Quantitative & Qualitative Risk Analysis Study Guide for SA Students (Unisa: MNG 0001, MNG 300B; Risk Management; Project Risk)

Quantitative and qualitative risk analysis are core tools in project risk management, quality management, and general management modules offered across South African universities. For SA students preparing for exam-style questions in courses such as Unisa MNG 0001 (business management fundamentals) and Unisa project risk/quality-linked modules, the key is to understand how risks are identified, how they are assessed, and how results translate into decision-making and monitoring. This study guide focuses on both approaches—qualitative (judgement-based) and quantitative (data-based)—and provides exam-ready frameworks, worked examples, and typical pitfalls.

Section 1: Foundations of Risk Analysis in SA University Project & Quality Context (Unisa Focus: MNG 0001)

Risk analysis is the bridge between uncertainty and action. In a project environment—whether you are managing a construction scope, an IT delivery, a procurement cycle, or a service improvement initiative—risks are events or conditions that may affect objectives such as time, cost, scope/quality, and stakeholder satisfaction. In Unisa-style assessments, questions often test whether you can (1) define risk clearly, (2) distinguish causes from consequences, (3) apply a structured analysis method, and (4) interpret risk ratings into practical responses.

What “Risk Analysis” Means (and what it doesn’t)

A common exam trap is treating “risk analysis” as only the risk score. In reality, risk analysis includes:

Qualitative risk analysis
- Uses criteria (e.g., likelihood levels and impact categories)
- Often expressed as a risk matrix (e.g., Low/Medium/High)
Quantitative risk analysis
- Uses numbers (e.g., probabilities, cost/time distributions, expected values)
- Produces measurable outputs such as expected monetary value (EMV), risk exposure, or simulated distributions of project outcomes
Prioritisation & decision-making
- Converts analysis results into action plans, contingency reserves, or risk ownership
Monitoring and review
- Updates probabilities and impacts as the project changes

Risk analysis does not replace risk identification. If you have not described potential causes and events, you cannot reliably estimate likelihood or impact.

Risk Vocabulary You Must Use Correctly in Exams

To score well, use consistent definitions for:

Risk (event/condition): “something that may occur” affecting objectives
Cause: why it might happen
Impact: what happens if it occurs (effects on objectives)
Likelihood: how probable it is
Consequence: the result of the impact
Risk owner: person responsible for response actions
Response: action to reduce likelihood, reduce impact, transfer, or accept

In Unisa-style written questions, markers often reward precision. If you write a sentence that mixes causes and impacts, you may lose marks even if the idea is correct.

Qualitative Risk Analysis: The Core “Risk Matrix” Method

A qualitative risk analysis typically follows these steps:

Define rating scales
- Likelihood scale (e.g., 1–5: Rare to Almost Certain)
- Impact scale (e.g., 1–5: Negligible to Severe)
- Sometimes impact is split into categories (cost, schedule, quality, safety)
Assign ratings to each identified risk
Calculate risk level
- Usually Risk Rating = Likelihood × Impact (simple matrix)
- Some methodologies use probability bands and impact bands directly
Rank and prioritise
- Use a risk matrix chart to identify which risks are “High” and require treatment
Plan responses
- For High risks: avoid, mitigate, transfer, or contingency
- For Low risks: monitor or accept

Example: Qualitative Matrix Setup (Unisa-friendly)

Assume a project where impact is evaluated for schedule, cost, and quality. For simplicity, use a single overall impact score (but mention that it consolidates categories).

