Evelyn Uhlrich's picture

Compliance is not optional – well at least not really. Being non – compliant may result in a lot of issues for your company like sinking corporate performance, greater risks and damages, weak agility in decision making up to ethical and reputational scandals.
Non of these issues are desirable, that’s why Risk Managers, Process Owners and Audit Managers have met last week in Düsseldorf to learn from the insurance company W&W how they used the ARIS GRC solution to set up an efficient internal control system.

In this GRC Business Breakfast the group got introduced into the GRC topic itself and how corporate performance can be improved by GRC activities. After the ARIS GRC solution introduction, Mr Kirschbaum the project leader from Wüstenrot & Württembergische (W&W ) explained, how W&W had to deal with different types of risk, process and control documentation before they decided to improve their internal control system. Surely regulatory requirements like MaRisk, MilMoG  etc. were the main reasons to secure a compliant approach of the installed internal control system (ICS). On the other side, it is in every companies interest to mitigate it’s risks by en effective control system.

Josef Kirschbaum


In his presentation, Mr Kirschbaum described how W&W took measures from new regulatory requirements like Solvency II. W&W decided to reach the following:

  • Extension of the ICS to the principles of SOX
  • Centralized management of the operational ICS on a company - wide level via one dedicated an administrative department
  • Raising risk awareness at all employees around the company
  • Continuous risk assessments and process efficiency via control testing as well as appraisals
  • Continuous management reporting and a common issue and escalation management

Striving to achieve to above mentioned goals, W&W was using the ARIS Risk & Compliance Manager for describing their activities around controls, tests of efficiency, reviews, issues, test of design, process approvals and to documents the results.

In a ‘before- and- after- scenario’ W&W impressively demonstrated their efforts in a manual documentation of controls, manual testing of control efficiency as well as all needed manual test activities around their ICS  in comparison to their saving they gained via the handling of these with ARIS Risk & Compliance Manager.

This way W&W saves about 2.5 million Euros by managing controls and controls testing with ARIS Risk & Compliance Manager. This equals an ROI of 153%, already including all investments made in this GRC project.

In 5 years, W&W saves more than 7.9 million Euros.  For more details on how they were able to save this incredible amount of money, please take a look at the ROI calculation below.

Feel free to insert your own KPI’s to identify your costs for control testing.

Software AG can also improve your control testing numbers, please write an email to Evelyn.Uhlrich@softwareag.com

ROI for W&W's control testing calculation

Tags: GRC