The document discusses ARIS's governance, risk, and compliance (GRC) management solution. It provides an overview of the key capabilities of the ARIS GRC platform including process modeling, control documentation, risk simulation, control testing, deficiency and issue management, compliance dashboard reporting, and operational risk management. The platform provides a centralized repository to manage risks, controls, tests and results across the organization.
2. 7 June 2012 | Software AG - Get There Faster | 2
El exito en la implementacion de GRC consiste en
mantener el balance correcto
3. 7 June 2012 | Software AG - Get There Faster | 3
ARIS Platform for ARIS Solution for GRC
Modelaje de Procesos
Documentacion de datos
de cumplimiento
Publicacion de la
Informacion
Manejo de Politicas
Simulacion de Riesgos de
Procesos
Casos de Prueba
Administracion de
Deficiencias
Manejo de Encuestas
Administracion de
Problemas
Manejo del Riesgo
Operativo
Administracion de
Incidentes y Perdidas
Tableros de cumplimiento
de Procesos
Administracion del
Cumplimiento
Mashups
Administracion de la
Estrategia y objetivos
Analisis Cualitativo de
procesos (tiempos,
costos, requerimiento de
recursos=
ARIS Strategy Platform
ARIS Design Platform
ARIS Controlling Platform
4. 7 June 2012 | Software AG - Get There Faster | 4
La solucion de ARIS GRC esta basada en un repositorio
central unico.
• Web technology
allows distributed
roles and with respect
to regions, entities or
lines of business.
• The central repository
allows usage of risk
and control
catalogues and
enables transparent
and consistent display
of results.
• Role based access via
a Web front end
allows efficient and
flexible testing
approaches and
distributed risk
evaluation.
• Dynamic content
generation provides
central visibility and
oversight results
combined with slice &
dice analysis.
Rest Risks (e.g. strategic
risks, reputational risks)
Credit Risk
Market Risk
Operational Risk
Process
Human
Systems
External
Events
Legalrisk
(Compliance)
Rest Risks (e.g. strategic
risks, reputational risks)
Credit Risk
Market Risk
Operational Risk
Process
Human
Systems
External
Events
Legalrisk
(Compliance)
SOX
REACH
DIN / ISO
Basel I/II
SOXSOX
REACHREACH
DIN / ISODIN / ISO
Basel I/IIBasel I/II
Assessment Methods
(quantification, loss
analysis, scenario
analysis)
Assessment types
(automated, manual)
Assessment Schedule
(ownership, frequency,
method)
Assessment Methods
(quantification, loss
analysis, scenario
analysis)
Assessment types
(automated, manual)
Assessment Schedule
(ownership, frequency,
method)
accept transfer
avoid
probability
impact
close
business
accept transfer
avoid
probability
impact
close
business
Internal
Controls
Policies
Insurance
Capital,
Accruals
Continuity
Planning
Action
Plans
Out-
sourcing
Objectives
KPI‘s Monitor effectiveness of
internal control system
Monitor risk indicators
and risk values / levels
Deficiency
Management
Deficiency
Management
Issue
Management
Issue
Management
Action PlansAction Plans
Analysis,
Investigations
Analysis,
Investigations
Regular /
Internal
AdHoc /
Internal
Regular /
External
AdHoc /
External
Regular /
Internal
AdHoc /
Internal
Regular /
External
AdHoc /
External
Regular /
Internal
AdHoc /
Internal
Regular /
External
AdHoc /
External
Compliance StatusCompliance Status
Risk X
0
20000
40000
60000
80000
100000
120000
140000
160000
01.01.
2007
08.01.
2007
15.01.
2007
22.01.
2007
29.01.
2007
05.02.
2007
12.02.
2007
19.02.
2007
26.02.
2007
05.03.
2007
12.03.
2007
19.03.
2007
26.03.
2007
02.04.
2007
09.04.
2007
16.04.
2007
23.04.
2007
30.04.
2007
date
amountofdamage
Risk X
Risk Situation (Value at Risk)
Risk X
0
20000
40000
60000
80000
100000
120000
140000
160000
01.01.
