The risk analysis process involves examining how project outcomes and objectives might change due to the impact of the identified risk events. Once the risks are identified, they are analyzed to identify the qualitative and quantitative impact of the risk on the project so that appropriate steps can be taken to mitigate them.
Qualitative risk analysis is the process of prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other characteristics. Quantitative risk analysis is the process of numerically analyzing the combined effect of identified individual project risks and other sources of uncertainty on overall project objectives.
What is Risk Analysis?
Following the risk identification process, it is necessary to evaluate the importance of each identified risk in the project, in order to prioritize individual risks for further attention, evaluate the level of overall project risk exposure, and determine appropriate responses.
Risk evaluation can be performed using qualitative analysis to address individual risks, using quantitative analysis to consider the overall effect of risk on the project outcome, or using both in combination.
These two approaches require different types of information and techniques, but where both qualitative and quantitative analysis are used, an integrated approach should be adopted.
Qualitative risk analysis techniques are used to gain a better understanding of individual risks, considering a range of characteristics such as the probability of occurrence, degree of impact on project objectives, manageability, the timing of possible impacts, relationships with other risks, common causes or effects, etc. Understanding and prioritizing risks is an essential prerequisite to proactively managing them, so qualitative risk analysis techniques are used on most projects. The outputs should be documented and communicated to key project stakeholders and form a basis for determining appropriate responses.
Quantitative risk analysis techniques provide insights into the combined effect of identified risks on the project outcome. These techniques take into account probabilistic or project-wide effects, such as a correlation between risks, interdependency, and feedback loops, thereby indicating the degree of overall risk faced by the project.
The result is an indication of the degree of overall risk exposure in the project. The results should be used to focus the development of appropriate responses, particularly the calculation of required contingency reserve levels, and must be documented and communicated to inform subsequent actions.
Qualitative Risk Analysis
Perform qualitative risk analysis is the process of prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other characteristics. The qualitative risk analysis benefit is that it focuses efforts on high-priority risks.
Qualitative risk analysis assesses the priority of identified individual project risks using their probability of occurrence, the corresponding impact on project objectives if the risks occur, and other factors. Effective assessment therefore requires explicit identification and management of the risk attitudes of key participants in the perform qualitative risk analysis process.
Risk perception introduces bias into the assessment of identified risks, so attention should be paid to identifying bias and correcting for it. Where a facilitator is used to support the performance qualitative risk analysis process, addressing bias is a key part of the facilitator’s role.
An evaluation of the quality of the available information on individual project risks also helps to clarify the assessment of each risk’s importance to the project. Perform qualitative risk analysis establishes the relative priorities of individual project risks for risk response planning, it identifies a risk owner for each risk who will take responsibility for planning an appropriate risk response and ensuring that it is implemented.
The qualitative analysis process is performed regularly throughout the project life cycle, as defined in the risk management plan. Often, in an agile development environment, the process is conducted before the start of each iteration. As an outcome of the qualitative risk analysis activities, the risk register is updated with new information generated during this risk analysis process.
Updates to the risk register may include assessments of probability and impacts for each individual project risk, its priority level or risk score, the nominated risk owner, risk urgency information or risk categorization, and a watch list for low-priority risks or risks requiring further analysis.
Quantitative Risk Analysis
Perform quantitative risk analysis is the process of numerically analyzing the combined effect of identified individual project risks and other sources of uncertainty on overall project objectives. Quantitative risk analysis's benefit is that it quantifies overall project risk exposure, and it can also provide additional quantitative risk information to support risk response planning.
More effort and time should be spent on the quantitative risk analysis process for complex projects and complex decisions, while less time should be spent on small projects and less important projects. Results of this risk analysis process can be used to evaluate the likelihood of success in achieving project objectives and to estimate contingency reserves.
