PMI-RMP® Cheatsheet — Formulas, Tables, Checklists & Decision Patterns

High-yield PMI-RMP® review: risk strategy and thresholds, identification techniques, qualitative and quantitative analysis, response strategies, monitoring metrics, and a practical risk glossary.

On this page

Use this as your last-mile PMI-RMP® review. Pair it with the Syllabus for coverage and Practice for speed.

For exam format and official policy details, see Overview.

Risk management in one picture (decisions, not paperwork)

    flowchart TD
	  A["Clarify appetite + thresholds"] --> B["Identify threats + opportunities"]
	  B --> C["Analyze (qualitative → quantitative when needed)"]
	  C --> D["Choose responses + assign owners"]
	  D --> E["Monitor triggers + metrics"]
	  E --> F["Update artifacts + close/transition"]
	  F --> B

If you can state these three items from any question stem, you’re usually close to the best answer:

Threshold: what level triggers escalation or action?
Exposure: how big is it (probability/impact), and what evidence supports that?
Next decision: what action reduces exposure or increases value fastest?

Core definitions (fast)

Term	Meaning (exam-useful)
Risk	uncertain event/condition that affects objectives
Issue	current problem; not uncertain
Trigger	observable early warning that a risk is materializing
Residual risk	risk remaining after response
Secondary risk	new risk created by a response
Risk appetite	how much risk the org is willing to take
Risk threshold	measurable tripwire that triggers decision/escalation

Appetite → tolerance → thresholds (keep them distinct)

Layer	What it is	Example
Appetite	“how bold are we?”	“We accept moderate schedule risk for speed.”
Tolerance	“how much variance is acceptable?”	“Up to 10% cost variance without escalation.”
Threshold	“what measurable trigger forces action?”	“If CPI < 0.95 for 2 periods, escalate.”

Best-answer pattern: when thresholds are unclear, define them first—otherwise analysis won’t change decisions.

Identification (what to pick when)

Technique	Use when	Output quality depends on
Workshop	cross-functional risk discovery	facilitation + coverage via RBS
Interviews	deep expertise, sensitive risks	prep + probing + synthesis
Checklists	fast baseline	quality of source + tailoring
SWOT/PESTLE	external context	correct scope and drivers
Assumption/constraint analysis	“hidden landmines”	clarity + challenge culture

Good risk statement format: cause → event → impact.

Qualitative analysis (probability × impact, done right)

Exposure scoring (concept)

\[ \text{Risk Exposure} = P \times I \]

Where (P\) is probability and (I\) is impact (cost, schedule, quality, value, compliance).

Rules

Calibrate definitions of (P\) and (I\) up front (avoid “high means scary”).
Include urgency/proximity when deciding what to act on first.
If data is too weak for numbers, use ordinal ranking but keep rationale explicit.

Quantitative analysis (what you must be able to interpret)

Expected Monetary Value (EMV)

\[ \text{EMV} = \sum_{i=1}^{n} p_i \times I_i \]

Use EMV to compare options and estimate contingency reserve needs.
EMV is not certainty; it’s an expected value given assumptions.

Decision trees (concept)

Multiply outcomes by probabilities along branches.
Compare expected values of decisions, then sanity-check against constraints (compliance, deadlines).

Monte Carlo simulation (concept)

Output is a distribution (not a single answer).
Typical exam interpretation:
- “P80 date” = a date you have ~80% confidence of meeting.
- Wider spread = higher uncertainty; reduce uncertainty with better inputs or risk responses.

Sensitivity analysis (concept)

Identifies the variables that drive results the most (often shown as a tornado chart).
Use it to pick where mitigation buys the most risk reduction.

Response strategies (threats vs opportunities)

For threats	Intent	For opportunities	Intent
Avoid	remove the risk entirely	Exploit	make sure it happens
Mitigate	reduce (P\) and/or (I\)	Enhance	increase (P\) and/or (I\)
Transfer	shift ownership to 3rd party	Share	partner to increase upside
Accept	do nothing beyond monitoring	Accept	take the upside if it occurs

Response quality checklist

time-bound actions
clear owner (not “the team”)
measurable success criteria
secondary/residual risks identified

Reserves (concept table)

Reserve	Covers	Controlled by
Contingency reserve	known-unknowns (identified risks)	project/team governance
Management reserve	unknown-unknowns	organizational management

Monitoring (make it actionable)

What to track

triggers and thresholds (tripwires)
exposure trend (up/down)
response effectiveness (did it change (P\) or (I\)?)
residual and secondary risks

Reporting sanity checks

Every metric should connect to a decision (escalate, re-plan, fund response, stop).
Prefer trends over one-point status.
Keep stakeholder views consistent (no “two truths” dashboards).

Glossary (quick)

RBS (Risk Breakdown Structure): hierarchical categories used to improve coverage and consistency.
Heat map: visual map of probability vs impact used for prioritization.
Risk burndown: trend view of risk exposure over time (should reflect real exposure changes).
Dot plot: simple visualization of risk distribution/priority across items.

Syllabus

Practice

Browse Exams — Mock Exams & Practice Tests