Every business decision is beset with operational risks. These operational risks can arise from business procedures, organisational structures, IT systems and external influences.
In order to recognise and efficiently avoid or contain these risks, every company must establish an effective risk management system. With increased pressure from shareholders and legislation such as the Sarbanes-Oxley Act, companies are now obligated to improve the quality of their risk management and control systems.
With the ARIS process-oriented approach to risk and control management, the business process is the focus. All sources of operational risk can be located in the business process, which at the same time is what allows analysis of causes and identification of improvement potential.
Management and reporting of risks with ARIS Process Risk Scout
ARIS Process Risk Scout is a module of the ARIS Risk and Control Management suite. It is based on the processes recorded in ARIS and provides a range of functions that assist companies in introducing a risk management system quickly and effectively. The two main components of the Process Risk Scout are a risk management project procedural model (Scout Assistant) which can be customised (Scout Factory) and the ARIS Risk Portal.
ARIS Risk Portal
The Risk Portal is a role and user-based portal which is automatically setup from within ARIS. The Risk Portal allows company-wide analysis and communication of identified process risks.
For more information on ARIS Process Risk Scout and relevant downloads, please visit the IDS Sheer Web site (click here).
Control audit and testing with ARIS Audit Manager
The ARIS Audit Manager has been specifically developed to meet the current requirements for internal audits, such as those under the Sarbanes-Oxley Act (SOx). The ARIS Audit Manager extracts all information relevant for the audits from the process models in ARIS. The controls, people involved, necessary tests and those responsible for them, test frequencies and descriptions are all defined here. From these, ARIS automatically creates a database-supported Web workflow, which supports the audit and the necessary reporting and escalation processes.
Share
The Sarbanes-Oxley Act passed in 2002 requires all companies listed on the US Stock Exchange and their subsidiaries to demonstrate the efficiency of their internal control system for the production of financial reports. The Act requires documentation, testing and monitoring of all internal controls on the risks that can affect the quality of financial reporting. Companies are therefore faced with the challenge of performing a process-oriented audit of their existing control systems for possible weaknesses and continuously improving those systems.
For more information on ARIS Audit Manager and relevant downloads, please visit the IDS Sheer Web site (click here).
Editorial contacts