Likelihood (L) scale (1–5):

1 = Rare
2 = Unlikely
3 = Possible
4 = Likely
5 = Almost Certain

Impact (I) scale (1–5):

1 = Negligible
2 = Minor
3 = Moderate
4 = Major
5 = Severe

Risk Rating = L × I
Typical exam interpretation:

1–4 = Low
5–9 = Medium
10–25 = High

Now apply to three risks:

R1: Vendor delays delivery
- Likelihood = 4 (Likely)
- Impact = 4 (Major)
- Risk Rating = 16 → High
R2: Minor defects in initial testing
- Likelihood = 3 (Possible)
- Impact = 2 (Minor)
- Risk Rating = 6 → Medium
R3: Stakeholder feedback arrives late (single contributor)
- Likelihood = 2 (Unlikely)
- Impact = 3 (Moderate)
- Risk Rating = 6 → Medium

A strong exam answer clearly states: “Based on the qualitative risk matrix, R1 is High and must be treated; R2 and R3 are Medium and should be monitored with mitigation where cost-effective.”

Common Qualitative Analysis Pitfalls (and How to Avoid Them)

Using vague language
- Avoid: “Likelihood is high because it might happen”
- Use: “Likelihood is Likely because vendors have missed deadlines in 2 of the last 5 deliveries.”
Ignoring correlations
- Two risks may be linked (e.g., “staff shortage” increases “defect likelihood”). Qualitative matrices often ignore correlation unless stated.
Treating risk as only negative
- In project risk management, risks can include opportunities. In many modules, you may be expected to mention both threats and opportunities.
Choosing inconsistent scales
- If likelihood scale says 1–5 but your narrative says “probability 80%” (which implies a specific band), you must align the two.

Quantitative Risk Analysis: Expected Values and Beyond

Quantitative analysis uses numerical estimates, such as:

Expected Monetary Value (EMV):
EMV = Probability × Impact (cost impact, or benefit impact)
Expected time/cost impact from distributions
Simulation (e.g., Monte Carlo) outputs such as percentiles (P50, P80)

Not every Unisa exam requires simulation details, but you should know EMV and risk exposure clearly. Quantitative approaches are more data-intensive, so when data is limited, qualitative analysis is often still essential.

Worked Example: EMV for a Cost Overrun Risk

Suppose a project faces a risk:
R1: Scope change request causes additional cost

Probability of occurrence: 0.25
Additional cost if it occurs: R200,000
EMV = 0.25 × 200,000 = R50,000

Interpretation (exam-friendly):

EMV is the average expected additional cost over many similar instances, or used as a decision support metric.
If mitigation costs less than R50,000 (and mitigation reduces probability and/or impact), mitigation may be financially justified.

Linking Qualitative and Quantitative in a Real Project

In many SA university answers, you should show that qualitative analysis is a screening tool, while quantitative analysis is for prioritised risks.

A typical practical approach:

Conduct qualitative analysis for all risks.
Select top risks (High category) for quantitative analysis.
Use quantitative outputs to refine response plans and contingency reserves.
Reassess periodically.

This approach is especially relevant for resource-constrained SA projects where not every risk can be modelled quantitatively.

SA-Context Quality Risk: How Quality Features in Impact

Quality risk analysis in projects often considers:

product/service conformity to requirements
defects and rework likelihood
inspection and acceptance delays
compliance with standards

In an exam, you may be asked to describe quality as part of impact. For instance, a “defective batch” risk impacts quality objectives and may increase cost (rework), time (retesting), and stakeholder satisfaction (reputation).

Section 2: Quantitative Risk Analysis Techniques (Unisa Focus: Turning Risk Scores into Money/Time)

This section deepens the quantitative methods that frequently appear in exam questions: EMV, risk exposure, and decision-tree logic. It also explains when quantitative analysis is appropriate and how to avoid errors when translating qualitative risks into quantitative estimates.

When Quantitative Analysis Is Appropriate (and when it isn’t)

Quantitative methods require more effort and data. They are most suitable when:

You have reliable historical data (e.g., supplier performance, defect rates)
The impact is large and decision costs are worth it
Stakeholders need measurable outputs
The top risks have clear probabilistic models

Quantitative analysis may be less suitable when:

You lack data and cannot justify assumptions
Risks are poorly defined (unclear causes/events)
The project is too early for reliable estimates
Data quality is low, making the numbers misleading

A strong exam stance:

Use qualitative analysis to create an initial risk register and shortlist.
Use quantitative analysis for shortlisted “high leverage” risks.

