Profile picture for user chernandez

Dear members, the next example are right or wrong, and what is your suggestion to model Risk and Control?

1.-   Risk in EPC?

In this case the control are conect to function by relationship "Occur in"

2.- Risk in FAD

In this case the control are conect to function by relationship Occur in

3.- Control in EPC and Risk conect to control?

In this case the relationship between function and control is "es ejecutado en"

 

4.- Control in FAD

In this case the relationship between risk and control is "occur in"

 

 

 

by Frank Engelbert
Posted on Wed, 01/25/2012 - 01:09

Hello Claudio,

please refer to this article for the modeling conventions and meta model for risk & compliance, especially SOX Compliance:

http://www.ariscommunity.com/users/fengelbert/2011-04-01-how-model-sox-compliance-aris

Number 1+2 of your examples fit best, from 'risk'-object, you create an assignment to model type 'Business Control Diagram'.

There is more to risk & control modeling, such as Compliance Testing, Audit Management, specific attributes for regulations and so on.

Let me know if you need further information.

kind regards,

frank

 

 

0
by Claudio Hernandez Author
Posted on Sun, 02/19/2012 - 01:44

Thanks Frank

I appreciate your coment in this topic.

So,  a couple of question more:

1.- What is you suggestion about  use Library for Risk and group them in different categories?. Is the best form to work with risk or isn't necesary this model?

2.- And finaly where is best place to put a Object Definition from a risk?

  • in a group from  EPC model
  • in a group from  Diagram Risk
  • or other?

Thanks again

Claudio

 

0
by Frank Engelbert
Posted on Wed, 02/22/2012 - 01:07

Hi Claudio,

reg 1, i'd recommend to use risk diagram for classification/categorization/discovery of risks

reg 2, i'd put in in the same folder as Business Controls Diagram, so you can assign/restrict access per BCD

let me know if that helps.

best regards,

frank

 

0
by Claudio Hernandez Author
Posted on Wed, 02/22/2012 - 03:29

Thanks Frank

I aprecite your response, is very precise. And need your help in one thinks more, i made a post a cuple a day ago, in this post i made a question about how can i model a contol in a EPC?.

Realy i thik the first question is

1.- where is recommendable to diagram a Control:

  • First in a BCD then in a EPC
  • Only in a EPC (i assume without contection with a risk)

2.- I suppose that the SOX regulation prevent that the control made executed by the same person that execute a task that produce RISK. Then my question is:

  • Is possible to find a control y the same process where i found a Risk and how can i diagram this situation, i made a occur copy of function to control or is a definition copy of  funcition?

3.- And finaly How to diagram that a function (task/activitiy) is a control 

  • Conect a control on the function in a EPC, that is right i guess is wrong, because finaly coontrol is a function then the conxion betwee function is "is predecessor" and doesn't make a sense.

http://www.ariscommunity.com/users/chernandez/2012-02-19-how-identify-control-epc 

Thanks for your help again 

0

Featured achievement

Question Solver
Share your expertise and have your answer accepted as best reply.
Recent Unlocks
  • ПЦ
  • CR
  • BH
  • Profile picture for user Ivan.Ivanov.softwareag.com
  • Profile picture for user mscheid
  • PacMan

Leaderboard

|
icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock