Try 10 focused PMI-RMP questions on Risk Strategy and Planning, with answers and explanations, then continue with PM Mastery.
| Field | Detail |
|---|---|
| Exam route | PMI-RMP |
| Topic area | Risk Strategy and Planning |
| Blueprint weight | 22% |
| Page purpose | Focused sample questions before returning to mixed practice |
Use this page to isolate Risk Strategy and Planning for PMI-RMP. Work through the 10 questions first, then review the explanations and return to mixed practice in PM Mastery.
| Pass | What to do | What to record |
|---|---|---|
| First attempt | Answer without checking the explanation first. | The fact, rule, calculation, or judgment point that controlled your answer. |
| Review | Read the explanation even when you were correct. | Why the best answer is stronger than the closest distractor. |
| Repair | Repeat only missed or uncertain items after a short break. | The pattern behind misses, not the answer letter. |
| Transfer | Return to mixed practice once the topic feels stable. | Whether the same skill holds up when the topic is no longer obvious. |
Blueprint context: 22% of the practice outline. A focused topic score can overstate readiness if you recognize the pattern too quickly, so use it as repair work before timed mixed sets.
These questions are original PM Mastery practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.
Topic: Risk Strategy and Planning
A risk manager begins planning for a hybrid customer-portal project by reviewing the business case, expected benefits, and strategic objectives. The manager tailors risk criteria so threats and opportunities are judged by their effect on adoption, service cost, and time-to-market. Which Risk Strategy and Planning concept is this?
Best answer: A
What this tests: Risk Strategy and Planning
Explanation: The description shows risk planning being anchored to the project’s business case and expected benefits. In PMI-RMP Domain I, that means tailoring the risk approach so it supports value delivery instead of treating all risks as equally important.
In Risk Strategy and Planning, the team should first understand why the project exists and what outcomes matter most. Reviewing business objectives, expected benefits, and strategic drivers helps tailor risk criteria, prioritization, reporting, and escalation so attention stays on the threats and opportunities that could most affect value delivery.
That is a planning-alignment activity. It happens before detailed risk analysis and keeps the risk management plan connected to outcomes such as adoption, cost efficiency, or speed to market. The closest distractors describe later or different activities: triggers are set for specific identified risks, risk reports communicate exposure, and quantitative analysis estimates uncertainty after risks have been identified and assessed.
The key takeaway is to start risk planning from business value, not from generic checklists.
This uses business objectives and expected benefits to shape the risk approach around value delivery.
Topic: Risk Strategy and Planning
A company is running a hybrid product launch project. The organization will accept up to 6% cost variance to accelerate market entry, but it has a very low appetite for regulatory noncompliance. While drafting the risk management plan, which statement best aligns project risk thresholds with that organizational risk appetite?
Best answer: C
What this tests: Risk Strategy and Planning
Explanation: Risk appetite is the organization’s general willingness to accept uncertainty, while risk thresholds are specific limits that trigger action. The best choice translates low compliance appetite into a tight escalation threshold and moderate cost appetite into a 6% cost threshold.
The key concept is converting organizational risk appetite into usable project risk thresholds. In this scenario, the organization is willing to absorb some cost uncertainty for faster market entry, so a 6% cost threshold is appropriate. But its appetite for regulatory noncompliance is very low, so the compliance threshold should be much tighter, such as immediate escalation of any credible compliance threat.
Risk appetite describes the overall stance toward uncertainty. Risk thresholds make that stance operational by defining when escalation or response action is required. A missed review date may serve as a trigger, but it is not the same as a threshold. Likewise, leaving thresholds undefined until execution weakens governance and reduces consistency. The main takeaway is that thresholds should be tailored by objective to reflect the organization’s appetite.
It converts broad organizational appetite into specific, objective-based project thresholds for escalation.
Topic: Risk Strategy and Planning
On a hybrid software project, a vendor must complete interface certification by the end of Sprint 3. If not, a manual conversion fallback will be needed, adding up to 4 weeks; the schedule risk threshold is 2 weeks. The procurement lead monitors vendor commitments, and the integration lead can perform the fallback. The organization’s risk rules state that above-threshold risks still require a project risk owner and a separate response action owner. While drafting the risk management plan, which role definition is most appropriate?
Best answer: D
What this tests: Risk Strategy and Planning
Explanation: Risk management plans should define who monitors an assigned risk and who carries out the agreed response. Here, procurement is best placed to track the vendor-certification threat and trigger, while integration should own execution of the manual-conversion fallback if it is needed.
