1. Right Answer: C
Explanation: All identified risk events should be entered into the risk register.A risk register is an inventory of risks and exposure associated with those risks. Risks are commonly found in project management practices, and provide information to identify, analyze, and manage risks. Typically a risk register contains: A description of the risk The impact should this event actually occur The probability of its occurrence Risk Score (the multiplication of Probability and Impact) A summary of the planned response should the event occur A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event) Ranking of risks by Risk Score so as to highlight the highest priority risks to all involved.Incorrect Answers:A: Before the risk events are analyzed they should be documented in the risk register.B: The risks should first be documented and analyzed.D: These risks should first be identified, documented, passed through qualitative risk analysis and then it should be determined if they should pass through the quantitative risk analysis process.

2. Right Answer: A
Explanation: Each business process involves inherent risk. Not engaging in any activity avoids the inherent risk associated with the activity. Hence this demonstrates risk avoidance.Incorrect Answers:B: Risk treatment means that action is taken to reduce the frequency and impact of a risk.C: Acceptance means that no action is taken relative to a particular risk, and loss is accepted when/if it occurs. This is different from being ignorant of risk; accepting risk assumes that the risk is known, i.e., an informed decision has been made by management to accept it as such.D: Risk transfer/sharing means reducing either risk frequency or impact by transferring or otherwise sharing a portion of the risk. Common techniques include insurance and outsourcing. These techniques do not relieve an enterprise of a risk, but can involve the skills of another party in managing the risk and reducing the financial consequence if an adverse event occurs.

3. Right Answer: A,B,D
Explanation: The risk components defined by the COSO ERM are internal environment, objective settings, event identification, risk assessment, risk response, control objectives, information and communication, and monitoring.Incorrect Answers:C: Business continuity is not considered as risk component within the ERM framework.

4. Right Answer: C
Explanation: The outcome of quantitative analysis can create a listing of prioritized risks that should be updated in the risk register. The project team will create and update the risk register with four key components: probabilistic analysis of the project probability of achieving time and cost objectives list of quantified risks trends in quantitative risk analysisIncorrect Answers:A, B, D: These subjects are not updated in the risk register as a result of quantitative risk analysis.

5. Right Answer: C
Explanation: There is only one tool and technique available for Fred to plan risk management: planning meetings and analysis. Planning Meeting and Analysis is a tool and technique in the Plan Risk Management process. Planning meetings are organized by the project teams to develop the risk management plan. Attendees at these meetings include the following: Project manager Selected project team members Stakeholders Anybody in the organization with the task to manage risk planningSophisticated plans for conducting the risk management activities are defined in these meetings, responsibilities related to risk management are assigned, and risk contingency reserve application approaches are established and reviewed.Incorrect Answers:A, B, D: These are not plan risk management tools and techniques.