In risk management of a project, one of the steps is risk assessment (which follows risk identification). Risk assessment is done to calculate or understand the probability of a risk and the impact or effect it will have on a project. It may be relevant to any one phase in the project life cycle and is an on-going process till the end of the project. Different types of risk assessment reports are created when a risk is identified and assessed.
Risk assessment is done to evaluate many types of risks in a project. Evaluation for each may be inter-related, and documents for each are independently created.
The means of evaluating the risks in each category is based upon qualitative and quantitative risk analysis of the project. It may be risks identified as per each work package in the work breakdown structure from any phase. Risks that are assessed may also be external or internal in nature.
Qualitative risk analysis deals with the probability occurrence of a risk and its anticipated impact. Risks that are analyzed may be prioritized into high, medium and low for their probability and impact respectively, as per the image illustrated below. While there is a high probability a risk might happen, it need not necessarily mean that its impact too would likewise be high. In this case, a probability-impact analysis may be done and represented graphically as per the image in this article.
Quantitative risk analysis quantifies probability and impact. That is, a numerical value is assigned and the risk assessed may be translated into terms of numbers and percentages. There are many techniques adopted for quantitative risk analysis, namely,
- Decision Tree Analysis
- Expected Monetary Value Analysis
- Simulations such as the Monte Caro Simulation
When risks are identified, assessed and documented, a follow up plan may be formulated in time to avert, avoid or work around an identified risk.