You may find a plethora of books on the topic of Project Risk Management. Each of these may portal the topic of risk analysis in a different way. For the PMI RMP Exam, we are more concerned about PMBOK’s interpretation of risk analysis and hence we are going to look at the risk analysis model as the PMBOK suggests.
Look at the picture below:
This is the high-level model for Risk Analysis.
As you can see, the output of the Identify Risks process (risks) are sent as the input to the Analyze Risks process. The analyze risks process has two sub components which are the Qualitative Risk Analysis and Quantitative Risk Analysis. Qualitative Risk Analysis deals with assessing and prioritizing a risk while Quantitative Risk Analysis deals with numerical analysis of the risk. At the end of the day, both these processes focus on the risk’s impact and probability and in almost all cases, both of these analysis steps happen if risk management is to happen in an efficient way in our project.
Once the risk analysis is over, as you can see the output is sent as the input to the Plan Risk Responses process. If you look at the image closely you can see an arrow going from the Analyze Risks process to the Monitor & Control Risks process. This is because, at the end of our analysis we will create a “Watchlist” which contains the list of low priority risk items which we feel are not significant at this juncture. So, we send this watchlist to the Monitor & Control Risks so that we can keep an eye on these low priority items.
Another thing you might have noticed in the image is that, you can see arrows going from both the Monitor & Control Risks process as well as the Respond to Risks process. This means that the risk analysis process is iterative and happens multiple times during the course of a projects risk management activities.
Are you wondering if both Qualitative & Quantitative analysis happen for all risks?
If you are, the answer is No. Not all risks go through both analysis phases. We typically first do the Qualitative Risk Analysis and if we need to analyze it further we send it to the Quantitative Risk Analysis process. Look at the image below:
Once Quantitative Risk Analysis is complete, the output of the overall analysis is sent to the Respond to Risks process. Let me repeat – NOT ALL RISKS ARE ANALYZED BOTH QUALITATIVELY AND QUANTITATIVELY.
The PMBOK says that if we need any further details while formulating responses for the risks in the Respond to Risks process, we can send those risks back to the risk analysis process. Remember that I said risk analysis is iterative just a few paragraphs ago?
Look at the picture below:
Lower priority risks are usually put into a watchlist and sent as input to the Monitor & Control Risks process where they will be constantly monitored to ensure that their priority or impact hasn’t changed since we put them there. This is done to ensure that, any changes to the probability or impact or priority of the risk does not take the project by surprise.
To Summarize – A Standard Risk Analysis model will involve the following steps:
1. First you Assess the risks
2. Then you prioritize them
3. Then you determine which risks are urgent
4. Then you determine which risks are low priority and need to be placed in a watchlist
5. Then you analyze certain high priority risks on a numerical level (Quantitative Risk Analysis)
6. Then you determine the probable outcomes of those risks that you analyzed quantitatively and plan a response for those risks.
This is just a high level overview of the risk analysis model. We will be covering more details of the individual steps of risk analysis in the subsequent chapters & sections
Prev: Goals & Benefits of Risk Analysis
Next: Risk Analysis & Project Management
