In risk analysis, you determine the probability and impact of risks and how they can affect your project objectives. Risk analysis identifies, assesses, and prioritizes potential events or conditions that could negatively impact objectives.
It helps you understand the likelihood and consequences of risks, enabling informed decision-making and effective risk management strategies to minimize threats and realize opportunities.
In short, a risk analysis includes:
- Ranking the risks based on their probability, impact, and effect on the project objectives
- Helping estimate contingency reserves and risk response planning to manage identified risks.
You can analyse the risks using many different methods; however, qualitative and quantitative risk analysis are the most popular methods recommended by the PMI (Project Management Institute, USA).
In today’s blog post, I will explain to you the qualitative and quantitative risk analysis techniques.
Qualitative Vs Quantitative Risk Analysis
Qualitative risk analysis examines risks using high-level information, describes them, and ranks them based on their impact. It is based on scenarios and expert opinions. Qualitative risk analysis aims to find high-priority risks to deal with to save projects from the negative impacts of risks and capitalize on opportunities.
In contrast, quantitative risk analysis uses numbers and data to analyze risks. It assigns numerical values to each risk, which helps in deeper analysis and decision-making.
Both methods are used to understand and handle risks, but one is more about opinions and the other about numbers.
Qualitative Risk Analysis
Qualitative risk analysis is a straightforward method for analyzing identified risks. After completing this analysis, you can develop your risk response plans or proceed to further analysis, such as quantitative risk analysis.
You have two methods to analyze risks quantitatively.
In the first method, you rank the risk as low, low, medium, serious, or high based on your educated guess and develop risk response plans for high—and serious risks. This is the simplest method of analyzing risks.You will examine risks for severity and likelihood of occurrence during the project. Afterward, you will find the risk ratings using the risk assessment matrix.
The second method is the probability and impact method. Here, you determine the probability and impact of each risk and multiply them together to get a number. Based on this number, you can rank the risk. You can scale risks for probability and impact on a one-to-ten scale.
Qualitative risk analysis is a subjective process, and its result can be affected by biases of team members or personal opinions of experts. You must ensure that those biases are removed from the analysis.
For any risk analysis process, you start with qualitative risk analysis, and if the result is satisfactory, you proceed with the plan responses. However, if the project is complex or qualitative analysis recommends quantitative risk analysis, you will also proceed with it.
Benefits of Qualitative Risk Analysis:
- Quick and Easy: It is faster and easier to perform with limited data.
- Prioritizes Risks: Helps identify which risks need immediate attention.
- Improves Communication: Encourages team discussions about potential risks.
- Cost-Effective: Requires fewer resources compared to quantitative analysis.
- Supports Decision-Making: Helps project managers take timely preventive actions.
In qualitative risk assessment, you can use the following tools:
- Risk Probability and Impact Assessment
- Probability and Impact Matrix
- Risk Data Quality Assessment
- Risk Urgency Assessment
- Expert Judgment
- Brainstorming
- Delphi Technique
- SWOT Analysis
- Checklists
- Root Cause Analysis
Qualitative Risk Analysis Example
The following is an example of a qualitative risk analysis for a construction project — building a 10-story commercial office building:
| Risk | Cause | Impact | Probability | Impact Level | Risk Rating | Response Strategy |
| Delay in material delivery | Supplier issues or transport delays | Delay in project timeline | High | High | High | Mitigate: Use multiple suppliers |
| Labor shortage | Lack of skilled labor or worker strikes | Reduced productivity | Medium | High | High | Mitigate: Pre-contract skilled labor |
| Unexpected weather conditions | Prolonged rains or extreme heat | Halted site work, safety issues | High | Medium | Medium | Accept: Adjust schedule buffer |
| Design errors | Incomplete or incorrect drawings | Rework, cost overruns | Low | High | Medium | Mitigate: Conduct design reviews |
| Equipment breakdown | Poor maintenance or overuse | Project delays, repair costs | Medium | Medium | Medium | Transfer: Rent backup equipment |
| Community opposition | Noise, dust, or traffic disruptions | Permit delays, legal actions | Low | Medium | Low | Avoid: Community engagement sessions |
Quantitative Risk Analysis
Quantitative risk analysis analyzes the risks objectively. It assing objective value to risks and develop a probabilistic assessment of identified risks.
