Contents
Text conventions
Installation guide
Introduction
Important information about system installation
System requirements
Oracle system and settings
Microsoft® SQL Server system and settings
Acrobat Reader
Microsoft Office/Excel
ARIS Risk & Compliance Manager installation using an Oracle or a Microsoft® SQL Server database
Installation of an Oracle or a Microsoft® database
Install an Oracle database schema
Install a Microsoft® SQL Server database schema (mixed mode/Windows authentication)
Usage of a PostgreSQL database
Manual configuration of the database for ARIS Risk & Compliance Manager
Add tenant schema of ARIS Risk & Compliance Manager
Provide and integrate the database driver
Configure the database connection pool
Installation of ARIS Risk & Compliance Manager
Installation with the setup
Integrate ARIS Risk & Compliance Manager in an existing ARIS installation
Configure parameters
Configuration of the e-mail functionality
Change e-mail addresses
Migrate from the test installation to a productive system
Installation of a customer-specific version (Customizing)
Glossary
Global Unique Identifier (GUID)
Java Database Connectivity (JDBC)
Multi-purpose Internet Mail Extension mapping (MIME mapping)
Oracle service ID (SID)
Simple Mail Transfer Protocol (SMTP)
Single sign-on (SSO)
Upgrade guide
Introduction
Upgrade to a new version of ARIS Risk & Compliance Manager
Data backup
Run the update setup
Data migration (version 10.0 or newer)
Prepare database for data migration
Version 10.0.0 up to 10.0.11
Version 10.0.0 and higher
Back up tenant of the old ARIS Risk & Compliance Manager version
Install new version of ARIS Risk & Compliance Manager
Restore tenant data to new version
Switch to ARIS external service of type DB
Recommended procedure for all DBMS
Special case Oracle - schema on the same instance
Data migration (version 9.x or older)
Migrate data from ARIS document storage (version 9.x or older)
ARIS Risk & Compliance Manager database migration (version 9.x or older)
Migration of event enabling in ARIS Risk & Compliance Manager
Prepare system shutdown
Glossary
Global Unique Identifier (GUID)
Java Database Connectivity (JDBC)
Multi-purpose Internet Mail Extension mapping (MIME mapping)
Oracle service ID (SID)
Simple Mail Transfer Protocol (SMTP)
Administration guide
Introduction
Administration
Configuration of event enabling in ARIS Risk & Compliance Manager
Transfer modeled users
Export modeled users
Import modeled users into User Management
Synchronize users with ARIS Administration/User Management
Connection to a directory service (LDAP)
Connection to ARIS Publisher
Backup and restore runnable using ARIS Cloud Controller
Backup and restore runnable using ARIS Tenant Management
Glossary
Global Unique Identifier (GUID)
Java Database Connectivity (JDBC)
Multi-purpose Internet Mail Extension mapping (MIME mapping)
Oracle service ID (SID)
Simple Mail Transfer Protocol (SMTP)
Single sign-on (SSO)
Customizing guide
What can be customized?
General procedure
Set up of Customizing-Tool-Kit (CTK)
Adapt the XML configuration
Adapt rules
Adapt language versions
Inheritance
Inheritance hierarchy of central objects
Object and VersionObject object types
TransactionalObject object type
MonitorableObject object type
RecurringObject object type
ObjectContainer object type
Inheritance in the file objectTypes.xml
Conventions
Conventions in the XML configuration
Conventions for object generation
Environment association in environment-specific objects
MonitorableObject object type
Identical attribute names
Object assignment if names are identical
Class mappings
Actions
Command class mappings
Statistics class mappings
Bl class mappings
UI class mappings
View class mappings
VCREG.XML configuration file
Customize help
Basic use cases
Customize object properties
Overwrite the schema version
Add/adapt a simple attribute
Create a simple attribute
Adapt an object type
Add/adapt properties
Assign validator
Assign converter
Add an attribute to a form
Adapt a form
Add/adapt properties of a form
Assign a renderer
Adapt rules
Add/adapt reports
Add an attribute to a list
Adapt a list
Add/adapt properties of a list
Adapt data retrieval for a list
Add a renderer
Add/adapt reports
Add an attribute to a filter
Adapt a list filter
Add/adapt properties of a filter
Assign a renderer
Add/modify an enumeration attribute
Create an enumeration attribute
Add/adapt an enumeration
Add/adapt properties of an enumeration
Adapt an object type
Add an attribute to a form
Adapt data retrieval for a list
Add an attribute to a list
Add an attribute to a filter
Add/adapt a list attribute
Create a list attribute
Adapt an object type
Add/adapt properties
Adapt list restrictions
Adapt roles
Add an attribute to a form
Add a selection list
Adapt a selection list
Add/adapt properties
Adapt data query for selection list
Assign a renderer
Add a selection list filter
Customize the object life cycle
Workflow configuration
Add a state
Add a state to an active object
Add a state to a deleted object
Add a transition
Add a prepare transition
Add an insert transition
Add an update transition
Add a reset transition
Add a delete transition
Add a recover transition
Configure the command chain catalog
Modify a command chain
Add a command chain
Adapt/add user interactions
Confirmation dialogs
Input dialogs
Adapt the task configuration
Adapt a master data file import
Add/adapt hierarchies
Add an enumeration item
Add a new list element to a master data object
Add a new list element to a transactional object
Display and input options for forms
Automatic transfer of hierarchy objects
Make a hierarchy attribute editable.
