PMI-RMP Perform Qualitative Risk Analysis Tutorial

7.1 Perform Qualitative Risk Analysis

Hello and welcome to the Project Management Institute’s Risk Management Professional Certification Preparatory Course offered by Simplilearn. In this lesson, we will find out how to perform qualitative risk analysis. Let us look into the objectives of this lesson in the next screen.

7.2 Objectives

After completing this lesson, you will be able to: ? Define the purposes and objectives ? Identify Critical Success Factors ? Explain inputs, tools and techniques along with their characteristics, and outputs ? Describe how to document the results In the next screen, let us begin with the Purposes and Objectives of the Perform Qualitative Risk Analysis Process.

7.3 Purposes and Objectives

It is practically impossible to deal with all the risks of the project at the same time with the same intensity. Therefore, prioritizing the risks of the project is important. Perform qualitative risk analysis process enables the project manager and the team to prioritize the risks of the project by assigning a probability and impact number, and arriving at the risk exposures of the risks. The risks are prioritized based on risk exposures. Therefore, the purposes and objectives of qualitative risk analysis are to assess and evaluate characteristics of individually identified risks. It also includes prioritizing the risks based on the agreed-upon characteristics. Assessing individual risk evaluates the probability that each risk will occur and the effect it can have on the project objectives. Categorizing risks according to their sources or causes will help in filtering them out. Qualitative risk analysis is used to determine the risk exposure of the project by multiplying the probability and impact. In the next screen, we will discuss the critical success factors or CSFs for perform qualitative risk analysis process

7.4 Critical Success Factors

Agreement of the stakeholders is a fundamental criterion for success in qualitative risk analysis. Now, let us look at the critical success factors for the qualitative risk analysis. Click each tab to know more. The first factor is to use an “agreed-upon approach” towards assessing the probability and impact of risks. The second factor is to use the “agreed-upon definitions” of risk terms like probability and impact scales, and probability and impact matrix. Initiatives like collecting high-quality risk information. Performing iteration of the qualitative risk analysis are also important. The diagram on this screen describes building risk analysis credibility. The basis of process credibility is an agreed-upon approach. After this approach is considered, the focus is on using agreed-upon definitions which enable high-quality information to be collected. These factors are achieved through an iterative approach. Finally, with these conditions in place, the process can be executed reliably, which contributes to the credibility of its output. In the following few screens, we will discuss each of these steps in detail.

7.5 Use Agreed-Upon Approach

In this screen, we will look at the fundamental approach, which is “use agreed-upon approach.” You need to apply an agreed-upon approach to all the identified risks in any project. All risks may be assessed according to the probability of occurrence and impact on individual objectives. Other factors to be considered here are urgency and manageability. Urgency, also known as proximity, implies that risks that require near-term responses may be considered more urgent to deal with. Indicators of urgency can include the lead time to execute a risk response and clarity of symptoms and warning signs or detectability. Here, lead time is advancing an activity. Manageability implies that some risks are not manageable and if you try to address those, it may be a waste of time and resources. The project team may decide whether to go forward and perhaps establish a contingency reserve, or to stop or re-scope the project as these risks may be an unmanageable threat or an opportunity. Further, the project team may also involve customers and ask for their viewpoint. Also, you need to consider the other factor which is called “impact external to the project.” It means that the importance of a risk may be increased if it affects the enterprise beyond the project. In the next screen, we will look into the next critical success factor, that is, “use agreed-upon definitions of risk terms”.

7.6 Use Agreed-Upon Definitions of Risk Terms

Risk assessment should be based on agreed-upon definitions of important terms and should be used consistently. For example: Levels of probability (25%) (Read as: twenty five percent) and impact on objectives (cost $-10,000) (Read as: cost minus ten thousand dollars). The use of definitions assists the providers of the information in giving realistic assessments for each risk. Communication will be better for the management and the stakeholders. In the next screen, we will discuss the next critical success factor, which is, “collecting high-quality information about risks.

7.7 Collect High-Quality Information on Risks

For any risk analysis, quality of data is very important. You can gather the quality data from interviews, workshops, and using expert judgment techniques. Data may be unbiased or intentionally biased. Biased data should be remedied. The remedy or the corrective action comes with experience and communication with the stakeholders. In the next screen, we will discuss the last critical success factor, which is performing iterative qualitative risk analysis.

7.8 Perform Iterative Qualitative Risk Analysis

Qualitative risk analysis is not complete with one analysis. It is done throughout the phases of a project's lifecycle. This ensures accurate analysis of risks in accordance with the changes happening in the project. The frequency of this effort will be planned in the plan risk management process, but it may also depend on events occurring within the project.

7.9 Inputs, Tools and Techniques, and Outputs

In this screen, we will list out the inputs, tools and techniques, and outputs of perform qualitative risk analysis process. The inputs are risk register, risk management plan, scope baseline, enterprise environmental factors, and organizational process assets. The tools and techniques are risk probability and impact assessment, probability and impact matrix, risk data quality assessment, risk categorization, risk urgency assessment, and expert judgment. The output is project documents updates. These inputs, tools and techniques, and outputs are discussed in detail in the next few screens. We will now move on to the inputs required to perform qualitative risk analysis, in the next screen.

