Friday, July 28, 2017

Book Excerpt from "I Want To Be A RMP" - Understanding Qualitative Risk Analysis

This article is an excerpt from the Book - I Want To Be A RMP
It is from Chapter – 7: Qualitative Risk Analysis. 

For the partial index of the book, refer: Book Index - I Want To Be A RMP.


Understanding Qualitative Risk Analysis

We have now the list of risks in a register. May be hundreds of them. Can you manage so many risks in a day or a few days? How about a week? It will be difficult to do so. Hence, we have to prioritize them. 

As I say, aspects of project management mimics real life. For example, I am writing now this book on my laptop. Let us see what can be the possible risks. The laptop may crash. The word crunching software may get corrupted. The roof over my head may even collapse. Or even I may have a heart-attack while writing. Well, now you may be laughing! But, are these not risks, too? But why don’t we consider these risks? Because they have low chances (or low probability) of occurring. However, if it occurs, then it will have a big consequence (or high impact). 

Let me look at another aspect – risks can have high chance of occurring, but can have a low impact. Say, there is a power cut in my locality – which happens during heavy raining. If that happens, which looks likely (as it is raining heavily at the time of writing), then I won’t be able to complete this chapter on risk management. But, I can start writing later in the day and complete by end of tonight. So, here the likelihood is high (or high probability), but if it happens, then the impact is low. And, hence I need not act on it. 

Where are we going with all of these? I am looking at the “probability” (or “P” value of the risk”) and “impact” (or “I” value of the risk) when prioritizing on the risks. Do note that “P” value and “I” value are the terms used by me for easier understanding. 

We already know this:
Risk Score = Probability * Impact (OR)
                      = “P” value * “I” value

Obviously, higher the score (with high probability and high impact), higher will be the priority of the risks. 

The probability scale can be numeric (1, 2, 5 etc.) or textual (high, low, medium) or color coded (red, amber, green) or a combination of them. Similarly, the impact scale. And finally, when the Risk Score is calculated, it can also be numeric or textual or color coded or a combination of them. 

So, are we going to act on all the risks with high scores? No. We will act on the risks if it crosses the “Risk Threshold” (or Risk Appetite level). Below the risk threshold or within our tolerance range, we won’t act on the risks. However, if the score crosses the threshold, we have to analyze them qualitatively. 

This is what precisely happens in “Perform Qualitative Risk Analysis” (or simply “Perform QLRA”, as I put it). In this chapter, we will discuss on it in-depth.  

7.1. ‘Perform Qualitative Risk Analysis’ Process – What Happens?

As per PMBOK Guide 5th Edition, “Perform Qualitative Risk Analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.”

So, we prioritize primarily on probability and impact values. There are other factors as well on prioritization such as Risk Urgency (or Proximity), Risk Manageability, which are discussed in this chapter. 

Obviously, we will be needing the “Risk Management Plan” (RMP), which will tell us about the “P” scale and “I” scale, the PI matrix (to determine the risk score) etc. Hence, the RMP acts as input to “Perform QLRA” process. And the updated risk register is the output of this process. But PMBOK Guide mentions it as “Project Document Updates”.

The overall flow diagram for this process – “Perform QLRA” - is shown below. 

After the Risk Register is created, it acts as input to all subsequent processes in risk management – Perform QLRA, Perform QTRA, Plan Risk Responses and Control Risks. Also, the Risk Register gets updated in all of these subsequent processes. 

Post qualitative risk analysis, we may go for the second analysis in the subsequent process, where next prioritization happens based on quantitative values. The process is “Perform Quantitative Risk Analysis” (or “Perform QTRA” for short). But moving to this process, i.e., to QTRA – is optional. Why? Because it is time consuming as it involves a lot of modelling, simulation, mathematical calculation and also expensive because we may have to take the help of specialized software. 

For small projects, QLRA may be sufficient, but for large, complex projects, QTRA may be needed. That decision will be taken from the beginning – in “Plan Risk Management” process and document in “Methodology” section of “Risk Management Plan”. 

Either way, i.e., whether you choose to go to QTRA from QLRA or not, we have to plan for risk responses. For all the prioritized risks, response has to be there. That as we know happens in “Plan Risk Responses” process. This is outlined in the below diagram. The dotted line is for optionality of moving into “Perform QTRA”. 


This section on Qualitative Risk Analysis is further explained in the book with: 
  • ‘Perform Qualitative Risk Analysis’ Process - Why do it?
  • Critical Success Factors for “Perform QLRA” Process   

It is further followed by detailed explanation on various aspects of Qualitative Risk Analysis as outlined in the Book Index.

Other Excerpts from Book:

No comments:

Post a Comment

Any comment is welcome - comments, review or criticism. But off-topic, abusive, defamatory comments will be moderated or may be removed.