Perform Qualitative Risk Analysis

Introduction
 Risk analysis can be categorised into two broad methods. They are qualitative and quantitative
in nature.

Purpose and Objective

 The Perform Qualitative Risk Analysis process assesses and evaluates the characteristics of
individually identified project risks and prioritizes risks based on agreed-upon characteristics.
 Evaluates probability and impact of individual risk on the project objectives.
 Risks are categorized according to their sources or causes.
 Identifies areas of greater risk exposure (e.g., project completion date, budget, deliverable’s
scope) and facilitates risk responses.
 Methods of qualitative risk analysis are applied to the list of positive and negative risks created
or updated by the Identify Risks Process.
 Quantitative Risk Analysis helps to determine the overall risks to project objectives resulting
from the potential interactions and combined effect of all risks.
 Risk responses are more effective while addressing root cause (several risks originating from a
common source).

Critical Success Factors for Perform Qualitative Risk Analysis Process

 Critical success factors are:
o Use Agreed-Upon Approach
o Use Agreed-Upon Definitions of Risk Terms
o Collect High-Quality Information about Risks, and
o Perform Iterative Risk Analysis

Several factors leading to successful qualitative risk analysis are summarized in Figure 6-1.

Figure 6-1 Building Risk Analysis Credibility

© 2012 RMstudy.com Page 1 of 12

 Perform Qualitative Risk Analysis

1. Agreed-Upon Approach:

 Agreement of the project stakeholders is a fundamental criterion and a common theme.

 High-quality information collected contributes to the reliability and credibility of process
outputs. This approach is the foundation of process credibility.
 Probability of occurrence, impact on individual objectives, urgency (proximity), and
manageability are the risk assessment factors.
o Urgency: Risks requiring near term responses may be considered more urgent to address.
Indicators of urgency are as follows:

 Lead time required for the execution of risk response

 Clarity of symptoms, and

 Warning signs triggering risk response (detectability)

o Manageability: Some risks are unmanageable and attempting to address them is a waste of
resources. So the project team may examine and decide to:

 Go forward and establish a contingency reserve.

 Stop or re-scope the project because of a high probability of

unmanageable threat posed by risks and fear of missing out on opportunities.
 Inform the customer of the risks and ask for a decision from their point of view.

o Impact external to the project: The importance of a risk may be increased if it affects the
enterprise beyond the project.

2. Agreed-Upon Definitions

 Risk assessment should be based on agreed-upon definitions of important terms, and they
should be used consistently.

 Example: Levels of probability and impact on objectives helps to give realistic risk assessments,
and facilitates communication of results between management and stakeholders.

3. Highly Quality Information

 It is gathered by interviews, workshops, and other means using expert judgment.

 Individual data subject to reporting or intentional bias should be identified and remedied, or
else a different and unbiased source of information should be found and used.

© 2012 RMstudy.com Page 2 of 12

 Perform Qualitative Risk Analysis

4. Iteration

 Periodical analysis of individual risks of project enhances the success of qualitative risk analysis.

 The frequency of analysis is planned in the Plan Risk Management process, and events within
the project also influence it.

Tools and Techniques for the Perform Qualitative Risk Analysis Process

Tools and techniques identify the risks that are important to the project’s success. They are as
follows:

o Select Risk Characteristics that define Risks’ Importance

o Collect and Analyze Data

o Prioritize Risks by Probability and Impact on Specific Objectives,

o Prioritize Risks by Probability and Impact on Overall Project

o Categorize Risk Causes

The tools and techniques used for assessing individual risks will identify the risks that are important
to the project’s success. This process is illustrated in Figure 6-2

Figure 6-2: The Perform Qualitative Risk Analysis Process

© 2012 RMstudy.com Page 3 of 12
 Perform Qualitative Risk Analysis

1. Select Risk Characteristics

 Helps to distinguish high level risk response from low level risk response.

 The criteria that make a risk important to management are agreed upon in advance and
implemented in the tools used.

 Output includes a listing of risks in priority order or in priority groups such as high, moderate,
and low.