7.10 Inputs

Following are the inputs require to perform qualitative risk analysis: you need the risk register because the identified risks are documented in the risk register. The risk management plan is needed because the probability scales and impact scales are defined in the plan. It contains important information on roles and assignments in risk management, risk categories, the probability and impact matrix, scheduled (Read as ske – juled) activities for risk management, and revised stakeholders' risk tolerances. The main output of plan risk management is risk management plan, and the output of identifying the risk process is risk register. The project manager might want to look into the scope baseline. This is because it gives an idea of the uncertainties of the project when it uses a technology which is new to the organization. Enterprise environmental factors provide insight and context to risk assessment, like industry studies of similar projects by risk specialists, risk databases available for the industry, or proprietary sources. Finally, organizational process assets that can influence the qualitative risk analysis process include information on prior completed projects of similar scope. Essentially, this is historical data. In the next screen, we will discuss the tools and techniques used for qualitative risk analysis.

7.11 Tools and Techniques

The tools and techniques required to perform qualitative risk analysis are Risk probability and impact assessment, Probability and impact matrix, Risk data quality assessment, Risk categorization, Risk urgency assessment, and Expert judgment. Click each tab to learn more. Risk probability and impact assessment: Risk probability and impact assessment is one of the important techniques for qualitative risk analysis process. Risk probability is used to investigate the likelihood that each specific risk will occur. Risk impact is used to assess potential effects on schedule, cost, and quality, including threat and or opportunity. Probability and impact matrix: Risks can be prioritized using probability and impact matrix. It helps in the rating or prioritization of the risks using the table. Each risk is rated on its probability of occurrence and impact on an objective if it occurs. Risk data quality assessment: This tool helps in evaluating the degree to which the data on risks is useful for risk management. The use of low quality risk data may lead to little use of the data for qualitative risk analysis. Risk categorization: Risk categorization is used to categorize the risk based on its sources, and the area of the project affected due to uncertainties. Some of the categories are technical, project management, and external. Risk urgency assessment: Once the analysis is completed, you need to define the urgency assessment for each risk, based on the priority. This is carried out by risk urgency assessment, where risk requiring near-term responses may be considered more urgent to address. Expert judgment: The last technique, widely used for most of the processes, is called expert judgement. This is required to assess the probability and impact of each risk to determine its location in the probability and the impact matrix table.

7.12 Tools and Techniques—Characteristics

In this screen, we’ll discuss the characteristics of tools and techniques for the perform qualitative risk analysis process. You should be aware of the risk characteristics such as the description, the identified date, customer details, etc., so that the importance of the risk can be defined. In general, the tools and techniques used for qualitative risk analysis include risk probability and impact assessment; and probability and impact matrix. To do this, you need to collect and analyze data by using risk quality assessment and expert judgment. It is important to prioritize risks by probability and impact on specific objectives and overall project (for example: Risk urgency assessment.) Further, you can categorize risk causes (Risk categorization) and document the results of the perform qualitative risk analysis process. The risk team would assign a probability and impact value to the risk. Risk is a factor of probability and impact, which would give the risk exposure. Risk exposure is mapped to the probability and impact matrix to categorize the risk as high, medium, or low. It is important for a project manager to make sure that the data obtained of the risk is unbiased, accurate, and of high quality. Also, as a part of qualitative risk analysis, it is important to identify the urgency of the risk. Urgency is determined on the basis of the amount of risk response time available. To arrive at this urgency value, you should assess the probability and impact of a specific or individual risk, as well as the impact it can have on the overall project objectives. Project objective, can be schedule (Read as ske – jule) or cost. This urgency will help in prioritizing the risk. Finally, it is important that the project manager involves experts during the process of analyzing risks, and documents the risks for further analysis if required. Let us discuss an example of Risk Probability and Impact Assessment in the next screen.

7.12 Tools and Techniques—Characteristics

In this screen, we’ll discuss the characteristics of tools and techniques for the perform qualitative risk analysis process. You should be aware of the risk characteristics such as the description, the identified date, customer details, etc., so that the importance of the risk can be defined. In general, the tools and techniques used for qualitative risk analysis include risk probability and impact assessment; and probability and impact matrix. To do this, you need to collect and analyze data by using risk quality assessment and expert judgment. It is important to prioritize risks by probability and impact on specific objectives and overall project (for example: Risk urgency assessment.) Further, you can categorize risk causes (Risk categorization) and document the results of the perform qualitative risk analysis process. The risk team would assign a probability and impact value to the risk. Risk is a factor of probability and impact, which would give the risk exposure. Risk exposure is mapped to the probability and impact matrix to categorize the risk as high, medium, or low. It is important for a project manager to make sure that the data obtained of the risk is unbiased, accurate, and of high quality. Also, as a part of qualitative risk analysis, it is important to identify the urgency of the risk. Urgency is determined on the basis of the amount of risk response time available. To arrive at this urgency value, you should assess the probability and impact of a specific or individual risk, as well as the impact it can have on the overall project objectives. Project objective, can be schedule (Read as ske – jule) or cost. This urgency will help in prioritizing the risk. Finally, it is important that the project manager involves experts during the process of analyzing risks, and documents the risks for further analysis if required. Let us discuss an example of Risk Probability and Impact Assessment in the next screen.

