Monte Carlo Quantitative Risk Analysis (QRA) Explained

The Method, in One Idea

What Monte Carlo QRA Is — and Why It Beats a Flat Percentage

A deterministic estimate produces a single number, then adds a single contingency percentage on top. Both are point judgements, and neither tells you the one thing a funding body actually needs to know: how confident can we be that the project will not exceed this budget? Monte Carlo quantitative risk analysis answers that question directly.

The method is conceptually simple. Every uncertain input — a quantity, a rate, the cost of a discrete risk event — is described not as a single value but as a probability distribution. The simulation then runs the cost model thousands of times, each time drawing a random value from every distribution and totalling the result. After many thousands of iterations you have a complete picture of where the total cost is likely to land. From that picture, contingency at P50, P75 or P90 is read off rather than guessed.

Confidence, Not a Guess

Every contingency figure carries a stated probability of not being exceeded — P50, P75, P90 — rather than an arbitrary percentage with no confidence attached.

Risk Interactions Captured

Correlation between inputs is modelled explicitly, so the simulation reflects how risks move together — something a flat percentage structurally cannot do.

Traceable & Re-runnable

The contingency falls out of the model. A reviewer can interrogate every input, change an assumption, and re-run — the number is auditable, not asserted.

This is why every major Australian framework prefers it above its value threshold. TMR calls probabilistic the preferred method and a flat percentage “not recommended… potentially very inaccurate”; the Commonwealth's DITRDCA guidance makes Monte Carlo mandatory above $25M out-turn; and the RES Guideline “generally recommends the application of MCS” for projects over $10M. See how the thresholds line up in Frameworks Compared.

The Mechanics

How a Monte Carlo Simulation Works

Four steps turn a static base estimate into a probability distribution of cost outcomes. The simulation itself is the third step; the discipline lives in the first two.

1 · Base Estimate

Start with a first-principles, bottom-up base estimate — the expected cost of defined scope, built from quantities and rates, excluding contingency and escalation.

2 · Range the Inputs

Replace single values with distributions. Inherent uncertainty is ranged on base line items; discrete contingent risks are added from the register as probability × impact.

3 · Run the Simulation

Sample every distribution at random, total the model, and repeat 5,000–10,000 times. Each iteration is one plausible version of how the project could turn out.

4 · Read the Distribution

Collate every iteration into a histogram and cumulative S-curve. Contingency is the gap between the P50 and the chosen high-confidence percentile (typically P90).

One iteration = one possible project

Each pass draws a random value from every input distribution and totals the model. With 10,000 passes the random noise cancels and the true shape of cost uncertainty emerges.

The S-curve is the deliverable

The cumulative curve is the single most-quoted Monte Carlo output. P50 and P90 are points on it; the horizontal band between them is the risk-based contingency.

Describing Uncertainty

Choosing a Distribution

An input distribution is just a statement about how a value might vary. The Australian frameworks converge on a small, practical set — and reassure that, for a well-correlated model, the choice of shape matters far less than getting the correlation right.

Triangular

The workhorse for continuous quantities and rates. Defined by min / most-likely / max; intuitive for SMEs to populate, but its straight sides give it slightly heavier shoulders than reality.

PERT / BetaPert (and Trigen)

A smoother bell that concentrates probability around the most-likely value. Trigen is a truncated triangular that takes percentile bounds (e.g. P10/P90) instead of absolute min/max, so SME ranges are not over-stretched.

Uniform & discrete

Uniform suits a value known only to lie within a band with no preferred figure. Discrete functions (Bernoulli, Binomial) model contingent risk events — a two-dimensional severity × likelihood, not a continuous range.

When to reach for which

Triangular: the default for ranging base line items where an SME can give a low, likely and high figure.

PERT / BetaPert: when the most-likely value is genuinely well understood and deserves more weight; RES recommends “Alt” forms (AltPert) because SMEs rarely capture true worst/best cases.

Trigen: when ranges are elicited as percentiles (P10/P90) rather than absolutes — it avoids the over-wide tails that bare three-point inputs can create.

Shape matters less than you think

The Commonwealth guidance is explicit that the choice between Beta PERT, triangular and Trigen “usually has negligible impact” on the result. RES goes further: the effect of excluding correlation is “more profound than the choice between different probability distributions.”

The practical lesson: spend the effort defining sensible ranges and modelling correlation correctly, not agonising over distribution shape.

Eliciting the Inputs

Three-Point Estimates & How to Range

Every distribution starts as a three-point estimate. The question is what you range — individual line items, or the risk factors that drive them. The frameworks differ, and it matters.

A three-point estimate captures, for each uncertain input, an optimistic (low / P10), a most-likely (mode), and a pessimistic (high / P90) value. These three points define the distribution the simulation samples from. RES cautions that absent objective data, SME bounds are best modelled as 80% confidence intervals (the 10th and 90th percentiles), adjusted for skew — because people anchor on the likely case and under-state the extremes.

Line-Item Ranging

A distribution is placed on each estimate line, usually alongside discrete risk events. It is the most intuitive approach and the one TMR describes for modelling inherent risk directly on base-estimate line items (lowest / most-likely / highest).

The caveat: the Commonwealth guidance warns that the “structural difficulties inherent in line-item ranging make it difficult to arrive at realistic contingency assessments” — over-disaggregation tends to wash out variance unless correlation is handled carefully.

Risk-Factor / Risk-Driver

Instead of ranging every line, the model identifies a smaller set of underlying risk drivers (e.g. market rates, ground conditions, design maturity) and applies each as a multiplier across the cost items it affects. This naturally builds in correlation — one driver moves many lines together.

The Commonwealth's preference: DITRDCA explicitly states the risk-factor methodology is preferred over line-item ranging, and recommends keeping models to roughly 20–40 inputs to avoid over-disaggregation.

