Effectively addressing risks means at the start of each project every project manager should develop and implement a risk management strategy, plan, and tools. But being able to decide which risks should be addressed first is always a challenge. Qualitative risk analysis is a commonly used tool that can help with this task.
SEE: Scrum meetings: The do’s and don’ts (free PDF) (TechRepublic)
What is qualitative risk analysis?
If you’re new to project management, qualitative risk analysis is a risk analysis technique that prioritizes project risks and assigns a rating based on the likelihood a risk can become a real problem and the potential impact on your project.
For example, a qualitative analysis may have identified ten risks, but not all of them will be weighted as a top priority. There may be only four risks that are top priorities if they pose a significant impact and are likely to occur, while two other risks only pose a moderate threat, and the other three are a low threat. These five remaining risks would be assigned a medium to low priority.
Qualitative risk analysis benefits
Qualitative analysis is often based on expert judgment and is a relatively straight-forward technique that can be applied to many types of projects. It’s easy to implement and explain to stakeholders. This lightweight technique doesn’t require any substantial technical knowledge, and it can be quickly and easily adjusted as circumstances and risks change.
SEE: How to deliver bad news to project stakeholders (free PDF) (TechRepublic)
5 Step process to perform a qualitative risk analysis
Performing a qualitative risk analysis isn’t particularly onerous, but it takes focus and attention to detail. It requires a project manager or risk manager to follow this process carefully.
Put together a team to identify risks. It’s crucial to assemble a team of subject matter experts that bring direct knowledge and experience to help project managers isolate potential trouble spots.
Isolate all potential risks. What may seem like a minor risk can quickly expand to become a significant concern. Avoid assuming that some threats don’t need to be considered. It’s better to document all risks, then analyze and assign a weighting that can be re-evaluated later.
Rate and prioritize each risk. Based on its impact and likelihood of occurring, each risk should be rated to determine if it’s a high priority or low concern. For instance, you could set a rating from 1 to 10 for the impact and 1 to 10 for likelihood. Then set a multiplier for the two to come up with the priority rating out of 100. Example: Impact = 5 x Likelihood = 8 = 40/100 or 40%.
Develop strategies to address risks based on their priority. After setting the priority for each risk, work with subject matter experts to come up with potential strategies to address them. Make sure to think about the impact of each solution on other risks and solutions.
Monitor each risk and re-evaluate. It’s not enough to identify risks and come up with solutions. Often, as a project is progressing, risks, their impact, and the likelihood of occurring can change. Revisit risks as each crops up and is addressed.
The qualitative risk matrix in Figure A shows high-priority risks in red and the lowest in green.
Qualitative tools and techniques
Expert judgment, data gathering, and data analysis are just some of the qualitative risk analysis tools teams can use. Each has its benefits and drawbacks. Expert judgment provides insight based on similar experiences and is somewhat subjective, while data gathering provides information from stakeholder interviews. Data analysis involves risk probability (likelihood) and impact, as seen above.
Performing a thorough qualitative risk analysis to isolate and prioritize risks, develop strategies to address, monitor, and re-evaluate them, provides your team the confidence.
Subscribe to the Executive Briefing Newsletter
Discover the secrets to IT leadership success with these tips on project management, budgets, and dealing with day-to-day challenges. Delivered Tuesdays and Thursdays