PMI-RMP® Syllabus — Learning Objectives by Domain

Use this syllabus as your PMI-RMP® coverage checklist. Work through each domain and practice immediately after each task set.

What’s covered

• Risk Strategy and Planning (22%)
• Risk Identification (23%)
• Risk Analysis (23%)
• Risk Response (13%)
• Monitor and Close Risks (19%)

Risk Strategy and Planning (22%)

Practice this topic →

Task 1 — Perform a Preliminary Document Analysis

• Identify the most relevant sources for early risk context (business case, charter, benefits, assumptions, constraints, contracts, governance).
• Extract risk-relevant signals from historical information (lessons learned, prior risk registers, issue logs, performance reports).
• Use industry benchmarks and comparable project data to calibrate early risk assumptions and thresholds.
• Determine who should own preliminary document analysis and define inputs/outputs for that work (PM, risk lead, finance, technical leads).
• Establish which documents are authoritative for the risk process and version-control expectations for updates.
• Detect missing or conflicting inputs (unclear scope, weak benefits logic, inconsistent constraints) that create risk planning gaps.
• Summarize initial risk drivers and constraints into a decision-ready brief for stakeholders.
• Confirm how preliminary findings will feed later activities (identification workshops, risk strategy, plan, thresholds).
• Create a traceable evidence list that supports later risk decisions and auditability.
• Differentiate what is known vs assumed at this stage and document assumptions explicitly for later validation.

Task 2 — Assess Project Environment for Threats and Opportunities

• Determine which project approach (predictive, agile, hybrid) is in use and how it affects risk cadence, artifacts, and decision points.
• Assess organizational process assets (OPAs) and enterprise environmental factors (EEFs) that constrain risk work and response options.
• Apply environmental scanning techniques (PESTLE, SWOT) to identify external threats and opportunities relevant to objectives.
• Evaluate organizational and cultural risk appetite signals and identify implications for thresholds and governance.
• Assess risk culture maturity and propose actions to increase risk awareness and reporting quality.
• Review project information systems and data quality to ensure risk reporting is feasible and reliable.
• Conduct stakeholder analysis focused on risk: influence, incentives, decision rights, and risk attitudes.
• Identify constraints to risk management (regulatory, market, organizational, environmental, technical) and document their impact.
• Link business drivers, key assumptions, benefits, and benefits materialization timing to risk priorities.
• Focus stakeholders on creating an environment where risks and opportunities are surfaced early and discussed objectively.

Task 3 — Confirm Risk Thresholds Based on Risk Appetites

• Differentiate risk appetite, risk tolerance, and risk thresholds and explain how they interact in decision-making.
• Align project thresholds to organizational risk appetite and governance expectations across dimensions (cost, schedule, scope, quality, legal).
• Estimate how much risk the organization can absorb and identify which constraints are binding (budget cap, regulatory exposure, delivery date).
• Facilitate stakeholder discussions to agree on thresholds and decision triggers without ambiguity.
• Resolve conflicts between stakeholders with different risk attitudes using evidence, trade-offs, and governance escalation paths.
• Define measurable threshold criteria (e.g., probability/impact bands, exposure limits, reserve drawdown triggers).
• Establish escalation rules tied to thresholds (who decides, what evidence is required, and how quickly).
• Document thresholds so they can be applied consistently during qualitative/quantitative analysis and response planning.
• Validate that thresholds are realistic given project approach and data availability (agile cadence vs stage gates).
• Review thresholds periodically and adjust when context changes (scope shifts, market changes, regulatory updates).

Task 4 — Establish Risk Management Strategy

• Define the purpose and scope of the risk strategy and how it supports overall project objectives and value delivery.
• Select appropriate risk processes (identify, analyze, respond, monitor) and tailor them to the project’s delivery approach.
• Choose risk tools and techniques suitable for the organization (workshops, checklists, RBS, risk matrices, simulations).
• Provide or design templates and forms that standardize risk capture, decisions, and audit trails without adding friction.
• Define risk metrics that are decision-useful (exposure trends, reserve burn, risk burndown) rather than vanity metrics.
• Define risk categories and a Risk Breakdown Structure (RBS) that fits the project context and enables consistent classification.
• Coach and mentor the team on risk principles and best practices to improve quality of identification and analysis.
• Lead stakeholders to adopt the risk strategy by clarifying decision rights, expectations, and the value of transparency.
• Identify strategy anti-patterns (risk process exists but isn’t used; hidden risks; late escalation) and propose controls.
• Ensure the risk strategy explicitly includes opportunity management, not only threat mitigation.

