thanks Sean

for your first level,  do you keep approval at technical  (ITMGR) or tech and business (FBO)?

any thoughts on using the risk assessment question and dynamically determining approval flow?

jim

Hi James, 

So what I have seen mostly in my experience is the first approval is at the assess stage and that is mostly a technical review. 

Usually a member in the assignment group that is not the assigned to - ensuring that the change record is up to standard. 

Secondly you would get the business approval directly at the authorise stage (this could be during a CAB or just adhoc depending on the process). 

Any additional approvals would normally be in between the tech and business. 

In Summary:
Assess Stage: 1st approval (Technical / Member of assignment group)
Additional Approvals: Generated after first approval , may go to another group depending on any additional factors such as critical service, location etc 
Business Approval: Authorise stage - basically the approval to go ahead , and so should be the final approval. 

For your second question, I believe it is okay to drive approvals from answers to your risk assessments. But in my experience those answers should drive data on the change form - and those values should then drive additional approvals if required. 

For example - if a user has put on the risk assessment that this will affect 10000 users , therefore by doing this , this has made the change of High risk. 

Instead of doing a trigger where , where if the question is 10000 users then add an additional approval group, do it by the fact that risk = high and thus additional approval. 

It is more scalable and you can manage it better. 

I hope that makes sense. 

Please mark my answer correct and helpful if this resolves your issue.