Qualitative vs Quantitative Risk Analysis

The purpose of this essay is to examine the differences between qualitative and
quantitative risk assessment and to address the challenges of using the
qualitative risk analysis in real life projects. The target audience for this essay are
project managers and professionals who are integrally involved in risk
management.

The risk assessment process is structured and covers risk identification, hazard
assessment, determining exposure and understanding vulnerability.

Depending on the objective of risk assessment and data availability, risk assessment
methods can range in formalization and rigor. There is more subjective scenario based
deterministic models, semi quantitative risk analyses such as risk matrixes, and fully
quantitative risk assessment; probabilistic or stochastic risk modelling. The more
qualitative approaches to risk add value through the process of developing a framework
to capture subjective risk perception and serve as a starting point for a discussion about
assumptions and risk recognition engaging a wide variety of experts and stakeholders in
the process. They also provide a means to reality check more theoretical models.
Probabilistic and stochastic analyses provide the potential to perform cost/benefit or
risk/ return analysis, creating an objective basis for decision making.

Risk analysis is one of the risk management steps, and it is integral for project success.
However, there is no single right way of conducting risk analysis. Two main approaches
to risk analysis are qualitative and quantitative.

Qualitative risk analysis evaluates and documents the probability and the impact of
potential project risks against a pre-defined scale. The scale can be defined from low to
high, from 1 to 5, or from 0% to 100% (or 0 to 1) for probability. Risks can be
additionally categorized according to their source or effect, such as regulatory risks or
risks leading to delays.

1|Page
Qualitative risk analysis is subjective, as it is carried out by individuals participating in a
project based on their personal perceptions of the risk likelihood and consequences.
The purpose of such analysis is to increase the awareness of the most likely and severe
risks, identify weak spots of a project and create risk responses to reduce the effect that
these risks will have on a project.

Quantitative Risk Analysis numerically evaluates the effect of potential project risks on
project targets. It is focused on creating realistic time and cost targets, and calculating
the probability of achieving project objectives. For example, it will quantify the impact of
failing to obtain a building permit before the start of the project as causing a week delay
and costing $25,000.

Quantitative risk analysis is objective and requires a list of prioritized potential project
risks, usually created during the qualitative risk analysis. To save time, quantitative risk
analysis is usually carried out only for the highest probability and impact risks. The main
purpose of this analysis is to analytically identify the most effective risk response
strategies that will minimize the risk influence on project objectives.

Qualitative risk analysis is a descriptive measure and relies upon the judgment skills of
project managers to determine the impact and probability of risk, in this case.
Quantitative analysis is used to produce a more developed risk model and more
accurate projections, depending on the quality of the data inputted. In a lot of good risk
analysis there is a mix of qualitative and quantitative analysis that work together to
produce a fairly comprehensive risk analysis. A good basic rule of thumb, that should
always be remembered, is that qualitative analysis comes before quantitative because it
forms the foundation for the more data analytical approach.

Qualitative risk analysis has a few advantages. It can be done quite quickly compared to
quantitative analysis and so allows for nimbler and responsive decision making. In
addition, risks can also be categorized by timing which helps decision-making. It’s also
not dependent on the quality of data that is inputted as it relies on the judgment and
experience of management.
2|Page
Quantitative risk assessment may be less nimble than qualitative techniques but it also
has its advantages. Quantitative assessments can create more realistic project targets
assuming the information inputted is of a high quality. Using a data analytical approach,
the targets and estimates this kind of assessment produces can also be more accurate
than estimates produced through a qualitative approach. Really, a lot depends on the
quality of the data inputted. If the standard is high, then quantitative assessments can
create solid useful information that can be of significant help in risk management.

Both Qualitative and Quantitative are powerful risk analytics, and both have a place in
project risk management. All possible risks are identified in the “identify risks” process
and put into a project document called the “risk register.” Then qualitative risk analysis
is performed. From there, it may lead to quantitative risk analysis or directly to risk
response planning. In other words, quantitative risk analysis is optional. If both
Qualitative and Quantitative are performed, they’ll be in close sequence and the risk
register will be updated for both types of processes.

The fundamental difference between Qualitative and Quantitative is that the first
addresses individual risks of a project, whereas the second considers the overall project
risk. The overall risk to the project is due to the combined effect of all risks and their
possible interdependencies and correlations. Overall risk applies to the project as whole,
rather than individual activities or cost items in the project.

Note that both Qualitative and Quantitative use numbers for risk rating and prioritization
of risks. But as indicated before Qualitative is a subjective evaluation, whereas
Quantitative is more objective in terms of value or cost terms.