Risk Exposure and EMV: The Core Quantitative Pair

Risk exposure is a broader term. In some course contexts it refers to EMV for negative impacts. A simple, consistent approach:

For a threat:
Exposure = Probability × Cost of impact
For an opportunity:
Exposure = Probability × Benefit of impact

Example: Scheduling Risk with Two Outcomes

Risk event: “Testing phase delays due to equipment availability.”

Outcome A: Delay 2 days (probability 0.60)
Outcome B: Delay 5 days (probability 0.40)
Cost of each day of delay = R15,000 (e.g., overhead and penalty cost)

Compute expected cost:

Cost A = 2 × 15,000 = R30,000
Cost B = 5 × 15,000 = R75,000
EMV = 0.60 × 30,000 + 0.40 × 75,000
= 18,000 + 30,000
= R48,000

Exam interpretation:

“On average,” the testing delay risk costs about R48,000.
Management can compare EMV to the cost of mitigation (e.g., rental equipment, backup plan).

Decision Trees: Exam-Common Logic

Decision trees are used when you have multiple stages of risk events and decisions. A typical decision tree includes:

A decision node (choose option A or B)
Chance nodes (uncertain event with probabilities)
Outcome branches with costs/benefits
EMV calculation along each path

Decision Tree Example: Mitigation vs No Mitigation

Risk: “Supplier late delivery impacts project start date.”

Without mitigation:
- Probability of supplier late delivery = 0.30
- If late: cost of delay = R120,000
- If not late: cost = R0
- EMV(no mitigation) = 0.30 × 120,000 = R36,000
With mitigation (e.g., premium freight / contract enforcement):
- Mitigation cost = R20,000
- Mitigation reduces probability of lateness from 0.30 to 0.10
- If late after mitigation: delay cost still R120,000
- EMV(with mitigation) = 20,000 + 0.10 × 120,000
  = 20,000 + 12,000
  = R32,000

Decision rule:

Choose the option with lower expected cost (for a threat): R32,000 < R36,000
Therefore mitigation is financially justified.

A perfect exam answer would explicitly state the comparison and the final decision.

Quantitative Risk Using Probability Distributions (Conceptual but Testable)

Some SA modules emphasise that impacts are not always single-point values. For example:

Time overrun could be 0 to 6 weeks depending on causes
Cost impact might vary with severity level

Instead of one probability for “late/not late,” you may model a distribution:

triangular distribution (minimum, most likely, maximum)
beta distribution for probabilities
normal approximation (with caution)
lognormal for skewed positive quantities

Worked Example: Triangular Distribution for Cost Overrun

Risk: “Exchange rate volatility causes procurement cost overrun.”

Assume cost overrun due to exchange rate follows a triangular distribution:

Minimum overrun = R0
Most likely = R40,000
Maximum = R120,000

Triangular distribution expected value formula:

Expected value = (a + b + c) / 3
where a = min, b = most likely, c = max
Expected value = (0 + 40,000 + 120,000) / 3
= 160,000 / 3
≈ R53,333.33

In exam settings, you might not be required to compute percentiles, but you should show the logic that quantitative analysis produces a summary of expected outcomes.

Monte Carlo Simulation: What to Know for Exams

Monte Carlo simulation is often described rather than computed by hand. You should know:

Inputs: probability distributions for uncertain variables
Process: thousands of random draws
Output: distribution of project outcomes
Use: identify percentiles (e.g., P50 = median, P80 = value such that 80% of outcomes are below it)

A good exam answer:

“Monte Carlo simulation models uncertainty by repeatedly sampling probability distributions, producing a distribution of cost/time results rather than a single expected value.”

Also mention why it matters:

It allows contingency reserves aligned to a risk tolerance level.
It incorporates multiple uncertainties simultaneously.

