After analyzing the information collected from individual project team members, the risk manager's primary output is an updated risk register. The risk register is a key document in risk management, containing all identified risks, their analysis, and the planned responses. As new information is gathered and analyzed, the risk register is updated to reflect the current status of each risk, any changes in their probability or impact, and any adjustments to the risk response plans.
PMI emphasizes that the risk register should be continually updated throughout the project to ensure that all risks are properly managed and documented.

When a project comprises multiple tasks, each with varying probable durations, determining the overall project's expected duration necessitates an analytical approach that accounts for this variability. Monte Carlo simulation is a robust technique that performs this function effectively. By running numerous simulations, it models the probability of different outcomes in processes that involve random variables, such as task durations. This method provides a comprehensive view of possible project completion times and their associated probabilities, enabling more informed decision-making.
PMI Risk Management Study Guide References:
The PMI-RMP Exam Preparation Study Guide emphasizes the utility of Monte Carlo simulations in project scheduling, stating that they "allow project managers to assess the impact of risk and uncertainty on project timelines by simulating various scenarios and their probabilities."

The project manager should monitor and control secondary and residual risks in the risk register. This will ensure that any new risks identified during the implementation of the risk response plan are captured and managed effectively. Monitoring and controlling risks is a continuous process that helps in identifying, analyzing, and planning for new risks as well as updating the risk register as needed.
According to the PMI Risk Management Professional (PMI-RMP)®Examination Content Outline, one of the tasks under the domain of Risk Response Planning is to "identify and assess the effectiveness of alternative strategies to reduce threats or enhance opportunities, such as mitigation, transference, avoidance, and acceptance" 1. This implies that the project manager should also consider the potential secondary or residual risks that may arise from implementing the chosen risk response strategy. Secondary risks are new risks that are created as a direct result of implementing a risk response, while residual risks are those that remain after the risk response has been executed 2. Both types of risks should be identified and assessed for their impact and probability, and added to the risk register for further monitoring and control. Therefore, the correct answer is A.
References: 1: PMI Risk Management Professional (PMI-RMP)®Examination Content Outline, page 91 2:
A Guide to the Project Management Body of Knowledge (PMBOKGuide) - Sixth Edition, page 4362

When a new risk manager is assigned to an ongoing project, their first step should be to review the existing risk management plan to understand the current policies, practices, and strategies in place.
The new risk manager should first review the policies and practices that are outlined in the risk management plan, as this is the document that describes how risk management will be performed on the project. The risk management plan defines the roles and responsibilities, risk categories, risk appetite and thresholds, risk identification and analysis methods, risk response strategies, risk monitoring and reporting mechanisms, and risk governance structure for the project. The new risk manager should familiarize themselves with the risk management plan to understand the project environment and the expectations and requirements for risk management. The other options are not the first actions that the new risk manager should take. Reviewing potential next steps with the project team is a good practice, but it should be done after reviewing the risk management plan to ensure alignment and consistency. Reviewing the scope of work to determine the prescribed project methodology is not directly related to risk management, and it may not provide sufficient information about the project environment and the risk management approach. Reviewing the contract and determining the resources and project funding is part of the project initiation process, and it may not reflect the current status and issues of the project. References: 2, 3, 4

Residual risks are those that remain after implementing risk response strategies. In this scenario, the primary risk is a major power outage that could lead to the failure of the digital platform hosting the new product database. The financial institution has mitigated this risk by installing backup power generators. However, the possibility of a power outage still exists, and the effectiveness of the backup generators cannot be guaranteed with absolute certainty. Therefore, the remaining risk, despite the mitigation measures, is classified as residual risk.
PMI Risk Management Study Guide References:
The PMI-RMP Exam Content Outline defines residual risk as the risk that remains after risk responses have been implemented, highlighting the necessity of monitoring these risks throughout the project lifecycle.