Study PMP Assessing and Prioritizing Risks Iteratively: key concepts, common traps, and exam decision cues.
On this page
Risk prioritization matters because the list of possible risks is rarely the problem. The real challenge is deciding which risks deserve action now, which ones can be watched, and how those choices must change as the project evolves.
Prioritization Is a Loop, Not a Ceremony
PMP questions in this area usually reward the project manager who reassesses risk continuously instead of treating the first prioritization workshop as final.
The strongest prioritization approach usually looks at more than raw probability and impact. It also considers:
urgency and trigger proximity
interdependency with other risks
exposure to scope, cost, schedule, and quality
stakeholder sensitivity
whether the team can still influence the outcome
flowchart TD
A["Identify or update risk"] --> B["Assess probability, impact, and urgency"]
B --> C["Compare against current priorities and exposure"]
C --> D["Assign or update response and owner"]
D --> E["Reassess during later reviews or when triggers appear"]
What the Exam Usually Wants
The stronger PMP answer usually:
reassesses risks after major project changes
reprioritizes when assumptions shift
raises attention on risks whose triggers are getting closer
lowers attention on risks that are now less relevant
The weaker answer freezes the risk list and keeps treating an old high-risk item as urgent even when the situation has changed, or ignores an emerging risk because it was not prominent earlier.
Example
At the start of the project, supplier delay was the top risk. Later, the supplier stabilizes, but an integration dependency becomes more urgent because testing dates are close and the owning team is behind. The stronger move is to reprioritize rather than keep following the old ranking.
Common Pitfalls
Treating initial risk rankings as permanent.
Ranking only by intuition with no review discipline.
Ignoring urgency and trigger timing.
Failing to reprioritize after changes in scope, schedule, or stakeholder expectations.
Check Your Understanding
### Why is risk prioritization usually iterative rather than one-time?
- [ ] Because risk registers should never be updated
- [ ] Because every risk must stay high priority
- [ ] Because prioritization only matters at closing
- [x] Because probability, impact, urgency, and exposure can change as the project changes
> **Explanation:** Risk priorities should move when the project context moves.
### Which factor most strongly justifies raising a risk’s priority?
- [x] Its trigger is approaching and the team’s ability to respond is shrinking
- [ ] The risk was discussed months ago
- [ ] It belongs to a familiar category
- [ ] The team prefers not to revisit prior rankings
> **Explanation:** Rising urgency and shrinking response time usually justify stronger attention.
### Which practice is usually weakest?
- [ ] Reassessing risks after major project change
- [x] Using the first risk ranking as if it remains valid for the whole project
- [ ] Considering urgency alongside probability and impact
- [ ] Updating priorities when assumptions change
> **Explanation:** Static prioritization quickly becomes outdated.
### Which PMP-style response is strongest when a formerly minor risk becomes time-critical?
- [ ] Leave it in the same place to preserve consistency
- [ ] Wait for the next phase gate regardless of timing
- [x] Reassess and reprioritize it based on current urgency and exposure
- [ ] Convert it to an issue without analysis
> **Explanation:** The right move is to re-evaluate based on present conditions, not on older rankings.
Sample Exam Question
Scenario: Early in a project, data-migration uncertainty was considered moderate. Two months later, testing is near, the migration team is behind, and unresolved mapping problems now threaten the test schedule. Meanwhile, another previously high-ranked vendor risk has eased because the vendor delivered ahead of plan.
Question: Which action is most appropriate at this point?
A. Keep the original risk ranking to avoid confusing stakeholders
B. Escalate all risks equally to senior leadership
C. Remove the vendor risk and leave the migration risk unchanged until testing begins
D. Reassess and reprioritize the risks based on current probability, impact, urgency, and response timing
Best answer: D
Explanation: The strongest answer is D because PMP questions in this area reward iterative judgment. Risk priority should change when exposure and urgency change. The migration risk deserves more attention now, while the vendor risk can be deprioritized if its threat has genuinely decreased.
Why the other options are weaker:
A: Static rankings are weaker than current risk awareness.
B: Equal escalation ignores actual priority and decision need.
C: Waiting wastes time when the schedule threat is already emerging.
Key Terms
Risk prioritization: The process of ranking risks based on current exposure and decision need.
Urgency: How soon a risk may require action or may affect the project.
Exposure: The combined practical effect of probability, impact, timing, and context.