Midway through a software implementation project, a government agency issues new data-protection regulations that could require changes to how the system stores personal information. From a project risk-management perspective, what should the project manager do FIRST?
Record the regulation as a new risk in the risk register, assess its impact, and plan appropriate responses.
Immediately stop all project work until senior management provides additional funding to cover the new requirement.
Transfer responsibility for addressing the regulation entirely to the legal department because it is not a project concern.
Postpone any action until the closing phase and capture the regulation in the lessons-learned report.
Regulatory changes are an external risk source that must be managed within the project. The first step is to treat the new regulation as a risk: record it in the risk register, perform an impact assessment, and develop or update response and contingency plans. Ignoring the change, postponing action until project closing, or shifting responsibility entirely to another department fails to comply with standard risk-management practice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a risk register in project management?
Open an interactive chat with Bash
Why are regulatory changes treated as risks in project management?
Open an interactive chat with Bash
What steps are involved in assessing and responding to a new project risk?