Evaluation of Qualitative and Quantitative Risk Analysis
Prepared by: Majed Abdeen
In my Project Management experience in the Software sector, I find using Qualitative Risk Analysis is essential, thus I perform it in all my projects. The analysis experience required to perform the Quantitative Risk Assessment especially for Software, is more complicated than Qualitative, since it requires precise and accurate data, which comes from others, and can be impacted by external factors. This is supported by PMI, as the PMBOK mentions this process as optional based on project complexity, size, importance, and contractual requirements (PMI, 2017). However, some of the Quantitative-Risk-Analysis tools and uncertainty representations can be used even in small projects as needed, for instance, Triangular distribution, Tornado Diagram, or Decision Tree Analysis.
When planning a project, there are three key concerns: staying within budget, on schedule, and delivering the project goals (Galway, 2004). These are subject to Risks, in the form of threats or opportunities, which must be evaluated and analysed, using either Qualitative or Quantitative approaches (PMI, 2017). PMs use various qualitative and quantitative tools, which are variously complex, or less complex (PMI, 2017). The diagram below demonstrates the use of processes in Risk-Management based on the PMBOK.
Qualitative Risk Analysis
In performing Qualitative-Risk-Analysis, PMs prioritise risks for action or additional analysis; Qualitative-Risk-Analysis is used to assess their probability of occurring and their likely impact (PMI, 2017). It enables PMs to establish risk priorities and owners (PMI, 2017). The process is performed at the beginning of the project and each iteration in an agile or hybrid life cycle (PMI, 2017).
Strengths and Weaknesses
The main advantage of Qualitative-Risk-Analysis is that by categorising risks, it allows PMs to focus on high-priority risks, laying groundwork for more in-depth Quantitative-Risk-Analysis (PMI, 2017). Scoring is based on a low-medium-high scale (Meredith, et al., 2015).
However, Qualitative-Risk-Analysis is subjective, relying on the project team and stakeholders' perceptions of risk, allowing for bias, which must be identified and corrected. Results are reliant on experience/expertise of those doing the risk assessment (Segudovic, 2007). The method of quantification does not use absolute variables, which can introduce uncertainty in the results (Segudovic, 2007).
Implications and examples of use - Qualitative
Qualitative-Risk-Analysis is suitable for all organisations and projects, regardless of size, complexity, or life cycle, as it identifies priority risks. Use of a facilitator can be beneficial for bias avoidance (PMI, 2017). Qualitative-Risk-Analysis is flexible and quick to apply, suitable for use on threats/opportunities (Meredith, et al., 2015).
Quantitative Risk Analysis
Quantitative-Risk-Analysis is used to calculate numeric values for the probability of each risk taking place, and financial impact of the risks (Meredith, et al., 2015). It can be used to predict outcomes using the combined effect of risks, based on the project schedule and estimates, giving the PM information on the chances of achieving objectives and any contingency that may be required (PMI-RM, 2009).
Strengths and Weaknesses
An objective method, Quantitative-Risk-Analysis provides an accurate assessment of risks and their impact, based on measurable, objective data (Meredith, et al., 2015). It provides the PM with both a thorough understanding of the financial impact of multiple risks (Apostolakis, 2004), and with probability distributions for a wide range of risk outcomes (PMI-RM, 2009).
However, Quantitative-Risk-Analysis is a complex approach, requiring significant quantities of data, making it difficult to implement (Meredith, et al., 2015). It requires specific tools, and unless both threats and opportunities are included, the results may not be accurate (RMstudy, 2019).
Implications and examples of use - Quantitative
Quantitative-Risk-Analysis is not practical for all organisations (Meredith, et al., 2015) and is therefore rarely used (Besner & Hobbs, 2012); there may be management resistance to using it (RMstudy, 2019). It is more frequently used on large-scale, global and mega-projects, and is less likely to be used in smaller-scale projects, or IT/software projects due to their complexity (Besner & Hobbs, 2012; Galway, 2004).
Both Quantitative-Risk-Analysis and Qualitative-Risk-Analysis have strengths and weaknesses, and should be used as appropriate. It is important to remember that risk assessment on its own is not enough; it does not remove the risks. PMs must Plan Response Strategies to manage and control planned activities to reduce threats and increase opportunities.
Apostolakis, G. E., 2004. How Useful Is Quantitative Risk Assessment?. Risk Analysis, 24(3), pp. 515-520.
Besner, C. & Hobbs, B., 2012. The paradox of risk management; a project management practice perspective. International Journal of Managing Projects in Business, 5(2), pp. 230-247.
Galway, L. A., 2004. Quantitative Risk Analysis for Complex Projects: A Critical Review. [Online]
Available at: https://www.rand.org/pubs/working_papers/WR112.html
[Accessed 07 02 2019].
Meredith, J. R., Samuel J. Mantel, J. & Shafer, S. M., 2015. Project Management: A Managerial Approach. 9th ed. New York: John Wiley & Sons, Inc.
PMI, 2017. A Guide to the Project Management Body of Knowledge. 6th ed. Pennsylvania: Project Management Institute, Inc.
PMI-RM, 2009. PRACTICE STANDARD FOR PROJECT RISK MANAGEMENT. Pennsylvania: Project Management Institute, Inc..
RMstudy, 2019. Perform Quantitative Risk Analysis. [Online]
Available at: http://www.rmstudy.com/rmdocs/Perform%20Quantitative%20Risk%20Analysis.pdf
[Accessed 07 02 2019].
Segudovic, H., 2007. Qualitative risk analysis method comparison. s.l., MIPRO.