Risk Quantification
From apppm
Humanity is quite familiar with the concept of risk or uncertainty since the beginning of recorded history. The difference between risk and uncertainty is that the risk can be quantified, while uncertainty is rather a vague concept that cannot be quantified. Poor risk assessment may lead to project failures or accidents, hence appropriate risk quantification is very important. However, to quantify the risk, once it has been identified, in order to remove or reduce it and take a decisive action, is a big challenge. Risks are quantified by using likelihood or probability of an event to occur and its impact on the outcome or situation. Risks then can be categorized into acceptable or not acceptable risks and further actions are taken accordingly.
This article substantiates the concept of risk quantification and reviews the methods that are used in risk quantification process. Critical content analysis and literature review are carried out in order to draft this article. It is found out that risk quantification plays a significant role prior to initiate any project, program, or portfolio as it helps pinpoint possible risks involved and enables managers to take necessary precautions. It applies to every field of life from medical, projects, construction, safety and etc. and its criticality cannot be overlooked. In order to highlight the importance and challenges that are faced during risk quantification, applications of risk quantification and limitations or new challenges are analyzed briefly in this article.
Contents |
Introduction
Definition
Risk quantification is a process of evaluating the risks that have been identified and developing the data that will be needed for making decisions as to what should be done about them [1]. PMBOK [1] describes risk quantification as evaluating risks and risk interactions to assess the range of possible outcomes.
Inputs and Outputs of Risk Quantification
In risk quantification process of a project, there are inputs that should be considered with delegate care and as a result of risk quantification process outputs are generated. According to PMBOK, following inputs are considered and outputs are produced in risk quantification process of any project:
Inputs | Outputs |
---|---|
Stakeholder Risk Tolerance: Every organization and different individuals may have different tolerance for risk value | Opportunities to Pursue, Threats to Respond to: The list of opportunities that should be pursued and threats that should be taken care of. |
Sources of Risks: Categories of possible risk events that may negatively affect the outcome of a project. For example, Designs errors, stakeholder actions, or poor estimates etc. | Opportunities to Ignore, Threats to Accept: List of opportunities that can be ignored and threats that can be accepted. |
Potential Risk Events: Discrete occurrences that can occur during a project that may affect the outcome of the project. Such as natural disaster or departure of key member etc. | |
Cost Estimates: Assessment of likely cost required to complete the project activities. | |
Activity Duration Estimate: Quantitative assessment of likely number of work period required to activities of a project |
Purpose and Concept
The objective of risk quantification is to prioritize them in terms of their severity and likelihood, so that appropriate action can be taken accordingly. In order to quantify risk, it needs to be identified first. Once risk is identified then it is analyzed in terms of probability of occurrence and impact that it could print on the outcome. The probability is assigned based on the previous data of failure rates available for similar events in datasheets. Probability of failure on Demand (PFD) of an event or a component is calculated by following formula.
Once probabilities of all events are calculated, a criteria for likelihood of all the events is defined. For example, if a specific event may occur in exceptional circumstances, like for example <3% chance of occurance, then its likelihood can be assigned as “Rare”. In the similar way, severity or consequence of the events on project is also classified. For example if an event may result in abandonment of project then it can be classified as “Catastrophic” or if it may result in delay of 50% of schedule or 50% of additional cost then it may be classified as “Major”. The risk(R) is calculated by multiplying probability(P) with the impact(I) or severity.
Once risks are quantified then these are evaluated against a defined risk criteria or risk matrix. Red zone in a risk matrix may represents unacceptable risks, yellow zone as acceptable risk, and green zone as neglectable risks. For example, if an event has a likelihood of class “Likely” and it has a severity class “Catastrophic” then it may lie in red zone of risk matrix. This may mean that this risk is not acceptable and appropriate or immediate actions should be applied to lower this risk into acceptable zone. Figure 1 shows an example of risk matrix of a project. First column represents criteria for likelihood, where, first row represents criteria for consequence. Further, nature of any possible risk is defined based on both likelihood and consequence from low, moderate, high, to extreme.
Importance
The term risk or risk assessment may sound like a modern scientific concept, but the idea of risk is as old as recorded human history. The gambling, the very essence of risk, was a popular pastime that inspired Pascal and Fermat’s revolutionary breakthrough into laws of probability [2]. However, Risk as a scientific field is quite young. Around 30-40 years ago scientific journals, papers, and conferences started to cover this idea and principles on how to assess and manage risk [3]. Figure 2 shows that 17% of projects were failed due to inadequate risk management.
Applications
Several tools and techniques are used in order to apply risk quantification in projects. PMBOK [1] provides 6 methods that can be used in risk quantification process. These tools and techniques are described briefly below, along with application, advantages, and disadvantages of each tool.
Expert Opinion:
Merriam Websterdefines expert opinion as, “a belief or judgment about something given by an expert on the subject”. Expert opinion is one of the risk quantification techniques. In expert opinion, risks are quantified based on the opinions of experts or senior executives based on their experiences. One of the best ways to use expert opinion is to conduct risk assessments workshops where experts can discuss and consequently assign values to the to the risks identified. But, this may lead to group bias and can affect the outcome. This bias can be minimized by using Delphi method, but there still be a chance of high variation in opinion. [2] Although, expert opinion is not as concrete, as other methods may be, and may prone to personal subjectivity, but it is a very useful tool for risk quantification when data is scarce or no sufficient past experience is available or where risks are very company or project specific.[3] Figure 3 shows an example of risk quantification using expert opinion in a case study on construction project conducted by Yildiz et al. (2014).[4] The ratings are estimated ratings, quantified by SEM (Structural Equation Modeling) [4] software based on the sub risks and attributes ratings assigned by experts using 1-5 Likert Scale.[5]
Limitations and Challenges
Annotated Bibliography
References
- ↑ 1.0 1.1 [Duncan W. R., “A Guide to Project Management Body of Knowledge (PMBOK)”, PMI Standards Committee, (2013).]
- ↑ [Bernstein P.L., “Against the Gods: The remarkable story of risk”, John Wiley & Sons, New York, (1996).]
- ↑ [Aven T., “Risk assessment and risk management: Review of recent advances on their foundation”, European journal of operational research, (2016), Vol. 253, No. 1, pp. 1-13.]
- ↑ [Yildiz A. Z. et al, “Using expert opinion for risk assessment: a case study of a construction project utilizing a risk mapping tool “, Procedia - Social and Behavioral Sciences, (2014), Vol. 119, pp. 519-528.]