Risk Practice

Apply risk management approaches and response strategies.

Covers risk management approach and risk register. Focuses on understanding risk as both threats and opportunities, risk appetite and tolerance, risk cause-event-effect relationships, risk probability and impact, and risk ownership. Includes risk planning, analysis, and control, recommended risk response types, risk culture, decision bias awareness, and data-driven risk management.

5 minutes 5 Questions

In PRINCE2 7, the Risk practice provides a structured framework to identify, assess, and control uncertainty to improve the likelihood of project success. Risk is defined as an uncertain event that, should it occur, affects the achievement of objectives, encompassing both negative threats and posit…

Concepts covered: Risk Management Approach, Risk Register, Threats and Opportunities, Risk Appetite and Tolerance, Risk Cause, Event and Effect, Risk Probability and Impact, Risk Owner and Risk Action Owner, Risk Response Types, Risk Planning and Analysis, Risk Control and Culture, Decision Bias in Risk Management, Data-driven Risk Management

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

PRINCE2 Practitioner - Risk Practice Example Questions

Test your knowledge of Risk Practice

Question 1

A transportation infrastructure project is implementing an intelligent traffic management system across urban corridors in a major city. The Project Manager has completed risk identification workshops, documenting 39 risks in the register. During the analysis phase, risk R027 ('sensor network communication interference from electromagnetic sources') requires assessment. The Risk Owner has gathered multiple data sources: technical specifications from the sensor manufacturer indicating 18% failure rate in high-interference environments, electromagnetic mapping studies showing varying interference levels across the 47 deployment locations (12 sites have severe interference, 21 sites have moderate interference, 14 sites have minimal interference), operational data from a neighboring city's similar deployment showing 31% communication disruption incidents, and laboratory testing results demonstrating 9% failure rate under controlled conditions. The Project Support Office has compiled historical records from three comparable municipal projects showing actual interference issues ranged between 14% and 38%. The Impact Assessment team estimates potential consequences at £290K for system performance degradation and 7-week remediation effort. The Risk Management Approach requires that probability assessments incorporate the most relevant evidence considering project-specific environmental conditions. The Project Board meeting in 12 days will review risk exposure calculations to determine whether additional electromagnetic shielding investment (£67K across affected sites) should be approved. What should the Risk Owner emphasize when determining the probability estimate for this risk?

Apply electromagnetic mapping results to assess site-specific interference levels and weight the probability based on the proportion of deployment locations in each interference category, using this contextual analysis as the primary assessment basis Select the neighboring city's operational data showing 31% disruption incidents as the probability basis because actual field performance from comparable deployments provides the most reliable predictor of likely outcomes for this project Calculate the arithmetic mean of all available probability indicators (18%, 31%, 9%, 14%, 38%) to derive a balanced probability estimate that incorporates the full spectrum of available data sources for comprehensive assessment Adopt the manufacturer's technical specification of 18% failure rate as the probability estimate since vendor-provided performance data represents the most authoritative source for equipment capabilities and limitations in operational environments

Correct Answer: Apply electromagnetic mapping results to assess site-specific interference levels and weight the probability based on the proportion of deployment locations in each interference category, using this contextual analysis as the primary assessment basis

The correct approach is to apply electromagnetic mapping results to assess site-specific interference levels and weight the probability based on the proportion of deployment locations in each interference category, using this contextual analysis as the primary assessment basis.

This is correct because PRINCE2 7's Risk theme emphasizes that risk assessments must be context-specific and relevant to the actual project environment. The electromagnetic mapping study provides the most project-specific data available, showing that:
- 12 sites (25.5%) have severe interference
- 21 sites (44.7%) have moderate interference
- 14 sites (29.8%) have minimal interference

This site-specific environmental data is directly relevant to this project's unique circumstances and allows for a weighted probability calculation that reflects the actual deployment conditions. The Risk Management Approach explicitly requires incorporating 'the most relevant evidence considering project-specific environmental conditions,' making this the most appropriate method.

