (as found in a RAM), this chart also identifies three other factors. The four factors found in a RACI each have a distinct meaning:
Responsibility: The role or person who will actually perform the process step
Accountability: The role or person who will be held liable for the success or failure of the process step
Consult: The role or person who might be able to provide supplemental information about the nuances of implementing the process step
Inform: The role or person who should be apprised of the progress or status of the process step
As with the RAM, it doesn’t require extensive education to understand or interpret what the chart means. Table 5-3 provides an example of a simple RACI chart.
Table 5-3 Risk Management Plan RACI Chart
Process |
Martine |
Executive Sponsor |
Project Manager |
Product Owner |
Data Capture |
R |
C |
A |
I |
Archiving |
C |
I |
R, A |
I |
Lexicon Maintenance |
R, A |
|
C, I |
I |
Escalation Protocol |
|
R, A |
|
C, I |
To apply the RACI, it’s important to understand that no process step can have more than one accountable individual. Although there might be several roles working on a process, and even more who need to be informed, only one person or role can ultimately be accountable for the work.
The Risk Breakdown Structure
The name of the risk breakdown structure (RBS) is most appropriate when discussing it in the context of the risk management plan. That’s because it’s a structure. It’s a framework into which risks will ultimately be incorporated. It is not the risks themselves, but instead is the decomposition of the source of risks as they are identified or about to be identified.
The sources of risks for an RBS may be generic (like the prompt list PESTLE) or enterprise specific. They can go down several levels through decomposition. The risk management plan documents this structure, because it might be applied and reapplied multiple times throughout the life of a project.
In its lowest levels, the RBS can highlight some of the most pervasive risks faced by an organization, and the set of sources at those low levels can ultimately become the foundation for risk process checklists.
If the organization seeks to maintain consistency, ownership of the RBS might rest with the project management office, at least at the higher levels of the structure. At the more detailed levels, more project-specific risk sources might surface. Table 5-4 provides an example of a simple RBS.
Table 5-4 Risk Management Plan Risk Breakdown Structure
Risk Breakdown Structure Level 0 |
Risk Breakdown Structure Level 1 |
Risk Breakdown Structure Level 2 |
All Project Risk Sources |
Politics |
National political movements |
Community political movements |
||
Internal enterprise politics |
||
Economics |
Market growth |
|
Inflation |
||
Taxation/tariffs |
||
Social |
Media narratives |
|
Social media presence |
||
Community perceptions |
||
Technological |
New tech |
|
Obsolescence |
||
Technological acceptance |
||
Legal |
Lobbying |
|
Lawsuits |
||
Liability |
||
Environmental |
Earth-based |
|
Regional environment |
Risk Responsibility and Accountability
The distinction between these two terms was discussed earlier in this chapter. But they merit an extended discussion because it’s easy to misinterpret a question about responsibility as being about accountability, and vice versa. As project managers, we need to know that our stakeholders are also aware of the distinction, because, in many cases, they are the parties whom we try to hold accountable for carrying out the risk processes.
Risk Responsibility in the Risk Management Plan
The term “risk responsibility” should be pervasive in the RMP. In using it, the project manager is defining the level of effort required to carry out a particular process. The person who will take on that effort should have some clarity on what their work is going to entail. Writing up a responsibility assignment for building the risk lexicon may involve more responsibility than some might consider. Take a look at the responsibilities associated with this process in Table 5-5.
Table 5-5 Risk Management Plan Responsibility Description
Process |
Task Responsibilities |
Lexicon Development |
Attend project meetings and capture risk commentary. Document terms used and definitions thereof. Validate new terms with project office or project manager. Share information with project stakeholders. Share information with project office for enterprise lexicon. |
Lexicon Maintenance |
Review entire lexicon on a timely basis (e.g., quarterly, semiannually). Update terms only as appropriate. Document updates and definitions thereof. Share information with project stakeholders. Share information with project office for enterprise lexicon. |
Again, as with most aspects of the risk management plan, it’s easy to see how this information could be applied in multiple projects and that it provides clarity and minimizes misunderstanding about the nature of being responsible for a given subset of risk management.
Risk Accountability in the Risk Management Plan
The term risk accountability will be far less pervasive than “responsibility” in the RMP.
Accountability is defined as being held liable for the implementation and/or outcomes of a risk approach. Someone who is accountable can be held to blame if anything goes wrong, and, on the other hand, is the individual who should ultimately receive the credit when the risk process functions as designed.
