The correct answer is D. Update the project stakeholders and seek their input on the resulting secondary risk.
This question describes a secondary risk , which is a new risk that arises as a direct result of implementing a risk response. The original equipment-failure risk was successfully mitigated, but the use of alternative machinery introduced another issue. In standard risk management practice, once a secondary risk is identified, it must be documented, assessed, communicated, and managed through the normal risk process. Because this new risk can affect project objectives and may require additional response planning, relevant stakeholders should be informed and involved in determining the best course of action.
Option D is the best answer because secondary risks should not be ignored or delayed unnecessarily. Stakeholder input is important to evaluate the impact of the new issue, determine acceptable response options, and align decisions with project priorities and risk thresholds.
Why the other options are incorrect:
A. Assign a risk owner and develop the risk mitigations at the next scheduled risk meeting. Assigning an owner and planning mitigation are valid activities, but waiting until the next scheduled meeting may delay needed action. The question asks what the risk manager should do now after identifying the secondary risk. Immediate stakeholder communication is more appropriate.
B. Continue with the project as the risk identified is inconsequential. The scenario does not support the conclusion that the secondary risk is insignificant. Assuming it is inconsequential without analysis would be poor risk practice.
C. Assign risk responsibility to the project manager to determine how to proceed. Risk responsibility should be assigned to the most appropriate owner, not automatically to the project manager. Also, the correct first step is broader communication and engagement around the newly emerged secondary risk.
Best-practice reasoning:
Secondary risks are a recognized output of risk response actions. They should be captured and processed like any other identified risk. Transparent stakeholder communication is especially important when a response action creates new uncertainty.
Reference-aligned basis:
This answer is consistent with standard risk management guidance that emphasizes:
risk responses can generate secondary risks,
newly identified risks should be communicated and assessed,
stakeholders should be engaged when new risks emerge from implemented responses.
[References:, PMI, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Implement Risk Responses and Monitor Risks, PMI, Practice Standard for Project Risk Management, ISO 31000, communication, consultation, and risk treatment principles, ============]
