This process is carried out as a supporting activity to risk analysis project management activity, to back your qualitative analysis of risks with some solid numbers.
It may also be possible that certain risks could not be analyzed qualitatively and hence you use quantitative risk analysis to prioritize them.
In some projects, as part of tailoring considerations, this process is treated as optional. Also possible when there is lack of high-quality data, and after analyzing the risks qualitatively the team thinks it has enough information about the risks to prioritize them effectively, and moves to the exercise of planning risk responses.
What is the difference between qualitative and quantitative risk analysis?
Qualitative risk analysis is more subjective in nature, based on facts and figures from previous experience. And quantitative risk analysis produces statistical numbers for each of the risks, thus making it easier to prioritize them. This process is analyzes effect of risks on project objectives.
What do we need?
Risk management plan, risk register, and risk report – goes without saying, right?
This is a number game! So we need all planning documents and baselines that deal with numbers.
Baselines are 3 – scope, schedule, and cost baselines.
And a bunch of project documents that give you risk related information in a way that you can quantify –
Assumptions log – remember, ‘assumptions are the mother of all problems?’ 🙂
Basis of estimates, cost estimates, cost forecasts, duration estimates, schedule forecasts – ah, the love of numbers.
And of course you want to utilize the existing knowledge, be it from lessons learned register, or from existing templates, checklists and so on. These are your organizational process assets.
How do we do it?
Call in the experts! 🙂 Yes, as we saw in the previous process in risk related planning exercise we get as many stakeholders involved as much as possible. Risk management is really a true team exercise.
Experts from other teams, PMO, industry experts, sponsor, consultants – anyone that has experience, you get them involved.
They could have expertise in translating risks that are backed up by qualitative measurements into numbers against a particular yardstick, so we can compare and prioritize all risks. Or they could help with modeling techniques. Or they could do data analysis using simulation such as Monte Carlo technique, or sensitivity analysis.
Interviewing is almost like a combination of expert judgment and three-point estimates we saw in Estimate Activity Durations or Estimate Costs processes. You talk to different people about a set of risks that they are knowledgeable about, and gather information about worst case, most likely and best case scenarios. Along with these record reasons for them. This information will help you define a budget range that helps dealing with the impact if the risk is materialized.
Probability distributions are used to plot range of cost and schedule associated with a risk. This data can also be built from the three-point technique you use while interviewing people, and try to get a range of cost and schedule that is possible if a risk is materialized.
Once this data is collected you can draw one of the shape distribution graphs. Commonly used ones are beta distribution that uses two value parameters (alpha and beta), and triangular distribution which uses three parameters (most-likely, best-case, worst-case). Cost and time values are represented on x-axis and probability values on y-axis.
Exam pointer> You are not expected to know the formulae or plot the graphs on the exam. Exam expects you to know just the names of these tools.
Figure: Beta Distribution and Triangular Distribution
Risk analysis and risk modeling
These are used to analyze and model the risks based on the data gathered.
- Sensitivity analysis is very useful when you want to look at impact of the risk on just one of the project objectives, while assuming that there is no impact on the rest of them. This is a good way to see all risks with just one impact area and decide how risks need to be prioritized. For instance, just looking at cost impact of all risks will help you see how the budget is going to be distributed across categories of risks.
One such tool is a Tornado diagram, which is basically a type of bar chart, that gives a visual indication of risks.
- Expected monetary value (EMV) analysis is about coming up with possible scenarios to deal with a risk and assessing how much each of those paths will cost the project. This is used to calculate cost of each decision alternatives available in the project to choose the cost effective and best decision, using Decision Tree analysis.
- Modeling and simulation translate detailed uncertainties of the project into their potential impact on project objectives. Monte Carlo simulation is used to arrive at a likelihood of achieving specific cost or schedule targets. This technique iteratively computes the model several times from randomly selected input values.
As an example, for plotting simulation of coin toss –
Drawing a large number of pseudo-random uniform variables from the interval [0,1], and assigning values less than or equal to 0.50 as heads and greater than 0.50 as tails, is a Monte Carlo simulation of the behavior of repeatedly tossing a coin. (reference: Wikipedia)
What do we get?
As in qualitative risk analysis, the main output of this project management activity is updates to the risk register and risk report. Risks are easily prioritized using this numerical outcome. Any other supported points for reasoning the outcome are also recorded in the risk register.
Considering previous and this processes, we have seen how using abstract thinking and statistical tools the risks are assessed for probability of occurrence and impact on project objectives. The next step is to plan risk responses. Before that let us first look at detailed Expected Monitory Value analysis (EMV) – one of the tools from this process.
Next, the last planning process in Risk management is planning risk responses for each of these prioritized risks.