significant risk before addressing less critical risk factors. Since
            most organizational budgets are based on an annual cycle, using
            the ALE aligns the risk value with the budget cycle.



            Problems with Quantitative Risk Assessment

            The problem with a quantitative risk assessment approach is the
            lack of accurate data that can be used in the calculations. Even
            where there is excellent historical data, factors may change that
            significantly alter the trustworthiness of the estimates. It also
            takes a lot of time and effort to complete an accurate (or at least
            as precise as possible) quantitative risk assessment. Risk
            assessment requires the input of many experts, interrupts
            business operations, and may create some resentment about the
            value of the risk assessment, especially concerning the amount
            of work and time required.

            The results of a quantitative risk assessment will be a report that
            lists the risks and indicates their relative cost. This allows for the
            prioritization of risk and the development of a risk response
            strategy that can be based on cost-benefit analysis.



            Qualitative Risk Assessment
            The foundation for qualitative risk assessment is the ranking of
            the level of risk for various risk scenarios. Instead of putting
            absolute (monetary) values on the cost and likelihood of an
            event as seen earlier in quantitative risk assessment, qualitative
            risk assessment uses a range of benefits to measure impact and
            probability.