Qualitative Risk Analysis

Qualitative Risk Analysis

 Qualitative Risk Analysis is the process of prioritizing risks for further analysis or action by assessing and combining their
probability of occurrence and impact
 Organizations can improve the project’s performance by focusing on high-priority risks. Qualitative risk analysis assesses
the priority of identified risks using their relative probability or likelihood of occurrence, the corresponding impact on
project objectives if the risks occur, as well as other factors such as the time frame for response and the organization’s risk
tolerance associated with the project constraints of cost, schedule, scope, and quality.
 Such assessments reflect the attitude of the project team and other stakeholders to risk. Effective assessment therefore
requires explicit identification and management of the risk attitudes of key participants in the qualitative risk analysis
process.
 Where these risk attitudes introduce bias into the assessment of identified risks, attention should be paid to evaluating
bias and correcting for it.
 Qualitative Risk Analysis

 Establishing definitions of the levels of probability and impact can reduce the influence of bias. The
time criticality of risk-related actions may magnify the importance of a risk. An evaluation of the
quality of the available information on project risks also helps clarify the assessment of the risk’s
importance to the project.
 Qualitative risk analysis is usually a rapid and cost-effective means of establishing priorities for
plan risk responses and lays the foundation for perform quantitative risk analysis, if required.
 The qualitative risk analysis process should be revisited during the project’s life cycle to stay
current with changes in the project risks. This process can lead into performing quantitative risk
analysis or directly into plan risk responses.
Qualitative Risk Analysis: Inputs, Tools &
Techniques, and Outputs
 Qualitative Risk Analysis:Inputs

 Risk Register
 A risk register is a risk management tool used to collect potential risk events, organize them by risk categories, and assign
team members who will address them. It also serves as a place to include additional information about each risk, like the
nature of the risk and how it will be handled, this is especially useful for when you want to perform risk analysis
throughout the project or even after an event occurred.You might also hear it referred to as risk matrix project
management.
 Risk Management Plan
 A risk management plan is a document prepared by a project manager to help foresee any risks, estimate their impact and
to plan responses to issues that could occur. Also contained in the document is a risk assessment plan. A risk is inherent
with any project and should be assessed and planned for continually.
 Key elements of the risk management plan for perform qualitative risk analysis include roles and responsibilities for
conducting risk management, budgets, schedule activities for risk management, risk categories, definitions of probability
and impact, the probability and impact matrix, and revised stakeholders’ risk tolerances. These inputs are usually tailored
to the project during the plan risk management process. If they are not available they can be developed during the
perform qualitative risk analysis process.
 Qualitative Risk Analysis:Inputs

 Project scope statement

 Projects of a common or recurrent type tend to have more well-understood risks. Projects using
state-of-the-art or first-of-its-kind technology, and highly complex projects, tend to have more
uncertainty. This can be evaluated by examining the project scope statement
 Organizational Process Assets
 The organizational process assets that can influence the qualitative risk analysis process include,
but are not limited to: information on prior, similar completed projects, studies of similar
projects by risk specialists, and risk databases that may be available from industry or proprietary
sources.
 Qualitative Risk Analysis: Tools and Techniques
 Risk Probability and Impact Assessment
 Risk probability assessment investigates the likelihood that each specific risk will occur. Risk impact assessment
investigates the potential effect on a project objective such as schedule, cost, quality, or performance, including both
negative effects for threats and positive effects for opportunities.
 Probability and impact are assessed for each identified risk. Risks can be assessed in interviews or meetings with
participants selected for their familiarity with the risk categories on the agenda. Project team members and, perhaps,
knowledgeable persons from outside the project, are included.
 The level of probability for each risk and its impact on each objective is evaluated during the interview or meeting.
 Explanatory detail, including assumptions justifying the levels assigned, is also recorded. Risk probabilities and impacts
are rated according to the definitions given in the risk management plan. Risks with low ratings of probability and impact
will be included on a watch list for future monitoring.
 Qualitative Risk Analysis: Tools and Techniques

