Risk Quantification
From apppm
Humanity is quite familiar with the concept of risk or uncertainty since the beginning of recorded history. The difference between risk and uncertainty is that the risk can be quantified, while uncertainty is rather a vague concept that cannot be quantified. Poor risk assessment may lead to project failures or accidents, hence appropriate risk quantification is very important. However, to quantify the risk, once it has been identified, in order to remove or reduce it and take a decisive action, is a big challenge. Risks are quantified by using likelihood or probability of an event to occur and its impact on the outcome or situation. Risks then can be categorized into acceptable or not acceptable risks and further actions are taken accordingly.
This article substantiates the concept of risk quantification and reviews the methods that are used in risk quantification process. Critical content analysis and literature review are carried out in order to draft this article. It is found out that risk quantification plays a significant role prior to initiate any project, program, or portfolio as it helps pinpoint possible risks involved and enables managers to take necessary precautions. It applies to every field of life from medical, projects, construction, safety and etc. and its criticality cannot be overlooked. In order to highlight the importance and challenges that are faced during risk quantification, applications of risk quantification and limitations or new challenges are analyzed briefly in this article.
Contents |
Introduction
Definition
Risk quantification is a process of evaluating the risks that have been identified and developing the data that will be needed for making decisions as to what should be done about them [1]. PMBOK [1] describes risk quantification as evaluating risks and risk interactions to assess the range of possible outcomes.
Inputs and Outputs of Risk Quantification
In risk quantification process of a project, there are inputs that should be considered with delegate care and as a result of risk quantification process outputs are generated. According to PMBOK, following inputs are considered and outputs are produced in risk quantification process of any project:
| Inputs | Outputs |
|---|---|
| Stakeholder Risk Tolerance: Every organization and different individuals may have different tolerance for risk value | Opportunities to Pursue, Threats to Respond to: The list of opportunities that should be pursued and threats that should be taken care of. |
| Sources of Risks: Categories of possible risk events that may negatively affect the outcome of a project. For example, Designs errors, stakeholder actions, or poor estimates etc. | Opportunities to Ignore, Threats to Accept: List of opportunities that can be ignored and threats that can be accepted. |
| Potential Risk Events: Discrete occurrences that can occur during a project that may affect the outcome of the project. Such as natural disaster or departure of key member etc. | |
| Cost Estimates: Assessment of likely cost required to complete the project activities. | |
| Activity Duration Estimate: Quantitative assessment of likely number of work period required to activities of a project |
Purpose and Concept
The objective of risk quantification is to prioritize them in terms of their severity and likelihood, so that appropriate action can be taken accordingly. In order to quantify risk, it needs to be identified first. Once risk is identified then it is analyzed in terms of probability of occurrence and impact that it could print on the outcome. The probability is assigned based on the previous data of failure rates available for similar events in datasheets. Probability of failure on Demand (PFD) of an event or a component is calculated by following formula.
Once probabilities of all events are calculated, a criteria for likelihood of all the events is defined. For example, if a specific event may occur in exceptional circumstances, like for example <3% chance of occurance, then its likelihood can be assigned as “Rare”. In the similar way, severity or consequence of the events on project is also classified. For example if an event may result in abandonment of project then it can be classified as “Catastrophic” or if it may result in delay of 50% of schedule or 50% of additional cost then it may be classified as “Major”. The risk(R) is calculated by multiplying probability(P) with the impact(I) or severity.
Once risks are quantified then these are evaluated against a defined risk criteria or risk matrix. Red zone in a risk matrix may represents unacceptable risks, yellow zone as acceptable risk, and green zone as neglectable risks. For example, if an event has a likelihood of class “Likely” and it has a severity class “Catastrophic” then it may lie in red zone of risk matrix. This may mean that this risk is not acceptable and appropriate or immediate actions should be applied to lower this risk into acceptable zone. Figure 1 shows an example of risk matrix of a project. First column represents criteria for likelihood, where, first row represents criteria for consequence. Further, nature of any possible risk is defined based on both likelihood and consequence from low, moderate, high, to extreme.
Importance
The term risk or risk assessment may sound like a modern scientific concept, but the idea of risk is as old as recorded human history. The gambling, the very essence of risk, was a popular pastime that inspired Pascal and Fermat’s revolutionary breakthrough into laws of probability [2]. However, Risk as a scientific field is quite young. Around 30-40 years ago scientific journals, papers, and conferences started to cover this idea and principles on how to assess and manage risk [3].
Applications
Methods
Real life applications
Limitations and Challenges
Annotated Bibliography
References
- ↑ [Duncan W. R., “A Guide to Project Management Body of Knowledge (PMBOK)”, PMI Standards Committee, Ed. 5.]
- ↑ [Bernstein P.L., “Against the Gods: The remarkable story of risk”, John Wiley & Sons, New York, (1996).]
- ↑ [Aven T., “Risk assessment and risk management: Review of recent advances on their foundation”, European journal of operational research, (2016), Vol. 253, No. 1, pp. 1-13.]