7.13 Risk Probability and Impact Assessment—Example

During qualitative risk analysis, Steven, a risk SME, is concerned with the probability and impact scores that the project team determined for a project assigned to him. The team had previously agreed that the majority would determine the probability and impact. This is to remove group thinking and bias in any area during early risk analysis. After the first round of analysis, and after reviewing the results, Steven is concerned about the validity of the team’s conclusions. Reluctant to sign off on results he does not believe are accurate he decided to assess the data quality of the available information that was used to assign probability and impact to each risk. We will continue our discussion of this example in the following screen.

7.13 Risk Probability and Impact Assessment—Example

During qualitative risk analysis, Steven, a risk SME, is concerned with the probability and impact scores that the project team determined for a project assigned to him. The team had previously agreed that the majority would determine the probability and impact. This is to remove group thinking and bias in any area during early risk analysis. After the first round of analysis, and after reviewing the results, Steven is concerned about the validity of the team’s conclusions. Reluctant to sign off on results he does not believe are accurate he decided to assess the data quality of the available information that was used to assign probability and impact to each risk. We will continue our discussion of this example in the following screen.

7.14 Risk Probability and Impact Assessment—Example (contd.)

During assessment Steven decides that the data is not good enough to accurately draw conclusions about the majority of risks. After gathering additional information from industry sources Steven provides more accurate data to the team, who then conducts a probability and impact assessment again. Armed with better data, the qualities of the individual risks reflect a previously unforeseen category of risks that are now near term and require immediate attentions. If Steven had not sought a better quality of data to support the team’s conclusions they would not have identified the unforeseen risk category. The team then reacts appropriately by performing further analysis and assigning action plans for the risks in case they occur. Let us discuss root cause analysis in the next screen.

7.14 Risk Probability and Impact Assessment—Example (contd.)

During assessment Steven decides that the data is not good enough to accurately draw conclusions about the majority of risks. After gathering additional information from industry sources Steven provides more accurate data to the team, who then conducts a probability and impact assessment again. Armed with better data, the qualities of the individual risks reflect a previously unforeseen category of risks that are now near term and require immediate attentions. If Steven had not sought a better quality of data to support the team’s conclusions they would not have identified the unforeseen risk category. The team then reacts appropriately by performing further analysis and assigning action plans for the risks in case they occur. Let us discuss root cause analysis in the next screen.

7.15 Root Cause Analysis

A root cause analysis seeks to identify basic causes of risks that may be visible symptoms of more fundamental forces. It may identify common sources of several risks, leading to broad-reaching risk response strategies. You need to be careful when using this technique for risk identi?cation to distinguish between risks (uncertain causes of the impact) and issues (certain causes of the impact). An example of root cause analysis, shown on the screen. In the diagram, you will be able to see the risks that were initially identi?ed include rework, extra cost, schedule slips, low team morale, customer mistrust and repeated audits. An examination of the identi?ed risks leads to a common root cause, that later phases of the project were typically started before the earlier ones were suf?ciently mature. This organization frequently ignored the proper phase entry prerequisites, hastening later project to speed up the project. In the next screen, we will look at estimating techniques.

7.16 Estimating Techniques

A common estimating technique associated with risk management is the probability and impact assessment. This tool is used concurrently with a predefined probability and impact matrix. It must be used consistently throughout the project with clearly defined definitions for probability and impact. The definitions for probability and impact for threats as well as opportunities have already been discussed along with an example of how to develop PIM scores for each identified risk. In the next screen, we will focus on historical documentation.

7.17 Historical Documentation

One invaluable source of information for a project, is any available data on previous projects that were similar to the current one. There are many risks that will reoccur from one project to the next. To capitalize on lessons learned, you will need access and it must be well structured. It is also beneficial to talk to previous project stakeholders who can fill in any gaps in the information. Speaking to the previous project manager would be ideal. Do not be surprised if you find incomplete details as poor strategies are rarely documented. Examples of historical documentation includes previous risk plans, risk registers, contracts, project post-mortem documentation, change requests, cost and time estimates, etc. Let us discuss the Analytical Hierarchy Process in the following screen.

7.18 Analytical Hierarchy Process

AHP is a tool used to determine the preferences for achieving the project objectives. All the constraints cannot be equally important. For example: You can use AHP to determine if cost is more important than scope, or if time is equally or less important than quality. Your preference for one constraint over another can determine the importance with one another using a scoring model. This scoring model can help justify where trade-offs are needed during the project. Specialized software is used for AHP. In the example on the screen, the steps of AHP are shown in detail. Let us look at the risk urgency assessment in the next screen.

7.19 Risk Urgency Assessment

You must determine the urgency of each risk as you analyze them. Risk urgency appears in two forms. First, the risks which are near-term must be addressed immediately. This means your focus must be on whatever can impact the project and should be addressed now. The second type of urgency concerns the time required to plan for a risk. If it takes 18 months to develop a sound plan then you may need to start immediately. In the following screen, we will discuss the steps of Perform Qualitative Risk Analysis Process.

7.20 Perform Qualitative Risk Analysis Process

The steps involved in the perform qualitative risk analysis process are explained with the help of a flowchart, on this screen. The first step of the qualitative risk analysis process is to select risk characteristics which are of interest to the management. After this, you need to collect and analyze data, which leads to the prioritization of risks. In the next step, you can categorize the risks based on the causes and finally document the results of the analysis. In the next few screens, we will discuss each of these steps in detail.

