Methods for risk analysis: qualitative and quantitative approaches
Risk analysis is the second step in risk management and focuses on assessing the likelihood and potential impact of previously identified risks. For example, in the keyboard development team mentioned earlier, there may be a risk that insufficient time has been allocated to the project. Such a delay could not only jeopardise the project itself, but also lead to additional problems such as increased costs or compromised quality. To better assess the likelihood and potential impact of this risk, both qualitative and quantitative analysis methods are used.
Content
Qualitative risk analysis
Qualitative risk analysis focuses on assessing the likelihood of a risk occurring and its impact on the project. Aspects such as cost, schedule and quality of the final product are considered. The methods used are usually simple to apply, although not always cost effective. Two common methods are described in more detail below.
Delphi method
The Delphi method is a multi-stage survey technique used particularly when empirical data is lacking. It uses the expertise of experts to make informed predictions about potential risks. The process starts with an individual risk assessment by the experts. These assessments are then reviewed collectively, particularly where there are significant differences. This process is repeated until a consensus is reached. The risks are then prioritised to focus on the key areas of concern.
Despite its effectiveness, the Delphi method has its challenges: some participants may withhold their opinions if they do not have a vested interest in the success of the discussion, or dominant voices may distort the discourse. It is also time-consuming and requires careful facilitation to minimise bias. Nevertheless, the Delphi method remains a valuable forecasting technique in areas of high uncertainty and limited data availability.
SWIFT analysis
SWIFT analysis (Structured What If Technique) is a structured "what if" technique involving the whole team. It is similar to brainstorming but more efficient because it follows a set framework. The aim is to create a risk matrix that represents both the probability and impact of risks.
For example, the keyboard development team identifies time management as a risk. The team then investigates what would happen ("what if") if the schedule is exceeded. Possible consequences, such as increased cost or reduced quality, are discussed and appropriate measures are developed to mitigate these risks at an early stage.
Delphi method
The Delphi method is a multi-stage survey technique used particularly when empirical data is lacking. It uses the expertise of experts to make informed predictions about potential risks. The process starts with an individual risk assessment by the experts. These assessments are then reviewed collectively, particularly where there are significant differences. This process is repeated until a consensus is reached. The risks are then prioritised to focus on the key areas of concern.
Despite its effectiveness, the Delphi method has its challenges: some participants may withhold their opinions if they do not have a vested interest in the success of the discussion, or dominant voices may distort the discourse. It is also time-consuming and requires careful facilitation to minimise bias. Nevertheless, the Delphi method remains a valuable forecasting technique in areas of high uncertainty and limited data availability.
SWIFT analysis
SWIFT analysis (Structured What If Technique) is a structured "what if" technique involving the whole team. It is similar to brainstorming but more efficient because it follows a set framework. The aim is to create a risk matrix that represents both the probability and impact of risks.
For example, the keyboard development team identifies time management as a risk. The team then investigates what would happen ("what if") if the schedule is exceeded. Possible consequences, such as increased cost or reduced quality, are discussed and appropriate measures are developed to mitigate these risks at an early stage.
Quantitative risk analysis
Quantitative risk analysis complements qualitative analysis by providing a numerical assessment of risks. It is used primarily for risks that have been identified as particularly critical in the qualitative analysis. Two key quantitative techniques are discussed below.
Decision tree analysis
Decision tree analysis is a method of graphically representing different decision options. It starts with a central risk and branches out according to possible consequences and alternative actions until all options and their impacts are visualised. This structure allows the scenario with the greatest benefit to be selected. To make an informed decision, quantitative values need to be provided for each option.
To illustrate this: The keyboard project faces the risk of not meeting the planned schedule, despite a budget of CHF 50,000. This central risk leads to various consequences, which in turn represent new nodes in the decision tree. Possible decisions include extending the timeline or increasing the budget. For each of these decisions, there are different actions that can be taken to manage the risk:
Decision tree analysis
Decision tree analysis is a method of graphically representing different decision options. It starts with a central risk and branches out according to possible consequences and alternative actions until all options and their impacts are visualised. This structure allows the scenario with the greatest benefit to be selected. To make an informed decision, quantitative values need to be provided for each option.
