SpiraPlan includes an enterprise risk management system that is fully integrated with the requirements and project management features of SpiraPlan. The risk management module lets you identify, analyze, treat, and monitor risks with support for risks, mitigations, tasks and risk cubes.
With SpiraPlan you can easily identify, capture and manage project and program risks with an easy to use web interface. Risks are a unique artifact within SpiraPlan (separate from issues or defects) that have their own types (business, technical, schedule, etc.), attributes and workflows.
Risks have special attributes for analyzing and categorizing how important they are:
This means that risks that are likely to happen with serious consequences will appear higher up in the lists than risks that are less likely to happen and/or have less serious consequences.
Each Risk will have their own "details page" similar to the other artifacts, where you can assign the Risk to an Owner, associate with a Release and/or Component, as well have various other standard and custom fields:
One important field for Risks is the Review Date since Risks can change in impact or probability during the lifespan of a project and need to be constantly reviewed.
The risk probabilities and impacts can of course be customized by a project template administrator:
A standard risk management workflow typically has the following five phases:
Accordingly, the default workflow for a risk in SpiraPlan has been created to implement these best practices out of the box:
As with all artifacts in SpiraPlan, you will be able to customize the steps, transitions (actions) and permissions associated with risk workflows, as well as specify which fields are required, hidden or disabled at each workflow state.
One of the key phases of Risk Management is identification and analysis of the mitigations that can reduce or eliminate the impact of the risk, should it happen. SpiraPlan provides built-in native support for adding and tracking the various mitigations to the risk, with the ability to specify individual review dates for each mitigation
Further to that, as part of the Risk Treatment process, you can also create SpiraPlan project tasks to identify, prioritize and assign the specific activities that will need to be performed to successfully mitigate the risk. The mitigations and tasks are both tracked back to the parent risk.
Typically the Mitigations list is used to identify the ways that the risk can be addressed, whereas the tasks are the specific actions that different project members will need to take to act on the mitigations. The tasks have a status, priority, effort and date and will be visible in the standard SpiraPlan task lists and Kanban board.
Using the built-in SpiraPlan history tracking feature, Risks also include a full audit trail of any changes made to the risk, for both standard and custom fields:
In addition, when you make changes to the status of the Risk, moving it through the risk management workflow, the system will enforce rules such as the need to add comments, add mitigations, specify the probability and/or impact:
The risk workflow operations also support electronic signatures for those customers that need to maintain a validated system.
SpiraPlan lets you link risks with other artifacts in the system. For example, you have a new feature that you plan on implementing, and you need a way to capture and track all the risks associated with it. Alternatively, you may want to associate a risk with a test case that will be used to test the likelihood of a risk occurring.
The associations tab on each risk page lets you link risks to other artifacts in the system.
Each association will contain the type of artifact being linked to, whether it is dependency, or simple relationship association, the date it was created, who made the association, and whether it is a cross-product association or not.
One of the key aspects of risk management is the ability to display the risks to management to ensure that they are adequately understood and that appropriate mitigations are in place. To make this easier, the SpiraPlan project dashboards include two risk widgets:
In addition, SpiraPlan includes a risk summary and risk detailed report in the standard SpiraPlan reporting menu that lets you generate risk reports in HTML, MS-Word, MS-Excel, PDF and XML formats: