Try 10 focused PMI-RMP questions on Monitor and Close Risks, with answers and explanations, then continue with PM Mastery.
| Field | Detail |
|---|---|
| Exam route | PMI-RMP |
| Topic area | Monitor and Close Risks |
| Blueprint weight | 19% |
| Page purpose | Focused sample questions before returning to mixed practice |
Use this page to isolate Monitor and Close Risks for PMI-RMP. Work through the 10 questions first, then review the explanations and return to mixed practice in PM Mastery.
| Pass | What to do | What to record |
|---|---|---|
| First attempt | Answer without checking the explanation first. | The fact, rule, calculation, or judgment point that controlled your answer. |
| Review | Read the explanation even when you were correct. | Why the best answer is stronger than the closest distractor. |
| Repair | Repeat only missed or uncertain items after a short break. | The pattern behind misses, not the answer letter. |
| Transfer | Return to mixed practice once the topic feels stable. | Whether the same skill holds up when the topic is no longer obvious. |
Blueprint context: 19% of the practice outline. A focused topic score can overstate readiness if you recognize the pattern too quickly, so use it as repair work before timed mixed sets.
These questions are original PM Mastery practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.
Topic: Monitor and Close Risks
A hybrid CRM rollout is four weeks from release, and no milestone has slipped yet. The risk management plan says any forecast schedule variance above 10 days on a critical workstream requires management review. Data migration rework variance has risen from 2 days to 6 days to 11 days over the last three reviews, and the response owner says the fallback automation is only partly implemented. The sponsor has low tolerance for release-date slippage. What should the project manager do next?
Best answer: A
What this tests: Monitor and Close Risks
Explanation: The variance trend is worsening, the threshold has been exceeded, and the response is not fully effective. In risk monitoring, that means the project manager should reassess residual risk exposure and communicate the increase through the risk report and escalation path.
Variance monitoring is used to judge whether overall project risk exposure is changing, not just to collect status data. Here, forecast variance on a critical workstream has increased across multiple reviews, exceeded the predefined threshold, and the planned response is only partly in place. Those facts indicate higher residual schedule exposure and require management visibility because the sponsor has low tolerance for release slippage.
Waiting for another review cycle is the closest trap, but worsening variance plus a threshold breach requires action now.
The worsening variance trend has breached the stated threshold, so overall schedule exposure must be reassessed and reported for management action.
Topic: Monitor and Close Risks
On a predictive data-center migration project, a risk that network devices could arrive late was originally rated at 60% probability with a 10-day schedule impact. After adding a second courier, two shipments arrived on time, but customs clearance for the final batch is still uncertain and could delay cutover by 3 days. Which analysis approach best documents the residual risk?
Best answer: B
What this tests: Monitor and Close Risks
Explanation: Residual risk is the uncertainty that remains after a response is implemented. Because the courier mitigation reduced the exposure but customs delay is still possible, the best method is to reassess the remaining probability and impact and record that updated rating in the risk register.
To document residual risk, the team needs an updated measure of the remaining threat, not just proof that the response was carried out. Here, the response improved delivery performance, but a future uncertainty still exists: customs clearance could delay the last batch by 3 days. A qualitative probability-impact reassessment is the best fit because it directly shows how much likelihood and consequence remain after the response.
RBS, EMV, and variance information may support discussion, but they do not document the remaining exposure as directly as a reassessment.
Residual risk is documented by reassessing the remaining likelihood and impact after the response has reduced, but not removed, the threat.
Topic: Monitor and Close Risks
On a hybrid ERP rollout, the governance plan says the sponsor must approve action if confidence of meeting the April 30 cutover date falls below 70%. The latest schedule simulation shows a 48% chance of meeting that date, driven mostly by one external data-migration dependency. Which analysis output best supports escalation of this risk information to the sponsor?
Best answer: B
What this tests: Monitor and Close Risks
Explanation: The escalation rule is based on quantified confidence in the cutover date, so the best support is a Monte Carlo schedule result tied to that threshold. Adding key sensitivity drivers gives the sponsor enough evidence to exercise decision rights on the next action.
When stakeholder decision rights are triggered by a risk threshold, the escalation should include the analysis that best matches that threshold. Here, the rule is based on the probability of meeting a specific date, so a Monte Carlo schedule summary is the strongest output for the risk report. It shows overall exposure as a measurable confidence level and can also identify the main driver through sensitivity results. That gives the sponsor decision-quality information for actions such as reserve release, scope trade-offs, or schedule changes.
A driver ranking, a qualitative score, or an RBS label can help monitoring, but none of them alone shows the degree of deadline exposure against the stated 70% escalation rule. The key is to escalate evidence that supports the required decision, not just describe the risk.
It directly shows the threshold breach and the main schedule driver, giving the sponsor decision-ready evidence.
