qualitative vs quantitative risk analysis

Risk management is key to a project’s success. Regardless of the size and complexity of the project, it helps complete the project with minimal obstruction. However, many organizations ignore it, considering it an additional burden. 

The risk management process involves developing a risk management plan, identifying risks, analyzing risks, creating a risk response plan, implementing it, and monitoring and controlling it throughout the project life cycle. Risk management helps you manage various risks your project can encounter during its life cycle.

It helps reduces the risk level of the project.

Risks can be positive or negative. A robust risk management plan reduces the negative impact of the risk and increases the positive impact.

In today’s article, we will discuss two project risk management processes, qualitative vs quantitative risk analysis, and see how they help complete the project with the least hurdle and save money.

In risk management, you can perform two types of risk analysis:

  1. Qualitative Risk Analysis
  2. Quantitative Risk Analysis

Both processes serve the same purpose but employ different tools and techniques and differ in precision and output.

Qualitative Risk Analysis

It is a subjective risk analysis technique, as the name implies. The qualitative risk analysis process always preceded the quantitative risk analysis process.

Many businesses prefer the qualitative risk analysis method because the qualitative approach is easy to follow and useful for smaller projects. While the quantitative approach requires mathematical calculation and is resource and time-intensive.

In the qualitative risk assessment process, potential risks are rated according to how serious and likely they are to impact various stakeholders. This process aims to generate a list of prioritized risks to focus on and increases the understanding of risks.

In qualitative risk analysis, you will examine risks for severity and likelihood of occurrence during the project. Afterward, you will find the risk ratings using the risk assessment matrix. The risk rating can be high, serious, medium, and low.

As shown below, you will order the risks on a risk assessment matrix.

Risk Assessment Matrix in Qualitative Risk Analysis

The risk assessment matrix is a great communication tool to communicate the risk information to stakeholders to decide on the next action.

Examples of Qualitative Risk Analysis

  • Initially, the absence of a team member is considered a low-rank risk, but when her absence starts causing trouble, the project managers increase the risk rating. This is an example of a change in the perception of risk.
  • The project was running in full swing, and suddenly, the rain started. This was an identified risk, but some areas became slippery due to rain and caused several near-misses. This risk was not identified, so the project manager noted this as new. This is an example of new risk identification.

Tools & Techniques of Qualitative Risk Analysis Process

The followings are a few qualitative risk analysis techniques:

  • Expert judgment
  • Brainstorming, Meetings, Interviews
  • Risk assessment matrix
  • Risk categorization
  • And other qualitative research methods.

Qualitative assessment depends mostly on human judgment, ensuring to minimize human biases while conducting the qualitative assessment. You can use focus group discussion, where a group of people talks about a topic to gather opinions that can be used for further analysis.

Qualitative risk management is performed on all projects regardless of size and complexity.

Output of Qualitative Risk Analysis

The qualitative analysis process has one output: updated project documents. This includes assumptions and issue logs, and risk register updates.

Quantitative Risk Analysis

The quantitative risk analysis process is objective because it uses mathematical calculations.

Calculating risk using objective data is known as quantitative risk analysis.

During this process, you will use verifiable data to examine the potential impact of risks on your project objectives, such as schedule baseline, cost baseline, scope baseline, etc.

After performing a qualitative risk analysis, the quantitative risk analysis process is carried out. Organizations utilize this procedure for significant and complicated initiatives since it demands resources and time.

Examples of Quantitative Risk Analysis

  • Your organization gets a project to build a refinery. This is a large and multi-year project and is estimated to be completed in five years. For risk analysis of this project, you have started collecting data. It took two months for you to collect the data. Now you have started the quantitative risk analysis process. This is an example of large data on the risk and its potential impact.
  • You have completed qualitative risk analysis and see that many risks have a high rating score above seven (up to a rank scale of 10). Therefore, you want to perform a quantitative risk analysis to calculate the risk impact and get resources from the management. This is an example of quantitative risk assessment that needs to be validated.

Tools & Techniques of Quantitative Risk Analysis Process

  • All qualitative risk analysis techniques
  • Monte Carlo simulation
  • Failure Mode and Effect Analysis
  • Influence diagram
  • Sensitivity analysis
  • Decision Tree analysis

Monte Carlo Analysis is very popular in quantitative assessments among all these techniques. Though this technique is easy, you will require computer software to use this quantitative method.