7.21 Select Risk Characteristics

Let us begin with the first step, which is selecting risk characteristics. Qualitative risk analysis helps in prioritization of risks which are important for response or further analysis. The criteria should be decided in advance. The tools help to specify levels and risk characteristics which are of management’s interest. Most tools help to assess the risk importance from a combination of probability of occurrence and degree of impact on objectives. The output of using the tools of qualitative risk analysis includes a list of risks in priority order, or in priority groups like high, medium, and low. One of the tools is the probability and impact table. Once the risk characteristics are set, next step is to collect and analyze the data, let us discuss this in the next screen.

7.22 Collect and Analyze Data

In this screen, we will focus on the assessment of individual risks. Assessment of risk is based on the information collected. Therefore, data collection and evaluation tools require management support and attention. It is necessary to be unbiased in data gathering, which is important when relying on expert judgment for information. In the next screen, we will look into the next step of qualitative risk analysis, which is prioritizing risks by probability and impact on specific objectives.

7.23 Prioritize Risks by Probability and Impact on Specific Objectives

Slide 29: Prioritize Risks by Probability and Impact on Specific Objectives Risks will have uneven impact and probability of occurrence on various project objectives. Therefore, they need to be prioritized by probability and impact on specific objectives, so that the right action can be taken at the right time. These tools help in the prioritization of risks in terms of affected specific project objectives like time, cost, quality, etc. The next screen is about prioritization of risks from the point of view of probability and impact on the overall project.

7.24 Prioritize Risks by Probability and Impact on Overall Project

The reason to prioritize risks by probability and impact based on specific and overall project is to have better communication. It is also done to convey the right information to the right people based on their interest. When a single risk prioritization index is needed, the organization should be explicit about how that index is created. Usually, the index reflects the organization’s preference among the objectives. The technique for determining the overall risk priority should be documented in the plan risk management process. In the next screen, we will discuss the categorization of risks based on causes.

7.25 Categorize Risk Causes

Categorization of risk leads to improved analysis of probability and magnitude of project risk, as well as effective responses. Some risks may be linked with others, and interpreting this chain of risks may lead to a better understanding of the implication of risk on the project. Identifying risks that can occur at the same time, or using the same resource for recovery, might provide a realistic picture of the problems of risk mitigation using limited resources. Combining the results of perform qualitative risk analysis process with risk breakdown structure can show clusters of risk priorities arising from specific sources. A combination of risk analysis information with work breakdown structure or WBS can show which areas of the project exhibit more risk. Assessing high-priority risks, for example on schedule (Read as ske – jule), may indicate the activities that you need to address to reduce that objective’s uncertainty. Let us discuss the documentation of results of the Perform Qualitative Risk Analysis Process in the next screen.

7.26 Document the Results

Documentation is the last step carried out in case of the qualitative risk analysis process. The results of the analysis are documented in the risk register which is the output of the risk identification process. While documenting the results of perform qualitative risk analysis process, the probability, impact (specific objective or overall project), and priority (specific objective or overall project) of risks are documented in the risk register. The risk register lists the prioritized risks, which are posted to stakeholders for further analysis or action. Risks of high priority are analyzed further and are frequently monitored. Risks of low priority are under watch list and are reviewed less often for changes in their status. Let us discuss an example of Performing Qualitative Risk Analysis Process in the next screen.

7.27 Perform Qualitative Risk Analysis Process—Example

Samuel is a risk analyst for a new startup company that specializes in software products for a variety of industries. Samuel has recently begun qualitative analysis after identifying several hundred risks for a medium sized project. While assigning a probability and impact score to each risk Samuel begins to notice a trend by having many high scores in one particular area. After completing analysis he ranks the risks accordingly from greatest to least and confirms his previous suspicion about a category of risks. His conclusion is that the majority of his risks are largely related to human resources, and specifically focused on training. Let us continue discussing this example in the next screen.

7.27 Perform Qualitative Risk Analysis Process—Example

Samuel is a risk analyst for a new startup company that specializes in software products for a variety of industries. Samuel has recently begun qualitative analysis after identifying several hundred risks for a medium sized project. While assigning a probability and impact score to each risk Samuel begins to notice a trend by having many high scores in one particular area. After completing analysis he ranks the risks accordingly from greatest to least and confirms his previous suspicion about a category of risks. His conclusion is that the majority of his risks are largely related to human resources, and specifically focused on training. Let us continue discussing this example in the next screen.

7.28 Perform Qualitative Risk Analysis Process—Example (contd.)

He checks the risk breakdown structure and updates it with this new sub-category. He also reviews the scope baseline to determine which work packages contain the greatest concentrations of human resource requirements in order to complete them. He then assesses the quality of these particular areas as having a high risk quality to the project, and prepares to quantify the impact to the overall project. By grouping risks together Samuel was able to see the big picture and determine where high concentrations of risks might occur, as well as confirm these areas require quantitative analysis. In the next screen, we will discuss the output of this process, that is, project documents updates.

