Assess potential risks to your changes with Rovo Ops

AI risk assessment helps you evaluate potential risks before implementing a change. Powered by Rovo, it analyzes the context of your change and surfaces potential technical and operational risk signals.

Once enabled, the AI risk assessment panel appears directly on change work items and provides a structured narrative summary along with an overall risk level when you run a risk assessment.

AI risk assessment is designed to help guide change managers and CAB members. It does not replace approvals, organizational policies, or human judgment.

AI risk assessment:

• Analyzes the context of a change work item

• Reads relevant data sources such as linked knowledge base articles, URLs included in the change description, and connected deployment pipelines

• Identifies potential technical and operational risks

• Provides a narrative risk summary with a confidence score indicating the Rovo Ops’s level of certainty in the predicted risk level.

• Assigns an overall risk level (Low, Medium, or High)

• Suggests mitigation steps based on similar historical patterns

AI risk assessment is generated at a per-user level. Each user sees an assessment based on the data sources and records they have permission to access.

AI risk assessment does not:

• Automatically approve or reject changes

• Enforce mandatory actions

• Provide guaranteed or deterministic predictions

• Override your organization’s change management policies

Responsible use of AI risk assessment

AI risk assessment provides guidance to support decision-making. It does not replace human review. Final decisions regarding risk assessment remain with change managers and approvers.

Change managers and approvers are responsible for reviewing the assessment and validating the results before approving a change.

Always use your team’s expertise and organizational policies when making decisions.

AI risk assessment relies on structured and accessible data

To get the most value from AI risk assessment, ensure that change approvers have access to the relevant data sources, including:

• Knowledge bases used for assessments

• Links referenced in change requests

• Connected deployment environments

For best results, consider making knowledge bases used for risk assessment accessible to the appropriate internal audience.

How AI risk assessment evaluates your change

Rovo Ops evaluates risks using the information available in the change work item including change description, comments, links, associated or mentioned links, and knowledge base articles that the current user can access. The assessment is generated dynamically and may vary between users depending on their permissions and accessible data.

AI risk assessment analyzes risk across two dimensions: Technical and Operational. Admins can select one or both of these dimensions from the AI risk assessment settings. Read how to configure AI-risk assessment panel.

Technical risk

When technical risk is turned on, AI risk assessment considers factors that could increase the likelihood of incidents, deployment failures, or system instability.

Rovo Ops considers signals such as:

Related incidents and post-incident reviews (PIRs)

• Open incidents on affected services, assets, or related dependencies within the same project

• Past incidents whose root cause aligns with the change description

• Post-incident reviews (PIRs) where the documented incident cause is similar to the intended change

These patterns may indicate recurring issues that require additional scrutiny.

Change and deployment history

• Historical failed deployments from connected deployment pipelines

• Rejected changes associated with the same service within the last 90 days

Repeated failures or rejections may signal elevated implementation risk.

Implementation readiness

• Presence of test plans, rollback plans, and implementation details

• Gaps or insufficient documentation in these areas

Missing or incomplete plans may increase execution risk.

Data migration and compatibility considerations

• Any data migration or system compatibility issues described in the change request are highlighted as potential risk factors

When deployment or repository references are linked to the change, Rovo Ops incorporates those signals into its overall technical risk evaluation.

Operational risk

Operational risk focuses on timing, coordination, infrastructure impact, and stakeholder awareness related to the change.

Rovo Ops evaluates operational risk using signals such as:

Scheduling conflicts

• Other changes scheduled on the same affected services or assets within the same timeframe as the current change

Concurrent changes on the same services may increase coordination complexity and risk. Rovo Ops can identify scheduling conflicts when related changes are properly linked to services or assets and include planned start and end dates.

Stakeholder impact

• Key roles associated with the affected services or assets, including:

  • Service owners

  • Service responders

  • Service stakeholders

  • Incident managers

  • Asset owners

  • Other relevant roles linked to the service or asset

Highlighting these roles helps ensure the right people are aware of, or involved in, the change. Rovo Ops identifies stakeholder impact based on the roles and ownership information defined for the selected services or assets. It works best when services, assets, and associated roles are accurately configured and linked to the change.

Infrastructure changes

• Infrastructure changes described in the work item, such as updates to authentication services, CDN configurations, or other critical systems

• Changes that may introduce downtime or broad service impact

Infrastructure-level changes may require additional review or coordination.

Rollback complexity

• The potential time, effort, and steps required to roll back the change

Complex or time-consuming rollback procedures may increase operational risk if issues occur.

Mitigation suggestions

After identifying potential risks, Rovo Ops may suggest mitigation steps based on the available information and the data you have access to.

You can review, accept, reject, or modify these suggestions. You can also add mitigation steps manually at any time.

These suggestions:

• are based on patterns observed in similar changes and incidents within your accessible environment

• are framed as recommendations, not requirements

• help address identified gaps, such as missing rollback plans or repeated deployment failures

If you accept a mitigation suggestion, Jira Service Management automatically creates a new work item of “task” type. The task’s title will contains your change’s key as a prefix (e.g.IT-0001). This allows you to track and manage follow-up actions directly within your change process.

Data usage and transparency

AI risk assessment is designed with transparency and data privacy in mind.

• The assessment uses only the data that the current user can access.

• It analyzes the change work item and related records within your site, such as incidents, PIRs, services, assets, and connected deployment data.

• It does not use data from other organizations to generate a risk assessment.

• Your organization’s change data is not used to generate risk assessments for other customers.

Because the assessment is based on accessible documentation and permissions, two users may see slightly different risk insights for the same change.

AI risk assessment provides contextual guidance based on available information. As with any AI-powered feature, results should be reviewed and considered alongside your team’s expertise and operational knowledge.