Translating Quantitative Output into Risk Response

Quantitative results are only useful if they inform response choices. Typical response implications:

High EMV threats → invest in mitigation or contingency
Very low probability but very high impact threats → consider “avoid” or “transfer” (insurance, contract clauses)
Moderate risks across many items → reserve using EMV or percentile-based buffers

Example: Choosing a Contingency Reserve Based on Risk Tolerance (Conceptual)

If stakeholders want an 80% confidence level that total cost does not exceed a budget, you would use a P80 estimate from simulation or a conservative method from distributions. In exam answers, it’s enough to explain that P80 is “not exceeded” with 80% probability (depending on modelling direction).

Pitfalls in Quantitative Risk Analysis

Garbage in, garbage out
- If probabilities and impacts are assumed without evidence, EMV becomes misleading.
Double-counting
- If qualitative and quantitative analyses both add the same cost twice in a model, the totals become wrong.
Ignoring dependencies
- Two risks might be positively correlated (e.g., supply delays correlate with quality defects). Simple EMV sums might under/overstate total risk.
Using inconsistent units
- Time in days in one place, weeks in another without conversion.
Misinterpreting EMV
- EMV does not mean the most likely outcome. It’s an average over many iterations.

Section 3: Qualitative Risk Analysis in Depth + Risk Registers, Scoring, and SA Examination-Style Scenarios (Focus: Unisa MNG 0001 & Integrated Risk Thinking)

This section expands qualitative risk analysis into an exam-ready system: building a risk register, defining likelihood/impact criteria, justifying scores using evidence, and selecting response strategies. It also provides several scenario mini-cases that mirror how questions are phrased in South African university tests.

Building a Risk Register: The Backbone of Risk Analysis

A risk register is a living document listing risks and their management details. A typical register includes:

Risk ID (e.g., R1, R2, R3)
Risk description (event/condition)
Cause
Impact(s) (time/cost/quality)
Likelihood score (L)
Impact score (I)
Risk rating (L×I or matrix category)
Risk owner
Proposed response strategy
Triggers / early warning indicators
Review frequency or monitoring notes

Unisa-style marking commonly rewards:

clear cause-impact separation
realistic scoring justification
appropriate response tied to risk rating

Defining Likelihood and Impact Criteria You Can Defend

Your qualitative scores should not be arbitrary. Use criteria like:

Likelihood criteria example (defensible bands)

1 Rare: happened less than 1 time in 10 similar projects
2 Unlikely: 1–2 times in 10
3 Possible: 3–5 times in 10
4 Likely: 6–8 times in 10
5 Almost certain: 9–10 times in 10

Impact criteria example

Impact in each category might be defined as:

Cost impact (Low/Medium/High)
Schedule impact (days/weeks lost)
Quality impact (defect severity, compliance failure)

If your module uses only one overall impact score, you still should explain the consolidation logic, e.g.:

“Overall impact score is the highest of schedule/cost/quality impact bands.”

Risk Matrix Interpretation: From Numbers to Decisions

Once you have a matrix, you must interpret it.

A practical interpretation:

High (e.g., ≥10): must be treated; plan response and assign owner
Medium (e.g., 5–9): monitor and implement cost-effective mitigation
Low (e.g., 1–4): accept and keep watch; no major action unless triggers occur

In written exams, you should include both:

the classification
the response logic for that classification

Response Strategies: Avoid, Mitigate, Transfer, Accept (Threats)

For threats, common strategies align to:

Avoid: eliminate the risk cause or stop activity that produces it
Mitigate: reduce likelihood and/or impact
Transfer: shift impact to another party (insurance, contract warranties)
Accept: acknowledge risk; do nothing except monitor; may include contingency

You should be ready to explain which response is best for a given risk profile.