Why the other answers are incorrect:

Calculating an arithmetic mean of all probability indicators would be inappropriate because it treats all data sources as equally relevant, regardless of their applicability to this specific project's conditions. Different data sources have varying levels of relevance - laboratory conditions, manufacturer specifications, and other cities' experiences may not accurately reflect this project's specific electromagnetic environment across 47 deployment locations.

Using only the manufacturer's 18% failure rate would ignore critical project-specific environmental factors. Manufacturer specifications typically represent general performance under standard conditions, not the specific electromagnetic interference patterns documented in this project's urban environment. This single-source approach contradicts the Risk Management Approach requirement to consider project-specific conditions.

Relying solely on the neighboring city's 31% operational data, while seemingly practical, assumes that city's electromagnetic environment matches this project's conditions. Without knowing the interference profile of that deployment, this data cannot be assumed to be directly transferable. The project has its own detailed electromagnetic mapping showing a specific distribution of interference levels that should inform the assessment.

Question 2

A construction company is building a hospital extension wing. During the initial risk assessment, the following entries were documented: 'The project site is located in a designated flood zone with historical water table fluctuations recorded over the past 15 years' (Entry M), 'Heavy rainfall causes groundwater levels to rise above foundation depth, requiring emergency dewatering operations' (Entry N), and 'Foundation work is suspended for 11 working days, incurring £95,000 in additional pumping costs and £140,000 in contractor standby charges' (Entry O). The Risk Manager must determine which aspect to monitor through regular environmental assessments and early warning systems. In analyzing these three documented entries, which one represents the uncertain occurrence that triggers the subsequent impact?

Entry N describes the risk cause, as it represents the underlying environmental trigger mechanism that initiates the sequence of impacts requiring the implementation of preventive dewatering response actions Entry O describes the risk event, as it captures the uncertain outcome of foundation suspension and associated financial consequences that will require contingency fund allocation and schedule adjustments Entry M describes the risk event, as it identifies the environmental condition of flooding potential that creates the uncertain situation requiring ongoing monitoring and assessment protocols throughout the project lifecycle Entry N describes the risk event, as it represents the specific uncertain occurrence of groundwater rising above foundation depth that may or may not happen during the construction period

Correct Answer: Entry N describes the risk event, as it represents the specific uncertain occurrence of groundwater rising above foundation depth that may or may not happen during the construction period

In PRINCE2 7 risk management terminology, it is essential to distinguish between risk cause, risk event, and risk effect:

A risk cause is the source or underlying condition that creates uncertainty
A risk event is the uncertain occurrence itself - the thing that may or may not happen
A risk effect is the consequence or impact if the risk event occurs

Analyzing the three entries:

Entry M describes the flood zone designation and historical water table fluctuations. This represents the risk cause - the underlying environmental condition that creates the possibility of problems, but it is not itself an uncertain event. The flood zone exists as a known fact.

Entry N describes heavy rainfall causing groundwater levels to rise above foundation depth and requiring emergency dewatering. This is the risk event - the specific uncertain occurrence that may or may not happen during construction. It represents the actual triggering incident that bridges the gap between the existing condition (flood zone) and the consequences (delays and costs).

Entry O describes the foundation work suspension, delays, and associated costs. This represents the risk effect - the measurable impact and consequences that result from the risk event occurring.

The Risk Manager needs to monitor for the risk event through early warning systems because this is the uncertain occurrence that, if detected early, can allow for preventive or mitigating actions to be taken before the full effects materialize.

The answer stating Entry M is incorrect because it confuses the risk cause (environmental condition) with the risk event (uncertain occurrence).

The answer stating Entry O is incorrect because it identifies the risk effect (consequences) rather than the risk event that triggers those consequences.

The answer describing Entry N as the risk cause is incorrect because it reverses the relationship - Entry N is what happens as a result of the underlying cause (flood zone), not the cause itself.

