**Quantitative risk analysis – and how to perform it**

*Quantitative risk analysis* assigns a projected value(usually this value is stated in terms of cost or time) to the risks that have already being ranked by the previous process ‘perform qualitative risk analysis’.

People often confuse these two processes which are normally performed at the same time. Perform quality of risk analysis however is determining the probability and impact of the risks to the project and going on to prioritise and rank them on the risk register. The outputs from this process will be used to plan risk responses and also to monitor and control risks.

**There are five inputs to perform quantitative risk analysis:**

**The risk register**. This contains a list of all of the identify risks so far on the project, and includes information on each such as their responses, their records is an categories.

**The risk management plan.** This document is in fact the risk management strategy because it defines the level of risk which is seen as tolerable, how such risks will be managed, who will be responsible for carrying out the risk activities, the time and cost aspects of each risk activity and how the communication of risk is to occur.

**Schedule management plan.** Because the schedule timings are presented in a quantifiable manner then risks concerned with timing and time scales can easily be quantified within this process.

**Cost management plan**. Similar to the above, costs are also quantifiable and can be used as an input for this process. Note that the scope management plan is not quantifiable and is therefore normally used within the qualitative risk analysis process.

**Organisational process assets.** These may consist of risk templates, policies procedures or guidelines, lessons learned from previous or similar projects, and any quantitative risk tools.

**There is only one output from Quantitative risk analysis:**

**Risk register updates.**

It is worth mentioning here are the risk is anything that may impact the objectives of a project, and this therefore must include positive and negative impacts. A negative impact risk is defined as a threat, and a positive impact risk is defined as an opportunity. Risk responses for threats should act two reduce the probability or impact, whereas risk response is for opportunities would want to maximize both the probability and impact should such a risk still occur.

With this in mind the risk register is updated as a result of Quantitative risk analysis in terms of its risk and probability along with the priority of each risk plus any trends that have been observed.

**Tools used in Quantitative risk analysis:**

**Probability distributions.**

These are usually presented on my table or graph and represent mathematically the probability of a risk events occurring. These probability distributions aid decision-making by considering the real probability of it happening and using this determine the best way to approach each risk.

**Data gathering and representation techniques.**

This covers the tool and techniques of carrying out a structured interview to determine be probability and impact of risks from subject matter experts. These experts must have the knowledge skills and experience sufficient to form a realistic view of such probability and impacts.

Rather than ask each expert for a single value for each, the project manager would normally encourage each experts to provide an optimistic, pessimistic and realistic probability and impact value for each risk.

**Quantitative risk analysis and modelling techniques.**

**There are five tools and methods that can be used here:**

**Sensitivity analysis.**

This involves analysing the project to determine how sensitive is to particular risks by analysing the impact and severity of each risk.

**Expected monetary value analysis.**

In broad terms, determining the expected monetary value is to multiply the likelihood by the cost impact to obtain an expected value for each risk, these are then added up to obtain the expected military value for the project. A typical way of calculating EMV is using decision trees;

**Quantitative risk analysis – Decision tree analysis.**

These are in the form of a flow diagram where each node, represented by a rectangle, contains a description of the risk aspect and its cost. These rectangles are linked together via arrows each arrow leading to another box representing the percentage probability. These totals are calculated by multiplying the risk costs by the probability and adding that value to the initial cost.

**Tornado diagrams.**

These are named because of their funnel shaped and portray graphically the project sensitivity to cost or other factors. Each tornado diagram will represent the impact of risks in terms of particular aspects. These aspects may be the stages of phases of all project, and are ranked vertically and represented by a horizontal bar showing plus or minus cost impacts.

**Modeling and simulation.**

The most common form of this is Monte Carlo analysis which is normally calculated by computer by analysing many scenarios for the project schedule and calculating the impact of particular the risk events and is helpful in identifying risks and the effect they have on the project schedule.

**Expert judgement.**

In a similar way to carrying out a structured interview, this would normally involve asking experts to review your risk data and the manner in which it has been gathered. As a consequence these experts may also identify additional risk areas.

#### If you need help to get the PMP Exam results you deserve, then CLICK HERE

David spent 25 years as a senior project manager for US multinationals and now develops a wide range of project-related downloadable video training products under the Primer brand. In addition, David runs training seminars across the world, and is a prolific writer on the many topics of project management. He currently lives in Spain with his wife Jude.