Manajemen Risiko

Analisis Risiko Kualitatif

Prof. Puti Farida

Qualitative Risk Analysis – Basics (1)

• Qualitative risk analysis is the application of methods for ranking the

identified risks according to their potential effect on project objectives.
• This process prioritizes risks according to their potential effect on project
objectives.
• Qualitative risk analysis is one way of determining the importance of
addressing specific risks and guides risk response measures.
• Qualitative risk analysis connotes a better description of the risk, its
dimensions and its characteristics.
• The point of risk analysis is to drill down on potentially high-risk tasks to
get a more detailed picture of their impacts.
Qualitative Risk Analysis – Basics (2)

• Definitions of the levels for probability and impact and expert

opinion help correct biases in the data used in qualitative
analysis.
• Qualitative risk analysis should be reviewed during the project’s
life cycle to stay current with changes in project risks.
• The process can lead to further analysis in quantitative risk
analysis or directly to risk response planning.
Qualitative Risk Analysis – Basics (3)

Sources of Risks
Although project risks are interrelated and interdependent, most risks
spring from a definite origin.
The customary origins for project risks are the following:
• Performance, scope, quality, or technology issues
• Environment, safety and health concerns
• Scope, cost, and schedule uncertainty
• Political concerns
Qualitative Risk Analysis – Basics (4)

Foundations of Risks
• Risks can be classified as either internal or external.
• Internal risks are those that arise within the scope and control of the
project team.
• Most internal risks can be referenced to a specific project document such
as cost estimate or a schedule.
• External risks are generally imposed on the project from establishments
beyond the limits of the project.
• Interactions with citizens groups or regulators are typical external risks.
• Funding constraints and restrictions are other common external risks.
• External risks tend to refer to items that are inherently unpredictable but
generally foreseeable.
Risk Identification Classification

RISK
IDENTIFICATION

EXTERNAL EXTERNAL INTERNAL

TECHNICAL LEGAL
UNPREDICTABLE PREDICTABLE NONTECHNICAL

Market risks Management Changes in Licenses

Regulatory Operational
Natural Hazards Schedule technology Contractual
Environmental Cost Performance Third-party suit
Postulated events impacts Cash flow Risk specific to Force majeure
Social technology
Inflation Design

(PMI - Adapted from Project an Risk Management: A Guide to Managing Project Risks, Wideman 1992)
Incremental and Discrete Risks

• Some risks are measured incrementally and continuously: occurrence

of the risk evidences itself in a series of small changes over the life of
the project.
• Most internal risk (costs, durations, quantities) are incremental risks.
• On the other hand, external risks are usually incident-oriented or
discrete risks. In other words, the risk either occurs or it does not.
• Many frequent, small changes characterize incremental risks. They
are high-frequency but low-consequence risks.
• Discrete risks are characterized by a single large change. They are low-
frequency but high-consequence events.
Model Risk and Data Risks

• One risk distinction that is especially important in quantitative

risk assessment is whether risks are epistemic or aleatory.
• Aleatory (data) risks refer to uncertainty associated with the data
used in risk calculations.
• Epistemic (model) risks refer to risks that arise from the inability
to accurately calculate a value.
Risk Screening: Risk Severity and Frequency

• Frequency and severity are the two primary characteristics used

to screen risks and separate them into minor risks that do not
require further management attention and significant risks that
require management attention and possibly quantitative analysis.
• Various methods have been developed to help classify risks
according to their seriousness.
• One common method is to develop a two-dimensioned matrix
that classifies risks into three categories based on the combined
effects of their frequency and severity.
Risk Probability and Impact Assessment (1)

• Risk probability and risk impact may be described in qualitative terms

such as very high, high, moderate, low and very low;
• Risk probability is the likelihood that a risk will occur.
• Risk impact is the effect on project objectives if the risk occurs, which may be
a negative effect (threat) or a positive effect (opportunity).
• These two dimensions of risk are applied to specific risks, not to the overall
project.
Risk Probability and Impact Assessment (2)

• Identify risk factors

• Assign value for probability/likelihood of risk factors
• Assign value for impact
• Calculate risk value :
• R = P x I, or
• R = (P + I) / 2
• Etc.
Risk Probability and Impact Assessment (3)

• The levels of probability and impact are assessed in meetings or by

interviews. Participants include subject matter (area of risk) experts
and project team members.
• Details justifying the assessment should be documented.
• Risks are rated according to the definitions given in the risk
management plan.
Risk Prioritization Framework

Walewsky (2006)
 ASSESSMENT GUIDE
Level Likelihood RISK ASSESSMENT
E M M H H H
A Remote High (Red)
D L M M H H

Likelihood
B Unlikely Unacceptable. Major disruption
C L L M M H
C Likely likely. Different approach required.
B L L L M M Priority management attention
D Highly Likely required
A L L L L M
E Near Certainty
a b c d e Moderate (Yellow)
Consequence RISK
Some disruption. Different approach
may be required. Additional
management attention may be
Level Schedule and/or Cost
needed.
a Minimal or no impact Minimal or no impact
Low (Green)
b Additional resources Less than 5%
required; able to meet Minimum impact. Minimum oversight
c Minor slip in key milestones; 5-7% needed to ensure risk remains low.
not able to meet need date
d Major slip in key milestone or 7-10%
critical path impacted
e Can’t achieve key team or More than 10%
major program milestone
 Example: Interchange Project Risk Assessment

