How should an organization decide whether or not to accept a risk and launch if the risks cannot be quantified?
When risks cannot be quantified, we can use qualitative risk analysis to help us make decisions on whether risks can be accepted or not. Qualitative Risk Analysis is a measure of risk or asset value based on a ranking or separation into descriptive categories such as low, medium, high; not important, important, very important etc. or on a scale from 1 to 5. Qualitative Risk Analysis includes methods for prioritizing the identified risks for further action, such as Quantitative Risk Analysis or Risk Response Planning. Organizations can improve the project’s performance effectively by focusing on high-priority risks. Qualitative Risk Analysis assesses the priority of identified risks using their probability of occurring, the corresponding impact on project objectives if the risks do occur, as well as other factors such as the time frame and risk tolerance of the project constraints of cost, schedule, scope, and quality.
Once we have made an assessment of risks, there are four things that can be done. These strategies are:
1) Avoid the risk: Something should be done to remove it.
2) Transfer the risk: Make someone else responsible for it. For example any vendor can be made responsible for a particular kind of risk.
3) Mitigate the risk: Take actions to lessen the impact or chance of risk occurring.
4) Accept the risk: The risk might be some small the effort to do anything is not worthwhile.
A risk response plan should include the strategy and action items to address the strategy. The actions should include what needs to be done, who is doing it, and when it should be completed. The final step is to continually monitor risks to identify any change in the status, or if they turn into an issue. It is best to hold regular risk reviews to identify risk probability and impact, remove risks that have passed, and identify new risks.