2. Collect and Analyze Data

 Assessment of individual risks is based on information collected about them.

 Data collection, evaluation tools, including interviews, workshops, and references to databases
of prior projects require management support and attention.

 Intention bias should be avoided while relying in expert judgment for the information.

3. Prioritize Risks by Probability and Impact on Specific Objectives

 Helps to distinguish a risk’s priority in terms of probability and impact on project objectives.

 It is useful since it is common to have uneven impacts on various project objectives.

4. Prioritize Risks by Probability and Impact on Overall Project

 The reason behind constructing a measure of a specific risk’s response is to ease

communication with management and other stakeholders.

 The organization should be explicit about the single risk prioritization index, if needed, which
reflects the establishment’s preference among objectives.

 It should be documented in the Plan Risk Management process.

5. Categorize Risk Causes

 Brings improvement in analysis of the probability and magnitude of project risk and effective
responses.

 Identifying common root causes of a group of risks reveal both the magnitude of the risk event
and effective strategies that might address several risks simultaneously.

 Better understanding of the chain of risks lead to the implementation of risk for the project.

 It provides a realistic picture of problems of risk mitigation using scarce resources.

© 2012 RMstudy.com Page 4 of 12

 Perform Qualitative Risk Analysis

 Combined results of the Perform Qualitative Risk Analysis and risk breakdown structure shows
clusters of priority risks arising from specific sources and high risk areas.

 Assessment of high priority risks’ impact on one objective reduces the uncertainty of that
objective.

Documentation of Results

 It adds structure to the list of undifferentiated risks into categories of priority.

 Priorities are based on probability of risk occurrence and impact on project objectives.

 The information is stored in risk registry and is easy to use and update.

 List of prioritized risks is posted to the project participants for improving the plan and risks
having high priority are segregated for further analysis and monitoring.

 Low priority risks are placed on a watch list and are less often reviewed for changes.

APPENDIX

 The Perform Qualitative Risk Analysis process prioritizes the further analysis of the
undifferentiated list of risks identified in the Identify Risks process.

 Organizations apply resources to “high risk” based on their priority indicated by risks’
probability and impact characteristics.

TECHNIQUES
1. Root Cause Analysis:

A root-cause analysis identifies basic causes of risks that may point to fundamental forces; it also
identifies common sources of risks. Risks that may be related because of their common root
causes may also be identified. Preventive action may be taken according to the details that are
arrived at through this technique. The success of this technique depends on the willingness by
management to accept and address the root cause rather than adopting partial workarounds.
The root-cause analysis technique reduces the instances of problems occurring instead of
reacting to problems when they occur.

Disadvantages: Root causes cannot be identified in risk management techniques that are
organized by individual risk.

Other potential causes of risk may be overlooked in this technique. Moreover, there may be no
valid strategy to address the root cause once it has been identified.

© 2012 RMstudy.com Page 5 of 12

 Perform Qualitative Risk Analysis

Figure 6.3 Example of a Root Cause Analysis

2. Estimating Techniques Applied to Probability and Impacts:

 Addresses both key dimensions of a risk, namely its degree of uncertainty (probability) and its
effect on project objectives (impact).
 Terms for probability (e.g. probable, almost certain) and impact (e.g. insignificant, major) are
ambiguous and subjective.
 Impact can be represented by a range of values that can not be put into specific impact level
such as “moderate impact on time.”
 Critical success factors such as agreed definitions and terms reflect stakeholders’ risk tolerance
and thresholds.
 Values used in the definitions represent the same level of impact across objectives as perceived
by the management or stakeholders.
 Consistent use of agreed-upon terms and definitions across all identified risks.
 The probability of a risk occurring can be specified by assigning levels of risk probability by
ranges of probability.
 Risk estimation in terms of probability and impact helps the subject experts to assess a risk’s
probability within a range rather than as a specific value.
 Impact level definitions are project-specific.
 The values used to specify the level of impact from very low to very high (if a 5*5 matrix is being
used) should be:

o Higher impact, for threats and opportunities, as they move from very low to very
high for a specific objective.

