4 Responses Oct 01

Naren Work:

Qualitative vs. Quantitative Risk Assessment

            Quantitative risk assessment focuses on measurable and predefined data, while a qualitative risk assessment is based on the subject and the knowledge of the analyst. In qualitative risk assessment, the risk is scored based on their likelihood of occurrence and the impact on project objectives if they occur. It generally applies a subjective assessment of risk occurrence probability against potential risk outcomes to determine the severity of a risk. It includes appropriate categorization of the risks, which are source-based, or effect based.  Quantitative risk assessment, on the other hand, is further analysis of high priority risks whereby numerical rating is assigned to develop a probabilistic analysis of a project. It quantifies the potential outcomes for a project and assesses the likelihood of achieving specific objectives. According to Saripalli and Walters (2010), “quantitative risk assessment is a framework for assessing risks associated mostly with cloud computing platforms” (p.280). Moreover, it provides a quantitative approach to decision making in the case of uncertainty and creates achievable cost and scope targets.

            The key difference between qualitative and quantitative risk assessment is their approach to the risk analysis process. Unlike quantitative risk assessment, qualitative risk assessment tends to be more subjective as it focuses on risk identification to measure the probability of a specific risk event occurring during the life cycle of a project. In contrast, quantitative risk assessment tends to be objective as it uses verifiable data to analyze the effects of risk. Quantitative risk assessment relies on string risk models and vast amounts of data, while qualitative risk assessment can be performed at any phase of the project.

Unlike qualitative risk assessment approach, quantitative risks assessment often articulates risks in numerical terms. In contrast, “qualitative approach has no numerical value and is usually opinion based” (Yazar, 2002, p.4). Moreover, while a qualitative risk assessment is used to evaluate individual risks; quantitative risk assessment is used to evaluate project risks. However, both qualitative and quantitative risk assessment models have uncertainty numbers and values. Another similarity between the two is that they all aim at identifying hazards. Both qualitative and quantitative risk assessment approaches often.

There have been numerous arguments on which of these risks approaches is better for project risks management. By ranking the severity of risk on a broader perspective, qualitative risk assessment is the best for gauging probability and prioritizing risk more efficiently. Moreover, qualitative risk assessment makes it easier to identify specific areas that require special intention such as risk events that have high probabilities of causing catastrophic impact. Therefore, by combining both the qualitative and quantitative risk assessment approaches, identifying these risks will be much easier and efficient. According to Feather et al. (2000), “The net result is a combination that exhibits the best attributes of both qualitative and quantitative risk management tool support” (p.1). Besides qualitative risks, assessment is considered to be an older form of risk management than quantitative risk assessment. One of the primary reasons why qualitative risk assessment remains relevant up to date is the fact that it is a much quicker and easier approach to implement. On the hand, it has been widely established that quantitative risk assessment profoundly relies on accurate statistical data to produce actionable insights.           Qualitative and quantitative risk assessment is often used in hybrid approaches. This is because qualitative risks analysis deals with estimating the cost of risk in monetary terms. In contrast, quantitative risk analysis deals with the likelihood of compromise from the opinions of different individuals with an organization. It is, therefore, crucial for project managers to understand when and how to use either qualitative or quantitative risk assessment tools to identify different risks related to a project. Moreover, there is a need to consider biases that may occur when calculating the risks.

References

Feather, M. S., Cornford, S. L., & Larson, T. W. (2000, September). Combining the best attributes of qualitative and quantitative risk management tool support. In Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering (pp. 309-312). IEEE.

Saripalli, P., & Walters, B. (2010, July). Quirc: A quantitative impact and risk assessment framework for cloud security. In 2010 IEEE 3rd international conference on cloud computing (pp. 280-288). IEEE.

Yazar, Z. (2002). A qualitative risk analysis and management tool–CRAMM. SANS InfoSec Reading Room White Paper, 11, 12-32.

Dushyanth Work:

Week 6 Discussion Risk Assessment

            Project success relies on the efficiency of risk analysis and alleviation. Therefore, “Irrespective of the size or scale of your project, delivering it on time and within budget (not to mention preserving stakeholder confidence) is nigh on impossible if you haven’t taken the time to identify, analyze, categorize, prioritize, and gauge the impact of external risks before work commences” (Wood, 2019). The inference shows that firms have to determine the best approach to handle their projects. They can apply either qualitative (QL) or quantitative (QN) risk analysis (Wood, 2019). They have to differentiate the methodologies to reduce conflict in their application.

            The author argues that QL analysis is subjective while QN methodology is objective. The classification results from the fact that the QL approach “focuses on identifying risks to measure both the likelihood of a specific risk event occurring during the project life cycle and the impact it will have on the overall schedule should it hit” (Wood, 2019). Therefore, QL investigates the degree of severity of a risk. It assists in the formulation of risk assessment matrix or other visuals that can communicate effectively to the stakeholders (Wood, 2019). The report generated rates the hazards and recommends the needed mitigation measures.

            On the other hand, QN risk methodology applies verifiable data. The management can analyze cost overruns, scope creep, and resources. However, it has to understand the two approaches have the same goals (Wood, 2019). The difference is that QN is more scientific and data-intensive as opposed to QL methodology. “In layman’s terms, quantitative risk analysis assigns a numerical value to extant risks — risk A has a 40% chance of occurring, based on quantifiable data (fluctuations in resource costs, average activity completion time, logistics etc.) and a 15% chance of causing a delay of X number of days “(Wood, 2019). The analysis shows that QN might be more reliable than its counterpart in risk prioritization.

            Bansal (2019) argues that one can determine specific goals of the two approaches. The QL risk analysis focuses on identifying risks for further investigation. However, “the risk which is not marked for further analysis, it identifies actions for them based on the combined effects of the probability of occurrence and impact on project objectives (Bansal, 2019). The goal of QN risk analysis is identification of threats affecting the overall project objectives. It achieves this through quantification of risk exposure and computation of cost and schedule contingencies.

            Malik (2020) notes that, “The examination and prioritizing of risk events by applying subjective judgment to the description, probability and impact of the event, typically on some numerical or graded scale.” Therefore, he affirms that QL methodologies are subjective and QN objective. The former requires expert judgment and subjective analysis. However, the latter requires measurement of predetermined factors. The analyst undertakes, “an examination of project risks using numerical processes such as simulation and decision trees” (Malik, 2020).  The analysis relies on the data available and firm’s prediction. The data can incorporate time and costs due to the threats.

References

Bansal, S. (2019, December 2). Difference Between Quantitative And Qualitative Risk Analysis. iZen Bridge

Malik, P. (2020, February 17). Difference Between Qualitative And Quantitative Risk Analysis. PM by PM

Wood, R. (2019, December 9). What’s the Difference Between Qualitative and Quantitative Risk Analysis? Safran