Today a customer asked me if IDS Scheer was using the same methods in GRC that they implement at their customers. I said yes! A good example for that is the hands-on-session that happened yesterday at ARIS UserDay.
As always IDS Scheer wants to present their user community the latest innovations and developments. But the new module for our ARIS Risk & Compliance Manager is just in the last phase of development - a lot of testing is underway and our developers do not like to give something in the hands of our customers that is not fully tested.
So we did some Risk Management on our plans for the session - we had to identify what could go wrong (Risk: new module is not working properly), plan how to reduce the probability (Controlling measure: Intensive testing of use-case, Install latest development version on the spot on the weekend) and plan how to reduce the impact (Emergency Plan: Prepare Backup presentations, Prepare alternative use-case scenario Issue Management).
For monitoring we added two additional resources to check if everything runs fine on the demo machines.
With all this preparation it is no wonder that everything went fine as this customer was happy to tell. The room was full but not a single notebook showed any misbehavior. We had a fruitful training and discussion where our users were able to check on the latest functionalities in Operational Risk Management by themselves. So I thought to myself: Risk Management pays off - even when talking about Risk Management.