High-yield PMI-RMP® review: risk strategy and thresholds, identification techniques, qualitative and quantitative analysis, response strategies, monitoring metrics, and a practical risk glossary.
Use this as your last-mile PMI-RMP® review. Pair it with the Syllabus for coverage and Practice for speed.
For exam format and official policy details, see Overview.
flowchart TD
A["Clarify appetite + thresholds"] --> B["Identify threats + opportunities"]
B --> C["Analyze (qualitative → quantitative when needed)"]
C --> D["Choose responses + assign owners"]
D --> E["Monitor triggers + metrics"]
E --> F["Update artifacts + close/transition"]
F --> B
If you can state these three items from any question stem, you’re usually close to the best answer:
| Term | Meaning (exam-useful) |
|---|---|
| Risk | uncertain event/condition that affects objectives |
| Issue | current problem; not uncertain |
| Trigger | observable early warning that a risk is materializing |
| Residual risk | risk remaining after response |
| Secondary risk | new risk created by a response |
| Risk appetite | how much risk the org is willing to take |
| Risk threshold | measurable tripwire that triggers decision/escalation |
| Layer | What it is | Example |
|---|---|---|
| Appetite | “how bold are we?” | “We accept moderate schedule risk for speed.” |
| Tolerance | “how much variance is acceptable?” | “Up to 10% cost variance without escalation.” |
| Threshold | “what measurable trigger forces action?” | “If CPI < 0.95 for 2 periods, escalate.” |
Best-answer pattern: when thresholds are unclear, define them first—otherwise analysis won’t change decisions.
| Technique | Use when | Output quality depends on |
|---|---|---|
| Workshop | cross-functional risk discovery | facilitation + coverage via RBS |
| Interviews | deep expertise, sensitive risks | prep + probing + synthesis |
| Checklists | fast baseline | quality of source + tailoring |
| SWOT/PESTLE | external context | correct scope and drivers |
| Assumption/constraint analysis | “hidden landmines” | clarity + challenge culture |
Good risk statement format: cause → event → impact.
\[ \text{Risk Exposure} = P \times I \]
Where (P\) is probability and (I\) is impact (cost, schedule, quality, value, compliance).
Rules
\[ \text{EMV} = \sum_{i=1}^{n} p_i \times I_i \]
| For threats | Intent | For opportunities | Intent |
|---|---|---|---|
| Avoid | remove the risk entirely | Exploit | make sure it happens |
| Mitigate | reduce (P\) and/or (I\) | Enhance | increase (P\) and/or (I\) |
| Transfer | shift ownership to 3rd party | Share | partner to increase upside |
| Accept | do nothing beyond monitoring | Accept | take the upside if it occurs |
Response quality checklist
| Reserve | Covers | Controlled by |
|---|---|---|
| Contingency reserve | known-unknowns (identified risks) | project/team governance |
| Management reserve | unknown-unknowns | organizational management |