Register now or log in to join your professional community.
Risk is a product of probability (likelihood) of a hazardous event occuring and the ultimate consequences (severity etc.) of the event such as loss of life, injury, asset damage, explosion and fire. To express risk for general understanding and also as a measure of its level one can evaluate it either qualitatively and quantatively (english terms). In qualitative risk is an expression of assessment where the risk is compared to some relative levels or description like how severe it is such as major or minor etc. In quatitative risk evaluation one expresess risk in terms of numbers. When we talk about numbers we always keepin mind of some target acceptable risk levels defined in terms of loss per year etc. Both however would require best engineering judgement and experience with the methid discussed to make line mangement understand and make some sense out of it.
You are probably looking to understand the difference between qualitative and quantitative risk assessment methods as a risk is just a description of an even that may or may not happen in the future and cause some unknown difficulty to a company.
Qualitative risk assessment is a way of evaluating the probability of a risk occurring and it's possible impact on a company using descriptive methods. It would be using interviews with company management and the board, involving subject experts and other ways of understanding the risk metrics.
On the other hand, quantitative risk assessment would include building a mathematical and statistical model to estimate risk likelihood (or probability distribution) and it's impact. One would use company data, market data and any other numbers and relevant information available to construct the model to then estimate the relevant risk metrics.
Not all risks can be quantitatively assessed purely because in many cases there is no or very limited data available to build a model. In many cases the cost of getting such data may be prohibitive and an unnecessary expense. Therefore, in my experience it is a good idea to undertake qualitative risk assessment of all risks and then quantify specifically just the risks that were deemed critical to achieving strategic goals of the organisation.
Hope this helps