© 2012 RMstudy.com Page 6 of 12

 Perform Qualitative Risk Analysis

o Levels are defined by the organization as causing the same amount of pain or
gain to the project for each level across objectives.

o If a risk’s possible impact is uncertain and could be assigned to more than one
level of impact (e.g. from moderate to high), the analyst may choose to assign
the risk to the impact level that represents the expected or average impact.

o The risk may be flagged for extra analysis in order to reduce the range of
uncertainty to fit within a single range.

An example of impact level definitions is shown in Figure: D11. These definitions should be tailored
for opportunities and threats and scaled by stakeholders to the specific project.

SCALE PROBABILIY +- IMPACT ON PROJECT OBJECTIVES

TIME COST QUALITY

VHI 61-99% >40 days >$200K Very significant impact on overall functionality

HI 41-60% 21-40 days $101K-$200K Significant impact on overall functionality

MED 21-40% 11-20 days $51K-$100K Some impact in key functional areas

LO 11-20% 6-10 days $11k-$50K Minor impact on overall functionality

VLO 1-10% 1-5 day $1K-$10K Minor impact on secondary functions

NIL <1% No change No change No change in functionality

Figure 6.4: Example of Definitions for Levels of Probability and Impact on Four Specific Objectives Used to Evaluate
Individual Risks.

Note: Opportunities are to be treated as representing a positive saving in time or cost, or increased
functionality. For threats, each impact scale is interpreted negatively, i.e. time delays, increased cost,
or reduced functionality.

3. Post-project reviews/ Lessons Learned/ Historical Information:

 The review of risk databases of previous projects, such as those that arise from post-project
reviews or lessons learned exercises or historical information within an organization or industry
can reveal information relevant for a current project.

 This technique leverages previous experience, and prevents the occurrence of the same
mistakes or missing the same opportunities again.
© 2012 RMstudy.com Page 7 of 12
 Perform Qualitative Risk Analysis

 Participation of previous project team members and a well-structured project lessons database
increases the effectiveness of this technique.

 Disadvantages:

o Only those risks that have occurred previously can be identified.

o The information available may also be incomplete with no details on ineffective
strategies, lack of details of successful resolution etc.

4. Probability and Impact Matrix (P-I Matrix):

 Allows the organization to prioritize the project risks for further analysis (e.g. quantitative) or
risk response.

 Reflects the organization’s level of risk tolerance.

 Critical success factors include clear and unambiguous input data for assigning levels of
probability and impact.

 Effective estimation of impact and likelihood of risks.

 Organizations should be careful to assess the combinations of probability and impact that qualify
a risk as low, moderate or high risk so that the method used reflects the organization’s risk
attitude.

 Definitions used to designate the levels of impact (L, M, H) for each objective should represent
the same level of impact as perceived by the organization’s management or project stakeholders
as reflecting the organization’s utility function.

 Drawbacks include inefficiency in handling risk ranking factors such as urgency or manageability
and the range of uncertainty in the assessment of a risk’s probability or impact overlapping a
boundary.

© 2012 RMstudy.com Page 8 of 12

 Perform Qualitative Risk Analysis

Probability and Impact Risk Ranking

Probability Threats Opportunities Probability

VHI L M M H H H H M M L VHI

HI L L M H H H H M L L HI

MOD L L M H H H H M L L MOD

LOW L L L M H H M L L L LOW

VLOW L L L L M M L L L L VLOW

VLOW LOW MOD HI VHI VHI HI MOD LOW VLOW

Impact (Threats) Impact (Opportunities)

Figure 6.5: Example of Probability-Impact Matrix Used to Sort Risks (Threats and Opportunities) into High Risk (H),
Moderate Risk (M), and Low Risk (L) Classes.

5. Analytic Hierarchy Process (AHP):

 Assists in developing a relative weighing for project objectives that reflects the organization’s
priorities for time, cost, scope, and quality for the project.

 Assists the creation of an overall project priority list of risks with respect to individual objectives.
This prioritization determines how trade-offs affect different objectives.

