quantitative risk management
Accounting Workflow

Quantitative Risk Management: What Is and How to Implement It?

Your risk management approach will be quantitative, qualitative or a mixture of both. Each method has its own benefits and drawbacks you must be aware of. In this article, however, we shine the spotlight on quantitative risk management.

You’ll learn what quantitative risk management is, its purpose, methods, examples, and how to implement a quantitative risk analysis.

Let’s dive in.

What is quantitative risk analysis?

Quantitative risk analysis (also known as a quantitative risk assessment) is an approach to risk analysis and control that focuses on making numerical predictions regarding the impact of risk on a project’s goals. 

This approach to risk management uses verifiable data to determine the effect of risk on metrics such as schedule days, cost, or even scope creep. 

For instance, with quantitative risk analysis, you can determine that if you obtain a permit late, your project will be delayed by 15 days.

Because quantitative risk analysis relies on the use of data, it is more objective than qualitative risk analysis.

What is the purpose of quantitative risk analysis?

The overarching objective of a quantitative risk analysis is to inform decision-making and improve the quality of decisions regarding a project. 

For example, you must have reliable cost estimates if you intend to mobilize resources for a given project. The place of quantitative risk analysis is to provide you with these reliable estimates, so you can make informed decisions regarding how many resources to mobilize, for instance, and at what cost.

This is critical because if you make incorrect estimates, you will follow that with several wrong decisions. And the effect will cascade to the whole project—affecting your ability to achieve the project’s goals.

Quantitative risk analysis is particularly advisable if:

  • Your project is either large or sophisticated.
  • The success of your project highly depends on the accuracy of estimates.
  • Your project requires a contingency reserve based on correct financial estimates.

Quantitative risk analysis methods and tools

Following are some quantitative risk analysis methods and tools that will be useful when performing quantitative risk analysis.

  • Monte Carlo Analysis: Also known as a multiple probability simulation, Monte Carlo Analysis is a simulation technique that predicts the probability of various outcomes of projects with uncertain input variable(s).  

Using an iterative approach, Monte Carlo analysis involves repeatedly assigning random values to uncertain variables and then averaging the results that should appear as a normal distribution curve. 

With this, you can predict the most common outcome(s), which should appear in the middle of the curve.

  • Decision Tree Analysis: This is where you represent possible project outcomes in a tree-like diagram so you can tease out potential results based on a range of choices.
  • Sensitivity Analysis: Also known as “What-if Simulation,” Sensitivity Analysis is a simulation technique that predicts the change in project outcomes based on the change in specific inputs.
  • Expected Monetary Value: This statistical technique quantifies the expected project outcome, whether loss or gain, based on the probability and impact of each event.
  • Failure Mode and Effects Analysis (FMEA): This is a structured way of identifying and addressing potential project failures and their effects before an adverse event occurs.
  • Three-Point Estimate: This is an estimation technique where team members write their optimistic, realistic, and pessimistic estimates regarding a project’s scope, schedule, or cost. Project managers then sum all these and apply the three-point estimate formula.

Example of quantitative risk analysis

To illustrate quantitative risk analysis using an example, we can use any of the risk analysis methods and tools we’ve highlighted above. Some of these, however, such as Monte Carlo Analysis, involve computer applications. 

For this article, we’ll pick two risk analysis methods: Sensitivity Analysis and Expected Monetary Value.

Sensitivity Analysis

Sensitivity Analysis aims to assess the effect on an output due to a change in some input factor. 

Let’s assume that Reagan is in the ice cream-selling business. He wants to know how a change in average daily temperatures may affect his average daily sales and, if so, by how much.

The average price of a gelato ice cream Reagan sells is $5.00. Last year, during the warm summer months, Reagan sold 15,000 cones of gelato ice creams, raking in $75,000.

After using a spreadsheet, Reagan discovered that when average temperatures increased by 20%, there would be a 10% increase in gelato ice cream cones sales. 

With this information, Reagan wanted to predict how much his ice cream sales would increase or decrease based on simulated changes in daily average temperatures.

For instance, what would Reagan’s average daily sales look like should average daily temperatures increase by 40%?

By framing this as a mathematical problem, Reagan discovered that a 40% increase in average daily temperatures would result in a 20% increase in sales.

