Control object

The control is modeled in an ARIS modeling environment using the Function object (OT_FUNC) and the default symbol Control (ST_CONTR). A control is created in ARIS Risk & Compliance Manager for each control for which the Synchronize ARCM attribute is set to true.

Attribute mappings: Function (control) (ARIS) to Control (ARCM)

ARIS attribute

API name

ARCM attribute

M*

Notes

Name

AT_NAME

name

X

 

Control ID

AT_AAM_CTRL_ID

control_id

 

 

 

 

manager_
group

 

Is identified via the connection to the role. A corresponding link to the control manager in ARIS Risk & Compliance Manager is saved.

Control frequency

AT_AAM_CTRL_FREQUENCY

control_frequency

 

 

Control execution

AT_AAM_CTRL_EXECUTION_MANUAL

AT_AAM_CTRL_EXECUTION_IT

control_execution

 

The enumeration is set in ARIS Risk & Compliance Manager when the values are true.

Effect of control

AT_AAM_CTRL_EFFECT

control_effect

 

 

COSO component

AT_AAM_COSO_COMPONENT_CRTL_ENVIRONMENT

AT_AAM_COSO_COMPONENT_RISK_ASSESSMENT

AT_AAM_COSO_COMPONENT_CTRL_ACTIVITIES

AT_AAM_COSO_COMPONENT_INFO_COMMUNICATION

AT_AAM_COSO_COMPONENT_MONITORING

control_type

 

The enumeration is set in ARIS Risk & Compliance Manager when the values are true.

Control activity

AT_AAM_CTRL_ACTIVITY

controls

 

 

Control objective

AT_AAM_CTRL_OBJECTIVE

control_objective

 

 

Key control

AT_AAM_KEY_CTRL

key_control

 

 

Assertions

AT_AAM_ASSERTIONS_EXIST_OCCURRENCE

AT_AAM_ASSERTIONS_COMPLETENESS

AT_AAM_ASSERTIONS_RIGHTS_OBLIGATIONS

AT_AAM_ASSERTIONS_VALUATION_ALLOCATION

AT_AAM_ASSERTIONS_PRESENTATION_DISCLOSURE

AT_AAM_ASSERTIONS_NA

assertions

 

The enumeration is set in ARIS Risk & Compliance Manager when the values are true. A dependency of values exists. The first five values cannot occur in combination with the last entry.

 

 

control_function

 

Is identified via the connection to the function. A corresponding link to the process hierarchy element in ARIS Risk & Compliance Manager is saved.

 

 

testdefinitions

 

Is identified via the connection to the test definition. A corresponding link to the test definition in ARIS Risk & Compliance Manager is saved.

 

 

financial_statement

X

Is identified via the connection to the technical term. A corresponding link to the regulation hierarchy element in ARIS Risk & Compliance Manager is saved.

*The M column specifies whether the attribute is a mandatory field.