• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

Qualitative Risk Analysis

Extracts from this document...


Qualitative Risk Analysis

Qualitative risk analysis is the process of performing a qualitative analysis of identified risks. This process is intended to prioritize risks according to their potential effect on business objectives.  Qualitative risk analysis is one way of determining the importance of addressing specific risks and guides risk response measures. The time-criticality of risk-related actions may magnify the importance of a risk. An evaluation of the quality of the available information also helps modify the assessment of the risk. Qualitative risk Analysis requires that the probability and impact of the risks be estimated using qualitative analysis methods and tools. Using these tools helps correct biases that are often present in a business plan.  Qualitative risk analysis should be revisited during the business’s life cycle to stay current with changes in business risks.  This process can lead to further analysis in quantitative risk analysis or directly to risk response planning .

  • Inputs to Qualitative Risk Analysis
  • Risk management plan.
  • Identified risks.Risks discovered during the risk identification process are evaluated along with their potential impacts on the business.
  • Business status. The uncertainty of a risk often depends on the business’s progress through its life cycle. Early in the business many risks have not surfaced, the design for the business is immature and changes can occur, making it likely that more risks will be discovered.
  • Business type. Businesses of a common or recurrent type tend to have less risk. Businesses using state-of-the-art  or first-of-a-kind technology  or highly complex businesses tend to have more risk.
  • Data precision. Precision describes the extent to which a risk is known and understood. It measures the extent of data available as well as the reliability of data. The source of the data that was used to identify the risk must be evaluated.
  • Scales of probability and impact.  These scales are to be used in assessing the two key dimensions of risk.
  • Tools and Techniques for qualitative Risk Analysis
...read more.


Risk probability is the likelihood that a risk will occur.Risk impact is the effect on business objectives if the risk occurs.

These two dimensions of risk are applied to specific risks, not to the overall business.  Analysis of risks using probability and impact helps identify those risks that should be managed aggressively.

  • Probability / impact risk rating matrix. A matrix may be constructed that assigns risk ratings (low, moderate and high) to risks or conditions based on combining probability and impact scales. Risks with high probability and high impact are likely to require further analysis, including quantification, and aggressive risk management.  The risk rating is accomplished using a matrix and risk scales for each risk or condition.
A risk’s probability scale naturally falls between 0.0 (no probability) and 1.0 (certainty). Assessing risk probability may be difficult because expert judgment is used, often without benefit of historical data. A general scale (e.g. .1/.3/.5/.7/.9), representing probabilities from very unlikely to almost certain, could be used.

The risk’s impact scale reflects the severity of its impact on the business objective.

...read more.


  • Outputs from Qualitative Risk Analysis
  • Overall risk ranking for the business.Riskranking may indicate the overall risk position of a business relative to other businesses by comparing risk scores.  It can be used to assign personnel or other resources to businesses with different risk rankings, to make a benefit-cost analysis decision about the business, or to support a recommendation for business cancellation.
  • List of prioritized risks. Risks and conditions may be prioritized by their group category (high, moderate, and low) at a detailed level, perhaps at the lowest WBS level. Risks may also be grouped by those that require an immediate response and those that can be handled at a later date. Cost, schedule, functionality and quality risks may be assessed separately with different ratings. Significant risks should have a description of the basis for the assessed probability and impact.
  • List of risks for additional analysis and management. Risks classified as high or moderate would be prime candidates for more analysis, including quantitative risk analysis, and for risk management action.

...read more.

This student written piece of work is one of many that can be found in our University Degree Computer Science section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related University Degree Computer Science essays

  1. Risk Management and Assessment for IT Projects.

    The activities in PMBOK(r) 4.2 associated with the actual project work are not considered a part of the TenStep Project Management Process(tm). They are considered part of the project work itself. Integrated Change Control Manage Scope Change Manage Documents Manage Metrics 5.

  2. Geometric Brownian Motion. The aim of this project is to gain an understanding ...

    > The user will then be able to proceed to select a time step of daily, weekly or monthly. > The user will proceed to select confidence levels of either 95% or 99%, output a graph and calculate the V-a-R value.

  1. Methods and technology used in Computer Forensics

    As the amount of RAM available to users increases, the need for a swap file will decrease in congruence. The installation of Windows Vista on many under resourced systems did give rise to a resurgence in the use of swap files, but the advent of Windows 7 has lessened this trend somewhat.

  2. IP network design

    SDH is bandwidth-flexible and, although based on multiples of 155Mbps (STM-1) up to 40Gbps (STM-256), it permits networking at the 2Mbps, 34Mbps and 140Mbps levels, thus accommodating the existing PDH signals. SDH differs from PDH in that the exact rates that are used to transport the data are tightly synchronised to network based clocks.

  1. Implementation of Path Finding Techniques in Homeland Security Robots

    A solution path includes such a cell may not be a real solution, because there may be no way to cross the cell in the desired direction in a straight line. This would make the path planner unsound. On the other hand, if we insist that only completely free cells

  2. start an ecommerce business

    * Free Templates The main purpose of starting this business is to provide facilities of creating, designing and managing of website of our customers. Our Mission While many companies are aggressively working to develop an image of being top-notch, we have created a scalable, secure e-Business network platform, thus distinguishing ourselves from large rivals.

  1. So in order to understand what the main areas where organisation should be aware ...

    field values in the scanned packets. If all the incoming packets TTL values have the same value, it is likely that they were generated in the same "factory". If the attacker is using nmap intrusion detection systems cannot use this method since nmap generates random TTL fields between 51-65.


    Determine what the environment should be. Each work environment is and should be different. There are strengths and weaknesses in all of them. The organization must decide what their work environment should be, based on organizational vision, obejectives, goals, and plans.

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work