SOMA
Contact

Glossary

Quantitative Risk Analysis (QRA)

A numerical assessment of project risk that produces probability-weighted cost and schedule outcomes rather than red/amber/green ratings.

Maintained by Adam O’NeillDirector, QRA SpecialistLast reviewed

Quantitative Risk Analysis (QRA) is the process of assigning numbers to uncertainty. Rather than saying a risk is 'high', QRA asks: how likely is it, and if it occurs, how much time or money could it add? The outputs are probability distributions — typically an S-curve showing the range of possible outturn costs or dates, and the likelihood of achieving each one. QRA usually combines both schedule and cost risk in a single integrated model so that the two are not assessed in isolation.

QRA is used when stakeholders need a defensible cost or schedule confidence range — for example, to set a contingency budget, to advise a board on P50 vs P80 funding levels, or to satisfy a gateway review requirement. It is most valuable early in a project's life when uncertainty is highest and decisions about scope and funding are still live. On major infrastructure projects, QRA is frequently a contractual or regulatory requirement.

The most common mistake is treating QRA as a box-ticking exercise — running the model once to get a number, rather than using it to understand which risks drive the most variability. A good QRA should highlight the top five to ten risk drivers so the project team can actively manage them. Watch out for poorly calibrated three-point estimates: if everyone gives optimistic low values and pessimistic high values that are barely wider than the most likely, the model will produce falsely narrow output bands. And always check whether correlation between risks has been considered — costs and schedule impacts rarely move independently.

Frequently asked

What is quantitative risk analysis in project management?
Quantitative risk analysis (QRA) is the process of converting identified project risks into probability-weighted cost or schedule outcomes. Rather than rating risks red/amber/green, QRA assigns probability distributions to uncertainty and runs a Monte Carlo simulation to produce an S-curve showing the range of possible outturn costs or completion dates — for example, a P50 (50% chance of achieving) and a P80 (80% chance). It is used to set defensible contingency budgets and satisfy gateway review requirements on major infrastructure and defence programmes.
When should you use quantitative risk analysis?
QRA is most valuable early in a project's life when uncertainty is highest and funding decisions are still live. It is typically required at RIBA Stage 2–3 or equivalent gateway stages, when setting the project budget for treasury or board approval, when the contract requires it (common on NEC4, FIDIC, and government frameworks), or when a deterministic cost plan has been challenged as optimistic. It is not cost-effective on small, low-complexity projects where the cost of the analysis exceeds the contingency it would size.
What is the difference between qualitative and quantitative risk analysis?
Qualitative risk analysis scores risks by likelihood and impact on a descriptive or ordinal scale (high/medium/low or 1–5) to prioritise them for management attention. Quantitative risk analysis assigns numerical probability distributions to uncertainty and combines them mathematically — usually via Monte Carlo simulation — to produce a probability distribution of total project cost or completion date. Qualitative analysis is faster and suitable for most risk registers; quantitative analysis is needed when a defensible confidence-level figure is required for funding, contracts, or governance.
What is the output of a quantitative risk analysis?
The primary output is a probability distribution — usually displayed as an S-curve — showing the likelihood of achieving each possible total cost or completion date. From this, key confidence-level figures are read off: P50 (50% probability of not exceeding), P80, P90 etc. Secondary outputs include a sensitivity analysis (tornado chart) identifying the top risk drivers by contribution to variance, and a risk-by-risk breakdown showing which items contribute most to the contingency requirement.

Related terms

← Back to glossary

Putting these techniques into practice?

SOMA provides independent project controls consultancy for UK programmes. We can help you apply QRA, EVM, schedule risk analysis, and more.

Talk to us