February 5th, 2019 by inflectra
As we're in the final countdown for the release of the latest version of SpiraPlan v6.0, we are going to be highlighting some of the most important new features in this version to help you get ready for the release. In this third installment of the blog series on the new version we'll be discussing the new enterprise risk management features, including support for risks, mitigations, tasks and risk cubes.
One of the key new features in the latest version of SpiraPlan is a new risk management system. Previously, SpiraPlan simply had a type of incident that was classed as Risk, however this limited the functionality that we could provide for managing risks. In the new version, Risks are a completely distinct artifact type (similar to requirements, test cases, etc.) with their own types (business, technical, schedule, etc.), attributes and workflows:
In addition, Risks have special attributes for analyzing and categorizing how important they are:
This means that risks that are likely to happen with serious consequences will appear higher up in the lists than risks that are less likely to happen and/or have less serious consequences.
Each Risk will have their own "details page" similar to the other artifacts, where you can assign the Risk to an Owner, associate with a Release and/or Component, as well have various other standard and custom fields:
One important field for Risks is the Review Date since Risks can change in impact or probability during the lifespan of a project and need to be constantly reviewed.
The risk probabilities and impacts can of course be customized by a project template administrator:
A standard risk management workflow typically has the following five phases:
Accordingly, the default workflow for a risk in SpiraPlan has been created to implement these best practices out of the box:
As with all artifacts in SpiraPlan, you will be able to customize the steps, transitions (actions) and permissions associated with risk workflows, as well as specify which fields are required, hidden or disabled at each workflow state.
One of the key phases of Risk Management is identification and analysis of the mitigations that can reduce or eliminate the impact of the risk, should it happen. SpiraPlan provides built-in native support for adding and tracking the various mitigations to the risk, with the ability to specify individual review dates for each mitigation
Further to that, as part of the Risk Treatment process, you can also create SpiraPlan project tasks to identify, prioritize and assign the specific activities that will need to be performed to successfully mitigate the risk. The mitigations and tasks are both tracked back to the parent risk.
Typically the Mitigations list is used to identify the ways that the risk can be addressed, whereas the tasks are the specific actions that different project members will need to take to act on the mitigations. The tasks have a status, priority, effort and date and will be visible in the standard SpiraPlan task lists and Kanban board.
Using the built-in SpiraPlan history tracking feature, Risks also include a full audit trail of any changes made to the risk, for both standard and custom fields:
In addition, when you make changes to the status of the Risk, moving it through the risk management workflow, the system will enforce rules such as the need to add comments, add mitigations, specify the probability and/or impact:
The risk workflow operations also support electronic signatures for those customers that need to maintain a validated system.
One of the key aspects of risk management is the ability to display the risks to management to ensure that they are adequately understood and that appropriate mitigations are in place. To make this easier, the SpiraPlan project dashboards include two risk widgets:
In addition, SpiraPlan includes a risk summary and risk detailed report in the standard SpiraPlan reporting menu that lets you generate risk reports in HTML, MS-Word, MS-Excel, PDF and XML formats: