The risk is modeled in an ARIS modeling environment with the Risk object (OT_RISK). A risk is created in ARIS Risk & Compliance Manager for each risk for which the Synchronize ARCM attribute is set to true.
Attribute mappings: Risk ARIS to Risk (ARCM)
ARIS attribute |
API name |
ARCM attribute |
M* |
Notes |
---|---|---|---|---|
Name |
AT_NAME |
name |
X |
|
Risk ID |
AT_AAM_RISK_ID |
risk_id |
|
|
Risk types |
AT_AAM_RISK_TYPE_FINANCIAL_REPORT AT_AAM_RISK_TYPE_COMPLIANCE AT_AAM_RISK_TYPE_OPERATIONS AT_AAM_RISK_TYPE_STRATEGIC |
risktype |
|
The enumeration is set in ARIS Risk & Compliance Manager when the values are true. |
Description/ |
AT_DESC |
description |
|
Provides more details about the element, for example, its purpose. |
|
|
risk_function |
|
Is identified via the connection to the function. A corresponding link to the process hierarchy element in ARIS Risk & Compliance Manager is saved. |
|
|
financial_ statement |
|
Is identified via the connection to the technical term. A corresponding link to the regulation hierarchy element in ARIS Risk & Compliance Manager is saved. |
Impact |
AT_AAM_IMPACT |
impact |
|
|
Probability |
AT_AAM_PROBABILITY |
probability |
|
|
Risk catalog 1 |
AT_AAM_RISK_CATALOG_1 |
risk_catalog1 |
|
|
Risk catalog 2 |
AT_AAM_RISK_CATALOG_2 |
risk_catalog2 |
|
|
Title 1 Title 2 Title 3 Title 4 |
AT_TITL1 AT_TITL2 AT_TITL3 AT_TITL4 |
document:
|
|
Indicates the linked documents. |
Link 1 Link 2 Link 3 Link 4 |
AT_EXT_1 AT_EXT_2 AT_EXT_3 AT_LINK |
document:
|
|
Indicates the linked documents. |
ARIS document storage Title 1 ARIS document storage Title 2 ARIS document storage Title 3 ARIS document storage Title 4 |
AT_ADS_TITL1 AT_ADS_TITL2 AT_ADS_TITL3 AT_ADS_TITL4 |
document:
|
|
Indicates the linked documents. |
ARIS document storage link 1 ARIS document storage link 2 ARIS document storage link 3 ARIS document storage link 4 |
AT_ADS_LINK_1 AT_ADS_LINK_2 AT_ADS_LINK_3 AT_ADS_LINK_4 |
document:
|
|
Indicates the linked documents. |
|
|
manager_ |
|
Is identified via the connection to the role. A corresponding link to the risk manager in ARIS Risk & Compliance Manager is saved. |
Assertions |
AT_AAM_ASSERTIONS_EXIST_OCCURRENCE AT_AAM_ASSERTIONS_COMPLETENESS AT_AAM_ASSERTIONS_RIGHTS_OBLIGATIONS AT_AAM_ASSERTIONS_VALUATION_ALLOCATION AT_AAM_ASSERTIONS_PRESENTATION_DISCLOSURE AT_AAM_ASSERTIONS_NA |
assertions |
|
The enumeration is set in ARIS Risk & Compliance Manager depending on the values that are set. A dependency of values exists. The first five values cannot occur in combination with the last entry. |
*The M column specifies whether the attribute is a mandatory field.
Mappings transferred to ARIS Risk & Compliance Manager only if the risk is marked as Risk Management-relevant
ARIS attribute |
API name |
ARCM attribute |
M* |
Notes |
---|---|---|---|---|
Risk management- |
AT_GRC_RISK_MANAGEMENT_RELEVANT |
risk_management_relevant |
|
|
Assessment activities |
AT_GRC_ASSESSMENT_ACTIVITIES |
assessment_ |
|
Describes the assessment steps. |
Assessment frequency |
AT_GRC_ASSESSMENT_FREQUENCY |
assessment_ |
(X) |
Defines the frequency at which risk assessments are automatically generated. This attribute is only mandatory if the Risk Management-relevant attribute is set to true. |
Event-driven assessment allowed |
AT_GRC_EVENT_DRIVEN_ASSESSMENTS_ALLOWED |
event_driven_ |
|
Indicates whether manually created assessments are allowed for risks. Is automatically set to true during import from ARIS to ARIS Risk & Compliance Manager if the Assessment frequency attribute is set to Event-driven. |
Time limit for execution in days |
AT_GRC_RISK_ASSESSMENT_DURATION |
assessment- |
(X) |
Specifies the duration for executing a risk assessment. This attribute is only mandatory if the Risk Management-relevant attribute is set to true. This attribute is not mandatory if the Assessment frequency attribute has the value Event-driven. |
Start date of risk assessment |
AT_GRC_START_DATE_OF_RISK_ASSESSMENTS |
assessments_ |
(X) |
Specifies the date as of which risk assessments are generated. This attribute is only mandatory if the Risk Management-relevant attribute is set to true. This attribute is not mandatory if the Assessment frequency attribute has the value Event-driven. |
End date of risk assessment |
AT_GRC_END_DATE_OF_RISK_ASSESSMENTS |
assessments_ |
|
Specifies the date as of which risk assessments are no longer generated. |
*The M column specifies whether the attribute is a mandatory field.
Further Risk (ARIS) to Risk (ARCM) attributes
ARIS attribute |
API name |
ARCM attribute |
M* |
Notes |
---|---|---|---|---|
– |
– |
risk_assessment_owner_group |
(X) |
Is identified via the connection to the role. A corresponding link to the risk owner in ARIS Risk & Compliance Manager is saved. This attribute is only mandatory if the Risk Management-relevant attribute is set to true. |
– |
– |
risk_reviewer_group |
(X) |
Is identified via the connection to the role. A corresponding link to the risk reviewer in ARIS Risk & Compliance Manager is saved. This attribute is only mandatory if the Risk Management-relevant attribute is set to true. |
– |
– |
risk_category |
|
Is identified via the connection to the risk category. A corresponding link to the risk hierarchy element in ARIS Risk & Compliance Manager is saved. |
– |
– |
organizational_unit |
|
Is identified via the connection to the organizational unit. A corresponding link to the organization hierarchy element in ARIS Risk & Compliance Manager is saved. |
– |
– |
application_system_type |
|
Is identified via the connection to the application system type. A corresponding link to the application system type hierarchy element in ARIS Risk & Compliance Manager is saved. |
*The M column specifies whether the attribute is a mandatory field.