This analysis provides a quantitative approach to making decisions during uncertainties. Quantitative risk analysis quantifies the possible outcomes for the risks and assesses the probability of achieving the project objectives.
Quantitative risk analysis helps you build a robust cost schedule and scope baseline.
Benefits of Quantitative Risk Analysis:
- Data-Driven: Uses numbers and models to give objective results.
- Predicts Impact: Estimates the financial and time impact of risks.
- Improves Planning: Supports better resource and schedule planning.
- Supports Decision-Making: Helps choose the best risk response strategies.
- Increases Confidence: Provides stakeholders with solid evidence for decisions.
In quantitative risk assessment, you can use the following tools:
- Decision Tree
- Expected Monetary Value
- Monte Carlo Simulation
- FMEA
- Sensitivity Analysis
- Influence Diagram
Limitations of Quantitative Risk Assessment
Quantitative risk analysis techniques require skills and experience. The analysis will not provide the correct result if team members lack these skills. Also, the data quality should be high and free from biases. Corrupted or biased data will lead to an incorrect result.
Quantitative Risk Analysis Example
The following is an example of a quantitative risk analysis for a construction project using a 10-story commercial office building as the project context.
| Risk | Estimated Cost Impact (USD) | Probability (%) | Expected Monetary Value | Response Strategy |
| Delay in steel delivery | $80,000 | 30% | $24,000 | Mitigate: Source from backup suppliers |
| Labor cost escalation | $150,000 | 20% | $30,000 | Accept: Budget contingency |
| Design change request | $100,000 | 40% | $40,000 | Avoid: Conduct early stakeholder reviews |
| Equipment failure | $50,000 | 25% | $12,500 | Transfer: Use rental with service warranty |
| Utility line damage | $60,000 | 10% | $6,000 | Mitigate: Perform a detailed site survey |
| Total Expected Monetary Value | $112,500 |
Total Expected Monetary Value (EMV) = $24,000 + $30,000 + $40,000 + $12,500 + $6,000
= $112,500
How to Perform Qualitative and Quantitative Risk Analysis
You can follow the following steps to perform both qualitative and quantitative risk analysis:
Step I: Develop a Risk Management Plan
Start by creating a comprehensive Risk Management Plan, which outlines:
- The project’s risk definitions
- Methods for identifying risks
- Criteria for evaluating probability and impact
- Guidelines for developing risk response strategies
- Whether the project will use only qualitative or both qualitative and quantitative risk analysis
This plan sets the foundation for managing risks throughout the project.
Step II: Identify Risks
Next, identify all potential risks that may affect the project. Use various tools and techniques, including:
- Review of organizational process assets (e.g., contract documents, past project records, lessons learned)
- Brainstorming sessions with the project team
- Interviews or one-on-one meetings with key stakeholders
- SWOT analysis, checklists, and expert judgment
Document all identified risks in a Risk Register, including risk descriptions, potential triggers, and possible outcomes.
Step III: Perform Qualitative Risk Analysis
Analyze and prioritize risks based on their likelihood and impact. Use a risk assessment matrix to assign a risk rating, such as high, medium, or low.
Key tasks include:
- Determining probability and impact scores
- Categorizing risks into a risk matrix
- Identifying which risks require immediate attention
- Placing lower-priority risks on a watch list
If your risk management plan includes quantitative risk analysis, proceed to the next step. Otherwise, begin preparing your risk response strategies.