Assign roles to a hierarchy attribute
Add a hierarchy evaluation
Create a new data view for hierarchy statistics
Add/adapt statistics
Adapt statistics
Adapt column widths
Link structural elements
Add/adapt columns
statistic.columnGroup.enum-based statistics
statistic.columnGroup.perCent-based statistics
statistic.column.value-based statistics
Adapt links
Use a new hierarchy
Add/adapt reports
Add/adapt reports for forms
Replace an existing form report definition
Add a new form report definition
Incorporate a new form report selection
Add/adapt reports for lists
Replace an existing list report definition
Add a new list report definition
Incorporate a new report selection
Modify message template
Add a new message template
Add a new message template content
Customize the contents of a message template
Send messages
Add/adapt segregation of duties
Add/adapt rule
Overwrite an existing rule file
Incorporate a new rule file
Reuse existing rules for new attributes
Add/adapt a scheduled task
Adapt the schedule
Generator
Adapt the object search
Generate objects
Adapt the object search
Updater
Adapt offline processing
Modify offline documents
Change the offline operator roles definition
Add a new Offline editor role
Adapt offline processors
Adapt offline behavior for each object type
Add/adapt dashboard link
Adapt dashboard link
Add dashboard link
Add a MashZone list for object data
Add a MashZone list for object links
Assign a name to a MashZone list
Adjust navigation
Adapt navigation for an area
Adapt and extend event enabling
Extend existing Digital Event Types
Create new Digital Event Type
Adapt interface appearance
Include CSS files
Include JavaScript files
Exchange images and icons
Migration costs and risks of customizing
Costs and effort of customizing migration
Risks of customizing
Data migration guide for customized versions
Introduction
The migration framework of ARIS Risk & Compliance Manager
What the framework cannot do
Start the migration
The migration plan
Format
The XML schema of the migration plan
The location of the migration plan
The architecture
The construction set
IMigrationStep
Step template
IMapping
MigrationObject
Automatic update of the schema version
Partly automatic cleanup
Data migration from version 3.1.4 to 9.x
Modeling approach
Schema ID
Migration sandbox
Adjustments to the data migration in CTK
Logging
Modeling conventions
Introduction
General conventions
Users and user groups
Models, objects, and relationships
Role
Person
Company assets (hierarchies)
Application system type hierarchy
Organizational hierarchy
Process hierarchy
Regulation hierarchy
Risk category hierarchy
Tester hierarchy
Policy Management conventions
Business controls diagram
Policy object
Process models for policies
Business rule architecture diagram
Regulatory Change Management conventions
Technical terms model
Technical term object
Relation between Role and Technical term
Survey Management conventions
Survey management model
Questionnaire template object
Section object
Question object
Question types attribute
Evaluation by reviewer attribute
Option set object
Answer option object
Dependent questions/sections
Questionnaire template assignment model
Survey task object
Operational Risk Management conventions
Risks in process models
KPI allocation diagram
Risk object
Control Management conventions
Business controls diagram
Control execution task object
Test Management conventions
Level 3 process models
Business controls diagram
Risk object
Control object
Test definition object
General modeling conventions
Automated control testing
Sign-off Management conventions
Sign-off using process hierarchy
Sign-off using regulations & standards hierarchy
Sign-off using tester hierarchy
Sign-off using organizational hierarchy
Audit Management conventions
Project schedule model (audit template)
Task object (audit template)
Project schedule model (audit step template)
Task object (audit step template)
Task allocation diagram
Glossary
ARIS modeling environment
Assertions
Audit preparation
Control period
COSO components
Credit default
Deficiency
Direct loss
Dual control
Four eyes principle
Incident
Indirect loss
Issue Management
Loss
Near loss
Reserves
Segregation of duties
Sign-off
Sign-off period
Survey period
Test of design
Test of effectiveness
Testing period
Semantics verification for exporting data
Introduction
Use semantics reports
Installation of semantics reports
Run semantics reports
Example of a report without error messages
Example of a report with error messages
Valuable information
What additional components do you need for the semantics reports?
What semantics reports are available?
What verifications are defined for audit templates?
What verifications are defined for controls and control execution tasks?
What verifications are defined for hierarchy structures?
What verifications are defined for policy definitions?
What verifications are defined for questionnaire templates?
What verifications are defined for risks?
What verifications are defined for test definitions?
What verifications are defined for user groups?
What verifications are defined for users?
Support and legal information
Documentation scope
Data protection
Restrictions
Support
Legal notes
Index