This documentation supports the 20.02 version of Remedy Change Management.To view an earlier version, select the version from the Product version menu.

Risk assessment


Risk assessment helps you achieve greater productivity by combining qualitative and quantitative criteria for assessing the risk level associated with a change. You can raise the accuracy of the changes by assessing risks with a consistent and standard process. The end output is a Change Risk Report, which can provide a key decision in change planning. For more information, see Computing-risk-levels.

Recommendation

No matter how well-planned or tested a change might be, you must consider the possibility that your change can create disruptions elsewhere in the IT infrastructure. Do not approve any change request that does not explicitly plan for the possibility of failure. For more information, see Creating-change-requests-as-rollbacks.

When approvers review a proposed change request, they want to see an analysis of potential risks and the impact of the change request.

During the planning phase, assess the risk of your change request. Risks can include the number of people affected, financial concerns, loss of productivity due to system or network downtime, resource allocation, and seasonal considerations, such as vacations, holidays, and weather. Impact analysis needs to be based on how many people are affected by the proposed change, and where those people are located. Here you can select the anticipated risk that this proposed change has, from 5 (highest risk) to 1 (lowest risk).

You can also compute the risk of a change request. Risk factors can include a set of questions used to calculate the risk value. During configuration, your application administrator defines a set of questions that apply to a specific company, to the operational categorization of a change request, or globally to all change requests, and a weight for each question. For example, your application administrator can define a set of questions that apply only to change requests regarding decommissioning virtual machines, if those change requests are identified by operational categorization.

The support staff assigned to each change request provides the risk value and probability for each question as it pertains to their specific request. The system calculates the total risk and saves the value in the Risk Level field of the Change form.

Finally, you can view a report of the total impact of your risk changes.

The Change form includes the following fields for risk management:

  • Risk Level — Enter the anticipated risk that this proposed change has, from 5 (highest risk) to 1 (lowest risk). For example, if the support team needs to install a critical security update on all the machines in the sales department during peak working hours, the risk level can be 4 or 5. If the critical security update can be installed during offline working hours, the risk level can come down to 2.
  • Impact — Determine the impact of this change based on the number of affected users.

To configure the risk levels, see Configuring-risk-assessment.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*