Risk Analysis | Lean Six Sigma, Six Sigma Certification

Qualitative and quantitative risk analysis are two approaches used in risk management to assess and evaluate risks associated with a project, process, or decision. While they have different methodologies, both approaches aim to identify, analyze, and prioritize risks for effective risk mitigation.

Qualitative Risk Analysis:

Qualitative risk analysis is a subjective approach that focuses on assessing risks based on their characteristics and impact without assigning numerical values. It involves gathering information from experts, stakeholders, and historical data to qualitatively evaluate the probability, severity, and potential consequences of identified risks. The key steps in qualitative risk analysis include:

  • Risk Identification: Identifying and documenting potential risks that may affect the project or decision.
  • Risk Assessment: Assessing the likelihood and impact of each identified risk using qualitative scales (e.g., low, medium, high).
  • Risk Prioritization: Prioritizing risks based on their potential impact and likelihood of occurrence.
  • Risk Response Planning: Developing strategies and plans to address and mitigate the identified risks.

Qualitative risk analysis provides a holistic understanding of risks and their qualitative characteristics. It helps in prioritizing risks, directing resources, and developing appropriate risk management strategies.

Quantitative Risk Analysis:

Quantitative risk analysis involves assigning numerical values to risks and uses statistical techniques to analyze and quantify their potential impact on project objectives or decision outcomes. This approach involves more detailed data analysis and uses mathematical models and simulations to assess risks. The key steps in quantitative risk analysis include:

  • Risk Data Collection: Collecting relevant data, historical information, and expert opinions to quantify risks.
  • Risk Quantification: Assigning numerical values to risks using techniques such as probability distributions, impact estimation, and data analysis.
  • Risk Modeling and Simulation: Developing mathematical models and conducting simulations to analyze the combined effect of various risks on project outcomes.
  • Sensitivity Analysis: Assessing the sensitivity of project outcomes to changes in risk variables and identifying critical risk factors.
  • Decision Analysis: Evaluating different risk response options and making informed decisions based on the quantitative analysis.

Quantitative risk analysis provides a more precise understanding of risks by assigning numeric values, calculating expected values, and assessing the probability of achieving project objectives. It allows for more robust decision-making and optimization of risk mitigation strategies.

Both qualitative and quantitative risk analysis methods have their strengths and weaknesses. Qualitative analysis is valuable for its simplicity, ease of use, and subjective insights, while quantitative analysis provides a more rigorous and data-driven approach. In practice, a combination of both approaches is often employed to achieve a comprehensive risk assessment and develop effective risk management plans.



The voice of the customer (VOC) is gathered and converted into technical requirements in this phase. A business case is then established and a project charter is prepared along with milestones. A team is also formed to carry out the project. Roles and responsibilities of the team members are also set during this phase. These activities are accomplished using tools such as Quality Function Deployment (QFD); Failure Modes and Effects Analysis (FMEA); the Suppliers, Inputs, Process, Outputs, and Customers (SIPOC) diagram; the Integrated Product Delivery System (IDPS); target costing; and benchmarking.


In this phase, the concept design is developed by formulating alternative concepts and choosing the best concept after evaluating the alternatives. Risks associated with the chosen concept design are also determined. The functional requirements and their Critical to Quality (CTQ) attributes are identified by the Six Sigma team. The CTQ attributes are deployed after assessing their effect on functional requirements. Raw materials and their procurement plan with the related manufacturing plan are created during this phase. In addition, the Sigma capability is predicted. These activities are accomplished using tools such as smart simple design, risk assessment, FMEA, engineering analysis, materials selection software, simulation, DOE, systems engineering, and the capability of the process is evaluated to verify if the CTQs can be met.


The design is optimized for reliability and performance by developing detailed design elements. This helps optimize the Sigma capability and cost. These activities are accomplished through manufacturing database and flowback tools, a design for manufacturability, process capability models, a robust design, Monte Carlo methods, tolerancing, and Six Sigma tools.


The prototype is tested using formal tools to validate the design. After evaluating the performance, failure modes, and risks of the design, new requirements to be met are sent to manufacturing and sourcing units. The design is iterated until it meets the requirements of the customer. A final phase review to assess the reliability is also carried out to validate the design. The term Verify is also used interchangeably for this phase. These activities are accomplished through accelerated testing, reliability engineering, FMEA, and disciplined New Product Introduction (NPI).


FMEA is performed to refine a solution just before its implementation, or at the beginning of a project; to investigate if there is a possibility for any anomalies or risks arising during the process.  In simple words, FMEA is a plan to lessen or eradicate risks associated with the process or proposed solutions. It is not only applicable in a Six Sigma project, but also in any IT project management and general purpose risk analysis/risk management.
Any anomaly or element can be considered as risk depending on the severity of its impact, frequency of occurrence of its cause, or the incapability of the control system to detect a cause. A risk rating called Risk Priority Number (RPN) can be used as a yardstick to prioritize and proactively mitigate risks; and to create the required focus within the organization to deal with risks. It is calculated as the product of the severity of the effect, into the occurrence of the root cause, into the detection of root cause.

  • Severity is a rating that represents the seriousness of the effect(s) of the potential failure mode on customers or business – the more the severity, higher is the rating.
  • Occurrence is a rating that represents the likelihood or frequency of occurrence of a specific cause – the more often it occurs, higher is the rating.
  • Detection is a rating that represents the ability of the current control mechanism to detect or report occurrence of the cause – lower the ability to detect a cause, higher is the rating.
Risk Management with FMEA
Risk Management with FMEA

While the overall objective is to mitigate risks with high RPN, there can be multiple different strategies to do so. We can use 4 such strategies in the following order.
The 4 strategies for FMEA that can help you quickly reduce the overall risk rather than flounder.

Strategy 1 – Reduce the occurrence of cause

In a FMEA, consider all the high RPN items, and select the ones with high Occurrence rating. If the occurrence rating is high, then by reducing the frequency of occurrence of cause, you will reduce the number of times failure occurs. This is the most apt and best strategy to adapt as it directly addresses the core issue. However, situations may warrant you to consider other strategies.

Strategy 2 – Reduce impact of failure mode

In a FMEA, if we don’t have high occurrence ratings, then consider all the high RPN items and select the ones with high Severity rating. These are the ones that will create maximum negative impact on a customer, their business, and thus in fact on your business too.
By reducing the impact of the effect, you can show the immediate visible impact to customers. Particularly, if there have been escalations from customers, then this strategy will be best suited.

Strategy 3 – Improve the ability to detect risk

In a FMEA, when above strategies aren’t relevant, consider all the high RPN items, and select the ones with high Detection rating. Improving the detection mechanisms means that we have timely information to prevent the cause, or at least contingency, or mitigation.
Conventional risk planning usually focuses on this strategy as first priority.

Strategy 4 – Combination of all three strategies

If all three ratings are high & none of the above can be applied in isolation, then see if they can be combined & applied.
By following the above 4 strategies in a FMEA, we can systematically and quickly reduce risk in any process or solution in Six Sigma Project.


Related Articles