What Are the Different Types of Risk Analysis?

Article Details
  • Written By: Kristie Lorette
  • Edited By: O. Wallace
  • Last Modified Date: 27 August 2019
  • Copyright Protected:
    Conjecture Corporation
  • Print this Article
Free Widgets for your Site/Blog
Researchers found that gorillas, particularly dominant males, make up songs that they sing and hum as they eat.  more...

September 22 ,  1862 :  US President Abraham Lincoln announced his preliminary Emancipation Proclamation.  more...

Risk analysis is the process that a company goes through to assess internal and external factors that may affect the business productivity, profitability and operations. Two primary types of risk analysis exist. These two broad categories are qualitative and quantitative risk analysis. By assessing these risks, companies can put plans into place on how to avoid and manage the risks.

Qualitative risk analysis is comprised of six primary parts. Elements of qualitative risk include threats, attacks, vulnerability, control, impact and business impact. A company needs to assess all of these elements as a comprehensive package to evaluate the qualitative risks the company has.

To illustrate how companies conduct qualitative risk analysis, assume that a credit card company has computer records on 10,000 to 500,000 customers, at any given time. The first risk is that numerous employees in different departments have access to all of this personal customer information.

When the auditors show up at the credit card company, the problem the auditors find, the risk is that the files do not contain encrypted information. This means that when the information is sent to the business web server and when it sits on the database, it is at risk. The information is at risk from the employees or external hackers from obtaining personal


Quantitative risk analysis is more focused on the facts, figures and data associated with the business. The two primary subcategories of quantitative analysis is the probability of the risk occurring and the likelihood of a loss if the risk in fact occurs.

For example, a health insurance company office that has 1,000 patient files in house would need to assess the risk if there is a confidentiality breach. Assume that in this case the health insurance records are housed on a single database. Further assume that the database is compromised by a hacker breaking into the database. Essentially, this exposes the 1,000 patient files, personal information, medical and insurance records to the hacker.

Assume that the insurance company office places a dollar value of $30 US Dollars (USD) for rectifying each of the patient files. The cost of $30 USD covers everything from changing the patient account numbers and printing out new health insurance cards to contacting each of the patients to inform them of what happened. When conducting a quantitative risk analysis, the answer is $30,000 USD. This is the amount of loss to the health insurance company office for the breach of its database.

Once the powers that be conduct a risk analysis, it is then important for plans to be put in place on how to manage the risk. For example, with the qualitative risk illustration, the credit card company has to employ a system or install a program that automatically encrypts its customer data.


You might also Like


Discuss this Article

Post 2
@Melonlity -- There is an essential problem with risk analysis when it comes to banks or, indeed, any company that extends credit as a central part of its mission. Namely, allowing too much risk results in a lot of defaulting borrowers while assuming too little risk means credit is not available in such a manner that the company can turn a profit.

The trick of all creditors, then, is to find that balance. That is where the true debate is and has always been.

Post 1

The quantitative risk analysis issue seemed to come into play during every housing market crisis of the 20th and 21st century. The notion is that risk analysis gone awry leads to foreclosure, chaos and recessions.

The federal government and the mortgage industry have struggled with the "risk" aspect of that business for a couple of centuries now. Expect that to continue.

Post your comments

Post Anonymously


forgot password?