Have you ever endured a project meeting where you spent hours evaluating risks? Afterward, team members walked down the hall saying, “What a waste of time! Now I can get back to the real work.”
What causes this frustration? First, the evaluation process may not fit the project – too complex for simple projects or deficient for large, complex projects. Second, the process may not fit the maturity level of the project team. Third, team members view the process as burdensome with little value.
Qualitative Risk Analysis
What is Risk Evaluation?
Risk evaluation is the process to determine the significance of each risk. There are two ways to evaluate risks:
- Qualitative Risk Analysis. Qualitative analysis such as rating probability and impact should always be performed. This allows you to quickly prioritize and rank your risks.
- Quantitative Risk Analysis. Quantitative analysis is not always performed. This analysis requires more time but provides more data to aid in making decisions. (We will cover quantitative evaluations in another post.)
Why Evaluate/Prioritize Risks (Threats and Opportunities)?
You cannot respond to all risks, neither should you. Prioritization is a way to deal with competing demands. This aids in determining where you will spend your limited time and effort.
We evaluate in order:
- To have the greatest impact. Eighty percent of the impact will come from twenty percent of the risks. What are the vital few things that we should do that will have the greatest impact on minimizing threats and maximizing opportunities?
- To respond wisely and appropriately. The goal of evaluating risks is to discriminate between one risk and another. This aids us in determining the amount of effort to invest in developing response plans.
- To assign resources suitably. Assign your most skilled, knowledgeable resources to the projects with the greatest risk.
How Do I Evaluate Risks?
Let’s look at two qualitative risk evaluation methods: 1. the KISS Method, and 2. the Probability/Impact Method.
Check with your organization to determine whether there is a definition for risk scales. If not, define the criteria for your scale.
Two Methods for Qualitative Risk Analysis
1. KISS Method
I use the KISS (Keep It Super Simple) Method on smaller projects and with teams that lack maturity in assessing risks. This one-dimensional technique involves rating risks as:
- Very Low
- Very High
This scale allows greater discrimination than the commonly used Low, Medium, and High scale.
2. Probability/Impact Method
I normally use this technique with larger, more complex projects and with teams that have experience with risk assessments.
This two-dimensional technique is used to rate probability and impact. Probability is the likelihood that a risk will occur. The impact is the consequence or effect of the risk, normally associated with impact to schedule, cost, scope, and quality. Rate probability and impact using a scale such as 1 to 10.
Once you have rated each risk, calculate the Risk Score as Probability x Impact. I sort my risks in descending order with the Risk Score as the primary sort.
The Probability/Impact Method also helps in programs. I total the risk scores within each project to calculate the Project Risk Score and compare the scores between projects. This helps me understand which projects have the greatest risk exposure and where I need the most skilled people.
Questions: What other qualitative evaluation methods have you used? When do you use it?
PMI-RMP Exam Guide
Grab your copy of How to Prepare for the PMI-RMP Exam! And receive weekly project management tips.