PMI Risk Management Professional (PMI-RMP) — Question 153

An external vendor needs to be contracted to provide additional capacity and expertise to a project team to reduce the probability of delays in a project. The contracts department is raising a concern about confidentiality risks not addressed in the proposed contract and missing from the risk register.

What should the risk manager do next?

Answer options

• A. Communicate the identified residual risk.
• B. Implement the risk response plan.
• C. Assess the identified secondary risk.
• D. Implement the risk contingency plan.

Correct answer: A

Explanation

The correct answer is A, as the risk manager needs to communicate the residual risk to ensure all stakeholders are aware of potential confidentiality issues. Options B and D are premature actions since the risks need to be communicated first. Option C, while relevant, focuses on secondary risks rather than the immediate concern of residual risks.