Products
Solutions
Resources
Published 1 Aug 2023
Qualitative risk analysis is the process of rating or scoring risk based on a person’s perception of the severity and likelihood of its consequences. The goal of qualitative risk analysis is to come up with a short list of risks which need to be prioritized above others.
Qualitative risk analysis is best described as a project manager’s first line of defense against risks. It helps weed out potential detractors to the project’s success, including risks that are unlikely to cause any severe harm to the project. By targeting the most dangerous risks first, risk analysis in project management becomes more efficient and project managers are able to allocate their time and resources more effectively.
As part of the overall quantitative risk management process, quantitative risk analysis is the process of calculating risk based on data gathered. The goal of quantitative risk analysis is to further specify how much will the impact of the risk cost the business. This is achieved by using what’s already known to predict or estimate an outcome.
For data to be suitable for quantitative risk analysis, it has to have been studied for a long period of time or to have been observed in multiple situations. For example, in the past five projects, equipment type A has broken down after 7 hours of use. With this information, it can be assumed that if a project requires workers to use equipment type A for 8 hours, then it has a 100% chance of breaking down.
The key difference between qualitative and quantitative risk analysis is the basis for evaluating risks. As mentioned earlier, qualitative risk analysis is based on a person’s perception or judgment while quantitative risk analysis is based on verified and specific data.
Another difference is the values associated with risks. In qualitative risk analysis, this value is the risk rating or scoring. A risk may be rated “Low” or given a score of 1 to indicate that the risk does not require immediate attention. In quantitative risk analysis, the value associated with the risk is often in percentages and indicates the probability of the risk occurring or of it causing a specific negative effect on project objectives.
Qualitative risk analysis should be performed when there is a change in the perception of risk and when a new risk has been identified. As a general rule, project managers should always perform qualitative risk analysis at the beginning of every project. Additionally, since performing qualitative risk analysis is relatively easy, quick, and low-cost, it can be done at any time during the project or whenever the project manager deems it necessary.
In relation to that, a 5 whys software can help in efficiently performing qualitative risk analysis. Since 5 whys digs into the reason why a certain situation is the way it is, calculating risks and their impact would be easier and more credible.
Quantitative risk analysis should be performed when there is a large amount of data on the risk and its impact and when qualitative risk analysis needs to be validated. Since performing quantitative risk analysis and quantitative risk assessment can be difficult and time-consuming, it is not recommended by most project managers unless the safety of the project relies on precise estimations of risk. In these environments, performing quantitative risk analysis may be required by law or by project stakeholders.
To help guide project managers in selecting which risk analysis to perform, here are examples of instances where a qualitative or quantitative risk analysis may be applied.
Change in perception of a risk – Example: The lack of machine guards was initially given a risk rating of low, but after several near misses involving the hazard occurred, the project manager believes its risk rating should be at least medium.
New risk has been identified – Example: When the project began, equipment was in good condition. The only risk the project manager could identify at the time was the lack of proper training, as most of the workers did not know how to use equipment safely. The project manager quickly arranged for the workers to be trained in equipment safety. Yet, as the workers started to use equipment more frequently, the project manager noticed that it was no longer in good condition and could malfunction soon.
Large amount of data on the risk and its impact – Example: In 2020, a construction company planned on starting a major project in 2021. In preparation for the project, the construction company began collecting data on the risks they may face, their impact on the project’s completion, and how much mitigating these risks could cost the company. By early 2021, the construction company had enough data to perform a quantitative risk analysis.
Qualitative risk analysis needs to be validated – Example: During qualitative risk analysis, a project manager scored each risk a 10 on a scale of 1-10, with 10 being extremely high risk. But the project manager wants to ensure that each risk has an impact great enough to justify spending time and resources on them.
After choosing which risk analysis best fits their given situation, project managers can proceed with performing the risk analysis. For those looking for a guide on how to perform qualitative and quantitative risk analyses, follow the steps below:
The goal of this step is to create a masterlist of risks by noting down any risk that comes to mind and asking other members of the team for their input. Additionally, project managers can make the risk identification process faster by holding brainstorming sessions with their teams and even some workers to get a clearer idea of what’s happening in the field.
There are several techniques for classifying risks. One popular technique is the risk matrix, which combines the consequences and likelihood of a risk occurring.