Quantitative assessment requires the use of high-quality statistical data.

Quantitative risk analysis is sometimes also known as quantitative risk management.

Output of Quantitative Risk Analysis

The quantitative analysis process also has one output: updated project documents. This includes assumptions and issue logs, and risk register updates.

Qualitative Risk Analysis Vs Quantitative Risk Analysis

The qualitative process usually uses expert judgment and historical data to conclude, while the quantitative process uses mathematical data sets to derive conclusions.

The following are the key differences between qualitative and quantitative risk analysis:

  • Qualitative risk analysis is a subjective analysis, while quantitative risk analysis is an objective analysis based on quantitative data (verified data).
  • Simple projects require only qualitative risk analysis, but larger projects require qualitative and quantitative risk analysis.
  • Qualitative risk analysis techniques are expert judgment, brainstorming, meeting, risk assessment matrix, etc. In contrast, quantitative risk analysis techniques are influence diagrams, decision tree analysis, Monte Carlo simulation, expected monetary value, etc.
  • Qualitative risk analysis is used when a new risk is identified or there is a change in the risk perception of stakeholders. Quantitative risk analysis is used when you need to validate qualitative risk analysis or when the stakes are high.

Which Process Should You Use For Your Project?

If you can, employ both methods. However, using a quantitative risk analysis process is not advantageous if the project is small and you are short on resources. For smaller projects, a qualitative risk analysis is sufficient.

Qualitative risk analysis enables you to rank the risk using a risk assessment matrix showing the risk rating. Using this, you may create your risk response plan and gain the support of stakeholders.

Based on these ratings, you will order the risks on a risk assessment matrix as shown below.

How to Perform Qualitative and Quantitative Risk Analysis

The steps to perform qualitative and quantitative risk analysis are as followers:

Step-I: Develop a Risk Management Plan

The first step is to develop a risk management plan. Here you will define the risk definition, how to identify risks, probability impact criteria, and criteria for developing a risk response plan.

You will also define whether to use only the qualitative risk analysis or you will use quantitative risk analysis as well.

Step-II: Identify Risks

You will identify project risks in this step. Try to collect as many risks as possible.

You can begin collecting the risk by analyzing the process assets of your company, such as contract documents, project management documents, lessons learned, etc.

You can brainstorm with your team members first and then approach other stakeholders. You can have one-on-one meetings with key stakeholders.

You will keep track of risks and any pertinent data on a risk register.

Step-III: Perform Qualitative Risk Analysis

In this step, you analyze the risks to prioritize them. You will determine their likelihood of happening and the consequences; then, using the risk assessment matrix, you will rate the risks.

Now you can see if the risk has “high,” “medium,” or “low” ratings.

You will separate high-ranking risks from low-ranking risks. Low-ranking risks will be placed on a watch list, and high-level risks will be dealt with using risk plans.

Now you can move on to the risk quantitative risk analysis process if the plan says so. Otherwise, you will start developing the risk response plan.

Step-III: Perform Quantitative Risk Analysis

You have received high-ranking risks from the previous step.

Now you will quantitatively analyze the risk. You will determine their probability of occurring risk and the value of the impact. You will multiply these values to find the expected monetary value.

You can also use decision tree analysis and Monte Carlo simulation to reach choices.

Step-IV: Develop a Risk Response

Now you will develop risk responses to identified and qualified risks. Risk response strategies for positive risks and negative risks are separate.

Do not forget to develop a risk response plan for positive risks.

After developing the risk response plans, you will assign the risk owner to monitor and implement the risk response plans.

Step-V: Control Risks

Here, the risk owners will monitor the risks, and once the risk occurs, they will implement the risk response plan and update the risk register.

However, if any unidentified risk occurs, you will develop and workaround and manage the risks.

Summary

You may qualify and quantify risks with qualitative and quantitative risk analysis, which will further assist you in creating a plan for handling risks. Employ the qualitative risk analysis approach for your risk management plan even if you decide not to use the quantitative risk analysis.

These topics are important from a PMP and PMI-RMP exam point of view. Therefore, understand the concepts well.

Fahad Usmani, PMP

I am Mohammad Fahad Usmani, B.E. PMP, PMI-RMP. I have been blogging on project management topics since 2011. To date, thousands of professionals have passed the PMP exam using my resources.