In summary:

In Qualitative Risk Analysis:

1. We identify (or mark) risks for further analysis;

2. We identify actions for the rest of the risks based on the combined effects of
probability of occurrence and impact on project objectives.

3|Page
In Quantitative Risk Analysis:

1. We only perform analysis on risks which are marked for further analysis by Perform
Qualitative Risk Analysis process;

2. We identify “effect of identified risks on overall project objectives.”

Challenges of Using the Qualitative Risk Analysis

The main aim of a qualitative risk analysis, carried out for a project, is to identify risks
with low, moderate or high significance for the given project and prepare information for
the subsequent stage of the risk assessment process, i.e. risk evaluation. The value of
likelihood and consequences of a specific event are given by description. In business
for example, risks can be divided into high, moderate and low risks. Unlike the
quantitative ones, the qualitative methods don’t express the size of likelihood or
consequences by means of figures.

A typical qualitative risk assessment usually includes the following issues

(Pipattanapiwong, 2004):

• a brief description of the risk;

• the stages of the project when risk may occur;

• the elements of the project that could be affected;

• the factors that influence risk to occur;

• the relationship with other risks;

• the likelihood of risk occurring; and

• how risk could affect the project.

The direct judgment, ranking options, comparing options and descriptive analysis are
also considered as qualitative risk measurement are heavily subjective.

In evaluating the risks, you have identified, you need to make a subjective evaluation of
what constitutes an acceptable risk for your organization. The evaluation of risk will

4|Page
enable priorities to be established that equate to an appropriate level of risk. This will
allow you to decide what is an appropriate action for treating each risk. Although
established risk criteria will reduce some of the indecision/subjectivity, ultimately the
decision on whether a risk is acceptable or unacceptable rests with those responsible
for the analysis. The process is inherently subjective, so the answers will depend on the
knowledge and experience of the people involved in the risk committee.

Further, Qualitative systems for rating risks using ordered categorical labels such as
"high, “medium," and "low" can potentially simplify risk assessment input requirements
used to inform risk management decisions. But do they improve decisions? In general,
qualitative risk rating systems satisfying conditions found in real-world rating systems
and guidance documents and proposed as reasonable make two types of errors: (1)
Reversed rankings, i.e., assigning higher qualitative risk ratings to situations that have
lower quantitative risks; and (2) Uninformative ratings, e.g., frequently assigning the
most severe qualitative risk label (such as "high") to situations with arbitrarily small
quantitative risks and assigning the same ratings to risks that differ by many orders of
magnitude. Therefore, despite their appealing consensus-building properties, flexibility,
and appearance of thoughtful process in input requirements, qualitative rating systems
as currently proposed sometimes do not provide sufficient information to discriminate
accurately between quantitatively small and quantitatively large risks. The value of
information that they provide for improving risk management decisions can be zero if
most risks are small but a few are large, since qualitative ratings may then be unable to
confidently distinguish the large risks from the small. These limitations suggest that it is
important to continue to develop and apply practical quantitative risk assessment
methods, since qualitative ones can sometimes be unreliable.

Final Thoughts

Ultimately, the risk assessment methodology you use should depend on what you are
trying to measure and what outcomes you’d like to see from that measurement. A
quantitative risk assessment focuses on measurable and often pre-defined data,
whereas a qualitative risk assessment is based more so on subjectivity and the
knowledge of the assessor. A quantitative risk management methodology is best suited

5|Page
for a detailed look at your project risks, while a qualitative risk assessment is best for
evaluating the implementation of a framework that does not inherently have pre-defined
values. In many cases, you can combine the two methodologies to enhance an existing
risk assessment. Knowing which methodology to use in various situations could mean
the failure or the success of your risk management program.

According to D. Frame „(...) the two approaches address different things. (...) The
qualitative approach recognizes that experience coupled with hunches and good
judgment enable people to develop insights that they cannot develop if they are
constrained by the requirement that they work only with measurable phenomena. (...)
This is particularly true with a range of situations, including first-of-a-kind experiences,
circumstances where politics reign, and situations where outcomes are determined
through negotiations”.

References:

1.izembridge.com-Difference between Qualitative and Quantitative Risk Analysis.

2.mping.com-Qualitative vs Quantitative Risk Analysis.

3.ProjectRiskManager.com-Qualitative vs Quantitative Risk Analysis, What is the

4.Qualitative and Quantitative Approaches to Risk Assessment by David C. Simmons

5.Project Risk Management by Roland Warner.

6|Page