Project management header
products page

Risk management - Estimate - size the risks

The Risk Management process

Estimate size the risksEstimate size the risks

ESTIMATE (size the risks)

You need to concentrate on the risks and provide a firmer estimate of the likelihoods and the impacts in terms of cost, project durations, product quality etc.


Two methods are in common use:

Qualitative:

These would take simple forms e.g. HIGH, MEDIUM and LOW or ranking systems, 1 to 5, with 5 being high and 1 being low. To facilitate this some definition of range of effects might prove useful.
This system is simple but open to personal interpretation. This is simple to show. If you ask a number of persons to indicate in percentage terms the meaning of certain phrases e.g. quite likely to happen, will definitely occur and unlikely to occur the range of percentages will vary enormously.

Quantitative:

This is based upon the collection of data and statistical distribution. This system takes longer and is more complex but may be more accurate.

Even where past projects contain relevant experience there can be problems in estimating.

  • Data is non existent
  • Data exists but is poor, not consistent or not enough
  • Personnel with direct experience are no longer around

Initial examination of risks should focus on those that would destroy the project should they materialise.

Other risks are selected, using previous lists of importance, and challenged for clarification and accuracy of the estimation of likelihood and impact and refined as necessary.
A simplified process is discussed in more detail next [see Simple estimating of risk].

At this point one option is not to size the risk. This may be the case if the organisation does not wish to accept the risk and tries to pass it on to a third party to manage.
This may also apply if one or more risks have been identified that can kill the project. These will be of major concern with others put on hold.

As you Evaluate the risks [see The Risk Management process - evaluate - estimates] you may decide that one or more risks require further investigation.
If you decide that a risk requires refining in the sense that there may be other subtle issues to consider then it may be a good idea to try to break it down into smaller components and analyse these.

Some areas to think about when reviewing a risk might be:

  • How accurate do you wish to be?
  • What process will you use to ‘update’ the information needed?
  • How do people actually derive probabilities?
  • What problems exist with the current data?