Response strategy example mapping

High likelihood + high impact → mitigate aggressively or avoid
High impact + low likelihood → transfer/contingency; mitigation may be targeted
Medium likelihood + medium impact → cost-effective mitigation and monitoring

Scenario Set 1: IT System Implementation (Qualitative Scoring)

Assume a software rollout project. You have identified these risks:

R1: Requirements are incomplete, causing rework
- Likelihood = 4 (Likely)
- Impact = 4 (Major; schedule slips and defects)
- Rating = 16 → High
R2: Network downtime during testing
- Likelihood = 3 (Possible)
- Impact = 3 (Moderate; delays testing)
- Rating = 9 → Medium
R3: User training session attendance is low
- Likelihood = 2 (Unlikely)
- Impact = 2 (Minor to moderate; adoption issues)
- Rating = 4 → Low

What a good exam response does:

Classifies each risk
Proposes response per risk
Adds triggers

Possible responses:

R1 High: mitigation through requirements workshops, traceability matrix, sign-off gates; risk owner: Business Analyst Lead
R2 Medium: mitigation through maintenance windows, backup testing plans; risk owner: IT Operations Manager
R3 Low: accept with monitoring; improve communication for training; risk owner: Change Manager

Scenario Set 2: Construction/Facility Maintenance (Qualitative Scoring)

Assume a facility renovation project.

R4: Materials delivered late due to supplier capacity
- Likelihood = 4
- Impact = 4
- Rating = 16 → High
R5: Minor safety incidents during installation
- Likelihood = 3
- Impact = 2
- Rating = 6 → Medium
R6: Regulatory inspection delays
- Likelihood = 2
- Impact = 3
- Rating = 6 → Medium

Response ideas:

R4 High: mitigate (alternative suppliers, schedule buffers), contract clauses; possibly transfer part of delivery risk
R5 Medium: mitigation through toolbox talks, PPE compliance; transfer risk via insurance and safety compliance
R6 Medium: mitigate by early submission, building inspection liaison

Scenario Set 3: Procurement in a South African Public-Services Setting (Qualitative Scoring)

Assume a procurement project with strict compliance requirements.

R7: Supplier fails to meet documentation requirements (tax compliance, certificates)
- Likelihood = 3
- Impact = 4 (major due to tender delays)
- Rating = 12 → High
R8: Pricing changes due to market volatility
- Likelihood = 4
- Impact = 3
- Rating = 12 → High
R9: Contract specification ambiguity
- Likelihood = 2
- Impact = 2
- Rating = 4 → Low

Responses:

R7 High: mitigate using pre-qualification checks, checklist, compliance officer review
R8 High: mitigate via indexation clauses, approved price escalation mechanism; contingency reserve
R9 Low: accept; clarify spec during early contract stage

Triggers and Early Warning Indicators: The Marks Generator

Many students describe responses but forget triggers. Triggers are conditions that suggest the risk is increasing.

Examples:

Vendor delivery risk trigger: late shipments in the last 2 delivery cycles
Defect risk trigger: defect density rising above a defined threshold during early testing
Regulatory risk trigger: inspection appointment slips by more than 7 days

In exam answers, stating a trigger shows you understand risk is monitored, not only scored.

Linking Qualitative Outputs to Quantitative Follow-Up

A strong exam explanation:

“Because R1 and R4 are High in the qualitative matrix, they will be the priority for quantitative analysis using EMV or distribution modelling, where probability and impact data is available.”

This demonstrates integration and maturity of risk management thinking.

Section 4: Opportunities, Risk Appetite, and Quality Implications (Unisa-Style Integrated View + South African Project Reality)

While much exam practice focuses on threats, many curricula include opportunities and risk appetite/tolerance—especially in quality-oriented modules. In South Africa, where projects often operate under budget constraints and compliance requirements, risk appetite shapes whether you mitigate, transfer, or accept.

Threats vs Opportunities: Don’t Lose Marks by Ignoring Positives

A risk can be:

Threat: something that harms objectives (cost increase, delay, defect risk)
Opportunity: something that benefits objectives (cost savings, accelerated schedule, improved quality)

For opportunities, response strategies typically include:

Exploit: ensure the opportunity occurs (remove barriers)
Enhance: increase probability/impact
Share: partner to share upside
Accept: allow without specific action beyond monitoring

Exams sometimes ask: “Discuss how you would manage both threats and opportunities.”

Example Opportunity Scenario

Opportunity O1: Early supplier prototyping reduces integration defects.

Probability of success = 0.40
Benefit if successful = R80,000 (saved rework cost + faster acceptance)
EMV(opportunity) = 0.40 × 80,000 = R32,000 benefit

Then decide:

If prototype cost is R25,000, net expected value is R32,000 − R25,000 = R7,000 positive.
That supports exploiting/enhancing.

Risk Appetite and Risk Tolerance: Making It Meaningful

Risk appetite is the level of risk an organisation is willing to take to achieve objectives. Risk tolerance is the acceptable deviation for specific objectives (often operationalised as thresholds).

In exam answers, you can express it as:

“We set tolerance for schedule overrun to no more than X weeks at the P80 confidence level.”
“We tolerate only minor quality deviations, with major nonconformities treated as unacceptable.”

Even if your module doesn’t require P80 computations, you can explain the concept and how qualitative ratings connect to tolerance.

Quality as a Risk Driver: Prevention vs Detection

Quality risk analysis often includes:

Prevention (reduce chance of defects)
Detection (inspect early to find defects)
Correction (rework and fix issues)
Prevention of recurrence (root cause analysis)

Quantitative analysis can estimate expected rework cost. Qualitative analysis can classify defects as:

minor (cosmetic)
moderate (functionality impact)
major (compliance failure)

Example: Quality Risk in Testing

Suppose a project has a risk:

R10: Defects escape into acceptance due to incomplete test coverage
- Likelihood = 3 (Possible)
- Impact = 5 (Severe; may lead to rejection, penalties)
- Rating = 15 → High

Response:

Mitigate: strengthen test coverage, define acceptance criteria, automated regression tests
Transfer: possibly warranty clauses
Accept: not recommended if impact is severe and tolerance is low

Integrating Quality Tools with Risk Analysis (How to Write It in an Exam)

Markers like when you connect risk responses to quality management activities:

Change control reduces scope creep risk
Document control reduces specification ambiguity risk
Supplier quality assurance reduces defect risk from external parties
Root cause analysis supports learning and reducing repeating risks
Audit and monitoring supports trigger-based response

Write in a way that shows cause-effect:

“Because incomplete test coverage increases the probability of defect escape, we mitigate by expanding test cases and adding independent verification before acceptance.”

Managing Residual Risk: After Responses

A common missing topic in student answers is residual risk—the risk that remains after treatment.

Example:

Before mitigation, R1 rating is High.
After mitigation (e.g., improved process controls), likelihood drops from 4 to 2.
Residual risk rating might become Medium.

Your exam should include:

initial risk rating
response action
updated rating (residual)
monitoring plan

This shows full lifecycle thinking.

Practical South African “Constraints” That Affect Risk Analysis Choices

In many SA projects:

budgets are limited (risk mitigation must be cost-effective)
timelines can be tight due to procurement cycles
capacity constraints (skills and workforce availability) influence likelihood
compliance and audit requirements increase impact sensitivity

Therefore:

Qualitative analysis is often used broadly (low cost, fast)
Quantitative analysis is reserved for high-value decisions (data exists, impact is significant)

Ethical and Governance Considerations (Quality + Risk)

Quality governance is part of risk management:

ensuring approvals follow procedure
maintaining traceability of decisions
avoiding biased probability scoring

In exams, if asked to “discuss governance,” you can link:

risk register accountability
risk owner responsibility
audit trails for probability/impact assumptions

Section 5: Exam-Ready Worked Questions, Model Answers, and Integrated Revision for SA Students (Unisa & Comparative SA Approach)

This final section is designed to help you pass: you will see exam-style question formats, complete worked solutions, and common marking-point patterns. It also provides revision checklists and a “how to answer” structure that aligns with South African university exams.

