Did you know Cybrary's video training is FREE? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
This lesson focuses on performing qualitative risk analysis. This creates Project Document Updates and takes into account opportunities, threats and impact. [toggle_content title="Transcript"] The next process is perform qualitative risk analysis. If you remember qualitative is dealing with characteristics, not numbers. Perform qualitative risk analysis it creates project document updates. The inputs are the risk management plan, scope baseline, risk register, enterprise environmental factors and organizational process assets. Your risk management plan is your baseline on how you are going to perform the qualitative risk analysis. Your scope baseline is going to contain WBS, WBS dictionary, and your scope statement. Your risk register which we just created, is going to identify all the risks for that project. Enterprise environmental factors and organizational process assets, are up there once again. The tools used are risk probability and impact matrix, risk data, quality assessment, risk categorization, risk urgency assessment and expert judgement. Risk probability and impact matrix will be there in the next slide. Risk data quality assessment is looking at your risks or the risks that you have identified, and trying to understand do I have good data on this risk to understand the risks. You are trying to put a number on how well you understand that risk. Risk categorization is trying to figure out what category that falls in. Kind of like the RBS which was shown on the previous slide. You are doing decomposition, trying to look at where the risk falls and what is above that risk for categorization. Risk urgency assessment is trying to figure out how much to respond to that risk. Is it probable and what are the impacts. Expert judgement is just understanding the risks from having expertise. Here is an example of probability and impact matrix, probability is on the left hand side and impact is on the bottom. You can put whatever numbers in but I set the probabilities at 80 percent, 60 percent, 40 percent, 20 percent. The impact is how going to... in a score of 0 to 1, so I say 25 percent, 50 percent, 75 percent, 90 percent. There are opportunities and threats and you are basically trying to figure out what is my threshold. So if you came up with a number, and you decided, 45 percent is the number. If I had an 80 percent probability of something happening, and the impact is only 25 percent, that risk is identified as point two. I am not going to be worried about it or the client is not going to be worried about it. If am looking at 45 percent...if the probability is 60 percent or higher and the impact is seventy five percent or greater, this is the risk that I am going to be concerned about. It can work in different ways, it's probably the client or the sponsor can see if that number...I said twenty percent, then if it is eighty percent probability and twenty five percent impact, anything from here over, you will have to pay attention to. Here's another way of looking at it. So this is numbers given to the client. You have probability, if the client says 0 to 25 percent, well you might have to do anything. Scope minimal changes, client might not be concerned, time its less than five percent delay, low impact, you won't have to report that to the client. Cost, if it's a less than five percent increase, once again you have to report that and quality, if quality slippage is a minimum, you don't have to report that, but the client might want to be concerned about medium risks, so probability twenty to fifty percent. Scope if there is major changes or if cost 60 percent or greater, the client is going to want to know, same thing with time or time or costs if its greater than 60 percent, and for quality, if quality slippage requires the sponsor to sign off on that item. [/toggle_content]