Risk assessment
Risk assessment helps you achieve greater productivity by combining qualitative and quantitative criteria for assessing the risk level associated with a change. You can raise the accuracy of the changes by assessing risks with a consistent and standard process. The end output is a Change Risk Report, which can provide a key decision in change planning. For more information, see Computing-risk-levels.
When approvers review a proposed change request, they want to see an analysis of potential risks and the impact of the change request.
During the planning phase, assess the risk of your change request. Risks can include the number of people affected, financial concerns, loss of productivity due to system or network downtime, resource allocation, and seasonal considerations, such as vacations, holidays, and weather. Impact analysis needs to be based on how many people are affected by the proposed change, and where those people are located. Here you can select the anticipated risk that this proposed change has, from 5 (highest risk) to 1 (lowest risk).
You can also compute the risk of a change request. Risk factors can include a set of questions used to calculate the risk value. During configuration, your application administrator defines a set of questions that apply to a specific company, to the operational categorization of a change request, or globally to all change requests, and a weight for each question. For example, your application administrator can define a set of questions that apply only to change requests regarding decommissioning virtual machines, if those change requests are identified by operational categorization.
The support staff assigned to each change request provides the risk value and probability for each question as it pertains to their specific request. The system calculates the total risk and saves the value in the Risk Level field of the Change form.
Finally, you can view a report of the total impact of your risk changes.
The Change form includes the following fields for risk management:
- Risk Level — Enter the anticipated risk that this proposed change has, from 5 (highest risk) to 1 (lowest risk). For example, if the support team needs to install a critical security update on all the machines in the sales department during peak working hours, the risk level can be 4 or 5. If the critical security update can be installed during offline working hours, the risk level can come down to 2.
- Impact — Determine the impact of this change based on the number of affected users.
To configure the risk levels, see Configuring-risk-assessment.