Updated on April 22, 2024
Risk Management in Jira
Effective risk management is an essential aspect of any organization’s success, but it is often viewed as a regulatory burden. However, by adopting a strategic approach and gaining a deeper understanding of risks, businesses can prioritize their efforts and align their plans with their goals, enabling them to capitalize on new opportunities.
While traditional Excel sheets can be useful, integrating risk management into Jira can save time and resources, improve efficiency, reduce errors, and enhance collaboration among stakeholders. By embracing risk management as a business enabler, organizations can transform potential threats into opportunities and position themselves for long-term success.
With several risk management apps available on Jira Cloud, organizations with different risk management requirements may struggle to determine the best app for them. This blog post compares three of the most popular risk management apps on Atlassian Marketplace – SoftComply Risk Manager Plus, Hedge Risk: Risk Management, and Risk Register – to help organizations make an informed decision.
Risk management can be applied to various areas within the organization. You may need risk management for individual projects as well as for the entire organization. In addition, if you’re developing complex or safety-critical systems, managing product safety and security risks is essential.
SoftComply Risk Manager Plus
SoftComply Risk Manager Plus on Jira Cloud was built by SoftComply based on the customer feedback and requests of the SoftComply Risk Manager. Today, the SoftComply Risk Manager Plus is the most advanced risk management app on Jira Cloud.
- The Risk Manager Plus provides the most customisable risk management experience for organisations who want to manage all their various risks in one place.
- It is perfect for companies that want to move their risk management from standalone risk management tools and Excel to Jira as it provides a multi-sheet risk register view for project and organisational risk management.
- Each table sheet can have its dedicated Jira issue type and risk model assigned to it.
This plugin also provides a set of ready-made templates for organisations for their software risk management and information security risk management.
Users can build their own or customise ready-made templates for their risk models:
- 2D Risk Matrix (for example, 5×5 Risk Matrix),
- 3D Risk Matrix (5 x 5 x 5 Risk Matrix, for example, when in addition to Impact and Probability there is a 3rd parameter like Detectability used) or
- RPN/Risk Score based (where the Risk Score is calculated as a multiplication of up to 10 user-defined risk parameters).
You can fully customise your risk assessment framework, describe the risk parameters/characteristics and their levels. You can also assign several risk models to a single Jira project.
What is unique among risk apps in Jira is that, in addition to advanced organisational and product risk management, you can also manage your Information Security Risks for ISO27001 with the Risk Manager Plus.
For ISO 27001 InfoSec Risk Management, there is:
- a built-in asset management system in this app called Object Registers. You can use the build-in ISO 27001 Controls and build your own asset library in the app.
- You can also customise the ready-made asset-based risk management template to manage your information security risks.
- Finally, you can generate your Statement of Applicability directly from the app.
Most risk management plugins in Jira have in-app risk reporting while the SoftComply Risk Manager Plus, in addition to dashboard gagdets, has a free risk reporting extension on Confluence with which you can bring your risk reports directly to your Confluence pages with the SoftComply risk reporting macros.
SoftComply Risk Manager Plus offers additional automation to its users who want to build Jira automation on top of this risk management app. For example, if you would like to automatically update certain risk values when some other value in the framework has changed, you can use the build-in automation feature together with Jira automation to achieve it.
How to videos on using and customising the app can be found in YouTube.
Hedge: Risk Management
Hedge Risk Management plugin on Jira Cloud is an easy-to-use risk management tool for simple project and product risks assessment developed by Appfire.
With this app, you can choose and customise your 2D risk matrix for risk assessment. What is unique in this app, is that you can also customise your risk calculation formula.
As with most risk management apps in Jira, you can assess risks in the Jira issue view. With this app, you can set the risk values for risks in the risk table/register view. Other risk fields are not customisable in the risk table view. You can also set risk values directly in the risk matrix.
Hedge: Risk Management provides in-app risk reporting capabilities where you can see risk values per project either in inherent or residual risk matrix, pie chart, status report and risks raised overtime.
Risk Register
Risk Register was the very first risk management plugin developed on Jira supporting, primarily, project risk managers. It provides robust risk assessment capabilities in Jira issue views.
With this app, users can use and customise a 2D risk matrix and assign it to any Jira project.
Users can thereafter assign risk values to each risk separately in a Jira issue view. Although the app provides a view of risks in a list (risk register), users cannot assign risk values directly in that view. Instead, you will have to work in the Jira issue view.
Risk Register provides a dashboard view for risk reporting in which you can see the risks in inherent or residual risk matrix of your chosen project.
