Risk assessment helps you achieve greater productivity by combining qualitative and quantitative criteria for assessing the risk level associated with a change. You can raise the accuracy of the changes by assessing risks with a consistent and standard process. The end output is a Change Risk Report, which can provide a key decision in change planning.
No matter how well-planned or tested a change might be, you must consider the possibility that your change can create disruptions elsewhere in the IT infrastructure. Do not approve any change request that does not explicitly plan for the possibility of failure. For more information, see Creating change requests as rollbacks.
When approvers review a proposed change request, they want to see an analysis of potential risks and the impact of the change request.
During the planning phase, assess the risk of your change request. Risks can include the number of people affected, financial concerns, loss of productivity due to system or network downtime, resource allocation, and seasonal considerations, such as vacations, holidays, and weather. Impact analysis needs to be based on how many people are affected by the proposed change, and where those people are located. Here you can select the anticipated risk that this proposed change has, from 5 (highest risk) to 1 (lowest risk).
You can also compute the risk of a change request. Risk factors can include a set of questions used to calculate the risk value. During configuration, your application administrator defines a set of questions that apply to a specific company, to the operational categorization of a change request, or globally to all change requests, and a weight for each question. For example, your application administrator can define a set of questions that apply only to change requests regarding decommissioning virtual machines, if those change requests are identified by operational categorization.
The support staff assigned to each change request provides the risk value and probability for each question as it pertains to their specific request. The system calculates the total risk and saves the value in the Risk Level field of the Change form.
Finally, you can view a report of the total impact of your risk changes.
The Change form includes the following fields for risk management:
- Risk Level — Enter the anticipated risk that this proposed change has, from 5 (highest risk) to 1 (lowest risk).
- Impact — Determine the impact of this change based on the number of affected users.
- Performance Rating — When using the Classic view, in the Classification tab, rate the work done by support staff or the manager in completing the change request. Usually, the manager of the support staff assigned to the change request enters this rating after the change request is closed. This field is not displayed in the Best Practice view.
To configure the risk levels, see Configuring risk assessment.