7.28 Perform Qualitative Risk Analysis Process—Example (contd.)

He checks the risk breakdown structure and updates it with this new sub-category. He also reviews the scope baseline to determine which work packages contain the greatest concentrations of human resource requirements in order to complete them. He then assesses the quality of these particular areas as having a high risk quality to the project, and prepares to quantify the impact to the overall project. By grouping risks together Samuel was able to see the big picture and determine where high concentrations of risks might occur, as well as confirm these areas require quantitative analysis. In the next screen, we will discuss the output of this process, that is, project documents updates.

7.29 Output

The project document updates, which form the output of the perform qualitative risk analysis process, include risk register updates and assumptions log updates. Updates to the risk register include new information based on qualitative risk analysis of individual risks, like probability, impact, ranking, urgency, as well as categorization. It also includes a watch list for high-priority and low-priority risks respectively. Assumptions log updates are required if there is any change in the assumptions due to analysis. This may be updated in project scope statement. The prioritization of risks and documentation in the risk register will lead to the next process, which is a quantitative risk analysis process. Let us move on to the quiz questions to check your understanding of the concepts covered in this lesson.

7.31 Summary

Here is a quick recap of what was covered in this lesson: ? The critical success factors for perform qualitative risk analysis process are agreed-upon approach, agreed-upon definitions, high-quality information, and iterative qualitative risk analysis. ? The inputs of this process are risk register, risk management plan, scope baseline, enterprise environmental factors, and organizational process assets. ? The tools and techniques used in this process are risk probability and impact assessment, probability and impact matrix, risk data quality assessment, risk categorization, risk urgency assessment, and expert judgment. ? The output of this process is project documents updates.

7.32 Conclusion

This concludes the Perform Qualitative Risk Analysis. The next lesson covers Perform Quantitative Risk Analysis.

7.1 Perform Qualitative Risk Analysis

Hello and welcome to the Project Management Institute’s Risk Management Professional Certification Preparatory Course offered by Simplilearn. In this lesson, we will find out how to perform qualitative risk analysis. Let us look into the objectives of this lesson in the next screen.

7.2 Objectives

After completing this lesson, you will be able to: ? Define the purposes and objectives ? Identify Critical Success Factors ? Explain inputs, tools and techniques along with their characteristics, and outputs ? Describe how to document the results In the next screen, let us begin with the Purposes and Objectives of the Perform Qualitative Risk Analysis Process.

7.3 Purposes and Objectives

It is practically impossible to deal with all the risks of the project at the same time with the same intensity. Therefore, prioritizing the risks of the project is important. Perform qualitative risk analysis process enables the project manager and the team to prioritize the risks of the project by assigning a probability and impact number, and arriving at the risk exposures of the risks. The risks are prioritized based on risk exposures. Therefore, the purposes and objectives of qualitative risk analysis are to assess and evaluate characteristics of individually identified risks. It also includes prioritizing the risks based on the agreed-upon characteristics. Assessing individual risk evaluates the probability that each risk will occur and the effect it can have on the project objectives. Categorizing risks according to their sources or causes will help in filtering them out. Qualitative risk analysis is used to determine the risk exposure of the project by multiplying the probability and impact. In the next screen, we will discuss the critical success factors or CSFs for perform qualitative risk analysis process

7.4 Critical Success Factors

Agreement of the stakeholders is a fundamental criterion for success in qualitative risk analysis. Now, let us look at the critical success factors for the qualitative risk analysis. Click each tab to know more. The first factor is to use an “agreed-upon approach” towards assessing the probability and impact of risks. The second factor is to use the “agreed-upon definitions” of risk terms like probability and impact scales, and probability and impact matrix. Initiatives like collecting high-quality risk information. Performing iteration of the qualitative risk analysis are also important. The diagram on this screen describes building risk analysis credibility. The basis of process credibility is an agreed-upon approach. After this approach is considered, the focus is on using agreed-upon definitions which enable high-quality information to be collected. These factors are achieved through an iterative approach. Finally, with these conditions in place, the process can be executed reliably, which contributes to the credibility of its output. In the following few screens, we will discuss each of these steps in detail.

7.5 Use Agreed-Upon Approach

In this screen, we will look at the fundamental approach, which is “use agreed-upon approach.” You need to apply an agreed-upon approach to all the identified risks in any project. All risks may be assessed according to the probability of occurrence and impact on individual objectives. Other factors to be considered here are urgency and manageability. Urgency, also known as proximity, implies that risks that require near-term responses may be considered more urgent to deal with. Indicators of urgency can include the lead time to execute a risk response and clarity of symptoms and warning signs or detectability. Here, lead time is advancing an activity. Manageability implies that some risks are not manageable and if you try to address those, it may be a waste of time and resources. The project team may decide whether to go forward and perhaps establish a contingency reserve, or to stop or re-scope the project as these risks may be an unmanageable threat or an opportunity. Further, the project team may also involve customers and ask for their viewpoint. Also, you need to consider the other factor which is called “impact external to the project.” It means that the importance of a risk may be increased if it affects the enterprise beyond the project. In the next screen, we will look into the next critical success factor, that is, “use agreed-upon definitions of risk terms”.

