QUALITATIVE VS. QUANTITATIVE RISK ANALYSIS 1 Qualitative Vs. Quantitative Risk Analysis Loren Karl Schwappach PM 610: Project Planning, Execution, and Closure Colorado Technical University
QUALITATIVE VS. QUANTITATIVE RISK ANALYSIS 2 AbstractThis paper discusses the differences between qualitative and quantitative risk analysis and theappropriateness of each. It also discusses the type of analysis that may need to be used for theIRTC customer service system project.
QUALITATIVE VS. QUANTITATIVE RISK ANALYSIS 3 Qualitative vs. Quantitative Risk Analysis As risk assessment and risk management become increasingly complex, project managersmust take on a greater and greater responsibility to protect their customers, employees andcritical project data. Formulating risk analysis ratings through simply number analysis often failsmiserably in accurately gauge project risks (Sims, 2007). There are two primary methodsutilized for performing risk analysis, quantitative and qualitative. First I’ll discuss quantitativerisk analysis.Quantitative Risk Analysis Quantitative risk assessment becomes usable when there is the ability to match a dollaramount to a specific risk (Sims, 2007). The key word behind quantitative risk analysis is“quantity”. Quantitative risk analysis uses the processes for numerically studying the effects ofidentified risks on large project objectives (Global Standard, 2008) and allows a method forproject managers to determine whether or not the project can and should be completed on timeand within estimated budget constraints. It also allows a method for project managers to identifycritical project parameters that could affect the project’s schedule (McKinley, 2005).Qualitative Risk Analysis Qualitative risk analysis is normally used for organizing and prioritizing risk events bygauging and adding the risks probability of occurrence and impact in order to identify therequirements for additional risk analysis and action (Global Standard, 2008). Qualitative riskassessment process attempts to identify and categorize/rank possible risk events, in conjunctionwith the likelihood of the occurrence of that event in affecting the project’s objectives. TK Strategies (2008) believes that the utilization of qualitative risk analysis is appropriatewhen making risk estimates, however they also say that qualitative analysis is not appropriate
QUALITATIVE VS. QUANTITATIVE RISK ANALYSIS 4when looking at probability data, and works better at identifying and prioritizing risk events (TKStrategies, 2008). The project needs to have flexible procedures in which the project manager isable to assign applicable risk levels to vulnerability while taking into account other details.While most organizations use three qualitative risk levels to monitor risks (Low, Medium andHigh) (Sims, 2007), a project manager is free to develop however many levels he/she feels arenecessary. Quite often the negative impacts of events easily surpass the financial losses associatedwith quantitative risk assessment. The project manager might find themselves contacting thelegal department or other resources as necessary in order to understand the weight a particularrisk compromise (such as ethical and reputational risk compromises) have on the reputation ofthe organization (Sims, 2007).Which Method Should be Used Before making risk analysis the risk analyzers need to understand all of the weaknessesand vulnerabilities that may exist with the system or application (Sims, 2007). The analyzersalso need to determine the best method of analysis that will apply to the associated risk.Remember qualitative risk evaluation identifies and prioritizes project’s risks by probability ofimpact while quantitative risk assessments calculate the impact of those risks to the project’sbudget and schedule (TK Strategies, 2007). Sims (2007) suggests that combining qualitative andquantitative elements allows the risk analyzers to get a more accurate understanding of the risksthreat level than using a single method (Sims, 2007) and the most fascinating part of risk reviewis that all circumstances that are encountered usually require their own customized risk criteriafor properly determine a proper rating system (Sims, 2007). This is the approach that I believe isbest suited for the current project. The IRTC project will have some risks that favor qualitative
QUALITATIVE VS. QUANTITATIVE RISK ANALYSIS 5analysis, and yet will have other risks that have clearly defined values that can be carefullyscrutinized and measured against favoring quantitative analysis. Furthermore, there are severalpossible risks that favor both qualitative and quantitative risk analysis. Therefore I believe itwould be beneficial to categorize all risks with both quantitative and qualitative factors in orderto accurate forecast the proper method for dealing with and managing each risk.Case Study Project managers often use tools for managing and factorizing risks. In a case studycompleted by Techneau, [WHEN] in 2009 of a [WHERE] Norwegian [WHO] risk analysisproject team responsible for reporting on the risk and vulnerabilities of Bergen’s water supplysystem. [WHAT] The Norwegian project tam utilized large datasets from a system known asSCADA. [HOW] The SCADA system allowed the aggregation of risks represented by durationcurves [WHY] and made it easy to update and improve the analysis of risks at later projectstages. Bring the final point; risk analysis is a never ending process (Techneau, 2009).
QUALITATIVE VS. QUANTITATIVE RISK ANALYSIS 6 ReferencesGlobal Standard. (2008). A Guide to the Project Management Body of Knowledge (4th ed.). Newtown Square, PA: Project Management Institute, Inc.McKinley, K. (2005). Qualitative and quantitative risk analysis. Retrieved February 5, 2006, from SearchWarp.com Website: http://searchwarp.com/swa24415.htmSims, S. (2007). Qualitative vs. Quantitative Risk Assessment. Retrieved September 19, 2011, from Leadership Laboratory Website: http://www.sans.edu/research/leadership- laboratory/article/risk-assessmentTK Strategies (2007). Qualitative vs. Quantitative Risk Analysis. Retrieved September 19, 2011, from: http://tk-strategies.com/17-Risk-Analysis.htmlTechneau. (2009). Risk Assessment Case Study. Retrieved September 19, 2011, from Techneau: http://www.techneau.org/fileadmin/files/Publications/Publications/Deliverables/D4.1.5b. pdf