TABLE OF CONTENTS Organizations measure different risks using different tools. For example, organizations will employ software engineering techniques to highlight exposures, leading to maximum foreseeable risk. Project managers projections are used for expected risk levels where sufficient data are available. Scenario analyses and Monte Carlo simulations are used when data are thin, especially to answer what if? questions. Probabilistic and quantitative risk assessments are used for taxonomy estimates related to the SDLC, and to support stakeholder or policy decisions. For political risks, managers rely on qualitative analyses of experts . When it comes to business risks (market, business cases, budgets, and costs of financing projects), we can be inundated with complex models that are comprehensible only to the initiated. The qualitative methods lack mathematical rigour and that leaves us with the quantitative tools that are often too abstract for laymen to understand, but which are nevertheless essential techniques in the risk tool box. However, if laymen can t understand the methods we employ, then we face the chance that it will be interpreted only by the technical experts , putting decisions squarely in the wrong hands. This could be considered by stakeholders to be an abrogation of senior management responsibility.
In essence organizations should use a combination of both tools so that they can deliver sensible and practical assessments of their risks to their stakeholders. For example, the project board, key users, project members, contractors, external customers, suppliers, regulators, and, finally, the user communities where operations occur. As previously...
