Profile picture for user anha

Originally ARIS Risk & Compliance Manager (ARCM) was developed for supporting testing activities. Meaning, the risks, controls and test definitions modeled within ARIS Business Architect (ABA) are transferred into ARIS Risk & Compliance Manager, which is then combining these data sets; as a result we get test cases. Testers are being informed and guided through the relevant test cases by ARIS Risk & Compliance Manager: Controls have to be checked concerning the design as well as the operating effectiveness. This is the common business case supported by ARIS Risk & Compliance Manager.

Some customers do think differently though. Not the testing activities are within scope but the control activities. Not testers are to be informed to check whether controls have been executed or not, but control owners / control executors are within scope. Concentrating on the control owners means to make sure that controls are executed in the first place: control owners are triggered by ARIS Risk & Compliance Manager and are able to link the control evidence into “control cases”, audit proof.

So far it was an either/or: Either ARIS Risk & Compliance Manager was installed and used to have audit proof testing evidence, or – as described – to have audit proof control evidence.

Since the beginning of August we have a customized ARIS Risk & Compliance Manager version running at customer side covering both aspects. The risk based approach was enhanced by different test definitions: next to the standard “test definition” triggering the test cases in ARIS Risk & Compliance Manager we now model “control definitions” within ABA too, in which we describe the relevant control procedure in detail and define the responsible control owner and reviewer groups. Taking into account that usually the control cases are executed before the test cases are being generated we made sure that the control cases, belonging to a certain control, are automatically linked into the corresponding test case, focusing on this specific control. The tester selects a test case and has only to open the given links in order to track the control result including descriptions and access linked evidence (documents).

With this setup we make sure that control as well as test activities are being triggered and monitored by ARIS Risk & Compliance Manager in order to prove e.g. an effective Internal Control System.

by David Courtaigne
Posted on Mon, 08/31/2009 - 13:12

Hi Andreas,

I think this is a good improvement, which will surely reduce the number of test definition or at least the scope and frequency of the tests to be realised at this customer.

It is quite costly though and is surely more adapted to compliancy project such as Sarbanes Oxley than  for less demanding internal control project.

Is this a recurrent need at cutomer side?

Regards,

David

0
by Andreas Havliza Author
Posted on Mon, 08/31/2009 - 17:25

In reply to by sstein

Hi David,

this specific setup does need more people using the ARCM, that is correct. The implementation itself is actually not that complicated and time consuming...

In fact I had more questions concering this linkage and the first project we are implementing it now is dealing with the Internal Control System.

Best regards
Andreas

0
by Miguel Guerra
Posted on Mon, 10/31/2011 - 11:30

Hi Andreas,

To use the Control Owner, who may perform the control inspections and associate evidence that checks were carried out, as it should be defined hierarchical structure in the ABA? In this case, the structures of the ABA should be defined according to the Control-Based Aproach, right? And then we have to define a Control Manager, Owner and Control Reviewer, right? Control is a structure-based aproach, the hierarchical structures for the management of operational risk remains? It is possible to have two defined structures and manage operational risk and controls, right?



Thank you.

Miguel Leão Guerra

0

Featured achievement

Rookie
Say hello to the ARIS Community! Personalize your community experience by following forums or tags, liking a post or uploading a profile picture.
Recent Unlocks

Leaderboard

|
icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock