Home/ project-management/ PMI Risk Management Professional/ Cheat Sheet
PMI Risk Management Professional· Exam reference card · 2026 · Edureify AI
PMI Risk Management Professional

PMI Risk Management Professional Cheat Sheet

PMI-RMP Tests Risk Management as a Continuous, Proactive Practice — Not Reactive Problem Solving

The exam tests whether you can build a risk culture, design effective risk frameworks, and make risk response decisions that protect project value.

Check Your Readiness →
Among the harder certs
Avg: Approximately 60–65%
Pass: 750 / 1000
Most candidates understand PMI Risk Management Professional concepts — and still fail. This exam tests how you apply knowledge under pressure.
Core Framework

PMI-RMP Risk Management Framework

PMI-RMP covers 5 domains with a focus on proactive risk management culture, quantitative analysis techniques, and integrating risk with stakeholder engagement. Both threats and opportunities are managed.

  1. 01
    Risk Strategy & Planning — Establish risk management approach, thresholds, and roles
  2. 02
    Stakeholder Engagement — Integrate risk ownership into the project team
  3. 03
    Risk Identification — Systematic techniques to surface all relevant risks
  4. 04
    Risk Analysis — Qualitative (probability/impact) and quantitative (EMV, Monte Carlo)
  5. 05
    Risk Response — Avoid, transfer, mitigate, accept (threats); Exploit, enhance, share, accept (opportunities)
  6. 06
    Risk Monitoring — Track risk status, trigger conditions, and residual risk throughout
Scenario Traps

Wrong instinct vs correct approach

A project is proceeding normally but a risk trigger condition has been met
✕ Wrong instinct

Wait to see if the risk actually materializes before responding

✓ Correct approach

The risk response plan should have predefined trigger conditions with corresponding response actions. When a trigger is hit, execute the planned response immediately — waiting converts a risk into an issue

A risk's probability has increased significantly during execution
✕ Wrong instinct

Update the risk register and notify the stakeholders

✓ Correct approach

Re-analyze the risk impact, evaluate whether the existing response plan is still adequate, consider escalating if the risk now exceeds threshold, and update the response plan — notification alone is insufficient

A risk response involves transferring risk to an insurance provider
✕ Wrong instinct

Risk transfer eliminates the project's responsibility for the risk

✓ Correct approach

Risk transfer shifts the financial consequence but does not eliminate the risk or the project's accountability. The team must still monitor the risk and have a fallback plan if the transfer mechanism fails.

Quick Rules

Know these cold

  • Opportunities are positive risks — exploit, enhance, share, accept (same framework, different goals)
  • EMV = Probability × Impact; contingency reserve = sum of all risk EMVs
  • Contingency reserve = known risks (PM controls); Management reserve = unknown risks (requires approval)
  • Risk triggers are pre-defined conditions — when met, execute the response plan immediately
  • Residual risk = risk remaining after response; Secondary risk = new risk created by the response
  • Stakeholder risk ownership increases engagement and accuracy of risk identification
  • Risk appetite (organizational) > Risk threshold (project-level) > Risk tolerance (acceptable variance)
Self Check

Can you answer these without checking your notes?

In this scenario: "A project is proceeding normally but a risk trigger condition has been met" — what should you do first?
The risk response plan should have predefined trigger conditions with corresponding response actions. When a trigger is hit, execute the planned response immediately — waiting converts a risk into an issue
In this scenario: "A risk's probability has increased significantly during execution" — what should you do first?
Re-analyze the risk impact, evaluate whether the existing response plan is still adequate, consider escalating if the risk now exceeds threshold, and update the response plan — notification alone is insufficient
In this scenario: "A risk response involves transferring risk to an insurance provider" — what should you do first?
Risk transfer shifts the financial consequence but does not eliminate the risk or the project's accountability. The team must still monitor the risk and have a fallback plan if the transfer mechanism fails.
Failure Patterns

Common Exam Mistakes — What candidates get wrong

Treating risk management as a planning-phase-only activity

PMI-RMP tests continuous risk management throughout the project lifecycle. Risks are identified, analyzed, and responded to continuously — not just at project initiation or planning.

Ignoring opportunities (positive risks)

PMI-RMP explicitly tests opportunity response strategies: exploit, enhance, share, accept. Candidates who only think about threat responses miss 20–25% of response strategy questions.

Misidentifying expected monetary value calculation

EMV = Probability × Impact (in dollars). For threats: EMV is negative. For opportunities: EMV is positive. The combined EMV drives contingency reserve sizing. Miscalculating EMV is a quantitative analysis failure.

Confusing contingency reserve with management reserve

Contingency reserve addresses known risks (in the risk register) — PM controls it. Management reserve addresses unknown risks — requires management approval to access.

Not engaging stakeholders in risk identification

Stakeholders with domain knowledge are the most reliable source of risk identification. Candidates who conduct risk identification without stakeholder involvement produce incomplete risk registers.

PMI-RMP tests proactive risk thinking across threats and opportunities. Test whether your risk management instincts are sharp.

Start Diagnostic Test → View all exams