What is schedule risk analysis (SRA)?
How quantitative schedule risk analysis turns a single-date Gantt into a probability distribution of finish dates — and the inputs, outputs, and AACE context behind it.
Last updated: July 2026
Schedule risk analysis (SRA) is the discipline of quantifying how likely a project is to finish on time, given that task durations, dependencies, and discrete risk events are all uncertain. Instead of producing a single committed date, it produces a probability distribution of possible finish dates — so you can state, with evidence, that there is (for example) an 80% chance of finishing by a particular day. The quantitative form is usually called quantitative schedule risk analysis (QSRA); a lighter-weight review of the schedule's quality and exposure is sometimes called a schedule risk assessment.
The core insight is simple: a deterministic Gantt chart shows one number per task and therefore one finish date, but that date is almost never the most likely outcome and is rarely the date a sponsor should commit to. SRA replaces that false precision with a defensible range, the drivers behind it, and a recommended contingency.
Why deterministic Gantt charts mislead
A standard Gantt chart assigns each task one duration and rolls those up into a single project finish date along the critical path. That single date is a point estimate — it ignores the fact that every duration has a spread, that early finishes rarely get passed downstream while late finishes always do, and that paths which are not critical today can become critical once a few tasks slip. The published date is usually closer to a best case than to a realistic commitment.
There is also a structural bias called merge bias: wherever several parallel paths feed one milestone, that milestone cannot start until the latest of them finishes, so the more paths that merge, the lower the odds that all of them are on time. A deterministic schedule cannot see merge bias at all, which is why summing point estimates systematically understates how long a program will actually take.
The inputs: three-point estimates and a risk register
SRA needs two kinds of uncertainty as input. The first is duration uncertainty for individual tasks, captured as a three-point estimate — an optimistic, most-likely, and pessimistic duration — which is then fitted to a distribution (a PERT-Beta or triangular distribution is most common). This models the everyday variability of work that always takes a little more or less time than planned.
The second is discrete risk events drawn from a risk register: identifiable things that may or may not happen, each with a probability of occurring and an impact if it does (a vendor slips a CMC batch, an assay fails and must be repeated, a long-lead part is delayed). Unlike duration spread, a risk event either fires or it does not, so it is modeled as a probability gate on top of the base schedule. Good SRA also accounts for correlation — when the same underlying cause makes several tasks run long together — because ignoring it understates the tails.
- Three-point estimates — optimistic / most-likely / pessimistic per task, fitted to PERT-Beta or triangular.
- Risk register events — probability × impact, injected as conditional delays on the network.
- Duration correlation — optional linkage so related tasks vary together, fattening the tails realistically.
The engine: Monte Carlo simulation
With those inputs defined, a Monte Carlo simulation runs the schedule thousands of times. On each iteration it samples a duration for every task from its distribution, fires each risk event according to its probability, recomputes the critical path for that particular draw, and records the resulting project finish date. After enough iterations the recorded finishes form a distribution rather than a single number.
Because the critical path is recomputed on every iteration, the simulation naturally captures both merge bias and the way near-critical paths take over the schedule under stress — effects no deterministic calculation can reproduce. The simulation is the difference between guessing at a buffer and deriving one from the actual range of outcomes.
The outputs: P-levels, criticality, tornado, and contingency
The headline output is a set of confidence dates: the P50 (50% chance of finishing on or before it — the realistic midpoint), the P80, and the P90 (progressively more conservative commitments). The gap between the deterministic date and the P80 is the schedule contingency you actually need — the buffer that makes a published date defensible rather than aspirational.
SRA also tells you where the risk lives. A criticality index reports how often each task landed on the critical path across all iterations, so you know which tasks truly control the finish. A tornado (sensitivity) chart ranks the tasks and risk events whose variation moves the finish date the most, turning a wall of uncertainty into a short, prioritized list of where mitigation pays off.
- P50 / P80 / P90 — confidence dates for committing and for sizing contingency.
