According to the PMBOKĀ® Guide, specifically within the Perform Qualitative Risk Analysis process, the Risk Probability and Impact Assessment is the primary tool used to evaluate the characteristics of individual project risks.
Risk Probability Assessment: This specific component investigates the likelihood (probability) that each specific risk will occur. It typically uses a scale (e.g., 0.1 to 0.9 or Low to High) to rank the chances of the risk event happening.
Risk Impact Assessment: This investigates the potential effect on a project objective (such as schedule, cost, quality, or performance) if the risk event occurs.
The Probability and Impact Matrix: After assessing both the probability and the impact, the results are often plotted on a matrix to determine the overall risk score (Priority). This allows the project manager to focus on the " High " priority risks that require the most immediate attention and robust response planning.
Data Quality: For this assessment to be effective, the project manager must also perform a Risk Data Quality Assessment to ensure the information being used to judge probability and impact is accurate and reliable.
Comparison with other options:
A. Risk register: This is a document (an output) that contains the results of the risk management processes. While it records the probability and impact, it is the container for the data, not the analytical tool that investigates the likelihood.
B. Risk audits: These are a tool used in the Monitor Risks process. A risk audit is used to consider the effectiveness of the risk management process itself and the effectiveness of the implemented risk responses. It does not primarily investigate the initial likelihood of a risk occurring.
C. Risk urgency assessment: This is a data analysis technique used to identify the timing of a risk. It looks at how soon a risk might happen or how much time is available to implement a response. It does not measure the likelihood of occurrence, but rather the priority based on time.
