Preparing for Quantitative Risk Analysis

Quantitative risk analysis attempts to numerically assess the probability and impact of the identified risks. Quantitative risk analysis also creates an overall risk score for the project. This method is more in-depth than qualitative risk analysis and relies on several different tools to accomplish its goal.

Qualitative risk analysis typically precedes quantitative analysis. All or a portion of the identified risks in qualitative risk analysis can be examined in the quantitative analysis. The performing organization may have policies on the risk scores in qualitative analysis, which require the risks to advance to the quantitative analysis. The availability of time and budget may also be a factor in the determination of which risks should pass through quantitative analysis. Quantitative analysis is a more time-consuming process, and is therefore also more expensive. There are several goals of quantitative risk analysis:

• To ascertain the likelihood of reaching project success

• To ascertain the likelihood of reaching a particular project objective

• To determine the risk exposure for the project

• To determine the likely amount of the contingency reserve needed for the project

• To determine the risks with the largest impact on the project

• To determine realistic time, cost, and scope targets

Exam Watch

Quantitative risk analysis relies on hard numbers. Each risk is assigned a score, not a high, medium, low ranking. You can remember quantitative analysis as the “N” in quantitative and the “N” in numbers.

Considering the Inputs for Quantitative Analysis

Based on the time and budget allotments for quantitative analysis, as defined in the risk management plan, the project manager can move into quantitative analysis. There are, however, seven inputs to quantitative risk analysis the project manager should rely on:

• Risk management plan The risk management plan identifies the risk management methodology, the allotted budget for risk analysis, the schedule, and the risk scoring mechanics—among other attributes.

• Identified risks The risks that have been identified and promoted to quantitative analysis are needed.

• Prioritized risks The risks as ranked by weight, priority, or WBS component will need to be readily available. This information can offer significant information for the quantitative analysis of the risks, reveal trends among the risks, and show those risks that require the most attention.

• List of risks marked for additional analysis Any risks with a high or moderate score need quantitative analysis. These risks require immediate attention since their presence can ensure detrimental effects on the project’s success.

• Historical information Similar projects will likely have similar risks. The history of how the risks were managed, mismanaged, or discovered during the project can provide crucial information regarding the current project. In addition, there may be historical information available through commercial databases or other sources.

• Expert judgment Individuals, other project teams within the performing organizations, subject matter experts, or other consultants may provide valuable experience and insight into the identified risks.

• Other planning outputs These include the cost and schedule estimates, documented logic of project decisions, scheduling information, and information on the technical attributes of the project.

Interviewing Stakeholders and Experts

Interviews with stakeholders and subject matter experts can be one of the first tools to quantify the identified risks. The interview can focus on worst-case, best-case, and most-likely scenarios if the goal of the quantitative analysis is to create a triangular distribution; most quantitative analysis, however, uses continuous probability distributions. Figure 11-6 shows five sample distributions: normal, triangular, uniform, beta, and lognormal.

Figure 11-6: Distributions illustrate the likelihood and impact of an event.

Continuous probability distribution is an examination of the probability of all possibilities within a given range. For each variable, the probability of a risk event, and the corresponding consequence for the event, may vary. In other words, dependent on whether the risk event occurs and how it happens, a reaction to the event may also occur. The distribution of the probabilities and impact include:

• Uniform

• Normal

• Triangular

• Beta

• Lognormal

Exam Watch

Don’t invest too much time on knowing these distribution types for the exam. The questions on quantitative analysis will focus on more accessible methods than these in-depth, analytic approaches.

Applying Sensitivity Analysis

Sensitivity analysis examines each project risk on its own merit. All other risks in the project are set at a baseline value. The individual risk then is examined to see how it may affect the success of the project. The goal of sensitivity analysis is to determine which individual risks have the greatest impact on the project’s success and then to escalate the risk management processes on these risk events.

Using a Decision Tree

A decision tree is a method to determine which of two decisions is the best to make. For example, it can be used to determine buy-versus-build scenarios, lease-or-purchase equations, or whether to use in-house resources rather than outsourcing the project work. The decision tree model examines the cost and benefits of both decision outcomes and weighs the probability of success for each of the decisions.

The purpose of the decision tree is to make a decision, calculate the value of that decision, or to determine which decision costs the least. Follow Figure 11-7 through the various steps of the decision tree process.

Figure 11-7: Decision trees analyze the probability of events and calculate decision value.

Completing a Decision Tree

As the project manager of the new GFB Project, you have to decide whether to create a new web application in-house or send the project out to a developer. The developer you would use (if you were to outsource the work) quotes the project cost at $175,000. Based on previous work with this company, you are 85 percent certain they will finish the work on time.

Your in-house development team quotes the cost of the work as $165,000. Again, based on previous experience with your in-house developers, you feel 75 percent certain they can complete the work on time. Now let’s apply what we know to a decision tree:

• Buy or build is simply the decision name.

• The cost of the decision if you “buy” the work outside of your company is $175,000. If you build the software in-house, the cost of the decision is $165,000.

• Based on your probability of completion by a given date, you apply the 85 percent certain to the “strong” finish for the buy branch of the tree. Because you’re 85 percent certain, you’re also 15 percent uncertain; this value is assigned to the “weak” value on the buy branch. You complete the same process for the build branch of the tree.

• The value of the decision is the percentage of strong and weak applied to each branch of the tree.

• The best decision is based solely on the largest value of all possible decisions.

Using a Project Simulation

Project simulations allow the project team to play “what-if” games without affecting any areas of production. The Monte Carlo technique is the most common simulation. Monte Carlo got its name from Monte Carlo, Monaco (world-renowned for its slot machines, roulette wheels, and other games of pure chance). Monte Carlo, typically completed through a computer software program, completely simulates a project with values for all possible variables to predict the most likely model.