How to Perform Qualitative Risk Analysis for the First Time

– How to perform qualitative risk analysis for the first time. It’s easy, and you’ll
get all the instructions, tips, and tricks to do it
correctly in this video. Let’s do it! (gentle music) Hello, I’m Dmitriy Nizhebetskiy from Project Management Basics, and I help people just
like you to become a PM from any role you are currently at. So, If you want to
become a project manager you are in the right place. Subscribe to this channel, and you won’t miss any valuable tips. PMBOK Guide gives the
following definition: Qualitative Risk Analysis is the process of prioritizing risks
for further analysis, or action by assessing and combining their probability
of occurrence and impact. Confusing a bit, don’t you think? Let’s skip it for now. Before we get into
details of risk analysis, we need to clarify
several other definitions. First of all, what is a risk? A risk is an event that
was identified in advance that may or may not happen. If this event harms the
project, it is a threat. When it has a positive
effect it is an opportunity. A project manager must work
with both types of risks. You must protect the project from threats. Likewise, one must take
advantage of opportunities. Let me show you an example
of threats and opportunities: For instance, you know
that one of the key experts on your project is going
to leave the company soon. It is a threat. For sure, you need to
reduce the negative effects of his leaving. For example, you can try to
enroll a substitution in advance to ensure knowledge transfer. On the other hand, you can try to look
for opportunities here. Such an unfortunate event many help you to force your management to find you a better
expert for your project. For example, from another project. Therefore, it is a good
idea always to be informed of the resources that
will be released soon or even from other companies. You may try to secure their
acquirement in advance. Okay, if you really see a value in leveraging opportunities type a simple yes in the comments below. Thank you in advance. So, now what’s the place of risk analysis in project management? I have a separate video on the whole project risk
management framework. I’ll leave you a link in
the description below. But ensure the process is quite simple. You make a draft project management plan with drafts of scope,
schedule, and costs baselines. Then you perform the risk
identification process. You put all identified risks
into the Risk Register. And only then you analyze all known risks and prioritize them. So when does this happen? In general, the analysis
can happen at any moment. Nevertheless, in real-life projects, I would define the next key moments. During project initiation. It’s usually an overview of
known risks on a high level to ensure feasibility. During the planning phase. There should be one or several sessions where the bulk of analysis happens. Here you work with the long
list of identified risks, in all details, and this is the part of your
project planning efforts. It includes analysis of
separate deliverables or the project plan in general. During project execution. After your project kicks
off, there will be changes. You need to analyze their
impact in regards to risks. Moreover, you must also
periodically reassess known risks. Now, who should be involved? Of course you. Some risks relate to project management. Here you are the key expert. However, even so, I would recommend
consulting with your peers. Separate Stakeholders. In some cases, it is efficient to analyze some specific risks one on one. Expert Groups. Most of the time, you
will work with a group of dedicated people who
possess the best expertise. Whole Project Team. If the size of the team allows, it may be beneficial to
involve the entire team. At least to collect
additional points of views. As you can see in most cases, you need to arrange interviews, meetings, and brainstorming sessions. Okay, let me now interpret
the PMBOK Guide’s definition in my own words. Qualitative risk analysis
is the process of grading each risk in terms of its probability and impact using a
predefined ranking system. Based on the results of the grading, a project manager can
perform further analysis to prioritize risks and
develop action plans, which are called risk response plans for the selected risks. The main problem for the analysis is to define the ranking system
for impact and probability. Okay, The impact is a
level of effect that risk will have on the project. From the definition of a risk, it may be positive or negative. Remember that? A risk may impact one or
several aspects of a project like additional costs or scope of work. It may introduce delays or reduce the quality of a deliverable. Likewise, it a risk may affect
the motivation of the team, or engagement of stakeholders, and so on. Probability is a level of
likelihood of occurrence of the risk. You can represent the system
of impact and probability as a simple spreadsheet. However, it should meet