How SA University Exams Typically Test Quantitative vs Qualitative

You may see questions like:

“Differentiate between qualitative and quantitative risk analysis.”
“Explain the process of risk analysis and risk response.”
“Construct a risk matrix and prioritise risks.”
“Use EMV to choose between mitigation options.”
“Given probabilities and impacts, compute expected cost.”
“Discuss how to monitor residual risk.”
“Explain risk appetite and tolerance in risk treatment decisions.”

High marks usually require:

correct definitions
use of a structured method
correct calculations (if quantitative)
clear link from results to action

Model Answer 1: Differentiate Qualitative and Quantitative Risk Analysis

Qualitative risk analysis

Uses qualitative scales (e.g., Low/Medium/High)
Employs rating criteria and expert judgement
Output: risk matrix, risk ranking categories
Strengths: fast, low data requirements, good for broad screening
Weaknesses: subjectivity, may ignore probability distributions and correlations

Quantitative risk analysis

Uses numerical probabilities and impacts
Methods: EMV, decision trees, distributions, simulation
Output: expected costs/times, confidence percentiles, risk exposure metrics
Strengths: more precise decision support for top risks
Weaknesses: needs data and modelling assumptions; can mislead if data is poor

A top exam response mentions both and states when to use each.

Model Answer 2: Build a Risk Matrix (Qualitative)

Question type: “A project identifies four risks. Likelihood and impact scores are given. Classify each risk and prioritise.”

Assume:

L and I are scored 1–5
Risk Rating = L × I
Low 1–4, Medium 5–9, High 10–25

Risks:

R11: Likely (4) × Major (4) → 16 → High
R12: Possible (3) × Moderate (3) → 9 → Medium
R13: Unlikely (2) × Moderate (3) → 6 → Medium
R14: Rare (1) × Minor (2) → 2 → Low

Prioritisation:

Treat High risks first (R11)
Monitor Medium risks and apply cost-effective mitigation (R12, R13)
Accept Low risks with monitoring (R14)

Add triggers and risk owner assignments for full marks.

Model Answer 3: EMV Calculation for Decision-Making

Question type: “Choose between mitigation option A and B using EMV.”

Threat:

Risk event occurs with probability 0.20 if no mitigation
Impact if event occurs = R300,000 additional cost

Option A:

Costs R50,000
Reduces probability to 0.08

Option B:

Costs R80,000
Reduces probability to 0.05

Compute:

EMV(no mitigation) = 0.20 × 300,000 = R60,000
EMV(A) = 50,000 + 0.08 × 300,000
= 50,000 + 24,000
= R74,000
EMV(B) = 80,000 + 0.05 × 300,000
= 80,000 + 15,000
= R95,000

For threats (minimise expected cost), compare:

R60,000 (no mitigation) vs R74,000 (A) vs R95,000 (B)
Best option: No mitigation because it has the lowest expected cost.

A good exam response also explains that “no mitigation” doesn’t mean ignoring the risk; it means accept and monitor unless tolerance is exceeded.

Model Answer 4: Expected Cost with Multiple Outcomes (Time Overrun)

Risk: Testing delay has three possible outcomes:

0 days with probability 0.25
3 days with probability 0.50
7 days with probability 0.25

Daily cost of delay = R18,000.

Compute expected delay cost:

Cost(0) = 0 × 18,000 = 0
Cost(3) = 3 × 18,000 = 54,000
Cost(7) = 7 × 18,000 = 126,000

EMV:

= 0.25×0 + 0.50×54,000 + 0.25×126,000
= 0 + 27,000 + 31,500
= R58,500

Then suggest response:

If mitigation cost is less than expected cost reduction, mitigate.
If not, monitor and include contingency.

