Phase 5-DB Project Quality and Risk Management PM610-Project Management, Execution, and Closure Risk is best defined basically as the potential to suffer a loss of some sort. Risk analysis is the process of defining and analyzing the dangers to individuals, businesses and government agencies posed by potential natural and human-caused adverse events. In IT, a risk analysis report can be used to align technology-related objectives with a company’s business objectives.
A risk analysis report can be either quantitative or qualitative. (Search Mid-Market Security 2010). Now that we understand what risk analysis is, ley us examine the two types: qualitative and quantitative. Qualitative risk analysis is the most popular and does not involve any numerical probabilities or predictions of loss. The qualitative method certainly does involve defining the various threats, determining the extent of vulnerabilities and devising countermeasures should an attack occur.
Quantitative risk analysis attempts to numerically determine the probabilities of various adverse events to the likelihood of the losses if it is a particular event that takes place. Qualitative risk analysis is appropriate to use when you need to determine which risk are important enough to manage. On way is to identify the severity of the impact to the project in terms of high, medium, or low. Also when you want to estimate the probability of the risk occurring in terms of high, medium, or low.
So getting a quick estimate, not so much as counting them, will help to gauge how the project is doing in the project life cycle. Quantitative risk analysis is appropriate to use when your objective is to calculate the numeric values for each component of the data gathered during the risk assessment and the cost benefit analysis. For example, the true value of each business asset in terms is estimated in terms of what it would cost to replace it, what it would cost in terms of lost productivity, what it would cost in terms of brand reputation, and other direct and indirect business values.
The process requires the user to attempt to use the same objectivity when computing asset exposure, cost of controls, and all of the other values that are identified during the risk management process. (Information Network and Security, 2013) For the IRTC customer service system project, I think I will use both the qualitative and quantitative risk analysis methods to some degree. Using the qualitative risk method will take into consideration the additional funds and resources needed as well as the extra hours it will take to complete the add-on to the project.
The quantitative method will help manage the risk factor whether high, medium, or low to show the vendors, the project team and management what to tackle first. This will be especially helpful as the change request is going through appropriations. References Rouse, Margaret (2010). Definition Risk Analysis Retrieved on 19 March 2013, from www. searchmidmarketsecurity. techtarget/com The Security Practitioner (2013). An Introduction to Information, Network and Security. Quantitative Risk Assessment. Retrieved on 20 March 2013, from www. security. practitioner. com