Topic: Monitor and Close Risks
During a monthly review on a hybrid system rollout, aggregated risk data show that two vendor-delay threats passed their trigger dates without occurring, an automation opportunity has delivered its expected benefit, and one integration threat still exceeds the team’s schedule-risk threshold but has not reached its contingency trigger. The response to that threat also created a minor testing risk. The project manager is updating project documents for the steering committee. What should the risk manager do?
Best answer: B
What this tests: Monitor and Close Risks
Explanation: Project document updates should reflect the current status of aggregated risk data. Expired threats and realized opportunities can be closed, while the remaining above-threshold threat and the new secondary risk must stay visible in the risk register and be summarized in the risk report.
Monitoring and closing risks requires converting current risk data into accurate document updates. In this case, the two vendor-delay threats have passed their trigger windows without occurring, so they are expired and can be closed. The opportunity has already produced its benefit, so it should be recorded as realized and closed. The integration threat is still uncertain and still above threshold, so it remains open for monitoring; because its contingency trigger has not occurred, contingency is not yet activated. The testing risk created by the response is a secondary risk and must be added for tracking. The detailed status belongs in the risk register, while the rolled-up exposure and trend belong in the risk report. Treating the open threat as an issue or delaying updates would misstate current exposure.
This reflects the current risk picture by closing risks that no longer need monitoring while retaining and summarizing the active and secondary risks.
Topic: Monitor and Close Risks
A hybrid ERP project has a mitigation response for data-conversion rework risk. The response should keep the affected work package at a schedule variance of -5% or better after Sprint 2, and the risk management plan says to reassess the response if variance is worse than -5% for two consecutive sprints. Actual schedule variance is Sprint 3: -2%, Sprint 4: -6%, Sprint 5: -7%. What is the best risk monitoring decision?
Best answer: D
What this tests: Monitor and Close Risks
Explanation: Variance analysis compares actual results with the planned tolerance to judge response effectiveness. Here the work package breached the -5% limit in two consecutive sprints, which exactly matches the plan’s condition for reassessing the mitigation.
In risk monitoring, variance analysis is used to see whether a response is reducing exposure as intended. The deciding fact is not the average variance across all three sprints; it is the explicit rule in the risk management plan: if schedule variance is worse than -5% for two consecutive sprints, the response must be reassessed. Sprint 3 was within tolerance at -2%, but Sprint 4 and Sprint 5 were -6% and -7%, creating the required two-period adverse pattern. That is evidence the current mitigation is underperforming and should be reviewed and updated in the risk register and response plan.
A separate trigger or a new analysis method is unnecessary because the agreed monitoring threshold has already been met.
Two consecutive sprints were worse than the stated threshold, so variance analysis shows the mitigation is not performing as planned.
Topic: Monitor and Close Risks
A hybrid data-platform project uses variance trends to monitor overall risk exposure. The risk management plan states: “If any critical-path work package exceeds 8% negative schedule variance for two consecutive reporting periods, raise overall project risk exposure one level.” Data migration is on the critical path and shows -9% variance in Period 2 and -11% in Period 3. What is the best interpretation?
Best answer: A
What this tests: Monitor and Close Risks
Explanation: This is a variance-threshold interpretation question. The risk management plan already defines when persistent negative variance on critical-path work means overall project risk exposure has increased, and the reported values meet that rule.
Variance monitoring compares current performance data to predefined risk thresholds to determine whether total project risk exposure is changing. In this scenario, the risk management plan explicitly says that more than 8% negative schedule variance on any critical-path work package for two consecutive reporting periods requires overall exposure to be raised one level. Data migration is on the critical path and exceeded that threshold in both Period 2 and Period 3, so the project has clear evidence of higher overall risk exposure and the risk report should reflect it. RBS classification and EMV can be useful in other contexts, but they do not replace a defined monitoring rule. Waiting for a bigger problem to occur would ignore the agreed threshold and delay risk escalation.
The critical-path package breached the defined variance threshold for two consecutive periods, which is direct evidence that overall project risk exposure has increased.
Topic: Monitor and Close Risks
On a hybrid facilities project, a risk was logged that seasonal flooding could delay excavation if drainage diversion was not completed by June 30. The diversion finished on June 18, excavation is 80% complete on July 10, and the risk owner confirms no residual or secondary exposure remains. The sponsor has low appetite for overstated risk exposure and wants weekly reports to show only actionable risks. What should the project manager do?
Best answer: D
What this tests: Monitor and Close Risks
Explanation: A risk should be closed as expired when its defined trigger window has passed and the described uncertainty no longer applies. In this case, the prerequisite work finished before the deadline and the risk owner confirmed no remaining exposure, so active risk records should be updated.