the following criteria: It should be aligned with
project management approach. It should talk in the
same terms you describe your project aspects. It should be brought in line with internal policies and procedures. At least for communication and reporting. It should be clearly
understood by stakeholders in the same way. You can find examples of
impact and probability interpretations on the Internet. However, I strongly recommend
you to refer to them as a starting point only. I suggest you to take some time to develop the interpretations
that are aligned with your organizational environment. Here is an example of
Impact Interpretation Map. You may use a simple grading like High, Medium, or Low impact. Or you can grade it from one to 10. It’s more important to describe
the interpretation clearly. You should be as specific
as it’s practical. Again you need to come up with description relevant for your industry,
company, and project. Do research in the
Internet for ideas only. The Probability Interpretation
Map is even more simplistic. Again, you can go with one to 10 scale or use High, Medium, and
Low probability grades. All of these leads us to
Qualitative Risk Analysis Matrix. There are different names for this chart. Impact/Probability Matrix, Qualitative Risk Analysis
Matrix, or just Risk Matrix. All of these names refer
to the following chart. In fact, it is just a
visualization of priorities. Based on the combination
of probability and impact, you decide whether you
need to do something with the risk proactively. So, red is for the risks
that warrant a response. Yellow is for the risks that require further
analysis and investigation. Green is for the risks
that can ignore for now, but you need to monitor them. And you can improve the quality of your risk analysis even further. Let’s talk about Risk Appetites, Risk Tolerance and Risk Threshold. So these characteristics
describe the attitude of stakeholders towards the risks. Risk Appetites is a general
and subjective description of the acceptable risk level. Risk Tolerance is a measurable
and specific level of risks. Risk Threshold is a particular point at which a risk becomes unacceptable. For example, the customer
or sponsor may state that the budget is limited. However, we do not have
any strict deadlines. It means that risk
appetites for costs are low, while schedule may take
a higher level of risks. On the other hand, they may say that we can take up to $10,000 of risks. That is their tolerance
for threats to budget. Also, if they say that we can not accept risks on more than $10,000 that
will be the risk threshold. Knowing these characteristics
will help you to define the correct Risk Management approach. Prioritize and escalate certain risks. To develop an efficient
risk response strategy. Usually, you need to ask clients and stakeholders directly
about these levels. Okay, what should you get in the end? Here are the main qualitative
risk analysis outputs: A prioritized list of risks. Your Risk Register should
clearly communicate which risks should be dealt with. List of risks grouped by categories. By grouping risks, you get an opportunity to identify common root
causes of the problems. Therefore, you may find a
universal solution for them all. List of risk for additional
analysis and investigation. In some cases, you will not have all the
required expertise at hand. So, you will not be able to
assess the risk correctly. Therefore, you will need
additional consultation on these risks. List of urgent risks. Some severe risks may
require immediate action. Otherwise, they may
cause a critical impact on the project that has
not yet even started. And the watch list is a list of risks that you
need to monitor regularly. They do not require response now. However, they might cause
problems in the future. As you can see, the
qualitative risk analysis is quite straightforward. Nevertheless, it gives you
focus on the critical risks of your project. On the other hand, it removes uncertainty in planning as you will allocate resources for the evaluated threats
and opportunities. If you liked this video and you want to become a project manager, subscribe to this channel right now and hit that bell button. Also, do check the description below. There’s a cheat sheet on how to become a project manager and a lot of related
resources for this topic. But before we go, tell me would you include your
clients and customers in the risk analysis process? Type Yes or No in the comments below. Thank you in advance! (dramatic sound)

4 thoughts on “How to Perform Qualitative Risk Analysis for the First Time

  1. Very relevant video, the kind that needs to be seen time and time again for it is very instructive and rich in content.
    It is innovative to include Opportunities as Risks, however, I am not fully sure… Indeed your speech tends to focus on Risks as Threats so you do not speak much about Opportunities when showing how to assess Risks.

Leave a Reply

Your email address will not be published. Required fields are marked *