ASSESSMENT RISK ASSESSMENT

RISK

VH VH
Unexpected Landowners
H X

Probability
geotechnical H X unwilling to
Probability

issues at to sell at M
bridge piers
M
US 555-SH 111
L junction
L

VL VL

VL L M H VH VL L M H VH
Impact
Impact
Probability/Impact Matrix

Impact/Criticality
Probability/ 1 2 3 4 5
Likelihood Insignificant Minor Moderate Major Catastrophic

E-Almost 5 10 15 20 25
Certain
D-Likely 4 8 12 16 20

C-Possible 3 6 9 12 15

B-Unlikely 2 4 6 8 10

A-Rare 1 2 3 4 5
Inputs to Qualitative Risk Analysis

• Risk management plan

• Identified risks: A completed risk matrix (task–risk–probability-impact-severity-contingency plan)
is required before risk analysis proceeds.
• Project status: The timing of risk analysis is important because the risk impacts, particularly in
terms of schedule and budget, will change depending on when they are analyzed. The later the
project cycle, the clearer the impacts will be.
• Project type: It is important to dimension the risk here.
• Data precision: The accuracy and precision of data are important: if it is known that a given
reliability test has a proven failure rate then the results must be tempered accordingly.
• Scales of probability: Probability is a subjective judgment unless the product is tested many times
to develop a statistical mean. In most projects, the probability of a risk occurring is the result of
thinking through how many times this kind of risk has occurred in past similar projects, combined
with “gut” judgment of the project manager and key stakeholders.
• Assumptions: The assumptions are rarely listed, but they are apparent in the analysis process.
Tools and Techniques for Qualitative Risk Analysis

• Risk probability and impact.

Using the risk matrix, the project manager has already identified risks and will assign probabilities to
all high-impact risks. For most risks, these probabilities are subjective and simply communicate a
sense of confidence that the project manager has about the risk in question. Generally, probabilities
should be stated in three forms, 25 percent, 50 percent, or 75 percent, suggesting little chance of
the risk occurring, substantial chance, or high chance, respectively.
• Probability/impact risk rating matrix.
The rating or risk matrix now is fine tuned in the analysis process, with more data and more
attention.
• Project assumptions testing.
Testing assumptions involves taking time to review key assumptions and confirming that the
assumption is right and that the probability assigned is in the right ballpark.
• Data precision ranking.
This step is useful if the product is highly complex and must meet detailed performance
specifications. The data precision ranking indicates how precise the test data are compared to a
common standard.
Example of Qualitative Likelihood for Project Risk

Title Score Description

Highly unlikely to occur; however, still needs to be

Very Low 1 monitored as certain circumstances could result in this
risk becoming more likely to occur during the project
Unlikely to occur, based on current information, as the
Low 2 circumstances likely to trigger the risk are also unlikely
to occur
Likely to occur as it is clear that the risk will probably
Medium 3
eventuate
Very likely to occur, based on the circumstances of the
High 4
project
Highly likely to occur as the circumstances which will
Very High 5 cause this risk to eventuate are also very likely to be
created
Example of Qualitative Impact for Project Risk

Title Score Description©

Insignificant impact on the project. It is not possible
Very Low 1
to measure the impact on the project as it is minimal
Minor impact on the project, e.g. < 5% deviation in
Low 2
scope, scheduled end-date or project budget
Measurable impact on the project, e.g. 5-10%
Medium 3 deviation in scope, scheduled end-date or project
budget
Significant impact on the project, e.g. 10-25%
High 4 deviation in scope, scheduled end-date or project
budget
Major impact on the project, e.g. >25%% deviation in
Very High 5
scope, scheduled end-date or project budget
Evaluating Impact of a Threat on Major Project Objectives

Caltrans (2007)
Evaluating Impact of an Opportunity on Major Project Objectives

Caltrans (2007)
Outputs from Qualitative Risk Analysis

• Overall risk ranking for the project.

Once the qualitative process is finished, two rankings are produced: (1) how the project’s overall
risk is ranked compared to others (may be completed in comparing and selecting a portfolio of
projects) and (2) how individual risks rank within the project, usually limiting the list to five or less.
This process is related closely to the theory of constraints. A project typically faces only a few major
bottlenecks or risks, and it is the job of the project manager to accurately uncover those few critical
risks during qualitative analysis.
• List of prioritized risks
The list of prioritized risks is incorporated in a project report to stakeholders along with supportive
information including the risk matrix and contingency plans.
• List of risks for additional analysis and management.
A residual list includes other risks that could turn out to be more important than they appear.
• Trends in qualitative risk analysis results.
Some review of the credibility of the process will uncover past analyses and how their results played
out in real terms.
Conclusions

• The goal of risk assessment is not to eliminate all risk from the
project.
• Rather, the goal is to recognize the significant risk challenges to
the project and to initiate an appropriate management response
to their management and mitigation.