Step IV: Perform Quantitative Risk Analysis
Quantitatively analyze the high-priority risks identified earlier to understand their numeric impact on project objectives. Techniques used may include:
- Expected Monetary Value (EMV) analysis (Probability × Impact)
- Monte Carlo Simulation for assessing schedule and cost uncertainties
- Decision Tree Analysis to evaluate different risk-response scenarios
This step helps understand the potential financial and scheduling impacts of high-priority risks.
Step V: Develop Risk Responses
Now, create risk response plans for prioritized risks. Different strategies are used depending on the nature of the risk:
- For negative (threat) risks: Avoid, Transfer, Mitigate, or Accept
- For positive (opportunity) risks: Exploit, Enhance, Share, or Accept
Assign a risk owner for each risk to ensure accountability for monitoring and implementing the response plan.
Step VI: Monitor and Control Risks
Continuously monitor risks throughout the project lifecycle:
- Risk owners track identified risks and implement response plans when needed
- The risk register is updated regularly
- Any new or unidentified risks are addressed with workaround strategies and documented appropriately
Effective monitoring ensures risks are managed proactively, and lessons learned are captured for future projects.
Difference Between Qualitative and Quantitative Risk Analysis
The following table shows the difference between qualitative and quantitative risk analysis:
| Feature | Qualitative Risk Analysis | Quantitative Risk Analysis |
| Purpose | To identify and prioritize risks based on their impact and likelihood | To numerically analyze the effect of risks on project objectives |
| Data Type | Subjective, descriptive | Numerical, measurable |
| Method | Scenario-based, expert judgment, categorization | Statistical models, simulations, and sensitivity analysis |
| Tools/Techniques | Risk probability and impact matrix, risk categorization | Monte Carlo simulation, decision tree analysis, EMV |
| Output | Risk ranking or prioritization list | Quantified risk exposure, probability of meeting objectives |
| Time & Cost | Less time-consuming and less costly | More time-consuming and resource-intensive |
| Use Case | Early stages of risk assessment | When detailed analysis is needed for critical risks |
| Decision Support | Helps in identifying which risks need detailed analysis | Supports decision-making with precise data |
| Expertise Required | Basic risk knowledge | Advanced knowledge of statistics and modeling |
| Examples | “High impact, low probability” | “There’s a 70% chance the project will exceed budget by $10K” |
Which Risk Assessment Technique Should You Use for Your Project?
Ideally, you should use both qualitative and quantitative risk analysis processes to get a comprehensive view of project risks. However, if your project is small in scope or you lack the necessary time, data, or resources, performing a quantitative risk analysis may not be practical. In such cases, a qualitative risk analysis will be sufficient.
Qualitative risk analysis helps you identify, assess, and prioritize risks based on their likelihood and impact. This is normally done using a risk assessment matrix, which assigns risk ratings such as low, medium, or high. These ratings make it easier to determine which risks require immediate attention.
Once the risks are rated, you can develop an appropriate risk response plan and communicate the risk priorities to stakeholders for support.
Below is a sample risk assessment matrix to help you visualize how risks are ranked and categorized.
Summary
Qualitative and quantitative risk analysis help you understand and manage project risks. Qualitative analysis uses simple tools like rating scales and expert opinions to rank risks based on their chance of happening and how much they might affect your project. Quantitative analysis goes deeper by using numbers, simulations, and data to measure the impact of risks.
Together, they help you make a solid risk management plan. Even if you don’t use quantitative methods, always include qualitative risk analysis in your planning process.
Further Reading:
- What is Risk Management?
- A Short Guide to Project Risk Management Plan
- Risk Appetite, Risk Tolerance, and Risk Threshold
- Risk vs Issues in Project Management
- Issue Log: Definition and Example
References:
- ISO 27001 Risk Assessment, Treatment, & Management: The Complete Guide
- Quantitative Risk Analysis Methods
These topics are important from a PMP and PMI-RMP exam point of view. Therefore, understand the concepts well.
I am Mohammad Fahad Usmani, B.E. PMP, PMI-RMP. I have been blogging on project management topics since 2011. To date, thousands of professionals have passed the PMP exam using my resources.
really learning fast