Integrated regulatory management with ARIS

The new ARIS 10 SR18 release offers enhanced and improved functionalities for regulatory change management. It introduces a new regulation model that enables to structure regulations by categories, chapters, and clauses. The new features also include a new regulatory requirements diagram and a compliance assessment workflow.

Over the past five years, the number of regulatory changes has more than doubled while the typical organization has not increased staff or updated processes to manage regulatory change. In addition, many organizations don’t have the necessary regulatory change management infrastructure and processes in place to address these changes and, consequently, find themselves at a competitive disadvantage and subject to preventable regulatory scrutiny and losses.

With ARIS and the new integrated regulatory management, you can avoid these possible damages. It provides a common process to deliver real-time accountability and transparency across regulatory areas with a common system of record to monitor regulatory change, measure impact and implement appropriate risk, policies, training and control updates.

Regulatory management process in ARIS

Phase 1: Regulation identification and monitoring

This step starts with the identification and documentation of relevant laws and regulations. In ARIS, you can easily do this with the new regulation model. In this new model type, regulations can be structured by categories, chapters and clauses.

Regulation model with examples for sustainability regulations

In the next step, you can use the regulation allocation diagram to assign accountable people to the regulations, the so-called regulation owner group. These people are responsible to execute change reviews and document the results. The goal of these reviews is to check on a regular frequency if there are new versions and updates of the regulation available that lead to changed requirements. If so, the regulation owner can initiate actions and measures to embed the changes in the process models.

ARIS offers a workflow for regulatory change reviews that supports this process with automatically generated review tasks. The parameters for the generation of these tasks are defined in the regulation allocation diagram, in which accountability is assigned as well as review activities and frequencies are defined.

Phase 2: Regulation interpretation and requirement allocation

In the next step, it makes sense to translate the legal phrases into business requirements relevant to your company. That means interpreting what consequences result for your business. You can then assign business assets like systems, policies, data or risks in ARIS and reuse the requirements wherever appropriate.

Translate regulation into business requirements

Phase 3: Compliance assessment, risk assessment, measures

With ARIS 10 SR18 there is a new workflow for compliance assessments available. The assessment activities, schedules and responsibilities are defined in a regulation diagram. The goal of these assessments is to check whether you are compliant with the respective regulatory requirements.

Compliance assessment definition
Definition of assessment activities in a regulation allocation diagram

Based on the assigned data in the regulation allocation diagram, the compliance assessment task is generated automatically. Results can be documented, and if necessary further activities like risk assessments can be initiated.

To support these new functionalities, the established ARIS risk and compliance features like issue management workflow, risk assessment workflow, evaluation, dashboarding and audit-proof documentation can be combined.

Phase 4: Change rollout and confirmation

The last phase of the regulatory management process is dedicated to rolling out the changes to the employees and ensuring that everybody knows what to do. For example, you can use the confirmation management workflow to roll out policies and require a confirmation from your employees that they have read and understood the guidelines and working procedures.

Finally, ARIS provides evaluations and reports that can help you also prove compliance to external auditors. So you can ensure compliance with regulations and also demonstrate this in an easy and integrated way.

This article is part of the TECHniques newsletter blog - technical tips and tricks for the Software AG community. Subscribe to receive our quarterly updates or read the latest issue.