ARIS has been providing comprehensive capabilities for risk & compliance management for many years. It is very strong in connecting risks and controls to the business processes as well as providing two-stage workflows and clear task management for risk assessments, control tests, surveys, policy rollouts, and more. This process-driven approach helps you to gain transparency not only over your current risk & compliance status but also about the effects of GRC measures on your business.

With the rise of ESG (environmental, social, and governance) requirements, the need for sustainability, and many other new regulations reliable risk and compliance management is very important. With the ARIS 10 SR20 release we provide again some great improvements with the ARIS Extension for Risk & Compliance to support you even better in your GRC activities.

Additional settings Detectability and Trend for risk assessments

Qualitative risk assessments now provide new risk impact types Detectability and Trend. Extent and Frequency remain mandatory.

In some risk management approaches not only the assessment of the risk management types Extent and Frequency is necessary, but also an evaluation by Detectability (e. g., FMEA). Furthermore, evaluating and describing the Trend can be useful in determining relevant measures.

In the new release, customers can easily define their own values and generate assessments that cover these additional dimensions.

The new risk impact types Detectability and Trend can easily be activated by the administrator without any configuration or customizing. They are optional while Extent and Frequency are mandatory.

New object symbol Measure and new attribute group for risk-bearing capacity

The ARIS method provides a new object symbol, Measure, of type Solution. It can easily be identified as a specific GRC object. This new object is meant to describe any kind of mitigation for a risk that is not covered by specific object types such as a Control or a Policy. It is only used for describing purposes.

Sound risk management requires measuring risk exposure against the risk-bearing capacity of assets like processes, applications, organizational units, etc. For this reason, a new attribute group and respective attributes have been added to the ARIS method for those asset objects and other relevant object types like the risk category.

New HTML templates in email notifications

ARIS Risk & Compliance creates tasks based on two-stage workflows. For these tasks, automatic email notifications are sent out to the assigned owners. In ARIS 10 SR20 there are now HTML templates available for these email notifications that can be adapted to your CI.

New risk matrix report

The new release provides a new risk matrix report in PDF format that shows a risk heat matrix for each impact type of reviewed risk assessments for the selected hierarchy like organization, processes and functions, risk category, and so on.

New GRC-specific dashboards

The new GRC-specific out-of-the-box dashboard shows overview information about risk and compliance management, but also individual tabs for use cases like issues, regulations and policies, risks, incidents and losses, and controls and tests. These dashboards can be used as is and adapted to your needs if required.