In ordinary conversations, a risk is the likelihood or possibility of something usually negative happening. For example, the risk of getting involved in an accident while driving. But in the context of engineering, a risk is used to express both the likelihood of occurrence, for instance, the failure of a structure and the degree of consequences that it may result to, for example, loss of lives. The connection of probability and consequences is used to assess relative risks through quality and judgment which is expressed by high, medium and low. In the case where the likelihood of occurrence and the consequence is quantified, then the product is the risk(Modarres, 34). Therefore risk equals the likelihood of occurrence times the consequence of the occurrence.


Risk quantification is a process where we assess the risks identified in order to come up with data that can be used when determining a response to conforming risk. According to PMBOK standards, risk quantification is the second step after carrying out risk identification and before developing the response and control of a project risk management. PMBOK defines risk quantification as a way of assessing risks and their interactions to evaluate the extent of possible outcomes(Hillson, 33). Generally, quantification of risk is a process of assessing the risks already identified and coming up with data that will be required in deciding what is needed to be done about them.


risk quantification


The aim of carrying out risk quantification in a project is to formulate possibilities in terms of time, human resources or costs and prioritize them according to their likelihood and severity in order to come up with proper actions accordingly. It also assists companies in coming up with appropriate decisions in case of uncertainty. Risk quantification also provides assurance when dealing with unanticipated events in future instead of behaving unreasonably. When quantifying risk, we should identify them first, then analyze them according to their likelihood of occurrence and how it will impact the outcome. The likelihood is based either on perception or data of previous failure rates accessible for comparable events in a datasheet(Hillson, 45). After calculating the likelihood of all the events, we define the criterion of the probability of the entire events.

If a particular event occurs in outstanding situations, such that it is less than 3 percentage the chances of its occurrence, then its probability can be identified as rare. Likewise, consequences or relentlessness of the events on a project is also categorized. For example in a situation where the event might lead to rejecting the whole project then the project can be categorized as Catastrophic. If it results to an additional or a negative of 50 percent of the initial schedule cost then it can be categorized as major. Therefore risk is calculated by multiplying the impact or intensity by the likelihood of occurrence.

After quantifying risk, they are then evaluated in a risk matrix where the red zone represents unacceptable risks, while acceptable risk is represented by a yellow zone and neglectable risks are indicated by a green zone. For instance, if the probability of an event is classified as likely and its severity classified as Catastrophic, in this case, it will be grouped at the red zone in a risk matrix(Modarres, 51). This means that the risk is unacceptable and requires immediate attention to reduce the risk into the acceptable zone or formulate possibilities.

The cross-entropy (CE) methodology is a Monte Carlo way of sampling and optimization. The method is used to estimate probabilities. Monte Carlo is a computerized mathematical simulation method that is used to quantify risk in project management. The technique can be used to score or identify risk in a global trade or a supply chain. It is also helpful when analysing the likely outcomes of decisions and evaluating the intensity of risk that can be used in decision making. In each event, the most probable and the least probable approximations of risk are provided and then added to compute a range of possible outcomes. After that Monte Carlo analysis then produces random figures among the range and computes how many times the figure lies in each probable outcome (Concept of Risk Quantification and Methods Used in Project Management – Apppm). This likelihood is then distributed and a conclusion is made according to the most likely outcome.


risk monte carlo simulation


For instance, if a project requires three tasks, the best case and worst case approximation of the task as shown in fig 1 below. The figure shows that the project is probably going to be completed within 11 and 23 days. For instance, if Monte Carlo simulation is done 500 times producing random figures within 11 and 23, then the sum number of periods the stimulation results was less than or equal to the projected duration is calculated. After that, the probability of each projected duration is calculated and distributed as shown in figure 2. In reference to figure 1, the most probable time to complete the project is 17 days while according to figure 8 the probability of completing the project within 17 days is at 33percent although the probability of completing in 19 days is 88 percent. Therefore, it can be approximated that it will take 19 to 20 days to complete the project.

To sum up, when defining risk we can use metaphors to communicate new or broad concepts, for example, a risk is like brakes in a car, your brakes are supposed to work perfectly in order for you to reach your destination safely. No one will board a car if they were informed that the brakes do not function properly. We should also see risk as cockroaches, they hide, multiple fast and are a problem to stomp out.


Concept of Risk Quantification and Methods Used in Project Management – Apppm.  Accessed 22 Oct. 2018.

Hillson, David. Managing Risk in Projects. Ashgate Pub., 2009.

Modarres, Mohammad. Risk Analysis in Engineering. Chapman and Hall/CRC, 2016.