nerdexam
PMI

PGMP · Question #582

A biometrics firm has a facial recognition program with multiple components and project managers. The project manager from the mobile device division escalates a vendor-related risk to the program man

The correct answer is C. Add the risk details and analysis to the program risk register.. The correct answer is C: Add the risk details and analysis to the program risk register. In program risk management, formal documentation always precedes action. Once the program manager has assessed a risk - regardless of its severity - it must be recorded in the program risk re

Program Governance

Question

A biometrics firm has a facial recognition program with multiple components and project managers. The project manager from the mobile device division escalates a vendor-related risk to the program manager. After assessing the risk, the program manager determines that this risk may impact other projects within the program. However, this risk has a low degree of impact and probability of occurring. What should the program manager do first?

Options

  • AObtain a risk reserve from the executive sponsor, and execute a contingency plan.
  • BCommunicate the risk to all project managers to manage at the component level.
  • CAdd the risk details and analysis to the program risk register.
  • DBrainstorm with the project manager to develop an appropriate risk response.

How the community answered

(30 responses)
  • A
    3% (1)
  • B
    10% (3)
  • C
    70% (21)
  • D
    17% (5)

Explanation

The correct answer is C: Add the risk details and analysis to the program risk register.

In program risk management, formal documentation always precedes action. Once the program manager has assessed a risk - regardless of its severity - it must be recorded in the program risk register before any response strategy is developed or communicated. The risk register is the authoritative source of truth for all identified risks across the program; it captures the risk description, assessment results (probability, impact), and will later hold the chosen response. This ensures traceability, visibility across the program, and a structured basis for future decisions.

The 'do first' framing is the key to this question. Even though the risk may eventually warrant communication to other project managers or a formal response plan, none of those actions should occur before the risk is formally logged.

Why the other options are wrong:

  • A (Obtain risk reserve and execute contingency plan): This is premature and disproportionate. Contingency plans are not executed the moment a risk is identified - especially one with low probability and low impact. Risk reserves are typically justified for higher-severity risks.
  • B (Communicate to all project managers to manage at component level): Communication is important, but it happens after documentation. Also, since this risk has been elevated to the program level and may impact multiple projects, the program manager should own and coordinate the response rather than immediately pushing it back down to component teams without a recorded plan.
  • D (Brainstorm with the project manager to develop a risk response): Developing a response strategy is a valid follow-up step, but it comes after the risk is formally entered into the program risk register. You cannot manage what has not been recorded.

Topics

#Program Risk Management#Program Risk Register#Risk Assessment#Risk Escalation

Community Discussion

No community discussion yet for this question.

Full PGMP Practice