Risk Analysis

Qualitative Risk Analysis

Qualitative Risk Analysis


Security risk analysis, which is also at times known as risk assessment, is basically a straight forward process that helps in identifying the possible risk factors that may cause harm to the organization. It is so very fundamental to the sustenance and growth of enterprises of various kinds ranging from the shops to offices to business houses. Depending upon the nature of the work of the organization, the nature of the risk assessment program also keeps varying. However, there are two primary types into which the risk analysis process may be categorized. They are the qualitative risk analysis and quantitative risk analysis. The quantitative risk analysis focuses on the "annual loss expectancy" of the organization. However, our focus here is on the qualitative risk analysis. Let's look into it.

This qualitative pattern of the risk analysis is undoubtedly the most widely employed form or approach of project risk analysis or decision risk analysis. It is all the more apt for decision risk analysis as this particular approach of analysis focuses on the threats and more so an the vulnerabilities that make possible for the success of the threats in creating hazards at the place of work. No kind of probability data is necessary to make this pattern of project risk analysis. Only an estimation of the potential loss is what is required. There are quiet a few methodologies that are employed in this particular kind of analysis of risks. However most of them make use of a number of elements that are related to each other.

The first that comes in line in this regard is the identified threats. By threats are meant those things that have the potentiality to attack the organization in the future and cause loss to it. There can, for instance, be a fire or explosion. There can also be a theft or fraud. There cannot be a system without threats.

Then comes the element of vulnerability. Needless to say, the presence of vulnerability can make the entire system more prone to the attacks by the threats. It can also increase the scope and impact of the attack. That is the threat can have more success in presence of the elements that are termed as vulnerability. As an example, presence of a faulty electrical circuit, or a heap of papers can be termed as a vulnerability for the threat of a fire. There are four kinds of controls that can counter the presence of the vulnerabilities in an organization. They are the detective controls, corrective controls, preventive controls, and the deterrent controls.

To put it in other words, the qualitative approach of project and cost risk analysis focuses on which particular kinds of risks need to be taken care of. This is a risk analysis process that is more dependent on intuition. Three questions and their subsequent answers sum up for the entire approach: - What might happen? - How likely is the incident to take place? - What is the possible impact of the incident? Once you have the answers to these three questions, you are through with your qualitative risk analysis process.