Risk Matrix
Lesser known techniques include assessing the possible causes and effects of each risk and preparing for different scenarios involving the risk.
While this may look different depending on the technique chosen in the previous step, risk control is generally divided into two categories. The first category of risk control is focused on targeting the root causes of risks such as hazards or inefficient management processes. The second category of risk control is geared towards lessening the negative impact of the risk through corrective actions such as providing workers with PPE.
As project managers go through the qualitative risk analysis process, they should remember to keep all of their notes regarding risks, risk ratings, and control measures to mitigate consequences. These notes will be useful in completing the final step: risk monitoring. This step mainly involves observing risks and asking the following questions:
Project managers first need to think about what they want out of the quantitative risk analysis. What kind of insight are they looking for? After identifying the purpose of quantitative risk analysis, project managers can now define the scope and limitations. What data will or will not be included in the quantitative risk analysis? Once this question has been answered, project managers can now select one of the following methods for quantitative risk analysis:
Before applying the selected method, project managers should ensure that data is organized and compatible with the method and tools they plan to use. Tools can include digital templates, specialized software such as an employee gps tracking, and other materials that can help in performing quantitative risk analysis. As for the preparation of the people needed, this highly depends on whether or not project managers decide to hire outside experts or involve people from other departments or branches.
Once the data, tools, and people needed are ready, project managers can proceed with performing the quantitative risk analysis. If project managers selected the FMEA or BIA methods, they can use the following digital templates:
For the EMV method, project managers can use the following formula:
Probability in % of Risk Occurring x Cost of Impact in Preferred Currency = EMV
After applying the FMEA, BIA, or EMV method, ensure that all results are recorded and stored securely, even if they aren’t the focus of this risk analysis. The reason for keeping these records is that they may be useful later on in the next risk analysis. As quantitative risk analysis takes up a lot of time, effort, and resources, it’s important to not waste information gained from it.
Quantitative risk analysis is also helpful in performing industry-specific functions such as restaurant inspections, pharmaceutical audits, and food safety inspections as it can help identify health code violations before they become a problem.
SafetyCulture templates are easy to use and customize according to the needs of the project. Project managers can simply download one of SafetyCulture’s pre-made templates to get started. Here are some SafetyCulture templates that could help project managers in performing qualitative and quantitative risk analysis:
Use this digital template to perform qualitative risk analysis in 4 steps:
Eliminate manual tasks and streamline your operations.
Use this digital template as a guide in performing quantitative risk analysis. It includes the following steps:
SafetyCulture is a digital operations platform project managers use to ensure that their projects stay on track. It has the following features:
SafetyCulture makes it simple and easy for project managers to perform risk analysis on the go or in the field. With the SafetyCulture mobile app, project managers can capture and record risks as soon as they appear, set risk ratings, and collaborate with other members of their team in identifying potential risks.
Project managers can assign corrective actions to anyone in the organization or even to themselves. They can add due dates, priority levels, and images to any corrective action created in SafetyCulture.
View risk analysis results in the analytics dashboard, and apply filters to get the insights you need. Store critical data effortlessly with automated recordkeeping.
SafetyCulture helps you manage risks so that they don’t get in the way of your work. Without a good project risk management system and training, projects are vulnerable to unexpected threats and may be delayed as a result. Prepare for anything and everything by identifying and analyzing risks. By performing regular risk analysis, you become more equipped to handle possible obstacles to the project completion.
Available on Android, iOS, and the web, SafetyCulture is a customizable mobile inspection app mainly used to improve and maintain safety and quality in numerous industries.
SafetyCulture offers a number of ready-to-use risk analysis templates that can be used in different industries to manage and control risks on-the-go.
Erick Brent Francisco
Erick Brent Francisco is a content writer and researcher for SafetyCulture since 2018. As a content specialist, he is interested in learning and sharing how technology can improve work processes and workplace safety. His experience in logistics, banking and financial services, and retail helps enrich the quality of information in his articles.
What are the Goals of Ergonomics Training? Ergonomics is defined as the study of how humans at work ...
Benefits Big or small, businesses across industries are exposed to a myriad of risks. If unmitigated...
Why It’s Important to Maintain TCS Food Safety An estimated 1.3 billion tons of edible food is ...
We use cookies to provide necessary website functionality and improve your experience. To find out more, read our updated Privacy Policy.
