Quantitative risk analysis

Revision as of 03:14, 2 December 2019 by (talk) (The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Quantitative risk analysis
See also

Quantitative risk analysis is one of approaches to project risk assessment. The second is qualitative risk analysis. It can be used also to other areas of management, not only projects. It is important to state that both approaches are complementary. Usually all risks should be evaluated using qualitative risk analysis, while only some of them using quantitative one. The latter requires more data and more time, which sometimes are not available or they cost too much.

How to use quantitative risk analysis

Quantitative risk analysis methods are based on numbers which express level of risk. They seem to be more precise, as they use numerical data, however it is not always true. Reliability of those methods cannot be higher than reliability of data.

Quantitative methods are easier to automate using software. Nowadays applications are able to gather data from predefined locations (web, machines, facilities, reports, etc.) and generate quite advanced analyses. This helps reduce the main problem of those methods - workload required to use them.

Quantitative risk analysis is used mainly in finance, but it has also great application in projects, information security and quality. However, in those areas qualitative methods become more and more popular.

Methods of quantitative risk analysis

There are plenty of methods of quantitative or semi-quantitative risk analysis. Table 1 shows categorisation of methods in five main groups:

  • Statistical,
  • Mathematical,
  • Scenario-based,
  • Graphical,
  • Expert.

Some of methods are so extensive, that could fall into two or more groups. In that case they were put into group they fit the best. Some methods are described in detail in other articles on our website.

Table 1. Categorisation of quantitative risk analysis methods

Statistical methods
Mathematical methods
Scenario-based methods
Graphical methods
Expert methods
  • Subjective probability elicitation
  • Safety assessment
  • Vulnerability assessment
  • Layers of protection analysis
  • Human reliability assessment
  • Risk control effectiveness
  • Cost benefit analysis

Issues of risk analysis

The risk analysis has some limitations and unsolved problems that should be known by decision-makers in order to avoid bad decisions based on risk analyses.

  1. Level of aggregation of source data (e.g. costs, tasks). The higher the aggregation of source data, the less precise is result. However, in case of low or no aggregation amount of work is considerably higher, which can lead to shallow analysis.
  2. Elicitation of probabilities. In case of well known risk factors organization has historical data and is able to determine probability. But new factors come without historical data. The problem can be solved using extensive expert estimation and some statistical methods, e.g. Bayesian analysis.
  3. Correlations. Tasks that are related to each other (e.g. the same people, hardware) can behave as correlated in case of risk. This requires using multivariate distribution in probability analysis instead of univariate. This however leads to high sophistication of analysis and therefore is not used in most cases.
  4. Feedback effects. Managers use adaptive strategies to reduce problems of slipping schedule of costs. This leads to changes in original assumptions. It is not possible to determine such events, as this would require more skills and efforts than prevent them in the first place.
  5. There's not enough data. Risk management is based on insufficient data. If decision-maker has all the data required, there is no risk - there is certainty. In case of advanced technologies there can be so few data, that quantitative analysis is less precise than qualitative methods.

Differences between qualitative and quantitative risk analysis

Qualitative risk analysis is:

  • oriented on risk level,
  • uses subjective evaluation,
  • is quicker and easier,
  • no special software is required,
  • it's less precise.

Quantitative risk analysis is:

  • oriented on object (e.g. project, product, process),
  • uses hard data - probabilistic estimates of costs, time, etc.,
  • requires more time,
  • may require specialised software, especially in large projects,
  • tends to be more precise.

The decision is between being more precise vs. cost more and use more time.


Author: Slawomir Wawak