PMI Risk Management Professional (PMI-RMP) — Question 190

During the execution phase of a software development project, the project team informs the risk manager of a potential primary risk related to a security vulnerability. After successfully implementing a mitigation strategy for the vulnerability, a secondary risk emerges, which could lead to potential performance issues if not effectively managed. The team expresses concerns about residual risks remaining even after addressing the secondary risks.

What should the risk manager do?

Answer options

• A. Implement a contingency plan for all risks.
• B. Repeat the risk management process for the final risk.
• C. Monitor the residual and secondary risks.
• D. Develop a risk management and governance model.

Correct answer: C

Explanation

The correct answer is C because monitoring residual and secondary risks is crucial to ensure they are effectively managed and do not escalate into more significant issues. Implementing a contingency plan for all risks (A) is overly broad and may not address the specific risks at hand. Repeating the risk management process for the final risk (B) could be redundant if monitoring can provide necessary insights. Developing a risk management and governance model (D) is a proactive measure but does not directly address the immediate concerns regarding the risks already identified.