Many people view quantitative risk analysis with a mixture of fear and awe. It’s clearly a very powerful technique in the risk professional’s toolkit, but it seems to be hard to use. As we decide whether it’s appropriate for us to include quantitative risk analysis in our risk approach, we should consider the strengths and weaknesses of this technique, so that we can make a balanced judgment.

Using quantitative risk analysis has a number of benefits, including:

  • Providing a means of analyzing the combined effect of risks together on objectives, rather than treating each risk separately and individually.
  • Describing risks quantitatively, using numbers or ranges for probability and impacts, instead of ambiguous descriptive terms such as High or Low.
  • Offering consistency in analysis, since the operation and output of a simulation model is independent of the person running the analysis, and is not subject to their subjective preconceptions and bias.
  • Allowing exploration of a range of options for addressing risk, through the ability to flex the model to analyze different scenarios and alternatives to the base case.
  • Reflecting a degree of complexity that exceeds what can be understood by a single person or held in their memory, allowing development of a sophisticated model of reality which can accurately predict outcomes.
  • Presenting targets realistically, as a range of possible outcomes rather than as a single point.

There are also however shortcomings in using quantitative risk analysis, including:

  • The need to use software tools. These may have good functionality and capability to support detailed analysis of risk, but they are an additional cost to the project, are likely to require staff training if they are to be used effectively, and require integration with other project tools.
  • Analytical outputs need careful interpretation, which may need some understanding of statistical principles to avoid misinterpretation.
  • Results have spurious precision, since computer-based tools naturally produce outputs to many decimal places, suggesting a degree of precision which is unlikely to be justified by the input data.
  • A related danger is spurious credibility, giving too much credence to model outputs without applying sufficient critical thought or judgment to the results.
  • The use of specialized tools can result in dependence on an “expert” to run the analysis, performing tasks that are not understood by the team, leading to a degree of separation and loss of ownership.

The existence of both strengths and weaknesses in quantitative risk analysis mean that care should be exercised when implementing this phase of the risk process.