 Critical success factors for the effective application of this method include: it acts as an expert
facilitator in the process, agreement by management that it is useful to develop a consistent set
of priorities among objectives, and use of proper method or available AHP software.

 Weaknesses include organizational decisions often made by committees than individuals and
difficulty in gathering information about pair-wise comparison of the objectives from high-level
management.

© 2012 RMstudy.com Page 9 of 12

 Perform Qualitative Risk Analysis

A spread sheet implementation is given below:

Preference Factors

1 Equally Preferred

2 Mildly Preferred

3 Moderately Preferred

4 Greatly Preferred

5 Always Preferred

Input Matrix (Preference Factors)

Cost Time Scope Quality

Cost 1.00 0.25 0.33 0.20

Time 4.00 1.00 1.00 0.25

Scope 3.00 1.00 1.00 0.25

Quality 5.00 4.00 4.00 1.00

Note: Preference factors input is given in Blue color. Principal Diagonal is 1.0 by definition. Other cells
calculated as 1/ preference factor for same objectives.

Calculated Factors (Preference Factor / Column Total) Weighting Factors

Cost Time Scope Quality Average of Row

Cost 0.08 0.04 0.05 0.12 0.1

Time 0.31 0.16 0.16 0.15 0.2

Scope 0.23 0.16 0.16 0.15 0.2

Quality 0.38 0.64 0.63 0.59 0.6

Sum 13.00 6.25 6.33 1.70 1.0

Figure 6.6: Example of Analytic Hierarchy Process Computations to Determine the Relative Weighting of Four Project
Objectives.

© 2012 RMstudy.com Page 10 of 12

 Perform Qualitative Risk Analysis

Terms and Concepts

1. Contingency reserve: The amount of funds, budget, or time needed above the estimate to
reduce the risk of overruns or project objectives to a level acceptable to the organization.

2. Effect: Conditional future events or conditions which would directly affect one or more project
objectives if the associated risk happened.

3. Impact: A measure of the effect of a risk on one or more objectives if it occurs. Also known as
consequence.

4. Implementation: The realization of an application, or execution of a plan, idea, model, decision,

specification, standard, algorithm or policy. Various steps involved are often overseen by a
project manager using project management methodologies set forth in the Project
Management Body of Knowledge.

5. Iteration: The act or repeating the process usually with the aim of approaching a desired goal or
target or result.

6. Likelihood: See probability

7. Objectives: Something toward which work is to be directed, a strategic position to be attained

or a purpose to be achieved, a result to be oriented, a product to be produced, or a service to
be performed.
8. Perform Qualitative Risk Analysis: The process of prioritizing risks for further analysis or action
by assessing and combining their possibility of occurrence and impact.
9. Prioritization: Identification of project priorities which allows clarifying ranking of tasks and
understanding how these tasks will be executed throughout the life-cycle of the project. It
helps the project manager and team to clearly see the project goals and objectives.

10. Probability: A measure of how likely an individual risk is to occur. Also known as likelihood.

11. Risk: An uncertain event or condition that, if it occurs, has a positive or negative effect on a
project’s objectives.

12. Risk Breakdown Structure (RBS): [Tool] A hierarchically organized depiction of the identified
project risks arranged by risk category and subcategory that identifies the various areas and
causes of potential risks. It is tailored to specific project types.

13. Risk Register: The document containing the results of the qualitative risk analysis, quantitative
risk analysis, and risk response planning.

© 2012 RMstudy.com Page 11 of 12

 Perform Qualitative Risk Analysis

14. Root Cause: An initiating cause that gives rise to a causal chain which may give rise to risks.

15. Scalability: It is the ability of a system or component to accommodate greater demand while
maintaining an acceptable response time for users. It is an important factor for project
management anticipating for future growth.

16. Stakeholder: Person or organization (e.g., customer, sponsor, performing organization, or the
public) that is actively involved in the project, or whose interests may be positively or
negatively affected by execution or completion of the project. A stakeholder may also exert
influence over the project and its deliverables.

© 2012 RMstudy.com Page 12 of 12