· 7 min read

Navigating Risk Response Strategies with Jira and easeRisk

Risk management is a critical aspect of project management, involving the identification, assessment, and response to potential risks that could impact project objectives. Effective risk response strategies are essential for mitigating negative impacts and capitalizing on positive opportunities. In this article, we will explore risk response strategies for both negative and positive risks and discuss how to model these strategies in Jira using the plugin easeRisk - Risk Management for Jira.

Understanding Risk Response Strategies

Risk response strategies are predefined plans or actions formulated to address identified risks within a project. These strategies are tailored to the nature and severity of the risks and aim to minimize negative impacts while maximizing positive outcomes.

In the preceding article, we extensively covered both positive and negative risks, elucidating their distinct characteristics and discussing strategies for effective management. If you require further insights into navigating the nuances of positive and negative risks, we encourage you to refer to the earlier section for a comprehensive understanding. Delving deeper into these concepts will equip you with the knowledge needed to navigate project uncertainties with confidence and precision.

Negative Risks / Threats

Negative risks, also known as threats or downside risks, are events or circumstances that could have adverse effects on a project’s objectives if they occur. These risks are typically associated with potential losses, delays, or failures that could impact the project’s success. Examples of negative risks include budget overruns, schedule delays, technical failures, and resource shortages.

Negative Risk Response Strategies

There are four main risk response strategies for negative risks:

  • Avoid: Involves taking actions to eliminate the risk or remove its causes entirely. For example, if a project team identifies a high-risk activity that could lead to schedule delays, they may decide to avoid the activity altogether by descoping a feature.

  • Mitigate: Involves taking actions to reduce the likelihood or impact of the risk. This may include implementing preventive measures, enhancing project controls, or developing contingency plans to address potential threats.

  • Transfer: Involves shifting the risk to a third party, such as an insurance provider or subcontractor, through contracts or insurance policies. This strategy is commonly used for risks that cannot be avoided or mitigated effectively by the project team.

  • Accept: Involves acknowledging the risk and its potential impact on the project but choosing not to take any specific action to address it. This strategy is appropriate for risks with low likelihood or impact that are deemed acceptable within the project’s risk tolerance.

Positive Risks / Opportunities:

Positive risks, also known as opportunities or upside risks, are events or circumstances that could have beneficial effects on a project’s objectives if they occur. These risks present opportunities for project enhancement, innovation, and success. Examples of positive risks include cost savings, schedule acceleration, improved performance, and enhanced stakeholder satisfaction.

Positive Risk Response Strategies

Unlike negative risks, positive risks require different response strategies to maximize their potential benefits.

  • Exploit: Involves taking actions to exploit the opportunity and maximize its potential benefits. This may include reallocating resources, adopting innovative approaches, or leveraging external partnerships to capitalize on identified opportunities.

  • Enhance: Involves taking actions to enhance the likelihood or impact of the opportunity. This may include investing additional resources, developing new capabilities, or expanding the scope of the project to realize the potential benefits of the opportunity.

  • Share: involves collaborating with external parties to distribute or transfer the benefits and opportunities associated with a positive risk. This strategy is typically applied when the organization or project can’t fully capture the benefits on its own or when sharing the opportunities with external entities enhances overall success.

  • Accept: As with negative risks, if the impact or the probability is exceedingly small, the opportunity can just be accepted without taking any actions to increase its probability or impact.

Modelling risk response strategies using easeRisk

easeRisk is a comprehensive risk management solution designed to streamline the risk management process within the Jira environment. It provides a user-friendly interface that allows project teams to identify, assess, prioritize, and track risks seamlessly within their Jira projects.

easeRisk levers on Jira issue types and link types to model the risk management processes. It is fully configurable, not enforcing any naming convention for issue types nor fields. Here we highlight four separate ways to model risk response strategies with their respective pros and cons.

easeRisk uses Jira links to create the relationship between risks and measures. On this approach each response strategy has its own link type. When creating measures, the user selects the link type that matches the response strategy they want to use.

Model risk response strategies with easeRisk for Jira using links

Modelling risk response strategies using a custom field on the Risk issue

For this approach you need to create a single select field with the possible risk response strategies and associate it with the configured risk issue types. During the assessment process, the project team members open the risk issue and set the risk response strategy in this new custom field.

Model risk response strategies with easeRisk for Jira using a custom field in the risk issue

Modelling risk response strategies using a custom field on the Measure issue

Analogous to the proposal above a single select field is added to the Measure issue instead of the Risk issue. In that sense, for each measure created the user can select a different response strategy.

Model risk response strategies with easeRisk for Jira using a custom field on the measure issue

Modelling risk response strategies using different Measure issue types

Instead of having an additional field for each response strategy, one can have different issue types for each response strategy. This is only possible, because easeRisk allows us to have more than one issue type for risks and measures. Therefore, when creating a measure, the user can select between the different measure types, where each measure type corresponds to one risk response strategy.

Model risk response strategies with easeRisk for Jira using custom issue types

Comparison between the different models

Each of the four proposed models above have distinct levels of flexibility. In the table below we compare the various aspects of each one. It is up to you to decide which approach better suits your needs.

Following criteria were used for the comparison:

Allows more than one strategy per risk: This checks if the model permits a risk to have different measures that apply different strategies (e.g., both mitigation and transfer). While not common, this feature adds flexibility, allowing teams to postpone deciding which measure or strategy to implement.

Measure may implement different strategies: It’s typical for a single measure to address multiple risks, making it practical to link the same Jira measure issue to several risk issues. This evaluates whether a measure can be linked to various risks, each with its own response strategy. For instance, a measure might mitigate one risk by reducing its likelihood or impact while completely avoiding another risk.

Can model the Accept strategy without ambiguity: As mentioned earlier, the Accept response strategy involves acknowledging a risk without actively planning any measures to address it. This checks if it is possible to flag that a Jira risk issue was accepted without creating a dummy “Accept” measure and without making assumptions based on a combination of its status and other fields.

Prevent additional dialog when creating measures: If the project only has one risk issue type, one measure type and one link type, an additional dialog when adding measures is not needed. This is a comfort criterium with no impact on the model itself.

Allows more than one strategy per riskMeasure may implement different strategiesCan model the Accept strategy without ambiguityPrevent additional dialog when creating measures
1. Using Links(tick)(tick)
2. Custom Field on Risk(tick)(tick)(tick)
3. Custom Field on Measure(tick)(tick)
4. Custom Issue Type for Measures(tick)

Conclusion

Effective risk response strategies are essential for managing both negative and positive risks within a project. By understanding the nature of each risk and applying the appropriate response strategy, project teams can minimize negative impacts and capitalize on opportunities for growth and success. With the help of tools like easeRisk for Jira, modeling and implementing risk response strategies becomes more efficient and streamlined, enabling project teams to navigate risks effectively and achieve project objectives with confidence.

Back to Blog