7.6 Use Agreed-Upon Definitions of Risk Terms

Risk assessment should be based on agreed-upon definitions of important terms and should be used consistently. For example: Levels of probability (25%) (Read as: twenty five percent) and impact on objectives (cost $-10,000) (Read as: cost minus ten thousand dollars). The use of definitions assists the providers of the information in giving realistic assessments for each risk. Communication will be better for the management and the stakeholders. In the next screen, we will discuss the next critical success factor, which is, “collecting high-quality information about risks.

7.7 Collect High-Quality Information on Risks

For any risk analysis, quality of data is very important. You can gather the quality data from interviews, workshops, and using expert judgment techniques. Data may be unbiased or intentionally biased. Biased data should be remedied. The remedy or the corrective action comes with experience and communication with the stakeholders. In the next screen, we will discuss the last critical success factor, which is performing iterative qualitative risk analysis.

7.8 Perform Iterative Qualitative Risk Analysis

Qualitative risk analysis is not complete with one analysis. It is done throughout the phases of a project's lifecycle. This ensures accurate analysis of risks in accordance with the changes happening in the project. The frequency of this effort will be planned in the plan risk management process, but it may also depend on events occurring within the project.

7.9 Inputs, Tools and Techniques, and Outputs

In this screen, we will list out the inputs, tools and techniques, and outputs of perform qualitative risk analysis process. The inputs are risk register, risk management plan, scope baseline, enterprise environmental factors, and organizational process assets. The tools and techniques are risk probability and impact assessment, probability and impact matrix, risk data quality assessment, risk categorization, risk urgency assessment, and expert judgment. The output is project documents updates. These inputs, tools and techniques, and outputs are discussed in detail in the next few screens. We will now move on to the inputs required to perform qualitative risk analysis, in the next screen.

7.10 Inputs

Following are the inputs require to perform qualitative risk analysis: you need the risk register because the identified risks are documented in the risk register. The risk management plan is needed because the probability scales and impact scales are defined in the plan. It contains important information on roles and assignments in risk management, risk categories, the probability and impact matrix, scheduled (Read as ske – juled) activities for risk management, and revised stakeholders' risk tolerances. The main output of plan risk management is risk management plan, and the output of identifying the risk process is risk register. The project manager might want to look into the scope baseline. This is because it gives an idea of the uncertainties of the project when it uses a technology which is new to the organization. Enterprise environmental factors provide insight and context to risk assessment, like industry studies of similar projects by risk specialists, risk databases available for the industry, or proprietary sources. Finally, organizational process assets that can influence the qualitative risk analysis process include information on prior completed projects of similar scope. Essentially, this is historical data. In the next screen, we will discuss the tools and techniques used for qualitative risk analysis.

7.11 Tools and Techniques

The tools and techniques required to perform qualitative risk analysis are Risk probability and impact assessment, Probability and impact matrix, Risk data quality assessment, Risk categorization, Risk urgency assessment, and Expert judgment. Click each tab to learn more. Risk probability and impact assessment: Risk probability and impact assessment is one of the important techniques for qualitative risk analysis process. Risk probability is used to investigate the likelihood that each specific risk will occur. Risk impact is used to assess potential effects on schedule, cost, and quality, including threat and or opportunity. Probability and impact matrix: Risks can be prioritized using probability and impact matrix. It helps in the rating or prioritization of the risks using the table. Each risk is rated on its probability of occurrence and impact on an objective if it occurs. Risk data quality assessment: This tool helps in evaluating the degree to which the data on risks is useful for risk management. The use of low quality risk data may lead to little use of the data for qualitative risk analysis. Risk categorization: Risk categorization is used to categorize the risk based on its sources, and the area of the project affected due to uncertainties. Some of the categories are technical, project management, and external. Risk urgency assessment: Once the analysis is completed, you need to define the urgency assessment for each risk, based on the priority. This is carried out by risk urgency assessment, where risk requiring near-term responses may be considered more urgent to address. Expert judgment: The last technique, widely used for most of the processes, is called expert judgement. This is required to assess the probability and impact of each risk to determine its location in the probability and the impact matrix table.

7.12 Tools and Techniques—Characteristics

In this screen, we’ll discuss the characteristics of tools and techniques for the perform qualitative risk analysis process. You should be aware of the risk characteristics such as the description, the identified date, customer details, etc., so that the importance of the risk can be defined. In general, the tools and techniques used for qualitative risk analysis include risk probability and impact assessment; and probability and impact matrix. To do this, you need to collect and analyze data by using risk quality assessment and expert judgment. It is important to prioritize risks by probability and impact on specific objectives and overall project (for example: Risk urgency assessment.) Further, you can categorize risk causes (Risk categorization) and document the results of the perform qualitative risk analysis process. The risk team would assign a probability and impact value to the risk. Risk is a factor of probability and impact, which would give the risk exposure. Risk exposure is mapped to the probability and impact matrix to categorize the risk as high, medium, or low. It is important for a project manager to make sure that the data obtained of the risk is unbiased, accurate, and of high quality. Also, as a part of qualitative risk analysis, it is important to identify the urgency of the risk. Urgency is determined on the basis of the amount of risk response time available. To arrive at this urgency value, you should assess the probability and impact of a specific or individual risk, as well as the impact it can have on the overall project objectives. Project objective, can be schedule (Read as ske – jule) or cost. This urgency will help in prioritizing the risk. Finally, it is important that the project manager involves experts during the process of analyzing risks, and documents the risks for further analysis if required. Let us discuss an example of Risk Probability and Impact Assessment in the next screen.

