Risk assessment through quantitative analysis

What is quantitative analysis?

While analyzing risks in

software development companies

What is quantitative analysis in risk management?

As quantitative risk analysis deals with a numerical solution, risks are assigned numbers on which the assessments are made. Usually this analysis is made on the basis of cost or time. That is, risk is measured in terms of the loss in cost or time.

Necessity of Quantitative risk assessment

Ideally, a quantitative risk assessment is a compulsion when the policies involved in a project demands it. Apart from all this, there are situations where quantitative techniques become essential. These situations vary from project to project.

Some cases where quantitative analysis is a must for proper risk assessment are:

• When single point estimates are used for project planning.
• Understanding the maturity in risk management process of the project undertaken.
• Deciding between two or more Project approaches.

Quantitative analysis also aids to characterize organizations and leaders to analyze project risk. The ultimate aim of quantitative analysis is to minimize the annual loss and can be used to:

• Identify the threats that can be reduced to optimize costs.
• Prevent the loss of assets.
• Optimize the ROI.

Difference between Qualitative and quantitative analysis

• Qualitative analysis considers all the risks in the identifying process while quantitative risk analysis process considers those processes which are marked for further analysis in the qualitative risk analysis.
• Qualitative analysis is done by creating a probability/impact matrix whereas quantitative risk assessment techniques predict the outcomes in terms of money or time based on combined effects of risk.
• All projects use qualitative risk analysis but not all projects use quantitative analysis.
• Qualitative analysis does not use mathematical models to analyze risks whereas quantitative models do use mathematical models to analyze risks.

Various techniques used in Quantitative risk analysis

The various techniques used in quantitative risk analysis are:

• Estimated monetary value
• Monte Carlo Simulation
• Sensitivity analysis

Estimated monetary value (EMV):

According to PMBOK, this is a process used to identify, analyze and respond to project risk.

EMV is used to analyze as to how much risk can be tolerated by the stakeholders and how much fallback plans do they want. Stakeholders often want to know the monetary value of the risk occurring. For such situations EMV is the best technique.

EMV= Probability*Impact

Example:

 Suppose there is a project where there are the following risk probabilities:

• Weather: A 25 percent chance of excessive snow fall that will delay the construction for two weeks which will, in turn, cost the project to $80,000.
• Construction cost: A 60 percent probability that the price of the project will go down by $100,000 because of lowering construction cost.
• Labor turmoil: A 15 percent probability of construction coming to a halt if the workers go on strike. The impact would lead to a loss of $150,000. Consider your industry and geographic area to determine whether this risk would have a higher probability.

To find out the EMV, the following calculations are made:

Weather: (25/100)*(-80000), negative since loss

                =-20,000

Construction cost: (60/100)*(100,000), positive since gain

                =60,000

Labor turmoil: (15/100)*(-150,000)

               =-22,500

Therefore Project EMV = -20000+60000-22500=15,500, hence the project will gain $15,500 as the final value is positive.

Monte Carlo simulation:

Monte Carlo analysis uses simulations to determine the risks for various scenarios. Here, certain variable inputs are considered to generate the range of outcomes with a confidence level for each outcome. This is done by establishing a mathematical model. This technique is used for forecasting the likely outcome of an event and thereby making project decisions.

Let us take an example. Suppose there are 3 modules for a project. Monte Carlo analysis determines the best case (optimistic), most likely and worst case (pessimistic) scenarios as follows:

Let us assume that we run the simulation for 500 times. We see that the project can be completed between 6 to 16 days. We get the following results from the simulations:

This simulation shows that there are 18 % chances that the project gets completed in 9 days, 40 % chances of it being completed in 13 days and so on.

Sensitivity Analysis:

Sensitivity analysis is a technique used to show the effects of changing one or more variables on an outcome. For example, in project management, it may be used to determine the change in ROI if the output of a certain variable process is changed.

In project management, the purpose of sensitivity analysis is to:

• Help identify the key variables which influence the project cost and benefit streams
• Investigate the consequences of likely adverse changes in these key variables
• Assess whether project decisions are likely to be affected by such changes
• Identify actions that could mitigate probable adverse effects on the project

Conclusion

Irrespective of it being a quantitative or qualitative process, risk assessment, in

software outsourcing companies