AFTAs 2022: Most cutting-edge IT initiative—Morgan Stanley

Project: Data Driven Risk Assessment (DDRA)


Data Driven Risk Assessment (DDRA) automatically generates Technology Software Change risk scores. Gathering data from multiple systems pertaining to a proposed change, it applies pre-defined weighted points against 12 criteria and calculates a numerical risk score and a “lowest,” “low,” “moderate” or “high-risk” categorization. DDRA moved to general availability in January 2022.

What problem does it solve?

The purpose of DDRA is to increase technology stability by improving the accuracy of Software Change risk assessments, and it aims to do this while reducing human subjectivity and bias in favor of consistent data.

“Thanks to the Data Driven Risk Assessment, we can now fully automate the delivery of low-risk software changes into production, delivering on the promise of DevOps with faster delivery of changes, while increasing operational stability and quality.”
Trevor Brosnan, managing director and distinguished engineer, Morgan Stanley

How does it solve the problem?

Changes assessed as lowest risk can be fast-tracked through the “Systematic Change” process. End-to-end automation with authorization inherited from the Software Delivery Lifecycle process eliminates manual effort. DDRA currently represents over 18% of software development lifecycle (SDLC) change; it is 40 times less likely to cause a major incident; and it encourages the adoption of modern techniques—for example, mid-week releases.

Future developments

Morgan Stanley will override and replace its legacy manual risk assessment process with DDRA by mid-2023. By the end of 2023, the firm expects that 60% of all SDLC change will be conducted through the application and an automated risk assessment for non-SDLC change will be built using DDRA as the foundation.

Why they won

Over the years, these awards have witnessed a number of innovative and genuinely transformative initiatives, but none has held the potential for enterprise-wide change to the extent that Morgan Stanley’s Data Driven Risk Assessment (DDRA) project does. The DDRA initiative currently manages just under a fifth of the firm’s software development lifecycle (SDLC) changes, which by the end of next year is set to increase to more than half, while the framework’s ability to massively reduce the likelihood of major incidents―and therefore operational risk―on the back of introducing software changes is truly impressive. 

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact or view our subscription options here:

You are currently unable to copy this content. Please contact to find out more.

You need to sign in to use this feature. If you don’t have a WatersTechnology account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here