Review and Authorize stage - Risk and impact analysis
The Authorization for Business Assessment is the first approval stage of a change request, also referred to as the Business Approval stage. The purpose of this stage is to assess both, the IT and the business impact, to ensure that the change request can be successfully implemented with a minimal or no impact to the business services while meeting your business requirements. The service owners are typically involved in this approval phase.
Change Management also supports a pre-business assessment approval stage referred to as the Review stage. The Review stage is a less formal approval stage where the Change Coordinator Group or other subject matter experts review the request for completeness, before the change request moves to the Business Approval stage. This stage has a similar process flow as that of the Business Approval stage.
The following process flow diagram explains the recommended steps and the roles that are a part of the Business Approval stage.
After the change request is approved, the request proceeds to the Change Assessment, Planning and Scheduling stage.
The change to the IT infrastructure is not without risk. Therefore, your change requests should minimize the severity of any impact and disruption. They also should be successful in the first attempt. During the Review and Authorize stage, the change coordinator should estimate the impact by using the risk assessment functionality.
You reach the Review & Authorize stage only if an approver is mapped to the Business Approval phase. If no approvers are mapped to the Business Approval phase, the request moves to the Planning in Progress status. You should then perform risk and impact analysis during the Plan & Schedule stage. For more information, see Plan and Schedule stage - Planning the change request.
When you are working on a change request, use the Change form to describe the change and to display which products and services are affected by the change. Before you can submit a change, you must define the Impact, Risk Level, and Urgency, and specify the class of the change on the Change form.
For more information, see the following topics:
- Risk assessment
- Specifying risk level at the Review and Authorize stage
- Computing risk levels
- Risk Recalculation
- Planning dependencies for change requests