The control of processes via external events is now supported in version 4.1 of ARIS Risk & Compliance Manager. Real events trigger the creation of specific objects with predefined attributes and statuses.

Possible use cases range from checking the segregation of duties for order processes to complex procedures such as monitoring malfunctions in production plants.

In event enabling context, patterns, and data sequences are configured in a source system. The streams of events in business processes are then continuously analyzed in order to provide an overall picture in real time. If the predefined requirements are met, an event is created, which provides ARIS Risk & Compliance Manager with the relevant information.

In order to process the information provided, a subscription must be created in ARIS Risk & Compliance Manager. This is an object with specific attributes and default values, which supplements the external event with information where applicable and then, for example, triggers the creation of a test case. The incoming events are then mapped to the subscription in ARIS Risk & Compliance Manager, i.e., the data that the source system provides is transferred and the empty mandatory fields and assignments are filled in with the information from the subscription. If the incoming event already contains all of the required attribute definitions, then the values specified in ARIS Risk & Compliance Manager are ignored.

The advantages and capabilities of event enabling are for example: control tests are carried out constantly, instead of just samples, thresholds for risk factors are monitored, real processes are checked instead of documented target processes, and incidents and deficiencies can be reacted to as soon as they happen.

Issues, risk assessments, test cases and incidents can be created automatically. This example demonstrates how you can use event enabling. It shows how the segregation of duties is checked for ordering procedures. If an employee triggers an order over 1,000 Euros it must be approved by the supervisor. If the order was approved by the same person who triggered it, the source system creates an event that in turn triggers a test case in ARIS Risk & Compliance Manager. A test case can be created with different statuses, for example, with the 'Control not effective' status and can then be processed by the test reviewer directly as in the next example, or with the 'In progress' status if some of the content could not be provided by the external system and the tester must add additional information, as seen in the second example. First it must be specified in the subscription which attributes the created test case should have. To do so, open the 'Subscriptions' tab of your client and then open a new form. Enter a name for the subscription and, if desired, a description.

Select the broker, the topic, and the event type. The broker is the bus system and creates the connection to the source system. Together the topic and the Complex Event Processing Engine form the interface over which the external event is made available. The event type describes the individual events and specifies the required attributes for the respective object type. The ARCM object automatically results from the event type and displays the object type.

The following attributes depend on the selected event type. In our example, a test case with the 'Control not effective' status should be created by the external event. Assign a test definition with the test frequency 'Event-driven' and also select the value  'Event-driven' for the control frequency. The other information is optional. Save the subscription. If a procedure is then triggered, by which the criteria defined in the source system for the creation of an event is fulfilled, for example: Order > 1,000 Euros, and the orderer and approver are the same person, then the external event triggers the generation of a test case in ARIS Risk & Compliance Manager.

In our example a test case with the 'Control not effective' status is created. The created object is displayed in the list of objects to be edited. The test reviewer checks the event-driven test case, assigns a status, and decides whether a deficiency or an issue should be created as a measure based on this test case. If all of the content could not be provided by the external system and the tester must add additional information first, a test case with the 'In progress' status can be created when an event comes in. Configure the subscription with the corresponding attributes and save your input. The external event then triggers the generation of a test case in ARIS Risk & Compliance Manager. Now the usual test management workflow starts. The created object is displayed in the list of objects to be edited. The tester adds the missing information, selects the corresponding status, and saves the input so that the test case then be processed by the test reviewer.

You just saw how you can control processes in ARIS Risk & Compliance Manager via external events.

Further information about event enabling can be found in the ARIS Risk & Compliance Manager help. Technical information regarding the configuration of your system for event enabling can be found in the Installation and Customizing Guide.

Featured achievement

Rookie
Say hello to the ARIS Community! Personalize your community experience by following forums or tags, liking a post or uploading a profile picture.
Recent Unlocks

Leaderboard

|