Discrete risk events live in the register

Inherent (continuous) uncertainty is ranged on the estimate. Contingent risks — a latent-condition claim, a heritage discovery, a regulatory change — are different: each is a discrete event with a probability of occurrence and a cost impact, captured from a facilitated risk workshop in a dollarised risk register. The Commonwealth guidance stresses modelling rare, high-impact events separately rather than burying them in general contingency, and treating a narrow P10–P90 spread with thin tails as a red flag of an unrealistic model.

The Detail That Decides the Answer

Correlation — Why It Matters More Than the Distribution

If two costs tend to move together — both driven by the same labour market, say — treating them as independent makes the total look far less variable than it really is. Ignoring correlation systematically understates contingency.

Why understating variance happens

When inputs are independent, their highs and lows partly cancel in each iteration, narrowing the total distribution. Real cost items are rarely independent — a hot market lifts steel, concrete and labour at once. If the model does not link them, the P90 comes out artificially low and the contingency is too thin.

RES warning: ignoring correlation can understate total-level variance “considerably”, and its effect is “more profound than the choice between different probability distributions.”

How it is modelled

Two kinds. Functional / implicit correlation is built into the model's mathematics — the risk-factor method, where one driver multiplies many lines, creates it for free. Applied / explicit correlation is analyst-specified, with coefficients from −1 to +1 linking inputs that share a cause.

The cardinal rule (DITRDCA): “no iteration may produce a combination of values that could not possibly occur.” Correlation must be defined for a valid Monte Carlo assessment — it is not optional.

The risk-factor method's quiet advantage

Because a risk-factor model drives many cost lines from a handful of shared factors, correlation is captured structurally rather than bolted on as a matrix of coefficients. This is a large part of why the Commonwealth prefers it — it sidesteps the most common modelling error in one move.

How Many Runs Is Enough

Iterations: 5,000 to 10,000

Each iteration adds precision; past a point, more runs barely move the answer. The frameworks converge on a practical band that smooths the S-curve without wasting compute.

5,000 iterations

The Commonwealth guidance quotes a margin of error of roughly ±1.4% at 5,000 runs — adequate for most estimates and the practical floor for a credible model.

10,000 iterations

TMR's rule of thumb is 10,000 (more if it smooths the S-curve). The margin of error tightens to about ±1.0% — the comfortable default for funding-gate work.

Diminishing returns

Beyond ~10,000 the curve barely changes; effort is better spent on input quality and correlation than on raw iteration count. Run more only if the tail of the S-curve is still visibly noisy.

Practical note: iteration count buys numerical precision — how stable the simulation's own output is from one run to the next. It does nothing for accuracy: a model fed poor ranges or missing correlation will produce a beautifully smooth but wrong S-curve. Garbage in, smooth garbage out.

Reading the Results

The Four Outputs a Reviewer Expects

A Monte Carlo run produces a family of complementary outputs. Together they answer not just “what is the contingency?” but “where does the risk come from, and how confident are we?”

S-Curve

The cumulative distribution. Probability-not-exceeded on the vertical, cost on the horizontal. Read across from a confidence level to find the budget — P50, P75, P90.

Histogram

The probability density — the familiar right-skewed bell. Shows where outcomes cluster and how long the upside tail runs; the mean sits above the P50 median.

Tornado Chart

A sensitivity ranking. Horizontal bars order the inputs by how much each drives total-cost variance — pointing straight at where risk reduction pays off.

P50 / P75 / P90

The headline percentiles. P50 for budget-setting, P90 for high-confidence approval, P75 where a framework (TMR) sets the tender-award delivery value.

Read it top-down

Bars are sorted longest-first, giving the chart its tornado shape. The top few drivers usually account for most of the total uncertainty — the Pareto of project risk.

It directs the risk treatment

The tornado turns a single contingency number into an action list: tackle the top bars — more geotechnical investigation, a fixed-rate supply agreement — and the whole S-curve tightens. That is where contingency is actually reduced.

How Cenex Delivers

Monte Carlo QRA, Built to Survive Review

A simulation is only as defensible as the inputs behind it. Cenex builds the base, the ranges, the correlation and the register from first principles — then challenges the result rather than inflating it.

@RISK Models, 5k–10k Iterations

Models built in @RISK — TMR's named tool — at 5,000–10,000 iterations, supplied as @RISK-compatible files a reviewer can open and re-run, not a static PDF of results.

Inherent Ranged, Contingent Priced

Inherent uncertainty ranged on line items or risk-driver factors; discrete contingent risks priced as probability × impact from a facilitated workshop and held in a dollarised risk register.

Correlation Modelled Explicitly

Functional and applied correlation defined so the model never produces an impossible combination — the difference between a defensible P90 and one a reviewer can pull apart.

S-Curve, Tornado & P-Values Reported

Reported as S-curve, histogram and tornado, with contingency at P50 and P90 (plus P75 for TMR award), cross-checked against reference-class forecasting and signed off by a Chartered Engineer.

Where this sits in the hub

Start with the Introduction for the anatomy of an estimate, then read how each framework applies Monte Carlo: TMR, RES and DITRDCA, or see them compared side by side. For the outputs in depth, see P50 vs P90 explained and reference-class forecasting as a cross-check. Return any time to the hub overview, or see the engagement view in our Risk Modelling & Management service.

Need a Monte Carlo QRA That Holds Up at the Gate?

Tell us your framework — TMR, Commonwealth / DITRDCA, or a state mandate — and Cenex will build the probabilistic model, the dollarised risk register and the P50/P90 contingency it requires, ready for independent review.

Talk to Cenex Our Risk Service

Monte Carlo Quantitative Risk Analysis (QRA), Explained