7.13 Risk Probability and Impact Assessment—Example

During qualitative risk analysis, Steven, a risk SME, is concerned with the probability and impact scores that the project team determined for a project assigned to him. The team had previously agreed that the majority would determine the probability and impact. This is to remove group thinking and bias in any area during early risk analysis. After the first round of analysis, and after reviewing the results, Steven is concerned about the validity of the team’s conclusions. Reluctant to sign off on results he does not believe are accurate he decided to assess the data quality of the available information that was used to assign probability and impact to each risk. We will continue our discussion of this example in the following screen.

7.14 Risk Probability and Impact Assessment—Example (contd.)

During assessment Steven decides that the data is not good enough to accurately draw conclusions about the majority of risks. After gathering additional information from industry sources Steven provides more accurate data to the team, who then conducts a probability and impact assessment again. Armed with better data, the qualities of the individual risks reflect a previously unforeseen category of risks that are now near term and require immediate attentions. If Steven had not sought a better quality of data to support the team’s conclusions they would not have identified the unforeseen risk category. The team then reacts appropriately by performing further analysis and assigning action plans for the risks in case they occur. Let us discuss root cause analysis in the next screen.

7.15 Root Cause Analysis

A root cause analysis seeks to identify basic causes of risks that may be visible symptoms of more fundamental forces. It may identify common sources of several risks, leading to broad-reaching risk response strategies. You need to be careful when using this technique for risk identi?cation to distinguish between risks (uncertain causes of the impact) and issues (certain causes of the impact). An example of root cause analysis, shown on the screen. In the diagram, you will be able to see the risks that were initially identi?ed include rework, extra cost, schedule slips, low team morale, customer mistrust and repeated audits. An examination of the identi?ed risks leads to a common root cause, that later phases of the project were typically started before the earlier ones were suf?ciently mature. This organization frequently ignored the proper phase entry prerequisites, hastening later project to speed up the project. In the next screen, we will look at estimating techniques.

7.16 Estimating Techniques

A common estimating technique associated with risk management is the probability and impact assessment. This tool is used concurrently with a predefined probability and impact matrix. It must be used consistently throughout the project with clearly defined definitions for probability and impact. The definitions for probability and impact for threats as well as opportunities have already been discussed along with an example of how to develop PIM scores for each identified risk. In the next screen, we will focus on historical documentation.

7.17 Historical Documentation

One invaluable source of information for a project, is any available data on previous projects that were similar to the current one. There are many risks that will reoccur from one project to the next. To capitalize on lessons learned, you will need access and it must be well structured. It is also beneficial to talk to previous project stakeholders who can fill in any gaps in the information. Speaking to the previous project manager would be ideal. Do not be surprised if you find incomplete details as poor strategies are rarely documented. Examples of historical documentation includes previous risk plans, risk registers, contracts, project post-mortem documentation, change requests, cost and time estimates, etc. Let us discuss the Analytical Hierarchy Process in the following screen.

7.18 Analytical Hierarchy Process

AHP is a tool used to determine the preferences for achieving the project objectives. All the constraints cannot be equally important. For example: You can use AHP to determine if cost is more important than scope, or if time is equally or less important than quality. Your preference for one constraint over another can determine the importance with one another using a scoring model. This scoring model can help justify where trade-offs are needed during the project. Specialized software is used for AHP. In the example on the screen, the steps of AHP are shown in detail. Let us look at the risk urgency assessment in the next screen.

7.19 Risk Urgency Assessment

You must determine the urgency of each risk as you analyze them. Risk urgency appears in two forms. First, the risks which are near-term must be addressed immediately. This means your focus must be on whatever can impact the project and should be addressed now. The second type of urgency concerns the time required to plan for a risk. If it takes 18 months to develop a sound plan then you may need to start immediately. In the following screen, we will discuss the steps of Perform Qualitative Risk Analysis Process.

7.20 Perform Qualitative Risk Analysis Process

The steps involved in the perform qualitative risk analysis process are explained with the help of a flowchart, on this screen. The first step of the qualitative risk analysis process is to select risk characteristics which are of interest to the management. After this, you need to collect and analyze data, which leads to the prioritization of risks. In the next step, you can categorize the risks based on the causes and finally document the results of the analysis. In the next few screens, we will discuss each of these steps in detail.

7.21 Select Risk Characteristics

Let us begin with the first step, which is selecting risk characteristics. Qualitative risk analysis helps in prioritization of risks which are important for response or further analysis. The criteria should be decided in advance. The tools help to specify levels and risk characteristics which are of management’s interest. Most tools help to assess the risk importance from a combination of probability of occurrence and degree of impact on objectives. The output of using the tools of qualitative risk analysis includes a list of risks in priority order, or in priority groups like high, medium, and low. One of the tools is the probability and impact table. Once the risk characteristics are set, next step is to collect and analyze the data, let us discuss this in the next screen.

7.22 Collect and Analyze Data

In this screen, we will focus on the assessment of individual risks. Assessment of risk is based on the information collected. Therefore, data collection and evaluation tools require management support and attention. It is necessary to be unbiased in data gathering, which is important when relying on expert judgment for information. In the next screen, we will look into the next step of qualitative risk analysis, which is prioritizing risks by probability and impact on specific objectives.

