Activities to Perform Quantitative Risk Analysis delve further into identified risks by assigning a cost or other impact measurements to them.
Quantitative risk analysis at the individual risk level can then be aggregated into estimates for the probability of achieving project objectives, like scope, budget, and schedule.
Quantitative risk analysis will be repeated as new risks are identified or as it's deemed necessary for other identified risks.
For project-level risk analysis, quantitative will reoccur frequently during risk monitoring and control to keep tabs on whether the project's overall risk level has changed.
Since qualitative risk analysis is much more time consuming than qualitative, it's normally performed only on high priority risks.
The risk management plan establishes how quantitative risk analysis is to be carried out and who has what responsibilities for it, and the project schedule and budget indicate the time and money that can be spent on quantitative risk analysis activities.
Quantitative risk analysis results in updates to the risk register by expanding upon the risk data already collected.
Data needed for quantitative analysis can come from historical information or commercial risk databases, but further interviews with risk professionals, subject matter experts, and the project team may be needed to gather estimates and likely risk scenarios if these weren't fully discussed during risk identification.
Though the goals of quantitative risk analysis may differ between project types and risk types, the broad goal is to establish more definitive probability assessments and solidifying scope, time, cost, and quality ramifications of risks.
Perform Quantitative Risk Analysis Process Decomposition
Perform Quantitative Risk Analysis Process: Inputs
- Risk register
The risk register is a comprehensive list of all threats and opportunities the project faces. It also contains supplementary data about each risk, including its impact, probability, risk response, budget, risk owner, and contingency and fallback plans.
- Risk management plan
The risk management plan is a component of the project management plan. It details and defines the risk management activities for the project.
The plan establishes the risk methodology, risk roles and responsibilities, risk categories, probability and impact scales, risk tolerances, frequencies of risk management activities and reporting, and the budget and schedule for risk management activities.
- Cost management plan
The cost management plan is a part of the project management plan, and it establishes how project costs will be planned for, estimated, organized, reported on, forecasted, and managed.
The plan’s approach to cost management may increase or decrease project risk factors.
- Schedule management plan
Part of the project management plan, the schedule management plan details how the project schedule will be managed and controlled. The plan’s approach may increase or decrease project risk factors.
- Organizational process assets
Historical information from similar, past projects and risk databases can aid in quantitative analysis.
Perform Quantitative Risk Analysis Process: Tools and Techniques
- Data gathering and representation techniques
Quantitative analysis may require additional risk data that can be gathered from estimates obtained through interviews and expert judgment.
- Quantitative risk analysis and modeling techniques
Sensitivity analysis, decision tree analysis, expected monetary value, modeling, and simulation help to quantify risks and their impacts.
- Expert judgment
Quantitative analysis requires subject matter experts and expert judgment is needed to interpret, evaluate, and present the quantitative data uncovered.
Perform Quantitative Risk Analysis Process: Outputs
- Risk register updates
Quantitative analysis results in updates to the risk register, including the probability and impact assessments for risks. Data from the risk register can also be aggregated to provide data for risk analysis at the project level or at the project objective level.
Estimating and Probability Distributions
Estimates will be needed for people to further quantify probability and impact. Three-point estimates can be used to remove some of the unintentional biases that are always inherent in estimates.
One person may be overly pessimistic while another may be overly optimistic.
A three-point estimate uses a formula based on the optimistic, pessimistic, and most likely predictions to produce a weighted estimate.
A commonly used three-point formula is:
Pessimistic + (4 x Most Likely) + Optimistic / 6
Probability distributions and estimates are closely related because distributions are a mathematical description of uncertainties in the data, and estimates always have some degree of uncertainty.
A three-point estimate produces a type continuous probability distribution that looks like a bell curve.
If this curve looks familiar, it's because we've seen it as part of standard deviation in quality control.
Probability distributions and simulations are rooted in statistics, and for most everyday projects we can rely on three-point estimates without being overly concerned with the different probability distributions.
Simulation and Modeling Techniques
Simulations and modeling apply different scenarios to project components to expose and highlight risk elements or dependencies that might not otherwise have been visible.
Monte Carlo analysis is the most common simulation tool, especially in industries like insurance, engineering, and finance.
Simulations and modeling are complex, statistical, computer-driven tools that require significant time, effort, and skills to master.
Most project managers in general business environments will not encounter the need for Monte Carlo analysis.
Sensitivity analysis looks individually at each project objective and measures how uncertainty could impact that objective.
This makes it possible to identify what risks have the greatest potential impact and can show how uncertainty can impact project objectives.
For example, if labor cost could fluctuate between -20% and +20%, sensitivity analysis applies this cost range throughout affected project components and then displays which components are most susceptible to this risk.
The results of sensitivity analysis are usually shown as a tornado diagram or a spider diagram. A tornado diagram is named due to its funneled appearance.
Spider diagrams are more unusual, and they can appear in a variety of different manners, but they'll look similar to Venn diagrams.
Expected Monetary Value Analysis
Expected monetary value (EMV) is the cost or benefit of an uncertain event.
It's calculated by multiplying the monetary impact by probability.
EMV is what one could expect over time if the condition is repeated over and over.
Decision Tree Analysis
Decision trees visually map out options and using EMV for each decision point results in a net value for each decision path.
Even though a tool of quantitative analysis, decision trees are applicable to many project problems that have choices with levels of uncertainty.
Decision trees typically show monetary impacts, but EMV can be used to express any measurement (quantities, units, or time periods).
Since EMV is only an average, decision trees do not make an absolute prediction about the result of alternatives, so they should be used only as one factor in the decision-making process.
But even with this limitation, decision trees have the added benefits of:
- Forcing the decision to be viewed systematically into all the component parts of the decision.
- Forcing a quantitative approach in establishing probabilities for each alternative (e.g., 90% chance of success), and in assigning monetary costs and benefits to each component.