In many instances, the person who is accountable is also the person responsible for a given risk or risk approach.
If the project was to create a documentary, the documentarian who developed the concept, the approach, and the idea is likely the accountable individual. The editors, sound/audio staff, and production personnel are responsible for realization of the idea. For a simple YouTube documentary, all the roles can potentially fall to a single person.
Risk Communication Documentation
Risk management is effective only when the information derived from it is shared liberally across an enterprise. The documentation that supports risk management is extensive, including charts already shared in this text, such as the responsibility assignment matrix, the RACI chart, the risk breakdown structure, and the organizational risk lexicon. Each of these documents provides a layer of depth that others do not. Each document highlights a different aspect of the risk process, encouraging a deeper understanding of the risks, their sources, and their nature.
The single most significant document related to identifying and managing individual risks is the risk register, discussed in depth in Chapter 7, “Practical, Team-Based Risk Identification.” Although the approach to completing a risk register is discussed there, the framework for what it should include is incorporated in the risk management plan. As a component of the risk archive, the framework was examined in some depth in Chapter 1, “The Risk Structure.”
The key to any communication is clarity. The risk manager is responsible for clarifying terms, phrases, and frameworks that are intended to convey the risk message.
For every piece of risk communication, there are critical elements. They include
The author
The timing for the original communication and any reviews/updates
The recipients
The communications modes
There are also distinctions in the nature of the content of the communication. PMI® makes that distinction in the forms of data, information, and reports.
Data are raw facts, with no processing whatsoever. As such, it is the least biased of the content areas. When the term is used, it suggests that no analysis has taken place and no interpretation has transpired.
Information is data that has been processed in some way, shape, or form. Categories might have been created or data affinities (natural groupings) might be applied. Although the bias in information is limited, the simple act of sorting can be done under the umbrella of a particular perspective. As such, information is more interpretive and can afford greater depth.
Reports represent information in a formalized package. Reports create a frame around the information and can readily be skewed to afford the information a specific perspective. This is where bias is most significant in communications.
The Author
All communications have a degree of bias. As soon as data are processed into information, the processor’s bias comes into play. If that author catalogs all information according to risk sources (as in the risk breakdown structure), then there’s a bias to examine risk sources. If the author catalogs all information according to geographical region, a geographical bias can exist. The author thus becomes the arbiter of bias, even when such bias is unintended.
The author is important to the process because this individual also serves as a kind of personal archive. Many are the instances where risk information seekers will turn to the original authors of the risks or the responses to determine assumptions and intent.
For many aspects of the risk process, a single bit of data could have multiple authors. When that’s the case, all authors should be given credit for their role in the process. The varied assumptions and intent may reflect that a single risk is actually multiple risks drawn from a single data point.
The Timing
Communications timing can refer to when the information was originally documented or when the information needs to be refreshed or reviewed. By way of example, the book Bartlett’s Familiar Quotations was originally published in 1855. Since then, there have been 17 subsequent editions. The 14th edition, published in 1968, has eight quotes from the Reverend Dr. Martin Luther King, Jr. In the next edition, the count goes to 12 quotes. The quotes were not newer. They reflect the timing of the information capture and Dr. King’s perceived importance. Timing matters. Post-9/11 risk lists will not look the same as any captured in the twentieth century. Post-COVID risk lists will incorporate risks not seriously considered in the 2010s. The timing of risk information becomes very important.
By acknowledging the shifting tides of information, and documenting when those tides might shift again, the risk manager has a much richer data set with which to work.
The Recipients
In a sender–receiver communications model, there are filters on both ends of the model. The sender filters information through language, gesture, and tone. The receiver does likewise. If the recipients and their filters are not considered during information gathering or information dissemination, the true intent of the messaging could be lost. If one identifies a driving risk as “The bonnet might come loose, flying off at high speeds,” a failure to acknowledge the recipients and their culture can lead to broad miscommunication. In the States, for example, that risk might be seen as the loss of a woman’s hat. In the UK, it would be a reference to the hood over an engine. The recipients are a vital element of the communication, and their geography, social status, and culture will all play into an understanding of the message at hand.