7.23 Prioritize Risks by Probability and Impact on Specific Objectives

Slide 29: Prioritize Risks by Probability and Impact on Specific Objectives Risks will have uneven impact and probability of occurrence on various project objectives. Therefore, they need to be prioritized by probability and impact on specific objectives, so that the right action can be taken at the right time. These tools help in the prioritization of risks in terms of affected specific project objectives like time, cost, quality, etc. The next screen is about prioritization of risks from the point of view of probability and impact on the overall project.

7.24 Prioritize Risks by Probability and Impact on Overall Project

The reason to prioritize risks by probability and impact based on specific and overall project is to have better communication. It is also done to convey the right information to the right people based on their interest. When a single risk prioritization index is needed, the organization should be explicit about how that index is created. Usually, the index reflects the organization’s preference among the objectives. The technique for determining the overall risk priority should be documented in the plan risk management process. In the next screen, we will discuss the categorization of risks based on causes.

7.25 Categorize Risk Causes

Categorization of risk leads to improved analysis of probability and magnitude of project risk, as well as effective responses. Some risks may be linked with others, and interpreting this chain of risks may lead to a better understanding of the implication of risk on the project. Identifying risks that can occur at the same time, or using the same resource for recovery, might provide a realistic picture of the problems of risk mitigation using limited resources. Combining the results of perform qualitative risk analysis process with risk breakdown structure can show clusters of risk priorities arising from specific sources. A combination of risk analysis information with work breakdown structure or WBS can show which areas of the project exhibit more risk. Assessing high-priority risks, for example on schedule (Read as ske – jule), may indicate the activities that you need to address to reduce that objective’s uncertainty. Let us discuss the documentation of results of the Perform Qualitative Risk Analysis Process in the next screen.

7.26 Document the Results

Documentation is the last step carried out in case of the qualitative risk analysis process. The results of the analysis are documented in the risk register which is the output of the risk identification process. While documenting the results of perform qualitative risk analysis process, the probability, impact (specific objective or overall project), and priority (specific objective or overall project) of risks are documented in the risk register. The risk register lists the prioritized risks, which are posted to stakeholders for further analysis or action. Risks of high priority are analyzed further and are frequently monitored. Risks of low priority are under watch list and are reviewed less often for changes in their status. Let us discuss an example of Performing Qualitative Risk Analysis Process in the next screen.

7.27 Perform Qualitative Risk Analysis Process—Example

Samuel is a risk analyst for a new startup company that specializes in software products for a variety of industries. Samuel has recently begun qualitative analysis after identifying several hundred risks for a medium sized project. While assigning a probability and impact score to each risk Samuel begins to notice a trend by having many high scores in one particular area. After completing analysis he ranks the risks accordingly from greatest to least and confirms his previous suspicion about a category of risks. His conclusion is that the majority of his risks are largely related to human resources, and specifically focused on training. Let us continue discussing this example in the next screen.

7.28 Perform Qualitative Risk Analysis Process—Example (contd.)

He checks the risk breakdown structure and updates it with this new sub-category. He also reviews the scope baseline to determine which work packages contain the greatest concentrations of human resource requirements in order to complete them. He then assesses the quality of these particular areas as having a high risk quality to the project, and prepares to quantify the impact to the overall project. By grouping risks together Samuel was able to see the big picture and determine where high concentrations of risks might occur, as well as confirm these areas require quantitative analysis. In the next screen, we will discuss the output of this process, that is, project documents updates.

7.29 Output

The project document updates, which form the output of the perform qualitative risk analysis process, include risk register updates and assumptions log updates. Updates to the risk register include new information based on qualitative risk analysis of individual risks, like probability, impact, ranking, urgency, as well as categorization. It also includes a watch list for high-priority and low-priority risks respectively. Assumptions log updates are required if there is any change in the assumptions due to analysis. This may be updated in project scope statement. The prioritization of risks and documentation in the risk register will lead to the next process, which is a quantitative risk analysis process. Let us move on to the quiz questions to check your understanding of the concepts covered in this lesson.

7.31 Summary

Here is a quick recap of what was covered in this lesson: ? The critical success factors for perform qualitative risk analysis process are agreed-upon approach, agreed-upon definitions, high-quality information, and iterative qualitative risk analysis. ? The inputs of this process are risk register, risk management plan, scope baseline, enterprise environmental factors, and organizational process assets. ? The tools and techniques used in this process are risk probability and impact assessment, probability and impact matrix, risk data quality assessment, risk categorization, risk urgency assessment, and expert judgment. ? The output of this process is project documents updates.

7.32 Conclusion

This concludes the Perform Qualitative Risk Analysis. The next lesson covers Perform Quantitative Risk Analysis.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

We use cookies on this site for functional and analytical purposes. By using the site, you agree to be cookied and to our Terms of Use. Find out more

Request more information

For individuals
For business
Name*
Email*
Phone Number*
Your Message (Optional)

By proceeding, you agree to our Terms of Use and Privacy Policy

We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Email*
Phone Number*
Company*
Job Title*

By proceeding, you agree to our Terms of Use and Privacy Policy