Please note the following:
A risk should be connected to only one function. The assignment of a risk to multiple functions is no problem for Simulation, but it is not supported by ARIS Risk and Compliance. Therefore, it should be avoided if the model will also be used by ARIS Risk and Compliance.
A risk must not be linked to a control via a connection of the occurs at type if, in addition, the connection is modeled via a connection of the is reduced by type. In this case, Simulation ignores the connection of the occurs at type.