Task 5 — Document the Risk Management Plan

• Define risk roles and responsibilities and align them to a responsibility assignment model (e.g., RACI/RAM).
• Identify the key artifacts and resources required to execute risk management (register, logs, models, dashboards, workshops).
• Outline risk management activities with clear cadence, owners, inputs, and outputs (who/what/when/where/how).
• Explain how an RBS supports planning by improving coverage, classification, and reporting consistency.
• Define a risk communication plan: audiences, cadence, formats, escalation triggers, and decision forums.
• Define risk prioritization criteria that reflect thresholds, strategic objectives, and constraints.
• Design stakeholder empowerment and education strategies that increase engagement and shared understanding of risk processes.
• Specify how risk data will be captured, stored, versioned, and controlled to maintain integrity and traceability.
• Integrate risk planning with adjacent plans (schedule/cost baselines, change control, quality, procurement, benefits).
• Validate the plan is usable in practice by running a lightweight walkthrough with key stakeholders.

Task 6 — Plan and Lead Risk Management Activities with Stakeholders

• Plan and facilitate stakeholder risk planning sessions that elicit risks and opportunities without groupthink or bias.
• Leverage stakeholder analysis to tailor facilitation style and decision framing for different risk attitudes.
• Set rules of engagement for risk discussions (evidence, transparency, escalation, timeboxing) to keep sessions productive.
• Engage stakeholders in risk prioritization using agreed criteria and ensure rationale is documented.
• Manage stakeholder risk appetite and attitudes by making trade-offs explicit and aligning to thresholds and governance.
• Tailor risk communications for stakeholders (executive summaries vs detailed working views) without losing accuracy.
• Lead empowerment activities so stakeholders own risks and responses rather than delegating accountability to the PMO or risk lead.
• Train, coach, and educate stakeholders on risk principles so they can participate effectively in identification and response.
• Coordinate with the project manager and delivery leads to integrate risk planning into normal delivery cadence.
• Confirm stakeholder alignment on how risks will be surfaced, decided, and tracked through to closure.

Risk Identification (23%)

Practice this topic →

Task 1 — Conduct Risk Identification Exercises

• Select appropriate risk identification techniques for context (workshops, interviews, focus groups, SMEs, document analysis).
• Facilitate identification sessions that surface both threats and opportunities across the full RBS.
• Analyze outputs from identification exercises to remove duplicates, clarify wording, and capture underlying causes.
• Extract risks from documents, transcripts, telemetry, and performance data while preserving business context.
• Classify identified items as threats or opportunities and capture rationale and assumptions.
• Elicit risks across stakeholder groups to avoid blind spots caused by role silos or incentives.
• Recognize cognitive biases in identification (availability, anchoring, optimism) and use facilitation controls to reduce them.
• Capture risk statements in a consistent “cause → event → impact” structure to improve later analysis.
• Ensure each identified risk has an initial owner and next-step for analysis or validation.
• Confirm identification outputs feed into the risk register and threshold-driven prioritization workflow.

Task 2 — Examine Assumption and Constraint Analyses

• Differentiate assumptions vs constraints and explain why each creates a distinct risk profile.
• Leverage assumption and constraint analysis outputs to identify hidden risk drivers and dependencies.
• Categorize assumptions and constraints using the RBS to improve coverage and reporting clarity.
• Assess the risk associated with each assumption/constraint by analyzing likelihood of change and impact on objectives.
• Predict cascade effects when assumptions break (e.g., staffing schedules, vendor availability, regulatory timing).
• Link assumptions and constraints to project objectives and success criteria to determine priority and monitoring needs.
• Encourage stakeholders to challenge assumptions and constraints using evidence and experiments where appropriate.
• Convert high-risk assumptions into testable hypotheses and plan validation actions.
• Document assumption/constraint risks in the risk register with triggers and thresholds where applicable.
• Review and refresh assumptions and constraints as the project environment changes.

Task 3 — Document Risk Triggers and Thresholds Based on Context/Environment

• Define risk triggers and explain how they differ from root causes, early warnings, and impacts.
• Assess and document compliance thresholds and categories that apply to the project’s context.
• Identify and document triggers, causes, and expected timing for key risks to enable proactive response.
• Document consequences and impacts in objective terms aligned to baselines and success criteria.
• Establish trigger monitoring responsibilities, data sources, and review cadence.
• Use thresholds to determine when escalation is mandatory and what decision options should be prepared.
• Empower stakeholders to challenge existing thresholds when context shifts or evidence contradicts assumptions.
• Create trigger definitions that are measurable and observable (avoid vague language such as “if things go bad”).
• Validate triggers and thresholds against historical data and expert judgment to reduce false alarms.
• Update triggers and thresholds when new risk data emerges or delivery approach changes.

Task 4 — Develop Risk Register

• Evaluate the validity of identified risks and triggers and remove items that are not true uncertainties.
• Capture core risk attributes consistently (cause/event/impact, probability, impact, urgency, proximity, category).
• Assign risk ownership and clarify origin (internal vs external) to enable appropriate response design.
• Classify risks as threats or opportunities and ensure opportunity handling is explicit in the register.
• Define initial response approach (avoid/mitigate/accept/transfer or enhance/exploit/share) to guide follow-up work.
• Link risks to assumptions, constraints, requirements, and dependencies for traceability and impact reasoning.
• Define status fields and workflow for risks (identified → analyzed → planned → in-progress → closed) with auditability.
• Ensure register entries include triggers, thresholds, and escalation paths when applicable.
• Maintain register data quality through review cadences, ownership checks, and change control.
• Prepare summaries and slices of the register for different audiences without distorting meaning or severity.

Risk Analysis (23%)

Practice this topic →

Task 1 — Perform Qualitative Analysis

• Classify risks in the RBS using agreed categories to support consistent prioritization and reporting.
• Estimate qualitative impact of risks across objectives (schedule, cost, scope, quality, resources, benefits).
• Prioritize risks using impact, urgency, and proximity signals aligned to the risk management plan.
• Apply probability–impact matrices correctly and interpret what the result implies for escalation and response planning.
• Use ordinal ranking methods to order risks when precise numbers are unavailable or inappropriate.
• Calibrate qualitative assessments using historical information and agreed definitions to reduce subjectivity.
• Identify when qualitative data is insufficient and triggers a need for quantitative analysis or additional discovery.
• Recognize bias in qualitative scoring and use facilitation controls to improve assessment quality.
• Coach stakeholders on categorization and scoring so the team applies the method consistently.
• Document qualitative results so they are traceable, repeatable, and usable for later monitoring.

Task 2 — Perform Quantitative Analysis

• Analyze risk data and process performance information against established metrics and baselines.
• Select quantitative techniques appropriate to the decision (EMV, decision tree, Monte Carlo simulation, sensitivity analysis).
• Perform forecast and trend analysis using new and historical information to estimate exposure over time.
• Interpret sensitivity analysis results to identify the highest leverage drivers of schedule or cost risk.
• Calculate expected monetary value (EMV) and use it to compare response options and reserve needs.
• Interpret Monte Carlo output (ranges, confidence levels, percentiles) and explain implications to stakeholders.
• Use decision trees to evaluate choices under uncertainty and select the option with best expected outcome given constraints.
• Compute and apply risk weighting to prioritize risks and allocate response capacity effectively.
• Validate quantitative assumptions (distributions, correlations, inputs) and document limitations and uncertainty.
• Translate quantitative results into actionable decisions (threshold updates, response funding, schedule buffers).

Task 3 — Identify Threats and Opportunities

• Assess project risk complexity and determine when system-level analysis is needed rather than isolated risk fixes.
• Use structured techniques (SWOT, Ishikawa/fishbone, tree diagrams) to identify threats and opportunities from scenarios.
• Perform impact analysis on objectives (scope, schedule, cost, resources, quality, stakeholders) for both threats and opportunities.
• Assess compliance objectives against organizational strategic objectives and identify conflict risks early.
• Identify governance and regulatory drivers that alter acceptable risk thresholds and response choices.
• Empower stakeholders to identify threats and opportunities independently using shared language and templates.
• Differentiate between a risk and an issue and decide whether to treat a scenario as uncertainty or current problem.
• Identify opportunity types (cost avoidance, schedule acceleration, value enhancement) and capture them with actionable hypotheses.
• Integrate opportunity analysis into prioritization so upside items compete fairly with threat mitigation capacity.
• Document threats and opportunities so they can be tracked through response, monitoring, and closure.

Risk Response (13%)

Practice this topic →

Task 1 — Plan Risk Response

• Select appropriate response strategies for threats and opportunities based on probability, impact, and thresholds.
• Differentiate common strategies (avoid, mitigate, transfer, accept; enhance, exploit, share, accept) and when each fits.
• Define time-bound response actions with clear owners and success criteria that can be verified.
• Assess response effectiveness against objectives by evaluating changes to probability, impact, and exposure.
• Identify and plan workarounds when planned responses are not feasible due to constraints or timing.
• Allocate responsibilities and create a responsibility matrix suitable for metricized environments and governance.
• Determine reserve strategy (contingency vs management reserve) consistent with organizational policy and exposure analysis.
• Communicate response effectiveness using appropriate visuals (risk burndown charts, dot plots) and clear narrative.
• Re-evaluate organizational risks when local responses shift exposure to the enterprise level (risk transfer inside the org).
• Validate that response plans integrate with change control, procurement, schedule/cost baselines, and quality planning.

