I am working for a client in the oil & gas industry.

They have modelled their risks & controls in a ‘Bow Tie Risk’ diagram (an oil & gas industry standard type diagram) using a standard EPC model type.

In order to export this information from ARIS into GRC, as we all know the Function, risk, control & test definition objects in ARIS have to be in EPC’s, Business Control Diagrams and KPI Allocation diagrams, which unfortunately look nothing like the traditional bow tie risk diagram.

Does anyone have any ideas how I can model a bow tie risk diagram in ARIS?

I was thinking perhaps a script/macro that can take the objects from the bow tie risk diagram in an EPC and ‘move’ or ‘create’ them in the BCD and KPI models we need?

Has anyone else done this before?

Any ideas would be much appreciated!

I have attached an example of a bow tie risk diagram.

Tags: GRC risk