A risk should be connected to only one function. The assignment of a risk to multiple functions is no problem for Simulation, but it is not supported by ARIS Risk & Compliance Manager. Therefore, it should be avoided if the model will also be used by ARIS Risk & Compliance Manager.
A risk must not be linked to a control via a connection of the occurs at type if, in addition, the connection is modeled via a connection of the is reduced by type. In this case, Simulation ignores the connection of the occurs at type.