For the risks identified in the processes or at hierarchy objects, the responsibilities and objects relevant for the assessment can be defined in the KPI allocation diagram. This means that effects on the company's hierarchies can be documented, e. g. which risk affects which organizational unit.
The allocations of risk owner and risk reviewer are mandatory if the Risk Management-relevant attribute is set to true. All other allocations are optional.
The is assigned to connection (CT_IS_ASSIG_6) can be used to inherit object assignments between risks. Objects assigned to the risk object with outgoing connection are passed on to the risk object with ingoing connection. Only the following object types are passed on: Function, Organizational unit, Application system type, Regulation, Risk category, and Roles. An object type is only passed on if the receiving risk has no direct connection to the same object type. A role is only passed on if the receiving object has no direct connection to the same role. Example: The risk reviewer group is passed on but the risk owner group is not passed on, because the receiving risk already has an assignment to the risk owner group.
Relationships of the risk object
The following connections are relevant between the objects in the KPI allocation diagram:
Object |
Connection |
Object |
Notes |
---|---|---|---|
Risk |
is technically responsible for |
Role |
This connection creates the relationship to the risk owner, risk manager, and risk reviewer. |
Risk |
affects |
Organizational unit |
This connection creates the relationship to the organizational hierarchy. |
Risk |
affects |
Technical term |
This connection creates the relationship to the regulation hierarchy. It becomes a mandatory relationship if Financial reporting has also been selected for the Risk type risk attribute. |
Risk |
affects |
Application system type |
This connection creates the relationship to the application system type hierarchy. |
Risk |
is measured by |
KPI instance |
This connection creates the relationship to the KPI. It is not transferred to ARIS Risk & Compliance Manager so far. |
Risk |
is influenced by |
Task |
This connection creates the relationship to the measure. It is not transferred to ARIS Risk & Compliance Manager so far. |