anha's picture

The internal control system is subject to a change. It is developing from a pure control instrument to an important management tool of companies. It is considered as essential component of Corporate Governance and provides the opportunity to enhance the internal organization. Effective and audit compliant documented internal control systems are more and more becoming important parts of compliance regulations as Sox or the 8th Directive of the European Commission.

Regarding the assessment of internal controls / internal control systems in terms of the maturity model it is important to achieve a stage of maturity which assures standardized controls with regular tests and reports concerning their operational effectiveness. Only periodical tests can assure a continuous effectiveness of implemented controls.

This task can be coped with the ARIS Solution for GRC with its core product ARIS Risk & Compliance Manager: risks can be identified and visualized, mitigating controls and control tests can be defined. Based on this information ARIS Risk & Compliance Manager is automatically generating test cases and addressing these to the relevant people in charge via email. The Risk & Compliance Manager is guiding the testers through the specific tests offering all needed information for a successful completion of test cases. The test results are archived audit proof, a link to external, already existing, document management systems is feasible. Necessary issues can be evaluated, corrected and traced within the module “Issue Management” of ARIS Risk & Compliance Manager. This provides the opportunity to adjust the implemented controls to changing parameters and guarantee their continuous effectiveness.

The usage of ARIS Risk & Compliance Manager ensures the quality and effectiveness of internal controls and offers the traceability of control and test activities. Efficiency is achieved by reusing data (processes, risks, controls, etc.) within the Design Platform as well as by offering a role based access to ARIS Risk & Compliance Manager providing specific rights and views for adequate processing of tasks within the application, like the direct, read-only, access to test cases and all corresponding information for auditors. Read More:

Tags: GRC