SUMMARY
The table below compares the 3 most popular risk management apps based on their out-of-the-box use-cases:
| USE CASE | SOFTCOMPLY RISK MANAGER PLUS | HEDGE: RISK MANAGEMENT | RISK REGISTER |
|---|---|---|---|
| PROJECT Risk Management | ✅ | ✅ | ✅ |
| PRODUCT Risk Management | ✅ ready-made templates | ✅ | ✅ |
| ORGANISATIONAL Risk Management | ✅ | ✅ | ✅ |
| RAID Risk Management | ✅ multi-sheet risk register & multiple models per project | ||
| GOVERNANCE Risk Management | ✅ |
The comparison below outlines the different views provided by the 3 most popular risk management applications on Jira Cloud. These views enable users to work with risks more efficiently and effectively.
| RISK VIEWS | SOFTCOMPLY RISK MANAGER PLUS | RISK REGISTER | HEDGE: RISK MANAGEMENT |
|---|---|---|---|
| Risks Displayed in RISK MATRICES | ✅ | ✅ | ✅ |
| Risk Register is CUSTOMISABLE | ✅ customisable spreadsheet view | ✅ | ✅ limited customisability |
| Risks are EDITABLE in the Register | ✅ content fully editable in Register (spreadsheet view) | ✅ only risk management content editable in Register view | |
| Risks EDITABLE in Jira Issue View | ✅ | ✅ | ✅ |
| MULTIPLE SHEETS in Risk Register | ✅ each sheet in the register can be linked with a separate risk model | ||
| BUILT-IN REPOSITORIES / Object Registers: Organisational Risk-Related Data Repositories for Hazards, Harms, Assets, Controls, etc. | ✅ |
The type of risk evaluation method used determines the risk model, which can be referred to as a Risk Matrix, a Risk Assessment Model or a Risk Prioritisation Number. Risk models may incorporate several risk characteristics used to calculate the risk score, and there could be different types of risk models available for users in different risk management apps. Additionally, users may need to add supplementary information to each element of the Risk Model to generate detailed risk reports.
The risk models of the 3 risk management apps on Jira Cloud are compared below.
| RISK MODELS | SOFTCOMPLY RISK MANAGER PLUS | RISK REGISTER | HEDGE: RISK MANAGEMENT |
|---|---|---|---|
| 2-Dimensional Risk Matrix: 2 Risk Characteristics (Severity / Impact & Probability / Likelihood) | ✅ | ✅ | ✅ |
| 3-Dimensional Risk Matrix: 3 Risk Characteristics (Severity / Impact & Probability / Likelihood & Detectability) | ✅ | ||
| 2-Dimensional RPN (2 Risk Characteristics for Risk Prioritization Number / Risk Score) | ✅ | ✅ | |
| 3+ Dimensional RPN (3 or More Risk Characteristics for Risk Prioritization Number / Risk Score) | ✅ | ||
| User-defined Definitions / Descriptions for each Risk Characteristic and Risk Score | ✅ | ||
| Multiple Risk Models in one Jira Project | ✅ | ||
| 2 Risk Assessment Iterations: e.g. Initial & Residual Risk | ✅ | ✅ | ✅ |
| 3+ Risk Iterations: users can determine the exact nr of Risk Assessments e.g. Initial, Current and Target | ✅ | ✅ |
To assist organizations in selecting the best risk management application for their needs, the following comparison outlines the reporting features provided by the 3 most popular risk management applications on Jira Cloud. These features enable users to generate comprehensive reports that can be used for internal communication and external compliance purposes.
| RISK REPORTING | SOFTCOMPLY RISK MANAGER PLUS | RISK REGISTER | HEDGE: RISK MANAGEMENT |
|---|---|---|---|
| Jira Dashboard Gadgets | ✅ | ✅ | in-app reporting only |
| Reporting in Confluence Cloud | ✅ |
While these three apps have several similarities in features, they were designed to address various risk management needs. The SoftComply Risk Manager Plus, available on Jira Cloud, offers the highest degree of customization and advanced features, which were developed based on our customers’ evolving risk management requirements. Conversely, for straightforward project risk management, the Risk Register and Hedge provide reliable risk management tools, with variations primarily in user experience.
The post highlights the benefits of integrating risk management into Jira, including saving time and resources, improving efficiency, reducing errors, and enhancing collaboration among stakeholders. Ultimately, the integration enables organizations to transform potential threats into opportunities and position themselves for long-term success.
For a quick guide to the SoftComply Risk Manager Plus app on Jira Cloud, please check out this short overview video:
In case you would like to learn more about our risk management apps on Jira, feel free to book a live demo for you and your team:
