A project team performs monthly risk audits for a project, where a large number of identified risks have been realized. So far, the risk responses have been appropriate, and the reserves sufficient. An executive for the requesting organization criticizes the project manager improper risk audits, stating that only independent, external resources should perform risk audits.
How should the project manager respond?
A. Explain that risk audits can be performed either internally or externally as long as they follow the project management plan
B. Agree with the executive and submit a change request to update the project management plan to have the audits conducted externally
C. Follow the guidance provided by the executive and hire a team of external auditors to conduct the risk audits going forward
D. Explain that if the current risk audits are not sufficient, then a comprehensive project audit should be carried out
HINT: Risk audits consider the effectiveness of the risk management process.
All our questions are updated to the latest
A Guide to the Project Management Body of Knowledge (PMBOK® Guide) standard. Stop by at
free.pm-exam-simulator.com/
and try the PM Exam Simulator free for 7 days. We are a trusted and experienced education provider.
Answer and Explanation:
The correct answer is A.
Risk audits are among the tools and techniques of the Monitor Risks process. Risk audits are used to consider the effectiveness of the risk management process. The project manager is responsible for ensuring that risk audits are performed at an appropriate frequency as defined in the project's risk management plan. Risk audits are typically performed by the project team and may be included during routine project review meetings or may form part of a risk review meeting, or the team may choose to hold separate risk audit meetings. In this scenario, since conducting risk audits internally is not contrary to project management best practices, and the current risk audit process has proven to be effective, there is no reason to agree with the executive. Therefore, among the available options, the best course of action is to explain to the executive that risk audits can be performed either internally or externally as long as they follow the project management plan.
Note that any stakeholder can request a change to the project. It is not clear from the question if the executive's comment constitutes a change request. If, after explaining the rationale for continuing with the current internal risk audits, the executive still wants external auditors performing the risk audits, the project manager should follow the change control process established for the project. However, in this situation, the change request would likely be rejected since there is no reason to believe that the project would benefit from hiring external auditors to perform the risk audits.
Details for each option:
A. Correct. Risk audits consider the effectiveness of the risk management process. Project teams should regularly review the risk processes to make sure they have planned appropriately to address risks. In this situation, since the risk responses have proven to be appropriate, there is not a strong argument that the project needs outside audits at this point.
B. Incorrect. In this scenario, there is no indication that the project team is doing a poor job. The risk responses are working, and there is no excessive unknown risk. Although an approved change request would likely be required to hire external auditors, there is no reason to agree with the executive as internal risk audits are not contrary to project management best practices.
C. Incorrect. There is no information presented by the question to suggest that the existing risk audit process is flawed and would benefit from external audits. Additionally, hiring external auditors would likely require an update to the risk management plan and possibly other components of the project management plan, and updating the project management plan would first require an approved change request.
D. Incorrect. There is no correlation between risk audits being insufficient and the requirement for a project audit. There is nothing in the scenario that indicates other problems on the project exist, which would warrant a project audit.
Reference:
A Guide to the Project Management Body of Knowledge, (PMBOK® Guide) – Sixth Edition, Project Management Institute Inc., 2017, Page(s) 456