Communications Modes
The clearest communications occur face to face. Per communications theorist Albert Mehrabian, that’s the setting where it’s possible to get 100% of the communication across. Take away any aspect of the communication, and some of the messaging will be lost. Mehrabian argues that only 7% of the likeability of any communication is conveyed by the words alone. A phrase such as, “Sure, I believe that,” can be said in serious or sarcastic tone. But as written, it’s impossible to discern intent. Thus, risk information sharing is most clear when we have the opportunity to go beyond the simple written word.
Mehrabian continues that another 38% of the likeability of messaging is conveyed through vocal inflection and tone. A telephone call may not be the ideal means of sharing risk information, but it’s definitely a major improvement over an email.
As for face to face? That’s the remaining 55%. This is a major consideration associated directly with those in the Agile environment (which PMI is heavily invested in). A cornerstone of Agile management practices is an event called a daily Scrum. The daily Scrum is a brief, heavily structured meeting held each morning with all team members physically present. The meeting is short. Each team member is asked the same three questions at every meeting:
What did you do yesterday?
What will you be doing today?
What’s standing in your way?
This structured data-gathering is crucial not only to Agile management but to risk management within Agile. The third question regarding potential impediments is a clear risk question. In many cases, this is a future-looking question, rather than a question about present states. As such, that means the question will often capture risks identified since the previous day.
Although PMI does not expect you to be able to identify Mehrabian or his theories, they do anticipate you will embrace the thinking behind his theories. You are also expected to know the three questions of Agile management Scrum meetings and which of the three most closely aligns with risk management practice.
For any questions in this area, understanding Mehrabian’s theories should suffice in coming up with answers. Recognizing that pure words are limited in their ability to share insights is important. Seeing body language and other paralinguals provides the richest communications experience.
One other aspect of communications matters here. Because of the fluid nature of risk management, consistency in documentation practice is vital. The forms and formats discussed earlier in this chapter grant the project manager latitude to focus on the risk practice rather than the library sciences.
Risk Education and Training
The risk management plan will be used as a foundation for much of the risk education and training for the project team. It also serves as the guide, detailing the nature of the education and training and the desired outcomes. Risk training (like all project management training) should be outcome based. The idea is for every training experience to create new behaviors and to support the tools that enable those behaviors. There should be measures or metrics to evaluate how well the new behaviors have been trained.
The risk education methods are delineated in the risk management plan so that all stakeholders understand how knowledge will be transferred. Such methods may include classroom and virtual, on-the-job training or theoretical, and real-time or scheduled.
As discussed in Chapter 2, “Risk Environment and Culture,” most knowledge transfer will involve explicit knowledge (knowledge that can be expressed in a step-by-step fashion to be applied consistently). Tacit knowledge transfer (knowledge transfer driven by a personal understanding) is much harder to generate consistently and through traditional training methods.
Different stakeholders will require different levels of risk education, based on their level of understanding and their degree of involvement in the project. The risk management plan should clarify which stakeholders will receive which training. For the most part, it’s a function of their level of project involvement. Consider the training requirements of the different echelons or stakeholder groups within a project:
Senior management: Risk training for senior management involves sharing information regarding escalation protocols. It also involves affirming that the identified organizational tolerances, thresholds, and triggers represent management’s interests. Although management might be interested in some of the task-level risks, that’s not where their time will be invested. Instead, the focus is on risks that might require some level of management intervention or that might draw excessive management attention. (Concepts like “excessive” management attention are also addressed here, ensuring a common understanding of such adjectives).
Team members/Task performers: For team members and task performers, risk education and training focuses on information sharing and common understanding of terms. Terms from the risk lexicon (such as high, medium, and low risk) are clarified for these individuals so that they can carry on the risk conversation in team meetings and with their peers. The education also apprises these people as to the relative levels and priorities of risk, as well as how to share risk information when it comes to their attention. They learn that risk statements are not just one- or two-word risk areas (e.g., weather, resources), but instead are stated as full sentences indicating the nature of the risk and the impact it might cause should it come to pass. Whereas senior management risk training might be a one-time experience, team member risk training is ongoing. The frequency and duration of that training will be expressed in the RMP, as well.
Vendors: First and foremost, vendors need to know that they have a role in a project’s risk management. Because they understand their deliverables better than anyone else, they have a clearer understanding of any risks associated with those deliverables. The training is not an opportunity for them to abrogate responsibility for their risks, but it is an opportunity for them to see the relative scale of the risks their deliverables create within the context of the project.
