Qualitative Risk Analysis Process

The Qualitative Risk Analysis process sorts and prioritizes risk events by evaluating the probability and impact of risk events. The project team will use the Risk Management Plan to guide the process, and the items on the Risk Register will be evaluated. Many factors influence the approach to and the type of qualitative analysis that will be performed. These factors include the project status and type, the quality and accuracy of data, and assumptions about the project.

In performing a qualitative analysis, the project team will assign risk probability and impact. A probability/impact risk rating matrix is a common tool for evaluation of risks, and assumptions testing may be used to evaluate the strength and accuracy of the information that will be used. Qualitative analysis will lead to an overall risk ranking for the project and a list of prioritized risks.

There generally is not enough time or money to address every risk event that may be identified, so the project team should expend its effort on the most important risk eventsthe ones that have the greatest return impact on the project. This return can be in the form of negative impacts that are prevented or minimized, or positive impacts where the probability is increased. Qualitative Risk Analysis allows the team to prioritize the identified risks.

Inputs to the Qualitative Risk Analysis Process

The project team will use the Risk Management Plan to guide the process, and the items on the Risk Register will be evaluated. The inputs to the Qualitative Risk Analysis process are similar to Risk Identification with the exception of Enterprise Environmental Factors and the Project Management Plan and the addition of the Risk Register.

The correct answer is H. The completed Probability and Impact Matrix is not an input to the Qualitative Risk Analysis. The Risk Register is an output of the Risk Identification process, and the Risk Management Plan is an output of the Risk Management process. The Project Scope Statement and the Organizational Process Assets affect all the Project Risk Management processes.

Qualitative Risk Analysis Process Tools and Techniques

The primary tools and techniques used for Qualitative Risk Analysis are:

• Risk Probability and Impact Assessment Investigates the likelihood and effect on project objectives for each risk

• Probability and Impact Matrix A look-up table that integrates probability and impact combinations into risk ratings such as high, medium, or low

• Risk Data Quality Assessment Examining the data used to evaluate risks to determine whether it is accurate and reliable, including the distinction between fact and opinion

• Risk Categorization Sources and locations of project risks

• Risk Urgency Assessment Designation of the critical nature of a risk for warning signs, severity, and time to implement a response

The correct answer is A. The purpose of this process is to sort and prioritize risk events using the likelihood that the risk event will occur as well as the consequences of the risk event.

The risk probability assessment determines the chance that a risk event will come to pass. Attempting to prevent a risk event with a very low probability or a low impact may not be the best use of project resources if the negative effect on meeting any of the project objectives is less than the impact of the occurrence. The impact assessment examines the risk events' effects on the project objectives. Each risk event is evaluated in order to prioritize the risks and determine an appropriate range of responses. For example, if the impact of a risk event to the project is limited to $1,000, it would not make sense to spend $1,000 to prevent the risk event. If the probability of occurrence of the risk event is very low, the team may decide to take their chances and do nothing, hoping that the risk event will not happen. In order to determine the probabilities and impact on the project objectives, the project team will need the operational definitions from the Risk Management Plan.

To prevent the team from using exclusively anecdotal data or unstructured discussions, it is best to use a structured process. Informal discussions in meetings are convenient but are not as robust as a disciplined process. Good decision-making processes should be used as well, ones that differentiate between opinion and data.

The outputs of the Qualitative Risk Analysis include the updated Risk Register with some or all of the following factors (see Table 15-3):

• Priority Each individual risk is ranked according to significance and increased chance of meeting project objectives (scope, cost, time, or quality) from a risk response

• Category Looking at the cause or location of risks can lead to an understanding of root cause and hence more effective risk responses

• Near-term response Risks that require an immediate response are grouped so that they can be addressed in a timely fashion

• Additional analysis Risks that require more analysis and response

• Low priority risks for watch lists Risks that are low priority but that should be watched

• Trends in Qualitative Risk Analysis Trends that require additional analysis that may point the team to a potential problem area

The correct answer is B. The Risk Register not only prioritizes the risk events but also focuses attention on lower-priority risks that, if ignored during the project, could become very high-priority. Monitoring lower-priority risks could prevent them from growing. It is said, "That which is measured, improves."

The Risk Register is a comprehensive document that lists the components of the risks for the purpose of developing responses, further analysis, or other actions by the project team.

The correct answer is C. The Risk Register cannot be developed before risk events are identified, and the information from the Qualitative Risk Analysis is needed to prioritize the risks for further action.