During the plan risk management process, the benefits of quantitative risk analysis should be weighed against the effort required to ensure that the additional insights and value justify the additional efforts. The perform quantitative risk analysis process provides a numerical estimate of the overall effect of risk on the objectives of the project, based on current plans and information.
The use of quantitative risk inquiry for a project will be specified in the project’s risk management plan; it is most likely appropriate for large or complex projects, strategically important projects, projects for which it is a contractual requirement, or projects in which a key stakeholder requires it.
Quantitative risk analysis is the only reliable method to assess overall project risk through evaluating the aggregated effect on project outcomes of all individual project risks and other sources of uncertainty.
Perform quantitative risk analysis use’s information on individual project risks that have been assessed by the qualitative risk analysis process as having a significant potential to affect the project’s objectives. Outputs from performing quantitative risk analysis are used as inputs to the plan risk responses process, particularly in recommending responses to the level of overall project risk and key individual risks.
A quantitative risk analysis may also be undertaken following the plan risk responses process, to determine the likely effectiveness of planned responses in reducing overall project risk exposure. A quantitative risk analysis example is shown in below:
You are managing a stadium construction project, when two team members come to you with conflict, the Construction manager has identified an important project risk, you have a subcontractor that may not deliver on time, the team estimates that there is 40% chance that the subcontractor will fail to deliver with additional cost of $15,250 to pay your engineers and site labor to do the work and the delay will cost the company extra $20,000, the engineering manager points out an opportunity to save the project $4,500 in engineering cost with a chance of 65% of this opportunity to occur. In this scenario what is the EMV?
Answer
Expected Monetary Value (EMV)= P*I
0.4 = -$14,100 * (15,250 + 20,000) Risk #1: EMV=
Risk #2: EMV = 0.65 * 4,500 = $2,925
EMV = -14,100 + 2,925 = - $11,175
Monte Carlo Simulation
Quantitative risk analysis uses a model that simulates the combined effects of individual project risks and other sources of uncertainty to evaluate their potential impact on achieving project objectives. Simulations are typically performed using a Monte Carlo analysis.
When running a Monte Carlo analysis for cost risk, the simulation uses the project cost estimates. When running a Monte Carlo analysis for schedule risk, the schedule network diagram and duration estimates are used. An integrated quantitative cost-schedule risk analysis uses both inputs. The output is a quantitative risk analysis model.
Computer software is used to iterate the quantitative risk inquiry model several thousand times. The input values (e.g., cost estimates, duration estimates, or occurrence of probabilistic branches) are chosen at random for each iteration. Outputs represent the range of possible outcomes for the project (e.g., project end date, project cost at completion).
Typical outputs include a histogram presenting the number of iterations where a particular outcome resulted from the simulation, or a cumulative probability distribution (S-curve) representing the probability of achieving any particular outcome or less. An example S-curve from a Monte Carlo cost risk analysis is shown in figure below.
Sensitivity Analysis
Sensitivity analysis helps to determine which individual project risks or other sources of uncertainty have the most potential impact on project outcomes. It correlates variations in project outcomes with variations in elements of the quantitative risk analysis model.
One typical display of sensitivity analysis is the tornado diagram, which presents the calculated correlation coefficient for each element of the quantitative risk analysis model that can influence the project outcome. This can include individual project risks, project activities with high degrees of variability, or specific sources of ambiguity. Items are ordered by descending strength of correlation, giving the typical tornado appearance.
Conclusion
Risk analysis should be conducted properly to ensure successful risk management planning in the project. After completing risk analysis activities in the project, you should expect an updated risk register and an updated risk report. The outcomes of performing qualitative risk analysis, performing quantitative risk analysis, plan risk responses, implement risk responses, and monitor risks should be documented in the risk report and risk register as those processes are completed.
If what we explained in this article is part of your day-to-day job, or if you are interested in improving your knowledge in the risk management field, we highly recommend you read about the PMI RMP certification exam through our blog . Also, you can have a look at the curriculum of our PMI RMP exam preparation bootcamp.