1. QUALITATIVE VS. QUANTITATIVE RISK ANALYSIS 1
Qualitative Vs. Quantitative Risk Analysis
Loren Karl Schwappach
PM 610: Project Planning, Execution, and Closure
Colorado Technical University
2. QUALITATIVE VS. QUANTITATIVE RISK ANALYSIS 2
Abstract
This paper discusses the differences between qualitative and quantitative risk analysis and the
appropriateness of each. It also discusses the type of analysis that may need to be used for the
IRTC customer service system project.
3. QUALITATIVE VS. QUANTITATIVE RISK ANALYSIS 3
Qualitative vs. Quantitative Risk Analysis
As risk assessment and risk management become increasingly complex, project managers
must take on a greater and greater responsibility to protect their customers, employees and
critical project data. Formulating risk analysis ratings through simply number analysis often fails
miserably in accurately gauge project risks (Sims, 2007). There are two primary methods
utilized for performing risk analysis, quantitative and qualitative. First I’ll discuss quantitative
risk analysis.
Quantitative Risk Analysis
Quantitative risk assessment becomes usable when there is the ability to match a dollar
amount to a specific risk (Sims, 2007). The key word behind quantitative risk analysis is
“quantity”. Quantitative risk analysis uses the processes for numerically studying the effects of
identified risks on large project objectives (Global Standard, 2008) and allows a method for
project managers to determine whether or not the project can and should be completed on time
and within estimated budget constraints. It also allows a method for project managers to identify
critical project parameters that could affect the project’s schedule (McKinley, 2005).
Qualitative Risk Analysis
Qualitative risk analysis is normally used for organizing and prioritizing risk events by
gauging and adding the risks probability of occurrence and impact in order to identify the
requirements for additional risk analysis and action (Global Standard, 2008). Qualitative risk
assessment process attempts to identify and categorize/rank possible risk events, in conjunction
with the likelihood of the occurrence of that event in affecting the project’s objectives.
TK Strategies (2008) believes that the utilization of qualitative risk analysis is appropriate
when making risk estimates, however they also say that qualitative analysis is not appropriate
4. QUALITATIVE VS. QUANTITATIVE RISK ANALYSIS 4
when looking at probability data, and works better at identifying and prioritizing risk events (TK
Strategies, 2008). The project needs to have flexible procedures in which the project manager is
able to assign applicable risk levels to vulnerability while taking into account other details.
While most organizations use three qualitative risk levels to monitor risks (Low, Medium and
High) (Sims, 2007), a project manager is free to develop however many levels he/she feels are
necessary.
Quite often the negative impacts of events easily surpass the financial losses associated
with quantitative risk assessment. The project manager might find themselves contacting the
legal department or other resources as necessary in order to understand the weight a particular
risk compromise (such as ethical and reputational risk compromises) have on the reputation of
the organization (Sims, 2007).
Which Method Should be Used
Before making risk analysis the risk analyzers need to understand all of the weaknesses
and vulnerabilities that may exist with the system or application (Sims, 2007). The analyzers
also need to determine the best method of analysis that will apply to the associated risk.
Remember qualitative risk evaluation identifies and prioritizes project’s risks by probability of
impact while quantitative risk assessments calculate the impact of those risks to the project’s
budget and schedule (TK Strategies, 2007). Sims (2007) suggests that combining qualitative and
quantitative elements allows the risk analyzers to get a more accurate understanding of the risks
threat level than using a single method (Sims, 2007) and the most fascinating part of risk review
is that all circumstances that are encountered usually require their own customized risk criteria
for properly determine a proper rating system (Sims, 2007). This is the approach that I believe is
best suited for the current project. The IRTC project will have some risks that favor qualitative
5. QUALITATIVE VS. QUANTITATIVE RISK ANALYSIS 5
analysis, and yet will have other risks that have clearly defined values that can be carefully
scrutinized and measured against favoring quantitative analysis. Furthermore, there are several
possible risks that favor both qualitative and quantitative risk analysis. Therefore I believe it
would be beneficial to categorize all risks with both quantitative and qualitative factors in order
to accurate forecast the proper method for dealing with and managing each risk.
Case Study
Project managers often use tools for managing and factorizing risks. In a case study
completed by Techneau, [WHEN] in 2009 of a [WHERE] Norwegian [WHO] risk analysis
project team responsible for reporting on the risk and vulnerabilities of Bergen’s water supply
system. [WHAT] The Norwegian project tam utilized large datasets from a system known as
SCADA. [HOW] The SCADA system allowed the aggregation of risks represented by duration
curves [WHY] and made it easy to update and improve the analysis of risks at later project
stages. Bring the final point; risk analysis is a never ending process (Techneau, 2009).
6. QUALITATIVE VS. QUANTITATIVE RISK ANALYSIS 6
References
Global Standard. (2008). A Guide to the Project Management Body of Knowledge (4th ed.).
Newtown Square, PA: Project Management Institute, Inc.
McKinley, K. (2005). Qualitative and quantitative risk analysis. Retrieved February 5, 2006,
from SearchWarp.com Website: http://searchwarp.com/swa24415.htm
Sims, S. (2007). Qualitative vs. Quantitative Risk Assessment. Retrieved September 19, 2011,
from Leadership Laboratory Website: http://www.sans.edu/research/leadership-
laboratory/article/risk-assessment
TK Strategies (2007). Qualitative vs. Quantitative Risk Analysis. Retrieved September 19, 2011,
from: http://tk-strategies.com/17-Risk-Analysis.html
Techneau. (2009). Risk Assessment Case Study. Retrieved September 19, 2011, from Techneau:
http://www.techneau.org/fileadmin/files/Publications/Publications/Deliverables/D4.1.5b.
pdf