Another value of the training is for vendors to better understand how risks affect other stakeholders with whom they’ll be working.
Customer stakeholders: Customers actually have the best project risk information at their disposal. Because most of them own the project outcomes, they understand the challenges and the opportunities associated with working in their environment. The educational setting opens the door to define and refine which parties own which aspects of the relationship. It also ensures a common language across the various parties.
Other/peripheral stakeholders: As with the customer, much of the education for other stakeholders will center around the language of risk on the project. It will also hinge on the risk priorities, tolerances, and thresholds. Some peripheral stakeholders (local civic activists, for example) might need to know that they are responsible for identifying their own tolerances and for expressing those tolerances to the project owners. The art of such information sharing can be one of the many goals of a risk education experience.
For all the potential training participants, the goals are largely the same. They need to be taught to understand the process of risk information sharing. They need to be educated on the forms and formats for sharing that data. They need to learn the risk language. And they need to know their role and the value of that role in the process as a whole.
Exam Preparation Tasks
One key to doing well on the exams is to perform repetitive spaced review sessions. Review this chapter’s material using either the tools in the book or interactive tools for the same material found on the book’s companion website. Refer to Appendix C, “Study Planner,” online for more details. Table 5-6 outlines the key review elements and where you can find them. To better track your study progress, record when you completed these activities in the second column.
Table 5-6 Chapter Review Tracking
Review Element |
Review Date(s) |
Resource Used |
Review Key Topics |
|
Book, Website |
Review Key Terms |
|
Book, Website |
Answer DIKTA Questions |
|
Book |
Review Practice Questions |
|
Book, Website |
Rewrite/Document Chapter Headings |
|
Book |
Review All the Key Topics
Review the most important topics in this chapter, noted with the Key Topic icon in the margin of the page. Table 5-7 lists the key topics and the page numbers on which each is found.
Table 5-7 Key Topics for Chapter 5
Key Topic Element |
Description |
Page Number |
List |
Three essential tools to apply in managing project risk |
72 |
Section |
Responsibility Assignment Matrix (RAM) |
72 |
Section |
RACI (Responsible Accountable Consult Inform) Chart |
73 |
Section |
The Risk Breakdown Structure |
74 |
Section |
Risk Responsibility in the Risk Management Plan |
75 |
Section |
Risk Communication Documentation |
77 |
List |
When working with risk information and communication, it’s important to distinguish among data, information, and reports |
77 |
Section |
Risk Education and Training |
80 |
Key Terms You Should Know
Define the following key terms from this chapter and check your answers in the glossary:
responsibility assignment matrix (RAM)
RACI chart
risk breakdown structure (RBS)
risk responsibility
risk accountability
risk register
data
information
reports
daily Scrum
explicit knowledge
tacit knowledge
Review Questions
1. Your project is being conducted using an Agile methodology. Specifically, you’re applying the Scrum method. Some of the best risk information in this environment will come from what source?
The customer, who understands the most about their environment
The team members, during regular weekly meetings and updates
You, with project oversight
The team members, during brief daily meetings
Your management, during weekly meetings and updates
2. In a RACI chart, two of your team members are marked as “A.”
That means there are two parties who will be accountable.
That means there are two parties who will be advised on the state of the project.
That means there are two team members sharing responsibility for the risk and/or its response.
That means two team members will consult on the risk and/or its response.
That means someone made a mistake, because you can have only one person accountable for a risk and/or its response.
3. A risk breakdown structure (RBS) is a breakdown of what information?
It’s a breakdown of risk responses, according to their owners.
It’s a breakdown of risks, according to their sources.
It’s a breakdown of risk processes, according to their owners.
It’s a breakdown of risks, according to the work with which they’re associated.
The name is technically a misnomer because it really doesn’t break down anything.
4. Which of the following statements regarding data, information, and reports is true?
Data, information, and reports are three names for the same thing.
Data have the most inherent bias, whereas reports have the least.
Reports have the most inherent bias, whereas data has the least.
Data are filtered.
Information is unfiltered.
5. You and your project team want to have the best possible risk communication. This will likely happen using which of the following communications modes?
Face-to-face meetings
Virtual meetings
Teleconferences
Email
Risk registers
6. Which is the most important risk question in a Scrum setting?
What are you doing today?
What’s going wrong on your tasks?
What did you do yesterday?
Who is managing your risk?
What’s standing in your way?