Last week, we looked at why we evaluate risks — it saves time and money by allowing us to focus on the risks that matter most. Before we look at HOW to improve your qualitative risk analysis, allow me to share one more quick example of WHY it’s important.
Yes, the inspection cost us money, but what are our risks without the inspection? A few years later, I could discover swollen floors that appear to be suffering from slight water damage, but it’s termites. Imagine the inconvenience, the amount of time, and the cost to replace the floor.
There is always a cost of risks, now and later. We have the cost of managing risks such as the time for identifying and evaluating risks. There’s the cost for treating risks — the responses to mitigate threats and exploit opportunities. And there’s the cost of responding to issues (events that have occurred such as the termites that have destroyed your floor).
If approached properly, risk management can increase revenue, prevent or reduce expenses, and increase peace of mind. If not, the plan and the integration of the risk management activities in our daily activities is flawed.
So, how can we improve our risk analysis? First, let’s understand the difference between qualitative and quantitative risk analysis. Second, we will look at three simple, qualitative methods.
What’s the Difference in Qualitative and Quantitative Risk Analysis?
Risk evaluation is the process to determine the significance of each risk. There are two ways to evaluate risks:
- Qualitative Risk Analysis. Qualitative analysis involves simple methods for quickly rating and prioritizing your risks.
- Quantitative Risk Analysis. Quantitative analysis is a numeric analysis that requires more time but provides more data to aid in making decisions.
Qualitative Risk Analysis Techniques
Let’s look at three qualitative risk evaluation methods: 1. the KISS Method, 2. the Stacked Ranking Method, and 3. the Probability/Impact Method.
1. KISS Method
I use the KISS (Keep It Super Simple) Method on small initiatives and projects and with teams that lack maturity in assessing risks. This one-dimensional technique involves rating risks as:
- Very Low
- Very High
2. Stacked Ranking Method
The Stacked Ranking Method is quick, simple, and is a great method to use with teams. First, the team identifies and captures the risks on Post It Notes that are placed on the wall randomly. Second, the facilitator asks the team, “Which risk is greatest?” The facilitator places the risk in a space on the wall by itself.
The facilitator continues, “What is the next highest risk?” and places the selected risk under the first. The process continues until all the risks have been placed in rank order. If you like, you can write a number on each Post It Note to indicate the order (e.g., 1 on the top risk, 2 on the second highest risk, etc.).
3. Probability/Impact Method
This two-dimensional technique is used to rate probability and impact and may be used to evaluate enterprise, department, and project risks. Probability is the likelihood that a risk will occur. Impact is the consequence or effect of the risk, normally associated with impact to schedule, cost, scope, and quality. Rate probability and impact using a scale such as 1 to 5.
Once you have rated each risk, calculate the risk score as follows:
Probability x Impact = Risk Score
Risk A: 5 x 3 = 15
Risk B: 4 x 5 = 20
Sort the risks in descending order with the risk score as the primary sort.
Evaluating Program Risks
The Probability/Impact Method also helps in a program, a group of related projects managed in a coordinated manner. Total the risk scores within each project to calculate the project risk score and compare the project scores. This helps program managers understand which projects have the greatest risk exposure and where to place the most skilled people.
Questions: What other qualitative evaluation methods have you used? When do you use it?