Administering the application

Risk (work item) types

These drop-down menus determine when and how various options are presented to users:

Open

Note the following:

• If a work item has a risk assessment attached to it, that work item will appear in any risk register based on those projects or filters that include the work item (though a sub-filter can be used to exclude it).

• If the work item is of the primary risk type, then it always has a risk assessment attached to it. In the example above, work items of type Risk will always appear in a risk register.

• New work items that are one of the supplementary risk types don’t have risk assessments attached to them by default, but you are able to add risk assessments to them. You can define the supplementary risk types by inclusion or exclusion using the Only and All except options.

• If a work item is neither of the primary risk type nor one of the supplementary risk types, then it’s not possible to add a new risk assessment to it.

• If a work item was once a primary risk type, or if it was once a supplementary risk type and the user added a risk assessment to it, then it will continue to appear in relevant risk registers even if the project/app settings are changed so that it no longer is of the primary risk type nor a supplementary risk type.

• The primary risk type and supplementary risk types defined here represent defaults. Individual projects can override these defaults.

Risk treatment

This drop-down allows you to nominate a link type that defines how treatments are connected to risks. When this relationship is defined, treatments will appear beneath risks on the risk register page. If you leave the field blank, then treatments will not appear on the risk register page.

Open

Users typically use this feature to record the treatment plans they have defined for their risks. Recording treatment plans in separate work items will enable you to quickly reference them in the main risk register view. It also enables you to track a separate priority and status for each treatment, and gives you auditing via Jira's work item history log.

You can choose to use any link type that has been defined in your Jira Cloud instance; however, the following link type is recommended:

Name: Treatment
Inward relationship: is treated by
Outward relationship: treats

If your Jira instance does not already have a link type named Treatment, then Risk Register will offer to create one for you as defined above.

Note that in Jira Cloud, you can disable linking. If linking is disabled in Jira, then a warning message is displayed on the app settings page.

Risk matrix appearance

This section allows you to control the risk matrix appearance. The Color of empty cells option determines whether empty cells on the risk matrix are filled with gray or with the appropriate risk color. 

Open

Menu item availability

This option allows you to control whether a link to risk register from the project sidebar is enabled by default in the system. If the switch is off, no link will appear unless you have created a risk register for that project. This setting can be overridden on the risk register project settings page.

Open

Open

There is one default risk model configured when you install the app. You can edit that risk model to shape it according to the standards followed by your organization. In addition to the default risk model, you can create as many project-specific risk models as you like. In each case, you nominate the projects to which the risk model applies, which we call the “scope” of the model. Using project-specific risk models, your organization can manage risk differently between projects or groups of projects. Each risk model can be assigned to multiple projects, but a project can only have one risk model. A project that does not have a project-specific risk model assigned will use the default risk model.

The Scope column indicates which projects the model is assigned to. The Actions column allows you to delete or copy a risk model.

Clicking on the Add a risk model button creates a new project-specific risk model for you, using the default risk model as a template.

Risk model editing

Clicking on a risk model opens up the risk model editing screen. The top portion of the screen is shown here:

Open

The Save button saves all changes. It only becomes active when changes have been made to the model.

The Discard changes button reverts the model to its previous state, effectively undoing any modifications made since the last save.

The Delete button deletes the current risk model. You cannot delete the default risk model. This button is not visible when there are pending changes.

The Name of the risk model can contain special characters, but it must be unique.

The Projects field defines which projects in your Jira instance are associated with this risk model. Whenever you create a risk in one of those projects, it will use this model to calculate the risk level.

Risk matrix

The Risk matrix defines the risk levels that result from combinations of impact and probability levels. You can think of a risk model as a rules engine for your risk assessments. For example, in the above matrix, if impact is High and Probability is Likely, then the risk level is Medium. Clicking on any of the cells changes the risk level in that cell.

The Flip button swaps the impact and probability axis on the risk matrix.

Levels of risk

Below the risk matrix is the Levels of risk list, which displays all of the risk levels associated with this model.

Open

The drag handles (the double-horizontal lines) enable you to shift the order of the risk levels.

The Add Level of risk button creates a blank risk level.

Clicking on the Color, Name, or Description allows you to edit those values.

The trash icon removes the risk level. You must have at least one risk level.

Impacts and Probability

Below the levels of risk list are the Impacts and Probabilities lists.

Open

Open

The drag handles (the double-horizontal lines) enable you to shift the order of the impacts or probabilities.

The Add impact and Add probability buttons create blank entries in their respective lists. Changing the number of entries in the list automatically changes the dimensions of the risk matrix.

Clicking on the Color, Name, or Description allows you to edit those values.

The trash icon removes the risk level. You must have at least one probability and one impact in your risk model.

The effects of changing risk models

Any changes that you make to a risk model automatically propagate to risk assessments via risk harmonization.

• If you change the configuration of a project-specific risk model, any risks contained by the projects assigned to that risk model will be re-harmonized.

• If you change the configuration of the default risk model, any risks contained in projects that are not assigned to any project-specific risk models will be re-harmonized.

• If you add a project to a project-specific risk model or remove a project from a project-specific risk model, all of the risks in that added/removed project will be re-harmonized.

Note that any changes to risk assessments arising from re-harmonization will occur in the background. The process usually takes just a few seconds, but can take longer if your Jira instance contains many projects and/or many risks.

Open

You can use non-English words if you wish.  

Click on the entry for Singular form or Plural form to edit it inline.

The Save button saves all changes. It only becomes active when changes have been made to the model.

The Discard changes button reverts the model to its previous state, effectively undoing any modifications made since the last save.

The following pages explain where the configured terminology appears in the application: