UK Business Transformation Customer Forum (ARIS & Alfabet)
Register
ARIS Process Mining in action - Live Demo
Register
ARIS User Group Meeting Wien (German)
Register
View all
Join now

Modeling Risks & Controls in ARIS

SG
Posted by Shankar Ganesh
Posted on in Professional ARIS

We have our Business processes modeled using VACDs & EPCs and are now looking to model the associated risks & controls.

After reviewing the Method Manual, UMG DemoDB and related content, the recommended approach seem to be:

  1. Use "Risk Diagram" to model the risks & risk categories (as appropriate)
  2. Associate risk objects to related Process Functions in corresponding EPCs
  3. Use "Business Controls Diagram" to model the controls that are in place for each risk identified
  • Is this all? Or is there more to it?
  • Is this the right approach? Or is a different approach recommended?

 

  • Once risks & controls are modeled, how can they be used in Process Analysis?
  • What out-of-the-box reports can be leveraged once the Risks & Controls are modeled, for further Process Analysis ?
  • How do you typically use these information once you model in ARIS?

I also read that these objects / models as used in ARIS - SAP integation / synchronization... Are they relevant only if the modeled processes are implemented in SAP or managed using ARIS GRC?

Looking forward to hear your responses on ideas, suggestions, recommendations & experiences.

Thanks & Regards,

Shankar

17.6k
4
Profile picture for user fengelbert
by Frank Engelbert
Posted on Fri, 10/15/2010 - 19:37

Hi Shankar,

the most typical use case for risk & control effectiveness-related Process Analysis would be via the integration to the ARIS product ARIS Risk & Compliance Manager (-> category "Governance Risk & Compliance"). 

In a nutshell, it provides a simple workflow to make sure your controls are working effectively  & your risk management system is working properly

0
Profile picture for user q2y5np9c6o38
by Ralf Angeli
Posted on Mon, 10/18/2010 - 12:42

Besides using the models in conjunction with ARIS Risk & Compliance Manager, they can also be simulated with ARIS Business Simulator in order to evaluate the financial and performance impact of risks and controls.

0
Profile picture for user rjoss
by Roman Joss
Posted on Tue, 12/21/2010 - 13:52

Hello Shankar,

We use this method to document our internal control system. we created a individual process-report and in an separate chapter we get most of the informations from the BCD in a table named 'risk-overvew'. As we numbred every risk we use the risk-number to sort the risk-descriptions.

We do not use the 'Governance Risk & Compliance'-Modul, but we set up the BCD-Models so, that we can use it later, if needed.

I hope that helps.

regards, roman

0
Profile picture for user Jos Ross
by Jos Ross
Posted on Sat, 10/29/2011 - 22:05

Hi Shankar,

In general your approach is ok.

Last year we start the implementation of our Enterprise Risk Management (including ISAE,SII etc) using ARCM. You can also add the object "Testplan": a testdescription for testing the control.

To manage the testactivities (including the sign-off of the processowners) use ARCM.

 

 

0

Featured achievement

Rookie
Say hello to the ARIS Community! Personalize your community experience by following forums or tags, liking a post or uploading a profile picture.
Recent Unlocks

Leaderboard

|

View posts by tag

icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock