ARIS
Risk & Compliance Management
What if you could?
- Control and mitigate risk by ensuring compliance with all relevant laws and regulations?
- Have adequate controls without adversely impacting daily operations?
- Align Governance, Risk & Compliance Management (GRC) activities with the corporate strategy?
- Reduce executive risk of penalties and fines resulting from inadequate compliance?
Keep risk and compliance in balance
We were constantly reworking our processes and there was little control or guidance. With ARIS we now have complete visibility and control of processes worldwide.”
Key benefits
- Take a process-focused approach to risk & compliance management
- Manage compliance activities comprehensively, from testing to external audit
- Efficiently analyze and evaluate compliance and operational risks
- Identify risk-relevant processes and affected line items
- Identify shortcomings in your Internal Control System (ICS)
- Automatically escalate issues for resolution
- Prepare, plan, execute and report on your company’s audits
- Update management via an up-to-the-minute graphical dashboard
- Design, implement and document controls, tests and risk assessments
- Monitor and retest improvements in the shortest possible time
- Decrease risk of penalties
Key features
Control Management
Establish controls and acceptable levels of risk while staying aligned with your organization’s objectives and policies. Document control executions and test the implemented controls of your ICS regularly for effectiveness using an automated testing workflow with clearly assigned roles. Whenever a test wasn’t conducted as scheduled or controls are ineffective, a task is triggered to alert the responsible people to take action. Use the issue management workflow to initiate improvements and adapt fast and easily to regulatory changes.
Issue management
Use a standard issue management workflow so that problems can be solved and improvements can be initiated. Create issues for identified problems and weaknesses in the ICS, in risk assessments or audit results. Communicate and resolve problem situations promptly. Action tracking with ARIS Risk & Compliance Management ensures that every defined activity is followed through. Every issue is documented from creation to completion.
Comply with GDPR
Every organization that does business in the EU has to comply with the General Data Protection Regulation (GDPR) or pay a steep fine. Compliance requires precise knowledge of the data you store and process, and the right data management policy across your organization. ARIS Risk & Compliance Management equips you with accelerators for GDPR that help you speed up your data protection projects.
Operational risk management
Identify, document and analyze operational risks, such as financial or security risks. You can evaluate risks according to financial impact or probability using the risk assessment workflow with clearly assigned roles and automatic email notification. You can also define individual impact types, such as health, environment or image. Initiate measures to manage risks or to reduce their consequences should they occur. Monitor your risks running qualitative or quantitative risk analyses. Simulate risk events along the defined business process chains. Analyze dependencies between business processes, risks and controls. Use bow tie diagrams to illustrate and communicate your risk situation.
Incident & loss management
Document and categorize incidents and resulting loss or damage. Use the incident and loss management workflow with clearly assigned roles and automated email notification. Create the relevant values, process and analyze them. Use the gathered loss values to improve your risk management and future risk assessments.
Survey management
Use surveys to help audit suppliers analyze business impact and more. Complete surveys online or offline. You can use the survey management workflow with clearly defined roles—for example, survey managers and interviewees—as well as automated email notification. ARIS Risk & Compliance Management offers various question-and-answer combinations, predefined scores, as well as periodic and one-time surveys.
Audit management
Manage all audit-related tasks in an integrated end-to-end process-driven approach. Support your internal auditors in handling work papers and scheduling audit-related tasks, time management and reporting. To assure consistent information throughout the enterprise, content information relevant to audits, such as policies, control test evidences, incident reports as well as previous audit findings, are all managed within ARIS Risk & Compliance Management. This saves expensive audit time. It also includes a “self-audit” capability and a seamless audit trail.
Policy management
These days, publishing corporate guidelines isn’t enough. That’s why the software includes a fully integrated policy management workflow. Cross referencing policies with regulations, risks and processes, for example, helps you establish a better culture of compliance and reduce risk. Store in a central repository, policies can be mapped to business context with clearly defined responsibilities, affected processes, entities and more. Policy owners gather stakeholder approvals, after that publish official policies, and get confirmation from the appropriate people that policies have been applied. If needed, employees can attest they’ve received policies and sign a formal confirmation as evidence of policy training. Existing policies can be reviewed and retired if necessary.
Continuous monitoring
Using a complex event processing engine results in full integration of operational business processes and risk & compliance.
Real-time response enables you to realize both detective and preventive GRC. You can automate tasks to increase productivity and monitor GRC processes with desktop or mobile dashboards. Additionally, transparency of every single process and 100 percent data coverage instead of just samples enable your business to make better decisions.
Dashboarding and reporting
Create customized management and project dashboards with up to the minute overviews of current risk & compliance activities like control tests, risk assessments, surveys or GDPR measures. Drill down from dashboard to operational data to evaluate details. Visualize status and results in charts and heatmaps adopted to stakeholders’ needs. Create reports for management or external auditors. Use predefined templates or customize according to your needs.
... Above all, our Compliance and Internal Control department has a solution for modeling our processes, risks and controls, facilitating the management of our
risks (and in particular our operational, financial and
non-compliance risks).”
About ARIS
ARIS is available in six different editions
More on ARIS Extensions
You can extend ARIS Enterprise just as you need it—according to your needs and projects. The ARIS extensions are here to support your expert use cases.
Risk & Compliance
Risk & Compliance adds capabilities for integration of regulatory demands & operational risks into a single approach and Internal Control System (ICS).
Rollout Add-ons
Rollout Add-ons set up and manage confirmation workflows.
Simulation
Simulation adds capabilities to test what-if scenarios and get information about bottlenecks & improvement potentials.
SAP® Solutions
SAP® Solutions adds capabilities to support holistic implementation & rollout of SAP projects, testing, communication, training & go-live support.
Premium Document Storage
Premium Document Storage allows ARIS to be used for storage of up to 1 million documents.
SharePoint Integration
SharePoint Integration supports users to work with SharePoint and ARIS in an integrated manner.
3rd Party Integration
3rd Party Integration allows integration with 3rd party applications based on an API.
Robotic Process Automation
Robotic Process Automation adds a “workforce” of software robots to automate repetitive manual tasks and processes, fully integrated into your process landscape.