Issue 4, 2013
Leading industry analyst firm Gartner, Inc. places Software AG as a market leader for Enterprise Governance, Risk and Compliance (EGRC) Platforms—a market that has matured to include strategic focus on enterprise risk management and business performance. Complimentary copies of Gartner’s report are available at http://www.softwareag.com/recognition.
Second year in Leaders quadrant
Software AG has remained in the Leaders quadrant of the 2013 Magic Quadrant for Enterprise Governance, Risk and Compliance (EGRC) Platforms for the second year in a row. Vendors were evaluated based on both their completeness of vision and ability to execute in the EGRC platform market. The report states that Software AG has a very innovative product strategy and vision.
Figure 1: Software AG remains in Gartner’s Leaders quadrant for the second year in a row.
Gartner’s evaluation of Software AG is based on the ARIS Governance, Risk & Compliance Platform (ARIS GRC), which takes a process-focused approach to EGRC. With the ARIS Governance, Risk & Compliance Platform, businesses can analyze and assess risks, automatically escalate issues for resolution and update management via an up-to-the-minute dashboard. It helps enterprises to comprehensively manage their compliance activities and analyze operational risks.
The ARIS GRC Platform combines Business Process Analysis (BPA) with audit-proof workflows and turns risk and compliance management into a strategic management tool. All risk management and compliance topics are executed in an integrated central ARIS repository for maximum control, transparency, simplicity and efficiency.
ARIS Risk & Compliance Manager 9.5
The next release of ARIS Risk & Compliance Manager, the core product of the ARIS GRC Platform, will be fully compatible with ARIS 9.5. The new release will include enhanced functions for policy management and incident management. New workflows for exceptions documentation (when policies have temporarily or permanently been suspended) and policy reviews are among improvements coming to policy management. Incident management will be more generic to accommodate being used for many various objects such as risks, controls, audits or policies. Incidents can be documented as source for improvements in the context of GRC management and BPA.
ARIS Risk & Compliance Manager 9.5 will use the new central user management capability of ARIS 9.5. It will also support central license management and distribution, as well as central document management to save, share and link documents throughout all ARIS products.
The ARIS GRC Platform uses complex event processing for real time monitoring and to automate tasks to increase productivity. Several use cases like Continuous Controls Monitoring (CCM) or fraud detection are supported. Reporting and dashboard capabilities via individual mashups are also part of the platform. The social collaboration tool, ARIS Connect, enables information sharing on risk and compliance data.
The ARIS GRC Platform can be used to support various regulatory requirements like Foreign Account Tax Compliance Act (FATCA) within the internal control system and helps to increase the efficiency of compliance activities. Learn more about ARIS GRC for FATCA.
Comprehensive audit and risk management
ARIS Risk & Compliance Manager also offers comprehensive capabilities for planning, preparation, execution and reporting of audits (see examples in figures 2 and 3). The system creates reliable audit plans, shows clear responsibilities and saves the complete documentation of results, which can easily be made accessible to external auditors. Process documentation can be re-used, thus reducing audit times and costs.
Figure 2: Use Gantt charts for your audit preparation and execution.
Enterprises use ARIS Risk & Compliance Manager for business performance and enterprise risk management. Operational risks can be assessed by financial impact and probability. Risk mitigating measures can be initiated if necessary. If risks should occur, incidents and resulting losses can be documented with all affected assets and processes including damage. This data can be re-used for future assessments. The incident management capability will be expanded in the upcoming version to be used for various objects, such as risks, controls, audits or policies.
Figure 3: Use heat maps for your risk management.
Enhanced policy management
With 9.5, the policy management capability will be enhanced with a new workflow for exceptions documentation and a new review workflow for maintaining and updating policies as shown in Figure 4.
Figure 4: Policy Management with the ARIS GRC Platform.
In previous versions, ARIS Risk & Compliance Manager offered a workflow for approval and publishing of policies. Optionally, policy addressees can receive a task to confirm a policy and report attestation status to the policy owners. But in some cases, policies can be suspended for any reason. These are known as policy exceptions. The upcoming version will offer a new capability for policy owners to document these exceptions. They can define the exception as a permanent or temporary suspension, when and where it happened, and describe the reason. Each exception can then be analyzed to evaluate if and how a policy can be improved.
The second extension is policy review tasks. They define review activities and frequencies that help to decide how to proceed with policies and if updates must be initiated.
Reduce risks with ARIS GRC
The ARIS GRC Platform is the right solution for chief compliance and finance officers that want to cut costs and save time with efficient internal risk and compliance controls, while reducing risks by implementing effective compliance measures. Risk managers can efficiently identify and assess risk impacts and manage risk resolution. Finally, internal auditors can easily prove compliance to external auditors thanks to a seamless audit trail showing all relevant documentation and responsibilities.
* “Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms”, published September 24th 2013, by French Caldwell and John A. Wheeler