To illustrate this: The keyboard project faces the risk of not meeting the planned schedule, despite a budget of CHF 50,000. This central risk leads to various consequences, which in turn represent new nodes in the decision tree. Possible decisions include extending the timeline or increasing the budget. For each of these decisions, there are different actions that can be taken to manage the risk:
These possible actions are interrelated, resulting in a chain of consequences that further branches the decision tree. For example, if it is decided to extend the schedule by 10 %, this will logically lead to an increase in the budget as more resources will be required. Conversely, if the budget is increased by 10 %, more people can be hired to meet the original schedule. In this way, the decision tree continues to branch out, evaluating each action and its impact in detail.
As decision tree analysis is a quantitative method, each action is assigned a numerical value representing its impact on the budget. In addition, each action is given a probability, which indicates the likelihood of its implementation. These probabilities add up to 100 %.
As decision tree analysis is a quantitative method, each action is assigned a numerical value representing its impact on the budget. In addition, each action is given a probability, which indicates the likelihood of its implementation. These probabilities add up to 100 %.
The expected value (EV) is then calculated, or in this case, how much more budget would need to be spent.
Expected Value = (Action 1 x Probability) + (Action 2 x Probability) + (Action 3 x Probability) – Cost
In the example, the expected value for the time extension is CHF 18,000 and for the budget increase is CHF 3,250. This means that the loss from increasing the budget is less than the loss from extending the time, making the budget increase the preferred risk management action.
This simple example shows how complex decision tree analysis can become when multiple decisions and their consequences are linked. Nevertheless, it provides a clear view of all possible scenarios and supports informed decision making.
Sensitivity analysis
The Sensitivity analysis examines how sensitive a final result is to small changes in the initial parameters. The functional relationship between the initial and final values is described mathematically. It is particularly useful for assessing the stability of projections or forecasts and for understanding which factors have the greatest impact on the overall outcome.
A well-known example of the application of sensitivity analysis is Pareto analysis. It is based on the Pareto principle, which states that a small number of factors often have the greatest impact on the outcome. The aim is to identify and analyse these few but critical factors. In practice, a quantifiable quantity (e.g. time) is linked to a variable element (e.g. the impact of a time delay) to make the impact on the project visible.
A simple example: A project team might investigate the impact of a schedule extension on the overall project. To do this, various risks that could affect the project duration are listed and analysed for their impact. By visualising these risks in a diagram, it becomes clear which risk has the greatest impact and should therefore be prioritised. This approach enables targeted and efficient risk management.
Expected Value = (Action 1 x Probability) + (Action 2 x Probability) + (Action 3 x Probability) – Cost
In the example, the expected value for the time extension is CHF 18,000 and for the budget increase is CHF 3,250. This means that the loss from increasing the budget is less than the loss from extending the time, making the budget increase the preferred risk management action.
This simple example shows how complex decision tree analysis can become when multiple decisions and their consequences are linked. Nevertheless, it provides a clear view of all possible scenarios and supports informed decision making.
Sensitivity analysis
The Sensitivity analysis examines how sensitive a final result is to small changes in the initial parameters. The functional relationship between the initial and final values is described mathematically. It is particularly useful for assessing the stability of projections or forecasts and for understanding which factors have the greatest impact on the overall outcome.
A well-known example of the application of sensitivity analysis is Pareto analysis. It is based on the Pareto principle, which states that a small number of factors often have the greatest impact on the outcome. The aim is to identify and analyse these few but critical factors. In practice, a quantifiable quantity (e.g. time) is linked to a variable element (e.g. the impact of a time delay) to make the impact on the project visible.
A simple example: A project team might investigate the impact of a schedule extension on the overall project. To do this, various risks that could affect the project duration are listed and analysed for their impact. By visualising these risks in a diagram, it becomes clear which risk has the greatest impact and should therefore be prioritised. This approach enables targeted and efficient risk management.
Conclusion
Although the methods presented do not cover the full range of risk management techniques, they provide a good overview of qualitative and quantitative approaches. Qualitative methods provide valuable insights into the likelihood and impact of risks, while quantitative methods provide a numerical assessment. A combination of both approaches provides a solid basis for comprehensive risk analysis and enables targeted risk management.
Author: IAPM internal
Keywords: Project management, Risk analysis, Risk management