How to Configure Jira and easeRisk for Jira for Risk Management
Overview
Risk Management employs the concepts of risk and measures intended to address risks. To get the most out of easeRisk for Jira, the Jira administrator should configure the Jira instance to support these concepts. This page explains the concepts and describes how to set up both Jira and easeRisk for Jira to implement a straightforward Risk Management configuration.
This configuration is only one of many possible configurations. easeRisk for Jira is very flexible and using the full potential of its configuration options, you will be able to meet the specific needs of your organization.
Concepts
easeRisk for Jira builds on Jira’s existing features like issue types, link types, and custom fields to implement Risk Management processes. This gives you full flexibility to model the tool according to your organization’s needs without adding unnecessary overhead to your Jira instance.
The following table explains the key concepts of Risk Management and shows how Jira can be configured to support them. It is assumed the Jira administrator knows how to implement this configuration in Jira.
The recommended names in the table are just that - recommended. If your Jira instance is already configured with appropriate data types, but with different names, or if different names make more sense in your organization, easeRisk for Jira can be configured to use those names instead of the recommended ones.
Concept | Explanation | Jira Data Type | Recommended Name | Note |
---|---|---|---|---|
Risk | A risk is a possible future event whose occurrence would affect a product or project. (The effect is typically negative, but could also be viewed as an opportunity to achieve a positive outcome.) For example, a risk to a software project that relies on an open-source package might be the end of support of the package by the open-source community. | issue type | Risk | A Risk is represented by a Jira issue of a predefined issue type. The Risk issue type should be configured in Jira to have a workflow and fields appropriate for your organization's risk management processes. |
Risk Impact | The impact of a risk is an estimate of how much the occurrence of the event would affect the planned outcome. For example, if an open-source package is very important to a software project, the end of support would likely have a big impact. | numerical custom field for risk issues | Risk Impact | Your organization should establish an accepted range of values in this field - for example, 1-5, with 1 being very low impact and 5 very high impact. |
Risk Probability | The probability of a risk is an estimate of how likely the event is to occur. For example, the software project might judge the probability of the end of support of the open-source package to be low. | numerical custom field for risk issues | Risk Probability | Your organization should establish an accepted range of values in this field - for example, 1-5, with 1 being very low probability and 5 very high probability. |
Risk Exposure | The exposure of a risk is an estimate based on Risk Impact and Risk Probability and allows risks with differing impact and probability estimates to be compared. For example, a risk with high impact but low probability makes for less exposure than a risk with both high impact and high probability. | numerical custom field for risk issues | Risk Exposure | The value of this field should be a function of Risk Impact and Risk Probability. A typical function is defined by the following formula:
The value should be recomputed whenever the impact and probability fields are changed. Jira has no built-in way to update the values of custom fields automatically or to set the value of a custom field using a function. This feature is provided by easeRisk for Jira. |
Measure | A measure is an action that, if taken, would address a risk. An important part of risk management involves identifying measures that eliminate or minimize risks. For example, the software project relying on an open-source package might adopt the measure of having some members of the team gain familiarity with the package so that in the event of lost support, the team can take over development. The result of this action might be to lower the estimated impact of the risk from high to medium or low. | issue type | Measure | A Measure is represented by a predefined Jira issue type. The Measure issue type should be configured to have a workflow and fields appropriate for your organization's risk management processes. |
Risk-Measure Association | An association between a risk and certain measures specifies which specific measures are meant to address a specific risk. | link type | Risk Measure | The relationship we want to capture can be formulated in natural language as follows: given risk R and measure M, a link of type Risk Measure between them would indicate that R has measure R, while, reciprocally, M is measure for R. So, the link type should have the following recommended descriptions:
|
Jira Configuration
To implement the above-suggested configuration, you need to perform the following actions in the Jira Administration:
Create the Risk and Measure issue types.
Create the Risk Impact, Risk Probability, and Risk Exposure numeric custom fields.
Create the Risk Measure link type.
Associate the fields Risk Impact, Risk Probability, and Risk Exposure with the Risk issue type screens.
Associate the Risk and Measure issue types with your projects using Jira schemes.
If the names used for the various data types in your Jira configuration differ from those recommended above, be sure to use the ones used in your instance instead of the recommended names in the configuration options below.
App Configuration
easeRisk for Jira is configured using Risk Schemes. A Risk Scheme is a collection of Risk Management configuration options that can be applied to several projects. This simplifies the setup effort and ensures that the Risk Management practices are applied uniformly in your organization.
easeRisk for Jira comes with a default scheme that is associated with all projects by default. This section explains in detail how to edit the default scheme to implement the recommended setup.
Data center only Risk Exposure Formula
Before editing the default risk scheme, a formula specifying the function to be used in computing Risk Exposure from Risk Impact and Risk Probability must be created. Once the formula exists and is specified in the default risk scheme, the Risk Exposure field will be automatically updated whenever the other fields are modified. The formula should be created as follows:
Go to Jira Administration> Manage Apps > easeRisk for Jira > Formulas.
Select Add Formula, specify the following options and select Add.
Field | Value | Explanation |
---|---|---|
Name | Default Risk Exposure Formula | A unique name for the formula. |
Target Field | Risk Exposure | This is the field where the output of the calculation is stored. |
Issue Types | Risk | The formula is only to be used for Risk issue. |
Formula | [Risk Impact] * [Risk Probability] | The actual formula that calculates Risk Exposure. |
Risk Scheme
With the Default Risk Exposure Formula in place, the default scheme should be edited as follows:
Data Center Go to Jira navigation > Risks > Risk Schemes.
CLOUD Go to Jira navigation > Apps > easeRisk for Jira > Risk Schemes.
Select the Edit option for the scheme named “Default Risk Scheme”.
Specify the various options in the tabs according to the instructions in the following sections.
General
Field | Value | Explanation |
---|---|---|
Formulas | Default Risk Exposure Formula | The formula we set up in the previous step. |
Risks Issue Types | Risk | The issue type used to represent risks. |
Risks Default Columns | Key, Summary, Risk Impact, Risk Probability, Risk Exposure, Assignee | The default fields shown for risks in various views. |
Measures Issue Types | Measure | The issue type used to represent measures. |
Measures Default Columns | Key, Summary, Assignee | The default fields shown for measures in various views. |
Link Types | addresses | The outward link from the risks to the measures. |
data center only Risk Matrix
Select Add Matrix.
Specify the following options and select Add:
Field | Value | Explanation |
---|---|---|
Name | Risk Matrix | The name for matrix. |
X-axis | 1, Risk Impact, 5 | Field to be shown on the X-axis with start/end values. |
Y-axis | 1, Risk Probability, 5 | Field to be shown on the Y-axis with start/end values. |
Assessment Criteria Options
Using Add Assessment Criteria, add assessments for the three risk estimation fields with the following descriptions:
Field | Value | Explanation |
---|---|---|
Risk Impact | A numerical estimate of the negative impact of an event. 1 very low, 2 low, 3 medium, 4 high, 5 very high. | The explanations help the user to understand the value ranges used in the fields. |
Risk Probability | A numerical estimate of the likelihood that an event with a negative impact actually occurs. 1 very low, 2 low, 3 medium, 4 high, 5 very high. | |
Risk Exposure | A numerical estimate of the overall effect of a negative event is automatically calculated from Risk Impact and Risk Probability. 1 very low, …, 25 very high. |