Quantative risk analysis
Quantative risk analysis  

Primary topic  
Related topics  
Methods and techniques 
Quantitative risk analysis is one of approaches to project risk assessment. The second is qualitative risk analysis. It can be used also to other areas of management, not only projects. It is important to state that both approaches are complementary. Usually all risks should be evaluated using qualitative risk analysis, while only some of them using quantitative one. The latter requires more data and more time, which sometimes are not available or they cost too much.
How to use quantitative risk analysis
Quantitative risk analysis methods are based on numbers which express level of risk. They seem to be more precise, as they use numerical data, however it is not always true. Reliability of those methods cannot be higher than reliability of data.
Quantitative methods are easier to automate using software. Nowadays applications are able to gather data from predefined locations (web, machines, facilities, reports, etc.) and generate quite advanced analyses. This helps reduce the main problem of those methods  workload required to use them.
Quantitative risk analysis is used mainly in finance, but it has also great application in projects, information security and quality. However in those areas qualitative methods become more and more popular.
Methods of quantitative risk analysis
There are plenty of methods of quantitative or semiquantitative risk analysis. Table 1 shows categorisation of methods in five main groups:
 Statistical,
 Mathematical,
 Scenariobased,
 Graphical,
 Expert.
Some of methods are so extensive, that could fall into two or more groups. In that case they were put into group they fit the best. Some methods are described in detail in other articles on our website.
Table 1. Categorisation of quantitative risk analysis methods
Statistical methods 


Mathematical methods 

Scenariobased methods 

Graphical methods 

Expert methods 

Issues of risk analysis
The risk analysis has some limitations and unsolved problems that should be known by decisionmakers in order to avoid bad decisions based on risk analyses.
 Level of aggregation of source data (e.g. costs, tasks). The higher the aggregation of source data, the less precise is result. However in case of low or no aggregation amount of work is considerably higher, which can lead to shallow analysis.
 Elicitation of probabilities. In case of well known risk factors organization has historical data and is able to determine probability. But new factors come without historical data. The problem can be solved using extensive expert estimation and some statistical methods, e.g. Bayesian analysis.
 Correlations. Tasks that are related to each other (e.g. the same people, hardware) can behave as correlated in case of risk. This requires using multivariate distribution in probability analysis instead of univariate. This however leads to high sophistication of analysis and therefore is not used in most cases.
 Feedback effects. Managers use adaptive strategies to reduce problems of slipping schedule of costs. This leads to changes in original assumptions. It is not possible to determine such events, as this would require more skills and efforts than prevent them in the first place.
 There's not enough data. Risk management is based on insufficient data. If decisionmaker has all the data required, there is no risk  there is certainty. In case of advanced technologies there can be so few data, that quantitative analysis is less precise than qualitative methods.
Differences between qualitative and quantitative risk analysis
Qualitative risk analysis is:
 oriented on risk level,
 uses subjective evaluation,
 is quicker and easier,
 no special software is required,
 it's less precise.
Quantitative risk analysis is:
 oriented on object (e.g. project, product, process),
 uses hard data  probabilistic estimates of costs, time, etc.,
 requires more time,
 may require specialised software, especially in large projects,
 tends to be more precise.
The decision is between being more precise vs. cost more and use more time.
References
 List of methods of quantitative risk analysis, US Army Corps of Engineers, online course
 Galway L. (2004). Quantitative Risk Analysis for Project Management, RAND WR112RC, February
 Embrechts, P., Frey, R., & McNeil, A. (2005). Quantitative risk management. Princeton Series in Finance, Princeton, 10.
Author: Slawomir Wawak