The upcoming version of ARIS Risk & Compliance Manager will introduce an additional escalation option for "not effective" tested controls.
Currently, the test workflow is tightly related to the deficiency module. If the result of a test case is set to "Control not effective" the test reviewer can set the deficiency status to "Yes". This results in a deficiency being created. Alternatively, the test reviewer can set the deficiency status to "No" which, of course, leads to no deficiency being created.
In several customer projects, the test workflow has been modified by replacing deficiency creation with issue creation.
The basic idea of both concepts is to define an appropriate measure for a test case with the status "Control not effective".
In the upcoming version of ARIS Risk & Compliance Manager, we merge both ideas into a single approach.
The reviewer of a test case that was tested and found to be not effective will be able to decide if a deficiency, an issue, or none of the above will be created. As you can see, test and issue management workflows are strongly connected.
The integration of the Issue management workflow into the Test management workflow is a step toward interlinking our different ARIS Risk & Compliance Manager modules and to improving the ARIS GRC solution. All this results in setting up an efficient internal control system including an additional escalation possibility.
I hope I was able to awake your interest with this short announcement of one of the enhancements in our upcoming ARIS Risk & Compliance Manager version.