Question 3

A global automotive manufacturer is executing a supply chain digitalization project across 34 manufacturing plants in 9 countries. The Risk Register identifies a threat: 'Exchange rate fluctuations between EUR and USD may increase the cost of cloud infrastructure services by £320,000-£410,000 over the 24-month project duration.' The finance team has analyzed currency trends and projects 55-65% probability of significant EUR weakening against USD during this period, based on anticipated central bank policy changes. The project's total budget is £4.8 million with 6% management reserve allocated. The Treasury Department has proposed three approaches: entering a forward contract to lock in current exchange rates for the full project duration at a cost of £48,000; restructuring payment schedules to align with anticipated favorable exchange periods; or establishing a dedicated currency contingency reserve of £380,000. The cloud service provider has also offered to invoice in GBP rather than USD for a 3.5% premium on all services. The Project Board has indicated that budget predictability is valued but the project can accommodate moderate cost variations if they remain within overall tolerances. What is the MOST appropriate risk response type for this situation?

Avoid the currency exchange threat by restructuring payment schedules to align with anticipated favorable exchange periods and utilizing the existing management reserve, thereby eliminating the need for additional financial instruments or budget allocations. Transfer the currency exchange threat to the Treasury Department by executing the forward contract to lock in current exchange rates for £48,000, thereby converting uncertain future exposure into a known fixed cost. Accept the currency exchange threat by establishing the dedicated currency contingency reserve of £380,000, thereby acknowledging the potential cost increase and ensuring adequate funds are available to cover exchange rate variations as they occur. Reduce the currency exchange threat by restructuring payment schedules and negotiating with the cloud service provider to invoice in GBP at the 3.5% premium, thereby minimizing exposure to volatile exchange rate movements through multiple mitigation actions.

Correct Answer: Transfer the currency exchange threat to the Treasury Department by executing the forward contract to lock in current exchange rates for £48,000, thereby converting uncertain future exposure into a known fixed cost.

The correct answer is to transfer the currency exchange threat by executing the forward contract.

In PRINCE2 7, risk response types include avoid, reduce, transfer, accept, exploit, enhance, share, and reject. The key to selecting the appropriate response is matching the risk characteristics with organizational priorities and the nature of the threat.

This situation presents a financial threat with:
- High probability (55-65%)
- Significant potential impact (£320,000-£410,000)
- A specialized nature requiring financial expertise
- Available insurance-like mechanism (forward contract)

Transfer is the most appropriate response because:

The forward contract transfers the financial risk to a specialized entity (financial institution) that is better equipped to manage currency exposure
The cost of transfer (£48,000) is substantially lower than the potential impact (£320,000-£410,000) and provides certainty
The Project Board values budget predictability, which transfer achieves by converting uncertain exposure into a known fixed cost
Transfer is appropriate when risks fall outside the project's core competencies - currency speculation is not a project management capability
The management reserve (6% of £4.8M = £288,000) remains available for other project risks

The other options are less appropriate:

Restructuring payment schedules combined with GBP invoicing represents reduction, but introduces new complexities. The 3.5% premium on all services could exceed the forward contract cost, and payment schedule changes may conflict with project delivery needs. This approach doesn't eliminate the risk, merely reduces exposure while adding operational complexity.

Establishing a dedicated contingency reserve represents acceptance rather than proactive management. While £380,000 covers the midpoint of potential exposure, it consumes significant budget capacity without addressing the root cause. Acceptance is appropriate for low-impact risks or when response costs exceed benefits - neither applies here given the available cost-effective transfer mechanism.

Attempting to avoid the risk through payment schedule restructuring and using existing management reserve is inappropriate because:
- True avoidance would eliminate the threat entirely (e.g., removing the need for USD-denominated services)
- Timing payments to favorable exchange periods is speculation, not avoidance
- This depletes management reserve intended for general project uncertainties
- The approach doesn't eliminate currency exposure, merely attempts to minimize it through market timing

Transfer through the forward contract provides certainty, preserves management reserve for other risks, and represents sound risk management by utilizing specialized financial instruments for financial risks.

🎓 Unlock Premium Access

PRINCE2 7 Practitioner + ALL Certifications

🎓 Access to ALL Certifications: Study for any certification on our platform with one subscription
3608 Superior-grade PRINCE2 7 Practitioner practice questions
Unlimited practice tests across all certifications
Detailed explanations for every question
PRINCE2 Practitioner: 5 full exams plus all other certification exams
100% Satisfaction Guaranteed: Full refund if unsatisfied
Risk-Free: 7-day free trial with all premium features!

Start Your Free 7-Day Trial