Introducing iGRC

Issue 4, 2014

Download pdf

The next generation of governance, risk and compliance

Intelligent Governance, Risk and Compliance (iGRC) has arrived. With a new user interface and integration with Apama streaming analytics, ARIS Risk & Compliance Manager now offers a solution for continuous control, monitoring and analysis of the state of your organization and marketplace.

The GRC evolution

Governance, Risk and Compliance (GRC) is a globally used term that comprises all the topics around being compliant to an ever-growing number of laws and regulations, managing all kinds of corporate risk, and implementing guidelines and policies that govern a company. The description itself sounds burdensome and the management of it is still seen as painful and expensive.
The evolution of GRC started around 2002 with the introduction of the Sarbanes-Oxley Act. At that time, companies mainly handled compliance topics and were very reactive as they viewed GRC as something they just had to do. 
Around 2008, companies began to see the value in GRC and started to integrate risk management and, more recently, risk analytics started making use of big data. Today, GRC has evolved to include business performance using real-time monitoring for easier and faster decision-making.

ARIS paves way for iGRC

Organizations must move toward greater automation to facilitate real-time monitoring and real-time data analysis. Instead of taking a reactive approach to risk, they must take advantage of real-time data analysis to identify emerging and impending risks—in time to do something proactive to mitigate or avoid these risks. Instead of acting retrospectively and executing controls at set intervals, organizations need to shift to control systems that operate continuously and that can facilitate business decisions based on predictive analytics.
Software AG has been working with companies around the world to facilitate the evolution of GRC to better meet the needs of today’s Digital Enterprise. With the integration of Apama and ARIS Risk & Compliance Manager, Software AG now offers an intelligent GRC (iGRC) solution for continuous control, monitoring and analysis of organizations. 
Using the complex event processing engine of Apama, GRC-relevant tasks like test cases, incidents or issues are automatically triggered by external events happening in operational processes. This enables real-time insights into the state of the organization as well as the state of the marketplace with real-time levers you can use to guide your organization forward and rapidly respond to stakeholder demands for GRC information. Examples range from checking the segregation of duties for order processes to complex procedures, such as monitoring malfunctions in production plants. 

New structured work environment

ARIS Risk & Compliance Manager has received a completely new user interface with the new release of ARIS 9.7. The modern user interface is not just a “beauty makeover”, the improvements enhance transparency, make navigation much easier and increase end-user acceptance. The new “Explorer”, “Administration” and “Evaluation” areas provide a much better structured work environment.
After logging in, users can now see all of their tasks in one view in the new “Home” area as shown in Figure 1. Fewer clicks are required to see if there are active tasks, what is left to do and when the tasks are due. Extended filter capabilities enable a quick selection of relevant topics. 
Figure 1: New home view provides single view into active tasks.
The Explorer view, in Figure 2, is also completely new and shows a well-structured overview of all capabilities. The main topics combine all master data and operational data in one group. So, you have all data in a central place enabling direct access via short navigation paths.
Figure 2: Explorer view provides direct access to all master and operational data.
All available evaluations and reports are also now shown on a dedicated page, as shown in Figure 3. Here, managers can see an overview of the current state of all GRC activities. They can create status reports and pie charts for all use cases and filter them by relevant elements, such as organization or processes.
Figure 3: Evaluations page offers advanced filter functions.
The new Administration view, shown in Figure 4,  combines all relevant tasks for system administrators and other roles that handle administrative tasks. Depending on user privileges, system administrators or managers can perform their relevant jobs here. System management can be done here as well as data imports or database backups.
Figure 4: System management tasks can be completed in the Administration view.

Integration with Apama

Finally, with version 9.7 ARIS Risk & Compliance Manager supports the interaction with Apama. This complex event processing software triggers test cases, incidents or issues automatically. The software monitors in real-time what is happening across the business and creates relevant tasks immediately when defined events occur.


The new capabilities of ARIS Risk & Compliance Manager enable faster, easier access to information while the new connection to Apama supports the evolution towards intelligent GRC. As a result, Software AG’s iGRC solution offers:
  • A single point of truth across all GRC functions
  • Real-time identification of control issues
  • Accelerated reporting and rapid decision-making
  • Improved and automate risk and control assurance
Use ARIS Risk and Compliance Manager today to implement and efficiently operate enterprise-wide GRC management.