Elke Bastian's picture

Today I am writing a deep dive article about one of the new features in ARIS 10 SR18: Integrated regulatory management.

While ARIS has provided an extension for risk & compliance for many years, the functionalities have now been improved and extended to meet the needs of regulatory requirements even better. These new model types are also part of the ARIS for sustainability accelerator package as regulatory compliance plays an important role in sustainability initiatives.

Many of the new regulations are more or less in the context of sustainability and are often summarized under the term ESG which stands for Environmental, Social and Governance. The pressure for good regulatory compliance comes from three directions (or even more).

1. The government that issues respective laws and regulations to be fulfilled

2. Consumers who use their power to make buying decisions every day

3. Employees who decide very carefully what company they want to work for

In days of strong social media presence and fast spreading news, companies cannot afford doing mistakes that result in image damage. Consumers will only be the first ones to punish "bad behavior" immediately. Then employees may leave and finally, the government will take measures. That's why good regulatory management is inevitable to survive in today’s markets.

Watch a short video about the new features here. 

Let's now have a look at the technical facts and see what's new in ARIS 10 SR18.

New regulation model

In addition to the technical term model, we introduce a new model type, the regulation model. While the technical term model can still be used for standards or financial statement positions the regulation model is dedicated to model laws and regulations resulting in regulatory requirements. 

Example for sustainability regulations

In this new model type, regulations can be structured by categories, chapters, and clauses.

Regulation structure

Regulatory change review

As regulatory changes can have a big impact on all business activities it is necessary to check all regulations regularly for updates. ARIS offers a workflow for regulatory change reviews that supports this process with automatically generated review tasks. The parameters for the generation of these tasks are defined in the regulation allocation diagram, in which accountability is assigned as well as review activities and frequencies are defined.

Regulatory requirement allocation

In a next step, it makes sense to translate the legal phrases into "business speech". That means trying to interpret what consequences result for the business. We assign business assets in ARIS and reuse the requirements wherever appropriate.

Translate regulation into "business speech"

New compliance assessment

Finally, we introduce a completely new workflow for compliance assessments. The assessment activities, schedules, and responsibilities are defined in a regulation allocation diagram. 

Regulation allocation diagram

Based on the assigned data in the regulation allocation diagram the compliance assessment task is generated automatically. Results can be documented and if necessary further activities like risk assessments can be initiated. 

To support these new functionalities the established ARIS risk & compliance features like issue management workflow, risk assessment workflow, evaluation, dashboarding and audit-proof documentation can be combined.

Keep control and stay compliant! :-)