The new ARIS 10 SR22 provides many new features for risk and compliance management. One highlight is the new multi-tenancy that is also available for confirmation management within the Rollout Add-on extension. Any customizing is applied to all available ARIS tenants. It lays the foundation for further usage in SaaS/Cloud and shared environments and lowers TCO. Administrators can reduce their efforts as one single installation can support multiple tenants.
Multi-tenancy in ARIS Risk & Compliance
Issue creation and maintenance is now fully integrated with the ARIS portal providing an improved UI and user journey.
Learn more in the video: Integrated issue handling in ARIS Portal
The issue form is displayed as a native dialog in the portal and directly available to all ARIS user types. A “New issues” tab is available on all factsheets for Issue Managers and Issue Auditors as well as a new list “My issues” is available at the “Quick access” area of the application launcher for all users. The list shows all issues where the user has any of the available workflow roles (creator, owner, reviewer).
Improved issue handling
A workflow-object list can be added to portal items. Risk and Compliance-relevant operational items (including control tests, surveys and incidents) are made available in the ARIS Portal for ARIS users having the respective GRC role (manager, auditor). This results in shorter click-paths and improved user journeys supporting the integrated impression for 1st line of defense being at the same timeline of business.
Workflow-object list in ARIS portal
Related objects of a control
The documentation of control executions via REST API has been improved. The integration to external systems has been improved by an API-based import and the documentation of control executions can come automatically from external IT systems without human interaction. This saves manual efforts, and you can cover 100% control executions instead of smaller sample sizes when documented by people.
Documentation of control execution
Control execution documentation coming from an external source
Factsheets for GRC items, e.g., ‘Risk’ and ‘Policy’, have been redesigned to deliver clearly structured information. The details used for configuration of workflow generation in ARIS Risk and Compliance (such as assigned roles, start date, end date, time limits for execution, etc.) are now separated and accessible in a tab called “GRC management”. This enables user group-specific access to information.
Learn more in the video: Redesigned fact sheets for ARIS Risk & Compliance
Configuration is now possible via administration.
Learn more in the video: Risk & Compliance configuration in ARIS Administration
The configuration of general settings such as notifications, settings for anonymization, and workflow settings are available on a specific tab in the administration. This simplifies, for example, the configuration of specific workflows such as confirmation management.
Configuration of general workflow settings
Smaller improvements comprise the restriction of the “Transfer risk and compliance data” report. This report is now only executable on corresponding objects and models. Thus, the report execution will lead to better results and less errors. Also, the mandatory attributes of ‘loss’ and ‘control execution’ object have been reworked. Some attributes not necessary for all specific use cases in these workflows were set to optional. The reviewer notifications for control test reviewers are now independent of the control test result. Smaller form and wording adjustments help to improve consistency and usability.
Want to learn more about other new features, please have a look here: ARIS 10 SR 22 is available−Find all news here