elba's picture

ARIS Risk & Compliance Manager 10 offers improvements for the private cloud offering, reporting and usability, as well as enhancements for risk assessment evaluation and a new subscription for control execution.

ARIS Risk & Compliance Manager Cloud

The ARIS Risk & Compliance Manager Cloud offering is available in four different packages to reflect the requirements of different numbers of users and operations. It starts with a small package for up to 25 named users and 25,000 task forms a year and goes up to max 1,000 named users and 1,000,000 task forms a year. Like our ARIS Cloud Enterprise product, ARIS Risk & Compliance Manager Cloud is hosted in a private cloud environment by Amazon web Services (AWS). It offers the same capabilities for Internal Control Systems, Risk and Audit Management like the on premise version.


ARIS reports now include dialogs for a better interaction with users and enable them to make various selections to better define their report result. One example is the Output change log dialog, in which you can define if you want a summarized or incremental report and which version numbers you want to include. Reports can now combine information from ARIS Risk & Compliance Manager and the ARIS modeling component. For example, risk management reports can be enriched by the respective model graphic or additional attributes or connected objects. ARIS Risk & Compliance Manager now also provides a report history by listing the latest reports in a “My recent reports” area.


A fixed info section in all forms saves time by avoiding scrolling to find important information. Relevant information like the object name, the version number, the current role of the editor and the status, is always visible on top of the forms, no matter if you scroll. Users with multiple roles for a form can change their role for the current activity easily in the info section. Also the version can be changed here. The “change role” dialog now also groups your available roles by write or read-only privileges for a respective form.

For a better overview, the capabilities in the ‘Administration’ area are now structured in the following sub-tabs: General, Monitoring, Import/Export, Integration and Configuration.

To be more precise on the meaning, some terms in ARIS Risk & Compliance Manager have been renamed:

Clients -> Environments

Sum losses -> Expected losses

Risk score sum – Sum risk scores

Audit step: reason -> severity

Consistent use of ‘performed by’, ‘editor’ and ‘last editor’

Risk assessment evaluation

Additionally to the combined risk evaluation of both the qualitative and quantitative analysis, it is now possible to concentrate on only one of both. The risk assessment evaluation has been enhanced by two new analyses for either qualitative or quantitative risk evaluation. As risk managers usually concentrate on one of the both analyses types this helps them find their relevant data faster and in a better structured way.

Subscription for control execution

The new event type ‘ControlExecutionEvent’ has been added to the ‘Subscription’ area of the ARIS Risk & Compliance Manager ‘Administration’. This functionality allows pulling documentation about control execution from external system into ARIS Risk & Compliance Manager using e. g. business activity monitoring capabilities. Additional information that is mandatory in the ARIS Risk & Compliance Manager forms can be added manually.