The core planning concept is role clarity in the risk management plan. A risk owner is accountable for monitoring the risk, watching triggers, reassessing exposure, and escalating according to thresholds. A response action owner is responsible for carrying out the agreed response or contingency when authorized. In this scenario, the procurement lead is closest to the vendor-certification threat and can monitor commitments and early warning signs, while the integration lead is the best role to execute the manual-conversion fallback. Making one person own everything weakens accountability, assigning the sponsor to perform the response confuses governance with execution, and waiting for the trigger delays planned ownership until the risk has already become active. Clear plans separate monitoring from execution.
This assigns monitoring to the role closest to the threat and execution to the role best able to carry out the fallback.
Topic: Risk Strategy and Planning
Your organization is launching its first hybrid ERP rollout. The sponsor has a low risk appetite for regulatory impacts, but workstream leads avoid raising uncertainties because past reviews focused on blame. Historical risk data is inconsistent, and the company has no common probability-impact scale. As the project risk manager, what is the best action for the next planning cycle?
Best answer: A
What this tests: Risk Strategy and Planning
Explanation: The organization shows low risk culture maturity: blame-based behavior, weak historical data, and no shared scoring method. The best action is to start with foundational, practical risk-management practices that improve participation and consistency while aligning with the sponsor’s low risk appetite.
Risk culture maturity should drive how sophisticated the project’s risk practices are. Here, the decisive signals are defensive stakeholder behavior, poor historical data, and the absence of a common scoring approach. That means the project should begin with simple, disciplined practices that make risk discussion safer and more consistent, not with advanced analysis.
A good fit is to:
This approach creates usable early data, improves transparency, and supports proactive decisions on a hybrid project. More advanced quantitative methods may come later, after the culture and data quality improve.
This matches a low-maturity risk culture by building shared language, safe reporting, and usable qualitative data before using more advanced techniques.
Topic: Risk Strategy and Planning
A health system is launching a hybrid project to roll out a new scheduling platform to 12 clinics. The sponsor has low risk appetite for service disruption, the internal team has strong integration experience, and the project depends on a new vendor API plus an upcoming regulatory update with little historical data. Before approving the risk management plan, what is the best action?
Best answer: C
What this tests: Risk Strategy and Planning
Explanation: SWOT is useful in risk strategy and planning when the team must connect internal capability and external conditions before detailed analysis. Here, it helps translate low tolerance for disruption, strong integration capability, and vendor and regulatory uncertainty into a tailored risk approach.
SWOT helps the team assess the project environment before finalizing how risk will be managed. Internal factors such as strong integration capability and any team weaknesses show where the project can absorb uncertainty and where extra controls may be needed. External factors such as vendor dependency and regulatory change reveal major sources of threat and opportunity. Because historical data is limited, SWOT is especially useful here: it structures judgment without requiring precise estimates. The results can then be used to tailor the risk management plan, including risk categories, thresholds, communication focus, and early attention areas, while also seeding the risk register. Reusing an old register, jumping straight to scoring a narrow set of threats, or assuming external exposure can simply be handed off would weaken planning quality.
SWOT best links internal strengths and weaknesses with external opportunities and threats so the risk management plan can be tailored to the project’s actual environment.
Topic: Risk Strategy and Planning
A bank’s branch automation project is justified by $1.2 million in first-year labor savings. That benefit assumes 60% of routine transactions will shift to kiosks, but during planning operations leaders warn that union rules may prevent staffing reductions for 12 months; the sponsor requires a proactive response for any threat that could reduce expected savings by more than 15% before baseline approval. What should the project manager do next?
Best answer: D
What this tests: Risk Strategy and Planning
Explanation: The threatened labor savings come from a business assumption, not from the kiosk build itself. Because that assumption now appears uncertain and the potential loss exceeds the stated threshold, the project manager should treat it as a benefits risk and plan a proactive response with the business owner.
When a planned benefit depends on an assumption, any credible challenge to that assumption becomes a value-realization risk. In this case, the project may still deliver kiosks successfully, yet fail to achieve the expected labor savings if staffing cannot be reduced. Since the sponsor’s threshold says threats above 15% require action before baseline approval, the correct response is to capture the assumption-based threat in the risk register and develop mitigation with the benefit owner or business area that controls staffing decisions.
Waiting for the restriction to occur is too late because the uncertainty is already known during planning. Transferring the risk to the vendor is ineffective because the vendor cannot control internal labor rules. The key is to manage the business assumption that drives the benefit, not only the technical delivery.
This addresses the weak business assumption as a threat to expected savings and requires proactive mitigation because the stated benefit threshold is exceeded.
Topic: Risk Strategy and Planning
A project team rarely raises uncertainties in meetings because managers treat escalation as failure, and no one volunteers to own newly identified risks. In Risk Strategy and Planning, this description most directly points to which assessment?
Best answer: B
What this tests: Risk Strategy and Planning
Explanation: This is an organizational culture issue. A blame-oriented culture reduces willingness to discuss, escalate, and own risks, so it must be assessed early when planning how risk management will work on the project.
Organizational culture is the shared environment that shapes how people actually behave around risk. In the stem, team members stay quiet, escalation is seen as failure, and ownership is avoided. Those are signs of a culture problem affecting risk transparency and accountability, which is why it belongs in environmental factor and culture assessment during Risk Strategy and Planning.
The closest distractor is risk appetite, but the issue here is suppressed reporting behavior, not preferred exposure level.
The stem describes a culture that discourages open discussion, escalation, and ownership of risks.
Topic: Risk Strategy and Planning
You are the risk lead on a hybrid CRM rollout using two-week sprints. The risk management plan requires each dependency risk to include a trigger, a risk owner, and a response owner, and the sponsor’s schedule-risk threshold is a forecast slip greater than 10 working days. For three sprints, teams have logged vendor API delays only after they occur as issues; the current trend suggests an 8-day slip. What is the best action?
Best answer: D
What this tests: Risk Strategy and Planning
Explanation: The best action is targeted coaching during the next risk review. The teams are reacting only after vendor delays occur, even though the plan already defines triggers and ownership, and the current trend has not yet crossed the sponsor’s escalation threshold. Coaching fixes the behavior while keeping risk management proactive.
This situation is primarily a risk-management capability gap, so the best response is to coach the team on the agreed practices. The recurring vendor delay is still an uncertainty, not just a series of isolated issues, and the team is bypassing the risk process by waiting for occurrence before documenting it. Because the trend is below the stated 10-day threshold, the immediate need is to improve how the team identifies and records dependency risks within normal cadence.
Immediate escalation may be appropriate later, but it is not the best first action under the stated facts.
This addresses the team’s practice gap and reinforces proactive risk management before the stated escalation threshold is breached.
Topic: Risk Strategy and Planning
A hybrid infrastructure project will use monthly risk reviews, but key stakeholders have limited availability. The sponsor wants any schedule risk above 10 days escalated immediately, the operations manager is most concerned about service disruption, and the vendor manager can approve interface responses only during biweekly meetings. The risk manager is planning who should participate in risk activities and when to escalate. Which analysis approach would best support this plan?
Best answer: D
What this tests: Risk Strategy and Planning
Explanation: The planning need is stakeholder-specific risk engagement, not risk prioritization or reserve sizing. Analyzing stakeholder influence together with risk thresholds is the best way to decide who should be involved, what must be escalated, and how often communication should occur.
When planning risk engagement, the key question is not just which risks matter, but which stakeholders need to be engaged based on their authority, availability, concerns, and tolerance for exposure. A stakeholder analysis that maps power or interest and captures risk appetite or thresholds gives the team practical rules for workshop participation, escalation paths, and communication cadence.
In this scenario, the sponsor has a clear escalation threshold, the operations manager has a specific exposure concern, and the vendor manager has timing constraints on decision-making. Those are stakeholder engagement inputs, so the best analysis is the one that organizes stakeholder influence and tolerance information for planning. Risk categorization, risk scoring, and simulation are useful later or for different purposes, but they do not directly determine who should be engaged and when.
The key takeaway is that stakeholder analysis supports risk engagement planning by tailoring involvement and escalation to stakeholder authority and tolerance.
This directly links stakeholder influence and risk tolerance to participation, escalation, and communication decisions in the risk engagement plan.
Topic: Risk Strategy and Planning
A company is launching a new digital billing platform. During risk planning, the team has drafted a risk register, but stakeholders disagree on whether schedule, cost, or customer adoption should drive risk priorities. The business case has not yet been reviewed with the sponsor. What is the best next step?
Best answer: D
What this tests: Risk Strategy and Planning
Explanation: Before prioritizing project risks, the team needs to understand what the project is primarily trying to protect or achieve. Confirming the business driver with the sponsor ensures that risk thresholds and prioritization criteria align with the intended business value.
In risk strategy and planning, the project’s business driver is a key input to how risks are prioritized. If stakeholders are split between schedule, cost, and adoption, the team should first confirm the primary driver from the business case and sponsor expectations. That establishes what matters most for project success and allows the risk management approach to emphasize the right exposure.
Once the driver is clear, the team can set or refine prioritization criteria such as tolerances, thresholds, and escalation rules. Ranking risks or assigning responses before that point may optimize for the wrong objective. Treating the disagreement as an issue also misses the planning need: this is not yet a realized project problem, but a need to clarify the basis for risk decisions.
Risk priorities should be based on the project’s main business driver, so that driver must be confirmed before detailed prioritization or response planning.
Use the PMI-RMP Practice Test page for the full PM Mastery route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Read the PMI-RMP guide on PMExams.com, then return to PM Mastery for timed practice.