Model Answer 5: Residual Risk After Mitigation

Initial risk:

R15: Likelihood 4 × Impact 5 = 20 (High)

Mitigation:

improves process and training, reducing likelihood from 4 to 2
impact remains 5

Residual:

Residual rating = 2 × 5 = 10 (still High but lower)

Explain:

residual risk is still high, so treatment may continue (additional controls or transfer) OR add contingency.
monitoring triggers remain active.

Integrated “How to Answer” Structure for Unisa-Style Questions

Use a consistent structure in essays:

Define the key terms (1–2 sentences)
Describe the process (step-by-step)
Apply the method (matrix or EMV calculations)
Interpret the result (prioritisation and response choice)
Add monitoring/residual risk (triggers and updates)

In SA exams, this structure helps you ensure you cover marking points.

Revision Checklist: Quantitative & Qualitative Risk Analysis

Before your exam, ensure you can do the following quickly:

Qualitative Checklist

Define likelihood and impact scales (with meaning)
Build or interpret a risk matrix (Risk Rating = L×I or your module rule)
Classify risks (Low/Medium/High)
Propose appropriate response (avoid/mitigate/transfer/accept)
Provide triggers and assign a risk owner conceptually
Explain residual risk after treatment

Quantitative Checklist

Compute EMV = Probability × Impact
Handle multiple outcomes (sum of probability-weighted costs/benefits)
Solve decision tree comparisons using EMV
Interpret quantitative results for decision-making
Explain limitations (data quality, correlations, assumptions)
Connect quantitative results to contingency/reserves conceptually

Mini Case: Full Integrated Answer (Qualitative → Quantitative → Response)

Case context: A project to deliver a service in a fixed timeline with defined quality acceptance. You have identified three major risks.

Qualitative results:

R16: Supplier late delivery (L=4, I=4 → 16 High)
R17: Defect escape due to incomplete testing (L=3, I=5 → 15 High)
R18: Customer feedback delay (L=2, I=3 → 6 Medium)

Examination-required response:

Prioritise High risks (R16, R17).
For R16 and R17, do quantitative analysis if data exists.
For R18, monitor and accept with triggers.

Quantitative part (illustrative):

For R16: Probability lateness = 0.30; delay cost = R100,000
EMV(R16) = 0.30 × 100,000 = R30,000
Mitigation option for R16 costs R25,000 and reduces probability to 0.12
EMV(with mitigation) = 25,000 + 0.12×100,000
= 25,000 + 12,000
= R37,000
Since mitigation increases expected cost, accept mitigation only if non-financial constraints require it (or improve bargaining to reduce mitigation cost).

For R17:

Probability of defect escape = 0.20; cost if acceptance rejected = R250,000
EMV(R17) = 0.20×250,000 = R50,000
Mitigation (independent verification and extra test cases) costs R30,000 and reduces probability to 0.08
EMV(with mitigation) = 30,000 + 0.08×250,000
= 30,000 + 20,000
= R50,000
Decision: mitigation is break-even in EMV terms; if it improves quality confidence and reduces reputational risk, it may still be chosen, especially if stakeholder risk tolerance is low.

This mini case demonstrates:

qualitative prioritisation
targeted quantitative analysis
response choices backed by numbers where possible

Final Summary (Exam Mastery Points)

Qualitative risk analysis is best for fast screening using consistent likelihood/impact criteria and risk matrices.
Quantitative risk analysis adds numerical rigor—EMV, decision trees, distributions—to support high-impact decisions.
Strong exam answers always connect results to response strategy, risk ownership, and monitoring/triggers, including residual risk.
In SA university contexts like Unisa MNG 0001 and related management/project-risk/quality-linked learning, markers reward structured explanations, defensible assumptions, correct calculations, and clear interpretation.

If you want, I can also generate practice exam questions with memoranda specifically aligned to Unisa-style phrasing for qualitative matrices and EMV/decision tree problems.