The correct answer is B. Analyze the risks and add them to the risk register to continue the process.
In project risk management, risks include both threats and opportunities . Positive risks are legitimate project risks because they can create beneficial outcomes if properly understood and managed. Once these positive risks are identified, the next step is not to isolate them from the normal process, but to document them in the risk register and continue analysis and management activities just as with negative risks.
This answer is correct because it reflects the normal risk management flow:
identify risks, including opportunities and threats,
document them in the risk register,
analyze and prioritize them,
develop suitable response strategies.
Why the other options are incorrect:
A. Prioritize opportunities as they are likely to bring benefits to the project. Opportunities should certainly be evaluated and prioritized, but first they must be formally captured and analyzed within the project’s risk management process. The broader and more correct next step is to analyze and record them in the risk register.
C. Create a separate project to exclusively manage positive risks and threats. This is unnecessary and contrary to normal practice. Positive and negative risks are managed within the same project risk framework.
D. Assign separate stakeholder groups for positive risks and negative risks. Separate stakeholder groups are not required simply because risks are positive or negative. Risk ownership should be based on relevance, authority, and capability, not on whether the risk is an opportunity or a threat.
Best-practice reasoning:
A mature risk management process treats opportunities and threats as part of the same structured system. Both should be identified, documented, analyzed, monitored, and responded to in alignment with project objectives.
Reference-aligned basis:
This answer is consistent with standard risk management guidance that emphasizes:
risks may be positive or negative,
all identified risks should be recorded in the risk register,
analysis continues after identification for both opportunities and threats.
[References:, PMI, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Identify Risks and Project Risk Management, PMI, Practice Standard for Project Risk Management, ISO 31000, risk as the effect of uncertainty on objectives, , ]
