Perform Qualitative Risk Analysis

This article contains most of the important information you need to know about Perform Qualitative Risk Analysis process in order to answer questions related to this topic in the PMI-RMP Exam, I recommend you review this type of articles 1 week before your exam date, all information mentioned are based on PMBOK Guide 5th edition , Practice Standard for Risk Management and  Risk Management Tricks of the trade for Project Managers and PMI-RMP Exam Prep Guide , 2nd Edition by Rita Mulcahy ., ITTO refers to Inputs, Tools & Techniques and outputs.

This process is a part of Planning Process group and Risk Management Knowledge Area with the following ITTO’s


  1. Risk management Plan
  2. Risk Register
  3. Scope Baseline
  4. Organizational Process Assets
  5. Enterprise Environmental Factors

Tools & Techniques:

  1. Probability and Impact Matrix
  2. Risk Data Quality assessment
  3. Risk Categorization
  4. Risk Urgency Assessment
  5. Expert Judgment



  1. Project Management Plan Updated
  2. Risk Resister updates


  • Perform qualitative risk analysis evaluates characteristics of individual risks identified earlier subjectively and prioritize them based on agreed upon characteristics , specific objectives are :
  1. Subjectively evaluate probability and impact of each risk.
  2. Create a shortlist of identified risks earlier.
  3. Make Go/No go Decisions.
  • If several Risks are categorized in one group which arise from a common source which called “ Root Cause “ , risk responses may be more effective in facing this root cause.
  • If several risks making common effects on the project , it will be identified that this area with common effects have the greatest risk exposure , and risk response will focus on this area.
  • A successful qualitative risk analysis should got an agreement from the project stakeholders especially on the fundamental criterion , some factors which may affect the success of this process includes :
  1. Using and agreed-upon approach , risks are assessed according to probability , impact and some major factors such as :
  2. Urgency, some risks requires near term responses, indicators of urgency may include lead time required to execute risk response and clarity of warning signs.
  3. Manageability, some risks are not manageable and it is waste of time trying to plan a response , so there should be a contingency reserves , re scope of the project or consulting the customer about a decision regarding these risks.
  4. External impact of the risk such as affecting the overall organization.
  5. Using a standard probability and impact of risk ratings on project objectives.
  6. Collect high quality information about risks and identifying any biases in data.
  7. Perform qualitative analysis iteratively; frequency of performing should be defined in risk management plan.
  • Assumptions testing, professional project manager should look on what assumptions have been made while identifying risk and check which of them still valid, In assumptions testing, the stability and consequences are rated from 1-10 , an assumption with stability of 5 to 10 means it still valid, consequences of 5 to 10 means the assumption could have large impact on the project.
  • Major Tools and techniques used in this process are :
  1. Data quality assessment, It is the question of “ How well the risk is understood ? “ , the higher the priority of the project the more accurate data is needed , this technique can be executed using a chart to test the following :
  2. Extent of the understanding of the risk.
  3. Amount of data available about the risk
  4. Reliability and integrity of data.
  5. Is there is any bias in data gathered.
  6. Probability and impact Scale, if there is no standard risk scales in your organization , you as a project manager should define one, remember that 9 or 10 in probability rating is considered as a fact not a risk , the importance of this scale to reduce bias and to achieve consistent evaluation. Having a defined scale for probability and impact with detailed description of each value on the scale will reduce biasing. Some organizations prepare this probability and impact matrix on specific objectives while others do on overall project, you can have both!
  7. Risk urgency assessment , as some risks will have higher urgency than others and they should move directly to plan risk response , this can be defined through the list of risks in priority order or priority groups , sometimes there is a risk prioritization index which will give a good sign about importance of the risk , a risk ranking within the project should be executed as well depending on the risk scores ( Probability by impact ) , always remember that risks with probability of 9 and 10 are considered issues and they should be addressed in Project scope not in risk management .
  8. Risk Categorization, grouping risks into categories may lead to improved analysis of the probability and magnitude of project risk and to effective responses, one major category is the root cause category, some risks may be linked in a casual chain, and understanding the chain of risks may lead to a better understanding of project risk, a combination of risk analysis information with the work breakdown structure can show the areas of the project that exhibit the highest risk.
  • Project risk threshold is the total amount of risk acceptable on the project; risk thresholds should be identified and agreed upon as early as possible.
  • Project risk score , it is calculated as the sum of individual risk scores and divide that sum by the number of risks, it is the standard by which risk efforts are measured , the difference in scores between the planning stage and monitoring stage shows the success of risk response efforts.
  • The project with highest risk score compared to other projects within the organization should have the best project manager assigned to with the most experienced resources, the risk score of the project overall will help the management make Go/ No Go Decisions , Should we do this project ?
  • Risks with lowest priority are recorded as non-top risks “ Watch List “ which should be recorded and revised in later on in the monitor and control risk process.
  • Highest risk activities should be considered, activities with the highest number of risks, activities with the highest risk score, and activities on network diagram with convergence and divergence.
  • Bar charts are useful to show risk scores of each activity on the bars itself.
  • Once you are done with Perform qualitative risk analysis you should decide to proceed for Perform quantitative risk analysis or forward to plan risk responses.
  • This process results in :
  1. Assumption Log updates
  2. Updates to risk register ,
  3. Risk ranking for the project compared to other projects.
  4. List of prioritized risks.
  5. Risks grouped by category.
  6. List of risks requiring additional analysis.
  7. Watch list ( Non top risks )
  8. Trends, to know if project risk is increasing , decreasing or staying the same.
  9. Go/No go Decisions.
  10. Qualitative Risk analysis are used to compare project overall risk to others within organization and to determine whether to proceed for perform quantitative risk analysis or plan risk responses.


Leave a Reply

Logged in as shadi alsha3er. Log out?