Expected Monetary Value

Under Expected Monetary Value, you’ll need to quantify the expected project outcome, whether loss or gain, based on

  • the probability of an event occurring and
  • the impact of the event occurring.

Let’s assume your project faces three risks:

  • Market risk: the likelihood of suffering financial losses due to market conditions.
  • IT system risk: the likelihood of IT systems failing or functioning at suboptimal levels.
  • Compliance risk: the likelihood of not complying with specific regulations or professional directives. (While you can mitigate this with a good Control Risk Management solution, compliance risks can have devastating consequences.)

Let’s assume that the probability of market risk, IT system risk, and compliance risk occurring is 30%, 20%, and 10%, respectively. 

Also, let’s assume the financial impact of market, IT system, and compliance risks is $100,000, $50,000, and $20,000, respectively.

Here’s how you’ll determine your Expected Monetary Value.

RiskProbabilityCost ImpactExpected Monetary Value
Market risk30%$100,000$30,000
IT system risk20%$50,000$10,000
Compliance risk10%$20,000$2,000
                            Total Expected Monetary Value$42,000

Therefore, $42,000 is the total sum you could lose, given your project’s risk profile. 

Consequently, this is the amount you may need to set aside as your contingency reserve.

Then again, these risks we’ve highlighted are but a few examples. A project often faces several threats. Take financial reporting, for instance.

The risk of inaccurate financial statements includes reputational damage, economic loss, hefty fines, legal action, and sometimes even bankruptcy.

What is the difference between qualitative and quantitative risk analysis?

The main difference between quantitative and qualitative risk analysis is that quantitative analysis involves data and numerical values, while qualitative analysis doesn’t.

But that said, the following are other differences.

  • Quantitative risk analysis focuses on all the probable risks, while qualitative risk analysis covers all identified risks.
  • Quantitative risk analysis reduces risk to a monetary value or number of days, which are more meaningful metrics, while qualitative risk analysis only scales risk.
  • Quantitative risk analysis is often suitable for large and complex projects, while qualitative risk analysis can be used in small and large tasks. 

Implement a quantitative risk analysis process in 4 steps

Follow these steps if you want to implement quantitative risk analysis.

Step 1: Identify areas of uncertainty

The first step entails identifying all your risks. For this, a risk identification tool such as a brainstorming session can come in handy. You must make this as open and consultative as possible since you will not want to overlook any risk. 

Then again, use a project outline that splits the project into constituent parts or sections. This fine-tooth-comb approach will ensure you don’t pass over any potential risk.

Step 2: Assess the costs of each risk

For risk events with no variation, such as a machine breaking down, you’ll simply record the expected cost of repairing the machine or buying a new one.

However, for risks with variations, such as the likelihood of bad weather, you’ll have to break down variable risks into multiple items for variations, such as the likelihood of bad weather. For instance, you may need to categorize weather delays into catastrophic, severe, and mild weather delays.

You’ll then need to assign a cost to these different variables and calculate the average cost for all potential responses to the risk.

Step 3: Determine the probability of each risk occurring

In project management, it is never enough to simply list risks. This does not capture the nuance of reality. Instead, you’ll need to estimate the probability or likelihood of the risks happening. 

Often, this will depend on your observable experience, such as the case of the weather.

Step 4: Calculate the expected cost of each potential risk

Here’s where you simply multiply the estimated financial cost of each risk event by its probability. 

The Takeaway

Business thinkers, including Peter Drucker, have observed that what separates successful companies from unsuccessful ones is how they identify and manage risk. 

While the business environment is in flux and the risk landscape is becoming more and more like a spider’s web, with the help of good automation software, you can have a handle on your risks and reap the benefits that come with incredible efficiency.

If this is something you’re tempted to try, get in touch with us and schedule a demo today.

Stefan van Duyvendijk

Stefan van Duyvendijk is FloQast's first Accounting Operations Evangelist. Stefan is a tenured controller who has consistently nurtured finance professionals and improved accounting processes throughout his career. Previously he was Corporate Controller for Kodiak Cakes where he led a 10-member finance team through a pre-IPO initiative. Before that, he was U.S. Controller for Skullcandy and senior associate at KPMG.