How to create a risk register for an organization with many different teams and then turn this risk register into risk assessment for further corrective and preventive action (CAPA)?
Let's look at how to do it in this article and compare which tools are better fit for the job: Excel or Jira.
Why is risk management important?
Risk management is important for a variety of reasons:
ISO security standards
The more mature a company gets, the more responsibilities fall upon it.
Compliance to government standards, achieving data security certifications, and gaining customer, partner and stakeholder trust - all require risk management as a crucial part of your company’s workflows.
Successful business and confident initiatives
Not only large enterprises are bound by risk management.
According to CB Insights, 60% of small companies and startups fail in their first 3 years. Reasons vary from running out of budget and flawed business models to regulatory challenges and team or investor miscommunication.
Most SMEs don't usually ‘waste’ time on risk management because it's boring or they lack time and resources.
What if you could avoid some of the regulatory and legal challenges, business model flaws, or even budgeting issues if you had a proper mitigation plan ready?
Having risk registers in place with all the possible risks assessed and monitored offers a high level of flexibility and adaptability instead of chaos and despair when an event occurs.
On top of that, timely risk identification and analysis may reveal hidden opportunities that might even contribute to your business growth. If you still have doubts or simply want to learn more on the topic, take a glimpse at this brief 101 to project risk management article.
Tools for risk management: old-school Excel or agile Jira?
Countless companies keep their risk registers in Excel or Spreadsheets.
Mainly, because it’s free, well-known, and accessible to everyone. But also because it is highly flexible and allows advanced data management and analysis.
Risk management in Excel
Although Excel may seem a good solution for risk registers as it is generally a great way to store and organize data, the tool is not specifically tailored to risk assessment, so it will impose some limitations that need to be kept in mind.
It takes a lot of time to set up risk registers in Excel and requires much manual data input. You may end up with hundreds of rows of data, which is difficult to interpret, analyze, and establish dependencies.
Excel offers poor collaboration opportunities. Yes, you can invite colleagues to Spreadsheets, but it will be hard to monitor who’s doing the edits and even harder to add mitigation actions and assignees to risks and track their progress.
Risk management is a collective organization initiative, requiring multi-level cooperation of team members and managers. So you might want to incorporate permission schemes for your team. Excel is not really equipped with that and it is sensitive to typos and input errors if shared company-wide.
In general, Excel and Spreadsheets are good for data visualization but risk reporting may be pretty tricky and time-consuming and may lead to plenty of blind spots. And sure thing, you’ll face constant data synchronization and consolidation challenges if the rest of your workflows live in Jira.
How to make a risk matrix in Excel?
It’s difficult to accomplish if you’re not an Excel whizz. Very few people in the world know how to do this; you need an advanced understanding of Excel. If you want to know how and have plenty of time to set all up, here is a good article to check out.
Risk management in Jira
It’s much easier to keep all operations inside one tool. This way, you get to track everything in one place and cut down on tab-switching when creating reports. Jira offers plenty of opportunities to minimize manual work and set up smooth automated operations in your company.
Collaborative risk culture
Another reason to opt for risk management in Jira is the transition from Waterfall to Agile. Jira allows for multi-level collaboration between departments and team members.
Just imagine that you can have different teams to identify and add their department risks to Jira at their own pace. And then, you get a bird’s eye view of the whole company’s risk profile together with dependencies and mitigation plan at weekly management meetings.
How to track risks and dependencies in Jira?
There are multiple ways to keep risk registers in Jira, depending on your needs and Jira administration skills.
The most obvious one is to create your risk register in a separate Jira project and use Automation for Jira to set up your risk workflows. You can create a new issue type called “risk” to log your risks, then use custom fields, e.g. Probability and Impact, to assess them.
More skilled Jira users can leverage Jira Automation to calculate risk scores and create reports in Jira Dashboards.
However, when it comes to risk management reporting, native Jira Dashboards offer limited reporting functionality and don’t fully meet risk management needs. For instance, you can’t build a risk assessment matrix.
Hedge - Risk Management app for Jira Cloud
If you prefer to save time on creating automation rules and want to be able to assign risk CAPAs to users in Jira, you might want to look at one of the ready-made risk management solutions.
Hedge is a Risk Register and Risk Matrix app for Jira that allows creating risk workflows that you can modify to better suit your business needs.
Advantages of using Hedge risk management plug-in:
- Offers top data security: Hedge is built on Forge, ie. your data is hosted by Atlassian
- Easy to set up and comes with ready-to-use risk register templates
- You can add risk assignees and link mitigation tasks to risk issues to be proactive
- Risk matrix and risk reports are automatically created and customizable
- Interactive risk register table with automatically calculated risk scores
- Hedge comes with quick filters to better organize and analyze your data
- Affordable for a team of any size: the app is free for up to 10 users, after that it’s $1 per user
Risk Mitigation Tracking
Risk management in Agile is not only about logging and prioritizing risks, but also about taking action on them.
In Hedge, you can track your action progress against the risk and your mitigation plan in the "Action progress' column.
You can view the high-level progress on your mitigation plan and all ‘mitigating’ issues, linked to the risk in Jira. And if you need to adjust what issue links are taken into consideration, you can customize it in the settings.
Customizable Risk Score Formula
Just like you would do in Excel, you can adapt the Risk score formula in Hedge.
The app allows switching to advanced editing for the score field in the settings. And you can add numbers as additional parameters and other math operators, such as */-+().
Additional columns in the risk register and exporting in CSV
In Risk Management, we often need to find correlations between risks and projects they refer to, risk statuses, or assignees to analyze your company's risk position.
You can customize the risk register to see more context at a glance without opening risk details in Jira. Hedge allows adding extra columns to the risk register table, such as status, component, fix version, assignee, project, priority, epic link, parent link, and labels.
And finally, you can easily share the risk register externally with stakeholders and partners who don’t have access to your Jira instance or use it to create documentation for ISO Standard compliance.
In one click, you can export the risk register with all its columns in CSV to use in Excel, Spreadsheets, or embed into a presentation.