Where's the Risk in Quantitative Risk Analysis?

Every company takes risks when they go into business as everything from legal liabilities to natural disasters can seriously affect their ability to do their jobs and increase their value in the market. At the same time there is the very high likelihood that these disasters won't happen or can be prevented. Thus, company's engage in what is known as risk management using quantitative risk analysis to help determine what risks they face, how likely it is that they will face them, and how to avoid or prevent or even to recover from them.

Risk Management

Quantitative risk analysts help to identify, evaluate, and plan for all of the possible risks a program, project, or company may face. These risks can pose as project failures, accidents, even legal challenges and almost always end up presenting a company or individual with unexpected costs. Without proper preparation for these risks, a company can have their entire financial plans derailed. That's why it is important to complete a risk analysis for any new project a company may launch and even to employ periodic risk assessments of ongoing processes. Even if a company uses the same production process for a century, the world around it changes and brings new risks every day.

How to Identify and Plan for Trouble

The first step to risk management is actually identify the risk. This usually takes a large amount of research and creative thinking on the part of the risk analyst. Each and every facet of a project can have something go wrong. However, not every risk is as likely to actually occur and not every risk has the potential to cause enough damage to worry about. It is the analyst's job to calculate the overall risks and then decide which ones are worth planning for. Only then do they begin planning the best way to prepare for those threats.

How do you Calculate Risk?

The risk analyst's job is to figure out what all of the risks are and the prioritize them based on the likelihood of the risk and how much damage it can cause. They do this using the formula Ri = LiP (Li) where L represents the extent of any potential loss, and P stands for the probability or likelihood that this loss will occur. This formula is repeated for every risk and allows the analyst to rank the risks based on the significance of R. Each time this formula is employed the result is caleld an SLE or single loss expectancy.

Just How Far the Risks Extend

Once an analyst has identified the risks and calculated the potential losses and the probabilities of occurrence, the job has only just begun. The risk analyst will then calculate how often SLEs are likely to be successful to arrive at what is known as an annualized rate of occurrence or an ARO. Only then can the analyst arrive at an ALE or annualized Loss expectancy to present to the company. The ALE tells a company just how much they value they stand to lose based on the risks. This can help the analyst and the company approach a plan to respond to the risks and protect their assets.

The Criticism against Risk Management

Usually a quantitative risk analysis occurs very quickly and the smallest mistake can make a huge difference. The trouble comes when trying to quantify all threats to an asset to fit them into a handful of equations. Losses have to be speculated and reduced to their barest forms, which can make even the simplest risk assessment inaccurate and misdirected.

Quantitative analysis when it comes to risk management can occasionally ignore the qualitative differences between risks or the effects they may have on aspects of a company that are not easily quantified but are equally or more important. However, risk management is an important process in any project planning even with its deficiencies.