• The Organizational Process Assets in this context refer to "data about risks on past projects and the lessons learned knowledge base [...]" (comp. PMBOK3, p. 250)

(8.3) Qualitative Risk Analysis

(8.3.1) Process Input

... generated by predecessor processes

... introduced by external units

  • Organizational Process Assets

(8.3.2) Process Definition

Qualitative Risk Analysis is the process for "[...] prioritizing risks for subsequent further analysis or action by assessing and combining their probalility of occurence and impact":

"Qualitative Risk Analysis assesses the priority of identified risks using their probability of occuring, the corresponding impact [...] as well as other factors  such as the time frame and risk tolerance [...]."

(comp. PMBOK3, p. 237)

Naturally this evaluations uses the definitions of the risk management plan. The Qualitative Risk Analysis is a qualitative risk analysis (and not a quantitative risk analysis) because single risks are "manually" classified by raw types of impacts and probability (and not by really computed values with respect to the whole project and the side effects of other risks) 

The subject Risk Management operates on the base of other risk concerning concepts

(8.3.3) Tools and Techniques

PMBOK Mentioned Methods

  • Risk probability and impact assessment is a method for "investigating the likelihood that each specific risk will occur" and a method for explicating their "potential effects" on the project which can be positive (risk is an "opportunity") or negative (risk is a "threat")
  • Probability and impact matrix combines the estimated / found values for probability and impact (both represented in a range between 0 an 1) and computes the importness by multiplying the values: risks, which will probably occur and which will have heavy impacts are more important than those which will probably not occur and which will have low impacts.
  • Risk and data quality assessment is a method to evaluate the quality of the basic data
  • Risk categorization is the act of linking identified and evaluated risks into the RBS or WBS and so on
  • Risk urgency assessment is a method to classify the risks (being already preclassified by the probability-impact-matrix) with respect to the time: even a lower classified risk can become more important than the higher classified if it will - in opposite of site higher classified - occur in the near future

(comp. PMBOK3, pp. 251ff).

Open Source Tools

  • myPmpsFactory offers an integrated risk register. This register also allows to classify risks according to the risk management plan. Based on qualitative estimates the risk register automatically computes the 'integrated project risk tuple' by which the degree of the project of being risky can be compared during the time. This 'template' can be edited by Open Office 3 (Calc).

(8.3.4) Process Output

  • Updates of  the Risk Register build an expansion of the initially generated risk register by the following information
    • Relative ranking or priority list of project risks based upon the probability-impact-matrix and the urgencies of the risks
    • Risks grouped by categories for being able to find collective answers
    • List of risks requiring response in the near-term
    • List of risks for additional analysis and response
    • Watchlists of low prority risks
    • Trands in qualitative risk analysis results

(comp. PMBOK3, p. 253)

(8.3.5) Output Using Successor Processes

Successors using the initially generated output as own input(1):

Processes using the updates as input(2):

  1. For details see FAQ::Q001:1
  2. For details see FAQ::Q001:2