- Criticality index — how often each task was on the critical path, i.e., what really drives the date.
- Tornado / sensitivity — the ranked few drivers worth mitigating first.
- Schedule contingency — the deterministic-to-P80 gap, expressed as the buffer to hold.
The AACE context and Level 4
Schedule risk analysis has a recognized professional standard set. AACE International publishes recommended practices for it — notably RP 57R-09 on integrated cost and schedule risk analysis using Monte Carlo, and RP 132R-23, which defines maturity levels for risk-driven scheduling. Level 4, the most rigorous tier, integrates the quantified risk register directly into the schedule model with auditable traceability between risks, the tasks they hit, the simulation, and the resulting contingency.
This matters most in regulated and federally funded R&D, where a probabilistic milestone date must be backed by a defensible, inspectable method rather than a spreadsheet of guesses. AACE 132R-23 Level 4 is what turns 'we think we'll make the date' into an auditable risk-driven schedule a board, a regulator, or a program office can trust.
How CritPath AI does schedule risk analysis
CritPath AI runs the full SRA workflow in one modern web app. You build the network with full CPM (four dependency types, lag, float, and near-critical detection), attach three-point estimates and a risk register, and run a Monte Carlo simulation that injects risk events, optionally correlates durations, and returns P50/P80/P90 dates, a criticality index, and a tornado sensitivity chart. The deterministic-to-P80 gap is surfaced directly as schedule contingency, and the same engine feeds CCPM buffers, Theory of Constraints / Drum-Buffer-Rope, decision gates with retroactive rescheduling, and EVM.
It is built for AACE RP 132R-23 Level 4 risk-driven scheduling with an append-only audit trail, and a Claude + Gemini AI copilot — grounded in your actual dependency graph — explains which task is driving your P80 slip and what a schedule change does downstream. CritPath is $10 per user per month with unlimited projects; AI usage is billed separately by metered usage. That is a modern alternative to legacy desktop QSRA tools that run roughly $10K+ per seat or are quote-only.
Frequently asked questions
What is the difference between schedule risk analysis and a schedule risk assessment?
A quantitative schedule risk analysis (QSRA) runs a Monte Carlo simulation over three-point estimates and a risk register to produce probabilistic finish dates (P50/P80/P90). A schedule risk assessment is usually a lighter, often qualitative review of the schedule's quality and exposure that may precede the full quantitative run. CritPath supports the full quantitative method.
What do P50, P80, and P90 mean?
They are confidence levels for the finish date. P50 is the date you have a 50% chance of meeting (the realistic midpoint); P80 and P90 are progressively more conservative dates with an 80% and 90% chance. The gap between your single deterministic date and the P80 is the schedule contingency you should actually hold.
Why is a deterministic Gantt date usually optimistic?
Because it sums single point estimates and ignores merge bias — wherever parallel paths feed a milestone, all of them must be on time, which is unlikely. Combined with the fact that late finishes flow downstream while early ones rarely do, the single rolled-up date sits closer to a best case than to a realistic commitment.
What inputs does schedule risk analysis require?
Two: three-point (optimistic / most-likely / pessimistic) duration estimates for tasks, fitted to a PERT-Beta or triangular distribution, and a risk register of discrete events each with a probability and an impact. Optionally, duration correlations link related tasks so they vary together and the result's tails stay realistic.
Does CritPath AI meet AACE schedule-risk standards?
CritPath is built for AACE RP 132R-23 Level 4 risk-driven scheduling, with an append-only audit trail linking the risk register to the schedule and the Monte Carlo run. Full 21 CFR Part 11 e-signatures are on the Enterprise roadmap (the audit-trail foundation exists today); SOC 2 Type II and on-prem are Enterprise items.
Related
See the math on your own schedule
CritPath AI is $10/user/month — real Monte Carlo, CCPM, decision gates, and a schedule-aware AI copilot. Join the waitlist for beta access.
Join the waitlist