2007
08.01.
2007
15.01.
2007
22.01.
2007
29.01.
2007
05.02.
2007
12.02.
2007
19.02.
2007
26.02.
2007
05.03.
2007
12.03.
2007
19.03.
2007
26.03.
2007
02.04.
2007
09.04.
2007
16.04.
2007
23.04.
2007
30.04.
2007
date
amountofdamage
Risk X
Risk Situation (Value at Risk)
ARIS
Repository
Evaluate
&
Assess
Identify Risks
Analyze,
Define
Measures
Mitigate
Issues
Monitor
Risks and
Controls
Report
Status &
Results
5. 7 June 2012 | Software AG - Get There Faster | 5
Estructura de Referencia de GRC.
Incorrect
payment
data
Incorrect
payment data
System reconciliation III
M. Campbell
W. Stone
Incorrect
payment
data
System reconciliation III
mpbell
one
Incorrect
payment
data
Incorrect
payment data
System reconciliation III
M. Campbell
W. Stone
Incorrect
payment
data
System reconciliation III
mpbell
one
Significant Accounts Risk Structure Organizational StructureBusiness Processes
Business Control Structures
Risk Key Indicator Management
Operational Risk Management
Strategy Design
6. 7 June 2012 | Software AG - Get There Faster | 6
Documentacion de los Controles Maestros
Definicion de los riesgos, controles y pruebas necesarias.
DesignStrategy
Risk
Control
Control test
Tester
Test Reviewer
Risk Manager
Control Manager
Affected
org. unit
7. 7 June 2012 | Software AG - Get There Faster | 7
Publicacion y Documentacion …
…Incluye Riesgos, Controles y Definiciones de pruebas
Design/Publish
Controlling
Design
Publish
Controlling
8. 7 June 2012 | Software AG - Get There Faster | 8
Generacion automatica de la documentacion …
…risks, controls, control tests and test
results per
- Financial statement item
- Organizational structure
- Process
- Tester groups
Controlling
9. 7 June 2012 | Software AG - Get There Faster | 9
Pruebas de Controles basadas en Roles…
…e.g. as Tester, Test Reviewer, Deficiency Manager, Issue Owner
Controlling
Inicio automatico calendarizado o en demanda de los flujos de
trabajo de los casos pruebas
Proceso soportado por herramientas desde las pruebas hasta las
auditorias externas
10. 7 June 2012 | Software AG - Get There Faster | 10
Evaluacion – Resultados de las Pruebas a los SCI.
Controlling
Display of statistics depending on selected
hierarchy and generation of reports and
graphics.
11. 7 June 2012 | Software AG - Get There Faster | 11
El ARIS Compliance Process Dashboard genera la
informacion detallada para reporte y analisis.
MonitoringAnalysis
12. 7 June 2012 | Software AG - Get There Faster | 12
Administracion de Problemas
13. 7 June 2012 | Software AG - Get There Faster | 13
Simulacion de Riesgo en los Procesos
Simulating risk events along the defined business process chains
Analysis of dependencies between business processes, risks, and controls
will be supported. Various statistical methods for defining risk
probabilities and damage distributions, as well as control effectiveness,
etc. are available.
E. g. comparison of risk and control costs Decision if control will be
performed or risk will be accepted
14. 7 June 2012 | Software AG - Get There Faster | 14
Simulacion de Riesgo en Procesos:
Ej. Simulacion de montos acumulados de Perdidas.
15. 7 June 2012 | Software AG - Get There Faster | 15
Administracion de Riesgo Operacional:
Documentacion de Procesos y Riesgos
Modeling of risks in a process + risk related objects
16. 7 June 2012 | Software AG - Get There Faster | 16
Valoracion del Riesgo
17. 7 June 2012 | Software AG - Get There Faster | 17
Analisis Cualitativo y Cuantitativo del Riesgo
18. 7 June 2012 | Software AG - Get There Faster | 18
Documentacion de Incidentes y Perdidas.