In risk monitoring, an expired risk is one whose trigger window has passed without the risk event remaining relevant to project objectives. The key evidence here is that the deadline tied to the threat has passed, the dependent work is already progressing, and the risk owner confirms there is no residual or secondary exposure. That means the project manager should close the risk in the risk register as expired and update related risk documents, such as the risk report, so current exposure is reported accurately.
Leaving the risk open would overstate actionable exposure, which conflicts with the sponsor’s low appetite for inaccurate risk reporting. Treating it as an issue would also be incorrect because nothing has occurred that requires issue management.
The trigger window has passed and no residual or secondary exposure remains, so the risk should be closed as expired and reflected in current risk records.
Topic: Monitor and Close Risks
On a hybrid product launch project, the vendor manager owns a risk that supplier test-environment instability could delay release integration. The response was nightly health checks, and the risk management plan says to escalate only if outages exceed 2 per week. Monitoring data for the last three weeks shows outages dropped from 5 per week to 1 per week, the schedule baseline remains on track, and release integration starts next month. What should the project manager do next?
Best answer: A
What this tests: Monitor and Close Risks
Explanation: The monitoring data shows the response is working, but the risk window is still open and the escalation threshold is not being exceeded. The next step is to update the risk register and risk report with the current trend, status, and remaining exposure.
In Monitor and Close Risks, performance data is used to compare actual results against thresholds and baseline status, then update risk artifacts accordingly. Here, outages fell from 5 per week to 1 per week, and the schedule baseline is still on track, so the response appears effective. However, the uncertain event can still occur because release integration has not started yet and outages have not dropped to zero. That means the risk is neither an active issue nor ready for closure. The project manager should update the risk register with the latest status, trend, and remaining exposure, and update the risk report so stakeholders see the changed overall risk picture. Closing it, escalating it as an issue, or delaying updates for ownership clarification would not match the current evidence.
Monitoring data shows the response reduced exposure without eliminating it, so the risk stays open and both risk artifacts should be updated.
Topic: Monitor and Close Risks
On a hybrid billing-system project, a threat was recorded that the data-conversion vendor might miss the rehearsal window. The trigger was missing two interface test dates, and the schedule threshold was a 3-day slip. When the trigger occurred, the team used a preplanned backup script, limited the delay to 1 day, and discovered the script required 6 hours of manual reconciliation. The vendor has since stabilized, and this risk is now expired. What should the project manager do next?
Best answer: C
What this tests: Monitor and Close Risks
Explanation: When a response has been used and the threat is no longer active, the project manager should record the actual findings in lessons learned before closing the risk. Here, the contingency kept impact within threshold, but the manual reconciliation effort is an important response outcome to preserve.
In Monitor and Close Risks, lessons learned should be updated with evidence from real risk events and response execution. In this scenario, the trigger occurred, the contingency was implemented, the impact stayed within the 3-day threshold, and the vendor threat is no longer relevant, so the risk can be closed as expired. Before closure, the project manager should document what signaled the risk, how effective the contingency was, and what additional effort or exposure appeared during execution, such as the 6 hours of manual reconciliation. That creates reusable insight for future trigger design, response planning, and reserve assumptions. Keeping the risk open or escalating it would be unnecessary because the exposure is no longer active and remained within tolerance.
Because the response outcome is known and the threat no longer applies, the team should capture what worked and what it revealed before closing the expired risk.
Topic: Monitor and Close Risks
On a hybrid CRM rollout, a risk that the integration vendor might miss a key API delivery was responded to by splitting remaining work with a backup specialist. The vendor has now delivered the API package, and the sponsor wants the risk closed before the steering review. However, residual schedule exposure is still estimated at 7 days against a 5-day threshold, and a secondary risk of data-mapping conflicts has no assigned owner. What is the best action?
Best answer: C
What this tests: Monitor and Close Risks
Explanation: Risk closure is not just marking a resolved threat as complete. Before closing the original record, the project manager must document response effectiveness and ensure any residual and secondary risks are formally captured, assigned, and monitored, especially when residual exposure is still above threshold.
The core concept is proper risk closure. A risk record should be closed only after the response has been evaluated and any remaining residual or newly created secondary risks have been addressed in the risk management system. In this scenario, the original vendor-delay threat has effectively passed, but the project still has a 7-day residual exposure above the 5-day threshold and an unowned secondary risk from using two suppliers.
That means the project manager should:
A status report alone does not create accountability, and threshold breach does not automatically make an uncertain event an issue. The key distinction is closing the resolved risk only after follow-on exposures are explicitly managed.
The original threat can be closed only after the response outcome is recorded and the above-threshold residual and secondary risks are formally owned and monitored.
Use the PMI-RMP Practice Test page for the full PM Mastery route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Read the PMI-RMP guide on PMExams.com, then return to PM Mastery for timed practice.