What a QRA engagement looks like — methodology walkthrough

How this piece is framed

This is not a write-up of a specific past project. Most of the QRA work SOMA does sits under NDA, often at investment-decision or gateway moments where the confidence levels presented are commercially sensitive. Rather than anonymise to the point of meaninglessness, we have written this as a methodology walkthrough: what a QRA engagement looks like in shape, what we do at each stage, what the evidence has to survive, and what we explicitly do not do. The detail is drawn from real practice; the framing is deliberately general.

For the underlying technique — distributions, correlation, three-point calibration and the things that quietly distort a P80 — see our honest guide to QRA, which sits inside the wider energy topic hub. This piece is the operational counterpart: what an engagement actually involves week-by-week, not what the maths is.

Engagement shape

A typical QRA engagement falls into one of four scopes, often in combination. Independent QRA — a fresh, ground-up Quantitative Schedule and / or Cost Risk Analysis carried out as an independent reviewer, separate from the team that built the schedule and estimate. This is the highest-effort shape and the one that matters most at sanction or final investment decision. Integrated Cost & Schedule Risk Analysis (QCSRA) — a single coordinated model that treats cost and schedule uncertainty together, with correlation handled explicitly rather than implicitly through duplicated risks. Workshop facilitation — running the risk identification and three-point estimation workshops that feed somebody else’s model, where the client needs a neutral chair who can challenge without being political. Validation review — an audit of a QRA model someone else has built, focused on whether the headline confidence levels are defensible against the inputs.

Most engagements blend two or three of these. A pre-FID client will typically want an independent QCSRA backed by workshop facilitation; a programme moving into gateway review will typically want a validation review of the prime contractor’s model alongside an independent sanity check.

What we do at each stage

A QRA engagement runs in six recognisable stages. Each one has its own deliverable and its own failure mode — skipping a stage is usually how a QRA ends up producing a curve that nobody trusts.

• Kickoff and scoping — one short workshop with the project director and the controls lead to confirm scope, audience, decision being supported, model architecture (cost-only / schedule-only / integrated), software (Safran, Primavera Risk Analysis, @Risk, RiskHive), risk taxonomy, and the reporting cadence. The output is a one-page QRA brief that everyone signs. Most QRA arguments later in the engagement trace back to a missing line in this brief.
• Data gathering — schedule, cost estimate, risk register, basis of estimate, contract terms, prior QRA reports if any, and the assumption log. We read all of it before the first workshop. A workshop facilitator who has not read the schedule cannot challenge a duration, and a QRA modeller who has not read the BoE cannot challenge a unit rate. This is the unglamorous stage that determines how good the model can be.
• Risk workshop — facilitated identification and three-point estimation. We run threats and opportunities separately, with a structured taxonomy (technical, commercial, regulatory, schedule, weather, interface), and we calibrate the three-point ranges against historic performance data where it exists. Ranges are challenged in the room; "we usually use ±10%" is not an answer that survives the workshop.
• Modelling — inherent uncertainty modelled as three-point distributions on activities and cost line items; discrete risks modelled as probability-weighted impacts that only fire if the risk materialises; correlation modelled explicitly where the evidence supports it. We run sensitivity analysis on the correlation assumption and the top-five risk drivers, so the headline P80 is not dependent on a hidden judgement call.
• Reporting — a written QRA report that the SRO can read in ten minutes and a technical reviewer can audit in twenty pages. P50 and P80 for cost and schedule; tornado of the principal drivers; reconciliation against the headline figures the project team is presenting; explicit list of model limitations and excluded scope. Every assumption is traceable back to the workshop record.
• Board / steering presentation — the QRA presented to senior decision-makers as decision support, not as a deck of output charts. The objective is that they leave the room understanding what would have to change for the confidence position to change — not just what the current confidence position is.

What good evidence looks like

A defensible QRA satisfies three audiences at once. The project director needs an answer they can act on inside the current quarter — size of contingency, location of biggest risk, and whether the baseline is realistic. An independent reviewer (IPA, NAO, internal audit, an investment committee member with a sceptical eye) needs to be able to reconstruct the methodology from the appendices alone and form their own view on whether the P80 stands up. And the project team that built the schedule and estimate needs to recognise their work in the model — a QRA that the delivery team does not accept stops being useful as a governance tool, however technically correct it is.

In practice that means following AACE International recommended practice on Monte Carlo simulation — separating inherent uncertainty from discrete risk events (AACE 40R-08 and 57R-09), defending distribution shapes against historic data where it exists, declaring correlation explicitly, and stating the boundaries of the model rather than presenting a P80 as if it were a forecast. We also benchmark the model against the project’s contractual reporting cadence — a QRA whose outputs cannot be re-run when the risk register updates is a one-off snapshot, not a governance asset.

Where the QRA supports a sanction decision or a gateway review, the report is structured so that the headline page, the methodology summary, the assumptions log and the sensitivity tornado are each self-contained. That way a reader who only has fifteen minutes still leaves with a defensible view of the confidence position, and a reader with two hours can audit every input.

What we don’t do

It is worth being explicit about scope limits. We do not author the project schedule — if the schedule has structural problems, we say so and recommend a schedule integrity review before the QRA, rather than quietly fixing the schedule and then modelling our own version of it. We do not author the cost estimate — if the basis of estimate has structural gaps, we surface them as a model limitation rather than back-filling assumptions to make the QRA run. We do not negotiate contingency on behalf of the client — the QRA tells the client what their confidence position is; what they then do with that information at the commercial table is their call, not ours.

This matters because the failure mode in independent QRA is scope creep. A reviewer who starts adjusting the inputs to get a "better" answer, or who lets workshop facilitation drift into giving delivery advice, has stopped being independent — and the confidence levels stop being defensible at gateway or board challenge. Staying inside the QRA remit is what makes the independence credible.

How engagements typically run

A QRA engagement runs in one of three sizes. A four-week engagement — single QRA cycle, one workshop, one report, one board presentation. Right-sized for a focused decision point: a sanction QRA, a refresh ahead of a gate, or an investment-committee challenge. A four-week run is enough to deliver a credible independent QRA on a single project where the schedule and estimate already exist; it is not enough to rebuild a model from scratch on a programme where the controls maturity is low.

An eight-week engagement — the typical shape for a more substantial piece of work. Two workshops (one for threats, one for opportunities and validation), a fuller data-gathering phase, an integrated cost-and-schedule model, and a phased reporting cadence with a working-draft review before the formal board presentation. This is the shape that suits pre-FID assurance, gateway readiness, or any situation where the QRA is doing real work to shape the contract or the baseline rather than just confirming a position.

Ongoing retainer — monthly or quarterly QRA refreshes against a live model the project team continues to maintain. The QRA stops being a one-off document and becomes a maintained asset that tracks the confidence position as risks resolve, scope firms up, and actuals come in. This is where QRA earns its keep on a multi-year programme — a frozen P80 from sanction loses value within three months; a maintained model continues to inform governance throughout delivery.

Most engagements that produce real change are a defined Phase 1 (four or eight weeks) plus a Phase 2 retainer at a lower cadence. Engagements that stop at the report typically lose half of the value within a quarter, because the model becomes stale faster than the project moves.