 Probability and Impact Matrix

 Risks can be prioritized for further quantitative analysis and response based on their risk rating.
Usually, these risk-rating rules are specified by the organization in advance of the project and
included in organizational process assets.
 Risk-rating rules can be tailored to the specific project in the plan risk management process.
Evaluation of each risk’s importance and, hence, priority for attention, is typically conducted
using a look-up table or a probability and impact matrix. Such a matrix specifies combinations of
probability and impact that lead to rating the risks as low, moderate, or high priority.
 The dark gray area (with the largest numbers) represents high risk, the medium gray area (with
the smallest numbers) represents low risk, and the light gray area (with in-between numbers)
represents moderate risk.
Qualitative Risk Analysis: Tools and Techniques
 Qualitative Risk Analysis: Tools and Techniques
 An organization can rate a risk separately for each objective (e.g., cost, time, and scope). In addition, it can develop ways
to determine one overall rating for each risk. An overall project rating scheme can be developed to reflect the
organization’s preference for one objective over another and using those preferences to develop a weighting of the risks
that are assessed by objective.
 Finally, opportunities and threats can be handled in the same matrix using definitions of the different levels of impact that
are appropriate for each. The risk rating helps guide risk responses. For example, risks that have a negative impact on
objectives if they occur (threats), and that are in the high-risk (dark gray) zone of the matrix, may require priority action
and aggressive response strategies.
 Threats in the low-risk (medium gray) zone may not require proactive management action beyond being placed on a
watchlist or adding a contingency reserve. Similarly, opportunities in the high-risk (dark gray) zone that can be obtained
most easily and offer the greatest benefit should be targeted first. Opportunities in the low-risk (medium gray) zone
should be monitored.. The number of steps in the scale is organizationally determined and organizationally dependent.
Qualitative Risk Analysis: Tools and Techniques
Qualitative Risk Analysis: Tools and Techniques
 Qualitative Risk Analysis: Tools and Techniques
 Risk Data Quality Assessment
 A qualitative risk analysis requires accurate and unbiased data if it is to be credible. Analysis of the quality of risk data is a
technique to evaluate the degree to which the data about risks are useful for risk management. It involves examining the
degree to which the risk is understood and the accuracy, quality, reliability, and integrity of the data regarding the risk. If
data quality is unacceptable, it may be necessary to gather higher-quality data.
 Risk Categorization
 Risks to the project can be categorized by sources of risk (e.g., using the RBS), the area of the project affected (e.g., using
the WBS), or other useful category (e.g., project phase) to determine areas of the project most exposed to the effects of
uncertainty. Grouping risks by common root causes can lead to developing effective risk responses.
 Qualitative Risk Analysis: Tools and Techniques
 Risk Urgency Assessment
 Risks requiring near-term responses may be considered more urgent to address. Indicators of priority can include time to
affect a risk response, symptoms and warning signs, and the risk rating. In some qualitative analyses the assessment of risk
urgency can be combined with the risk ranking determined from the probability and impact matrix to give a final risk
severity rating.
 Expert judgment
 Expert judgment is required to assess the probability and impact of each risk to determine its location in the matrix.
Experts generally are those having experience with similar projects that occurred in the not-too-distant past. In addition,
those who are planning and managing the specific project are experts, particularly about the specifics of that project.
Securing expert judgment is often accomplished with the use of risk facilitation workshops or interviews. The experts’
bias should be taken into account in this process.
 Qualitative Risk Analysis: Outputs
 Risk Register Updates
 The risk register is started during the Identify Risks process. The risk register is updated with information from
qualitative risk analysis and the updated risk register is included in the project documents.
 The risk register updates from Perform Qualitative Risk Analysis include:
 Relative ranking or priority list of project risks.
 The probability and impact matrix can be used to classify risks according to their individual significance. Using
combinations of each risk’s probability of occurring and the impact on objectives if it were to occur, risks will be
prioritized relative to each other by sorting them into groups of “high risk,” “moderate risk,” and “low risk.”
 Risks may be listed by priority separately for schedule, cost, and performance since organizations may value one objective
over another.
 The project manager can then use the prioritized list of risks to focus attention on those items of high significance (high
risk) to the most important objectives, where responses can lead to better project outcomes. A description of the basis
for the assessed probability and impact should be included for risks assessed as important to the project.
 Qualitative Risk Analysis: Outputs
 Risks grouped by categories.
 Risk categorization can reveal common root causes of risk or project areas requiring particular attention. Discovering
concentrations of risk may improve the effectiveness of risk responses.
 Causes of risk or project areas requiring particular attention. Discovering concentrations of risk may improve the
effectiveness of risk responses.
 List of risks requiring response in the near-term. Those risks that require an urgent response and those that can be
handled at a later date may be put into different groups.
 List of risks for additional analysis and response. Some risks might warrant more analysis, including quantitative risk
analysis, as well as response action.
 Watch lists of low-priority risks. Risks that are not assessed as important in the qualitative risk analysis process can be
placed on a watchlist for continued monitoring.
 Trends in qualitative risk analysis results. As the analysis is repeated, a trend for particular risks may become apparent,
and can make risk response or further analysis more or less urgent/important.