Risk harmonization

The Cloud edition of Risk Register runs a background process that performs these tasks:

  • Switches risk assessments from one risk model to another

  • Updates risks assessments based on their associated risk models

Switching risks from one risk model to another

Each risk assessment is associated with a risk model. In the normal course of events, that risk model is the one associated with the containing project, but the risk assessment can become associated with a different risk model to the one associated with the project in these cases:

  • The risk was migrated from a Jira server/data center instance and was associated with the default risk model on the server-side; or

  • The risk was migrated from a Jira server/data center instance and the receiving project on the cloud side is associated with a different risk model; or

  • An administrator removes an explicit association between a risk model and the containing project; or

  • An administrator adds an explicit association between a risk model and the containing project.

Whenever the risk assessment is associated with a risk model other than the one associated with its containing project, the harmonization process switches the risk assessment from its current risk model (the source risk mode) to the one associated with its containing project (the target risk model). In so doing, it maps the impact, probability, and risk level values in the risk assessment to new values as follows:

  • Impact values are assigned to corresponding values in the target risk model. Corresponding values are determined by mapping the impact values in the risk assessment to impact values in the same position on the target risk model when those impact values are aligned by their most significant values.

  • Probability values are assigned to corresponding values in the target risk model as for impact values.

If an impact or probability has no corresponding value in the target risk model - this can happen if the source risk model has larger dimensions than the target risk model - then it will be marked as 'Unspecified'.

Updates to risk assessments based on their associated risk models

In this process, risk levels are recalculated according to the risk level mappings defined in the target risk model. This is necessary when:

  • Risks are migrated from Jira server/data center.

  • An administrator changes the risk model associated with the project containing the risk.