There are three categories for risk analysis methods, qualitative, quantitative, and semi quantitative. Qualitative uses descriptions to measure the impact of risk and is heavily scenario based. You do not perform calculations on numbers if utilized. Quantitative uses only numeric values and is analyzed using records and testing. This method tends to be not feasible when there are no data at hand or when risk is not easily quantifiable. Then we have semi quantitative or hybrid, where you get little bit of both.
There are various risk types and different methods be used for different types. Legal, health, financial, physical assets, intellectual property, infrastructure, reputation, and operations are types of risk. Qualitative analysis would be a better fit for risks associated with reputation while quantitative analysis would be a great method for risk associated with physical assets.
HansITAcademy 