As you’re preparing for your PMI PMP exam, you’ll want to understand the basics of qualitative risk analysis (QLRA) and quantitative risk analysis (QTRA), both processes that are part of the “Project Risk Management” knowledge area. While these two concepts sound similar and both use numbers in risk rating, they’re not the same at all. Test-takers often get confused about how they work, how they vary and what unique roles they play. Adding to the confusion, QTRA can be optional! Both QLRA and QTRA are powerful risk analytics, and both have a place in project risk management. In this article, I explain their distinctive roles, show where they differ and illustrate what happens when both are used.
The PM Book of Knowledge risk management knowledge area has six processes that interact with each other:
All possible risks are identified in the “identify risks” process and put into a project document called the “risk register.” Then qualitative risk analysis is performed. From there, it may lead to quantitative risk analysis or directly to risk response planning. In other words, quantitative risk analysis is optional, as indicated by the dotted line. If both QLRA and QTRA are performed, they’ll be in close sequence and the risk register will be updated for both types of processes.
In its simplest form QLRA is the process of evaluating individual risks from the “Identify Risks” stage for their probability or likelihood of occurring (the “P” value), multiplying that with the impact the risk could have on the project objective (the “I” value) and then prioritizing the risks based on their ultimate “risk score.”
QTRA is the process of providing numerical estimates of the overall effect of risks on the project objectives when all risks are considered simultaneously. The numerical estimates are usually in terms of schedule and cost. The prioritized list of risks created in the QLRA process is further updated in the QTRA process, based on the numerical estimates.
Why is QTRA optional? As a project manager, you operate in a highly constrained environment. Sometimes, you have to leave something out because you lack time or budget, particularly in smaller projects. So why perform QTRA at all? We’ll look at that shortly.
When only qualitative risk analysis is conducted on a project, it’s known as “partial risk analysis.”
How QLRA and QTRA Differ
The fundamental difference between QLRA and QTRA is that the first addresses individual risks of a project, whereas the second considers the overall project risk. The overall risk to the project is due to the combined effect of all risks and their possible interdependencies and correlations. Overall risk applies to the project as whole, rather than individual activities or cost items in the project.
Note that both QLRA and QTRA use numbers for risk rating and prioritization of risks. But QLRA is a subjective evaluation, whereas QTRA is more objective in terms of value or cost terms. In QLRA, for example, the risk rating could be “5” or “10” after multiplying the P and I values of the individual risks. For QTRA you establish the overall cost or time impact on the project, such as: “$25,000.”
Let’s look at a sample risk register that has been compiled through the “Identify Risks” process. In this example positive risks are known as opportunities and negative risks are known as threats.
In QLRA, the probability and impact values are assigned and the risk score is set. Probability values may be textual (low, medium, high); graphical (red, orange, green); or numerical (1 for low risks, 5 for high risks or somewhere in between). Each risk is assigned a probability value and an impact value and the risk score is calculated. It’s not uncommon to combine the numerical and graphical values to have a color-coded indicator.
The updated risk register in the figure above, which summarizes the output of the QLRA process, is sometimes known as the “qualitative risk register.” The register may contain other information, such as identification date, identifying person, cause, effect and risk exposure. Based on the risk scores, you perform the prioritization of risks; if the score crosses risk tolerance limits for your organization, then you know you have to take a risk response.
As I noted earlier, QTRA is performed after QLRA. In the QTRA, you quantify some of the items from the qualitative risk registers and assign a cost value. The updated risk register, as shown below, is sometimes referred to as the “quantitative risk register.”
Notice that the register may contain other information such as impacted activities of the project, correlation and probabilistic distribution details, among others. In my example, I’ve used expected monetary value technique (EMV) for further prioritization and subsequent risk response planning on the quantified risks.
Differences between Qualitative and Quantitative Risk Analysis
In addition to the differences between QLRA and QTRA that I’ve already mentioned, others also exist, which I’ve summarized in the table below.
[table id=10 /]
Both qualitative and quantitative risks analysis are important for project risk management. As aspirants for PMP certification, you need to know that both QLRA and QTRA play distinct roles in project risk management. Also, you need to understand the key differences between them to tackle your exam.
Sorting image courtesy of California Avocado Commission under a Creative Commons Attribution 2.0 Generic (CC BY 2.0) license.
Related Content
Webinars (watch for free now!):
“EVM” – Earned Value Management – Not Just Another 3 Letter Acronym!
Webinar: Risk Management with Microsoft Project and Project Server
Articles:
PMP® Prep: Understanding Internal Rate of Return
PMP® Prep: Calculating EAC and ETC for Forecasting