Task 2 — Implement Risk Response

• Execute response plans and contingency plans in coordination with delivery cadence and governance requirements.
• Confirm response actions are understood by owners and are realistically resourced and scheduled.
• Encourage stakeholder feedback on response execution and incorporate improvements without destabilizing delivery.
• Monitor response performance and determine whether actions are reducing exposure as expected.
• Identify and manage secondary risks created by response actions and add them to the register with owners and triggers.
• Identify residual risk after responses and decide whether to accept, further mitigate, or escalate based on thresholds.
• Adapt response actions when new information changes likelihood/impact or when constraints shift (improvise as needed).
• Ensure response execution updates project artifacts (plans, baselines, logs) through appropriate governance mechanisms.
• Communicate response status transparently, emphasizing impact on objectives and decisions needed.
• Close response actions with verification that intended effect occurred and document lessons learned.

Monitor and Close Risks (19%)

Practice this topic →

Task 1 — Gather and Analyze Performance Data

• Reconcile performance data and reports from risk-relevant work packages to ensure consistency and integrity.
• Assess completion status against baselines and determine whether trends indicate increasing or decreasing exposure.
• Perform variance analysis and interpret what variances imply for thresholds, escalation, and response adjustments.
• Monitor the impact of work performance on overall project risk exposure and enterprise risk considerations.
• Identify data quality issues that distort risk reporting and implement corrective controls.
• Use dashboards to surface decision-needed items rather than raw activity status.
• Compare planned vs actual effectiveness of responses using agreed metrics and evidence.
• Update forecasts based on new performance data and adjust reserve expectations accordingly.
• Communicate performance insights to stakeholders in terms of implications, options, and trade-offs.
• Maintain a repeatable monitoring cadence aligned to delivery approach and governance cycles.

Task 2 — Monitor Residual and Secondary Risks

• Monitor risk response execution and document residual risk levels after actions are completed.
• Monitor for secondary risks introduced by response actions and evaluate their significance.
• Assess the impact of residual and secondary risks on objectives and compare to thresholds.
• Update and communicate changes in residual/secondary risk status using clear, consistent reporting language.
• Assign owners for residual and secondary risks and define monitoring triggers and review cadence.
• Decide whether residual risks require additional response planning or can be accepted within tolerance.
• Escalate residual/secondary risks when thresholds are breached and prepare decision options.
• Link residual and secondary risks to original risks for traceability and learning.
• Prevent “risk reopening” churn by defining closure criteria and monitoring conditions explicitly.
• Capture lessons learned about response side effects to improve future response design.

Task 3 — Provide Information Required to Update Relevant Project Documents

• Aggregate and summarize risk data so updates to key project documents are consistent and audit-ready.
• Update the risk register, lessons learned, project management plan, and change logs as risk status evolves.
• Ensure risk-related changes to baselines follow governance and change control requirements.
• Document decision rationales and approvals associated with risk responses and threshold changes.
• Monitor and close expired risks using defined closure criteria and timing rules.
• Archive closed risks with outcomes and evidence so future projects can reuse learnings.
• Maintain traceability between risk updates and related artifacts (issues, changes, requirements, benefits).
• Provide tailored document updates for different stakeholder needs without introducing inconsistency.
• Ensure opportunity outcomes are captured in benefits tracking when realized.
• Validate that document updates occur promptly enough to inform decisions and avoid stale reporting.

Task 4 — Monitor Project Risk Levels

• Assess overall project risk level by aggregating risk exposure, trend, and concentration indicators.
• Define and apply a consistent method for expressing risk level (heat map, exposure score, confidence range).
• Prepare reports for different stakeholders that focus on decisions and trade-offs rather than narrative status.
• Communicate risk levels and trends to key stakeholders with clarity on thresholds, triggers, and required actions.
• Identify when risk level changes require governance escalation or re-baselining decisions.
• Distinguish between stable high exposure (known and controlled) and unstable exposure (emerging and unowned).
• Use risk level reporting to prioritize response capacity and to re-order work where appropriate.
• Monitor risk level in agile/hybrid contexts using cadence-appropriate signals (flow metrics, risk burndown, iteration feedback).
• Validate that reporting reflects reality by cross-checking with delivery data and stakeholder feedback.
• Trigger project closeout risk activities by confirming risks are closed or transitioned appropriately.

Tip: When multiple answers look plausible, choose the one that makes risk work decision-ready: clear thresholds → credible analysis → actionable response → disciplined monitoring.

Sources: PMI-RMP Examination Content Outline and Specifications (Updated May 2022); PMI Risk Management: A Practice Guide; The Standard for Risk Management in Portfolios, Programs, and Projects (2019).