The use of qualitative or quantitative approaches to assessing risk depends on the situation and objectives of the risk assessment exercise. The quantitative methods provide a figure to measure risk, and this can be in monetary terms, which allows project planners to know the exact cost of risk. There can be a consistent generation of numbers used in critical controls of a project, and the numbers will create a report that project managers can use in decision-making (Mitchell 1995).
An example of efficient use of quantitative risk analysis approaches would be in a facility that maintains customer records in a confidential format. Such a facility would have an external web server for manipulating and storing records. Only authorized personnel in the organization can access and manipulate the record. When assessing the risk of the webserver in terms of security, a quantitative approach can be very useful. It would map out the risk in terms of its monetary value. An organization would look at the cost of replacing specific records that are sabotaged, and then use those unit costs to evaluate the cost of the overall damage to the web server that would have the organization come up with new records. Besides, an estimate of the time that it will take to bring the webserver back online would be useful as a quantitative parameter. The business will then match the time with the typical revenue generated in the same period in ordinary circumstances. The cost of replacement and the downtime would then provide a measure of the monetary value that the business stands to suffer should the security or damage risk event occur on the webserver. The weakness of a qualitative approach is in its difficult to interpret when there are too many parameters being measured and reported (Project Management Institute 2013).
On the other hand, qualitative approaches to risk assessment work differently, often presenting issues like the probability of occurrence and concentrating on the severity of the risk event. The success of a qualitative approach is determined by the ability to comprehend the vulnerable parts of the system and avoid the risks. The qualitative approach provides descriptions of the risk and the relation of the risk to the overall outcome and objectives of the project (Project Management Institute 2013). With the qualitative approach, it is easy to dismiss high probability risks that are not very significant to a business. For example, if a security breach to a web server is very likely to occur, but it would not mean disruption of business or significant loss of information and money, then it can be dismissed as a low risk-high probability event. A weakness of qualitative approaches is that it can reject related risks and fail to capture chain events that lead to a catastrophic outcome (Meredith & Mantel 2012).
In a typical situation, it is better to begin risk assessment with a qualitative approach for its descriptiveness, and then when the high risk and highest probability events are captured, analysts can go on to employ quantitative methods to determine the exact implication of the identified high-risk events (Simons 1999). This approach saves both time and resources used to assess other resources. Overall, the hybrid approach leads to the avoidance and proper management of high impact catastrophic risks.
Reference List
Meredith, JR & Mantel, SJ 2012, ‘Project activity and risk planning, Section 6.5 Project risk management’, in JR Meredith & SJ Mantel, Project management: A managerial approach, 8th edn, John Wiley & Sons, Inc., Hoboken, NJ, pp. 250-260.
Mitchell, VW 1995, ‘Organizational risk perception and reduction: A literature review’, British Journal of Management, vol 6, no. 2, pp. 115-133.
Project Management Institute 2013, ‘A guide to the project management book of knowledge (PMBOK Guide)’, in Project Management Institute, Project risk management, 5th edn, Project Management Institute, Newton Square, PA, pp. 309-354
Simons, RL 1999, ‘How risky is your company’, Harvard Business Review, vol 77, no. 3, pp. 85-95.