If you’re considering using Excel for your risk register, this video explains why that might not be the best choice. Instead, we introduce a more effective alternative using Jira and dedicated risk management plugins. If you prefer watching over reading, check out the full video.

Don’t Use Excel for Risk Management – Do This Instead! (Jira Risk Management Tutorial)

Key Takeaways:

• Excel Limitations: Manual risk management in Excel often leads to outdated risk data, human errors, and lacks an audit trail.
• Automate with Jira: Using Jira and plugins like the SoftComply Risk Manager Plus will automate and enhance risk management.
• Enhanced Features: Jira apps offer templates, customizable risk assessment models and risk registers, and modules for information security risk management compliant with the ISO 27001.
• Free Trial and Support: You can try Jira apps for free and access dedicated support through demo calls.

What is a Risk Register

The document where an organization or a risk manager records all identified risks, their analysis, mitigation plans, and ownership details is commonly referred to as a Risk Register. It is a centralized tool for monitoring and managing risks throughout a project or organizational risk management process.

Risk Registers are most often built and manually maintained in an Excel spreadsheet that a Project or Risk Manager tries to keep up to date but Excel has significant drawbacks.

Why Excel Falls Short for Risk Registers

There are 3 main issues with manual risk management in Excel:

1. Risk related data quickly becomes outdated when it is not regularly updated.
2. Manual data entry and management is prone to human errors.
3. There is a complete lack of audit trail, i.e. we do not know what has happened to risks throughout their lifetime.

These issues may result in incorrect risk prioritizations leading to critical risks being overlooked. This is why we recommend creating the Risk Register in Jira with the help of dedicated risk management plugins like the Risk Manager Plus.

Let’s look into how you can automate your risk management in Jira by setting up a dedicated risk management app to meet your risk management needs.

Automate Risk Management in Jira

To avoid the pitfalls of Excel, you can automate your risk management process using Jira. Jira supports plugins specifically designed for risk management, such as the SoftComply Risk Manager Plus. These tools help keep your data up-to-date and reduce errors through automation. They come with templates for risk models and risk registers that you can further modify to meet your risk management requirements.

Setting Up Your Risk Register in Jira

Setting up a risk register in Jira is straightforward. Start by selecting a risk management app from the Atlassian Marketplace. Choose a template that fits your needs and customize it to align with your risk management process. This customization can include defining risk assessment steps and modifying risk characteristics.

For Risk Models, you can customise the provided templates by specifying:

• the number of risk assessment steps (risk iterations) – you can add up to 10 risk iterations
• the names of these risk iterations
• the Risk Characteristics used for assessing risks e.g. Impact, Likelihood, etc – you can add up to 10 risk characteristics
• the levels, descriptions and order of the Risk Characteristics

For Risk Registers, you can customise the ready-made templates by modifying:

• number of separate sheets in your risk register – in case you wish to assess different types of risks in one Jira project
• the risk assessment model related to each risk register sheet – in case you wish to assess risks with different method
• all the risk related data (prepopulated from the chosen risk assessment model) needed to describe the risks
• any additional data required to automate risk management, e.g. risk owners and due dates

Advanced Risk Management Features for ISO 27001

The SoftComply Risk Manager Plus offers a dedicated Information Security Risk Management module for companies who want to comply with the ISO 27001.

The InfoSec module provides the following features:

• A customisable template for an Asset-based Risk Register,
• a customisable template for ISO 27001 Risk Model,
• a pre-populated ISO 27001 Controls Repository,
• a dedicated InfoSec dashboard with ISO 27001 Checklist where you can monitor your progress of meeting the ISO 27001 requirements,
• traceability matrix for monitoring coverage status between a) information assets and identified risks, and b) risks and ISO 27001 controls,
• automatic generation of the Statement of Applicability.

The Information Security Risk module comes with a template for an Asset-based Risk Register where you can identify all your information assets and their descriptions, add risks related to each of them and pick relevant ISO 27001 controls to mitigate these risks.

ISO 27001 controls have already been added to the app, in a module called the Object Register. You can view the detailed description and the control group of each control as defined in the ISO 27001 when working in the Risk Register. Any additional data to the controls regarding their applicability to your organisation’s information security policy as well as any source information can be added to controls in the Object Register (controls repository).

To monitor your information security risk management progress, you can check the coverage status of assets, risks and controls in the InfoSec Dashboard of the app.

The Dashboard also provides you with the ISO 27001 Checklist where you will find all the ISO 27001 requirements and detailed explanations on how to meet them. You can add links to documents and Jira projects for any evidence of meeting these requirements to easily monitor tasks that still need to be completed.

After having reviewed your information security risks, you can automatically generate the Statement of Applicability.

Conclusion and Call to Action

Using Excel for your risk register might seem like a simple solution, but it comes with many risks. Automating your risk management in Jira not only helps maintain accuracy but also ensures compliance with international standards.

Try the Risk Manager Plus app for free for a month, and consider scheduling a demo to explore more about its capabilities. Click the link to start your trial or book a demo today!