Risk Analysis

Make Better Decisions Using Qualitative and Quantitative Risk Analysis

What is Risk Analysis?

According to the Society for Risk Analysis, risk analysis is defined as “a distinct science covering risk assessment, perception, communication, management, governance and policy.” Investopedia narrows this somewhat, describing risk analysis as “the process of assessing the likelihood of an adverse event occurring within the corporate, government, or environmental sector. Risk analysis is the study of the underlying uncertainty of a given course of action.” Risk analysis is practiced in science, industry, academia, and in government. It is critical for business, engineering, healthcare, legal, policy, and countless other disciplines.

Enterprise Risk Management

However you look at it, the analysis of risk seeks to identify, understand, and mitigate adverse or hazardous events. We would argue that, as SRA points out, this concept extends beyond just naming specific risks and figuring out how to control them; rather, risk analysis needs to encompass the way risk is thought about, discussed, and communicated within and between organizations. Too often, risk management (of which risk analysis is typically considered a subset) is relegated to distinct silos within an organization, a check-the-box function whose purpose is to meet regulatory and shareholder requirements. However, the data is clear that successful organizations incorporate risk management throughout, making it a consideration with every conversation. This enterprise approach – Enterprise Risk Management – breaks down communication barriers and tackles biases, instituting new ways of thinking based more on objective fact, data, or experience and less on subjective opinion.

two business people pointing at a computer

The Role of Expert Judgment

This is not to say that personal judgment has no role to play in good risk management. Indeed, there are two primary categories of risk analysis: qualitative (relying on judgment) and quantitative (relying on numbers). Each adds value to the process, and each involves the same fundamental steps:

1) Identify what could go wrong;
2) Assign some probability or likelihood of the risk occurring; and
3) Estimate the impact the event will have if it happens.

Quantitative risk analysis leverages quantitative estimates, Monte Carlo simulation, and, sometimes, data to numerically measure risk. Unlike qualitative risk analysis, quantitative approaches allow for the inclusion of random variables, thus more accurately reflecting real life situations. Furthermore, quantitative models enable you to perform sensitivity and scenario analysis in order to determine which individual factors or combinations of factors (scenarios) drive risk the most. This is powerful diagnostic tool for determining how to mitigate or reduce risks; if you don’t know what is causing risk, you can’t begin to treat it.

There are two types of quantitative risk analysis: deterministic and stochastic.



Deterministic Risk Analysis

Deterministic risk analysis relies on single-point estimates for unknown or uncertain variables, and does not allow for any variability or randomness. Using this method, an analyst may assign values to discrete scenarios to see what outcome may result from each. It is very common to examine three arbitrary potential outcomes: worst case, best case, and most likely case, typically defined something like this:

Worst case scenario – All costs are the highest possible value, and revenues are the lowest of possible projections. The outcome is losing money.
Best case scenario – All costs are the lowest possible value, and revenues are the highest of possible projections. The outcome is making a lot of money.
Most likely scenario – Values are chosen in the middle for costs and revenue, and the outcome shows making a moderate amount of money.

There are several problems with the deterministic risk analysis approach:

It considers only a few discrete outcomes, which are often subjectively defined without regard for how realistic they may be, while ignoring thousands of others.
It gives equal weight to each outcome. That is, no attempt is made to assess the likelihood of each outcome.
Interdependence between inputs, the impact of different inputs relative to the outcome, and other nuances are ignored, oversimplifying the model and reducing its accuracy.



Stochastic Risk Analysis

Stochastic risk analysis, by contrast, accounts for uncertain and randomness in risk models. It is performed using Monte Carlo simulation, an approach that represents unknown input variables with ranges of values, or statistical distribution functions. This allows you automatically calculate your risk model thousands of times, using a different set of input values each time. The result is a much more realistic picture of the many possible outcomes that exist, plus significant time savings for the user.

Earlier we mentioned that qualitative risk analysis has a role to play in making good decisions involving risk. The definition of unknown input variables for a Monte Carlo simulation is a perfect example of this. Expert opinion is very important in the construction of any risk model, particularly in the absence of data. A further example is the interpretation of the results from a Monte Carlo simulation. It takes context and judgment to follow the insights a simulation can produce, and to leverage those results into effective mitigation and go-forward strategies.

Stochastic risk analysis has a number of advantages:

The outcomes can be graphed many different ways to visually communicate information such as the probabilities of achieving targets and the variance in the results, such as the histogram shown below.
It’s possible to understand the spread of possible outcomes and determine the sensitivity of the results to different inputs. The tornado diagram below is an example of this.
Relationships between unknown variables can be modeled using correlations to accurately reflect interdependencies in the results.

The results of a Monte Carlo simulation as shown in histogram form.

A tornado graph showing most important factors, ranked, from a Monte Carlo simulation.

Despite the intensity of its calculations, Monte Carlo simulation is a highly accessible and intuitive technique that is available at the desktop level within Microsoft Excel.

More about Monte Carlo Simulation

Qualitative Risk Analysis

Qualitative risk analysis relies on the subjective opinions of analysts and experts in order to construct a theoretical risk model. It does not need to rely on numerical measures or metrics, but rather utilizes written descriptions of risk events and their impacts. Qualitative risk analysis often involves assessing a situation by instinct or “gut feel,” and may be characterized by statements like, “That seems too risky” or “We’ll probably get a good return on this.” Examples of qualitative risk analysis include SWOT analysis, game theory, questionnaires, scoring methods, and risk heat maps.

Risk heat maps are a very common qualitative technique. Heat maps are a visual, matrix-based approach to risk analysis where the likelihood of a risk event occurring is mapped against the impact those events will have. How likely or how severe a risk will be is determined by asking experts to provide an opinion. The results are plotted on a color-coded chart, as shown.

Advantages of such an approach include ease of communicating results to others, and low participation barriers for stakeholders (i.e., there is little effort required to give an opinion). As a result, such matrices are very common. The main problem with them is they fail to provide an accurate view of risk, and decisions made based heavily on such heat maps usually run into unexpected negative outcomes.

Risk heat map. Source: https://en.wikipedia.org/wiki/Risk_matrix

Risk Analysis with Palisade

@RISK is the leading Monte Carlo simulation add-in for Excel. First introduced for Lotus 1-2-3 for DOS in 1987, @RISK has a long-established reputation for computational accuracy, modeling flexibility, and ease of use.

More about @RISK

Join decision-makers around the world who

RELY ON PALISADE.

Request a Demo

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.