Risk object

The risk is modeled in an ARIS modeling environment with the Risk object (OT_RISK). A risk is created in ARIS Risk & Compliance Manager for each risk for which the Synchronize ARCM attribute is set to true.

Attribute mappings: Risk ARIS to Risk (ARCM)

ARIS attribute

API name

ARCM attribute

M*

Notes

Name

AT_NAME

name

X

 

Risk ID

AT_AAM_RISK_ID

risk_id

 

 

Risk types

AT_AAM_RISK_TYPE_FINANCIAL_REPORT

AT_AAM_RISK_TYPE_COMPLIANCE

AT_AAM_RISK_TYPE_OPERATIONS

AT_AAM_RISK_TYPE_STRATEGIC

risktype

 

The enumeration is set in ARIS Risk & Compliance Manager when the values are true.

Description/
Definition

AT_DESC

description

 

Provides more details about the element, for example, its purpose.

 

 

risk_function

 

Is identified via the connection to the function. A corresponding link to the process hierarchy element in ARIS Risk & Compliance Manager is saved.

 

 

financial_

statement

 

Is identified via the connection to the technical term. A corresponding link to the regulation hierarchy element in ARIS Risk & Compliance Manager is saved.

Impact

AT_AAM_IMPACT

impact

 

 

Probability

AT_AAM_PROBABILITY

probability

 

 

Risk catalog 1

AT_AAM_RISK_CATALOG_1

risk_catalog1

 

 

Risk catalog 2

AT_AAM_RISK_CATALOG_2

risk_catalog2

 

 

Title 1

Title 2

Title 3

Title 4

AT_TITL1

AT_TITL2

AT_TITL3

AT_TITL4

document:

  • name
  • title

 

Indicates the linked documents.

Link 1

Link 2

Link 3

Link 4

AT_EXT_1

AT_EXT_2

AT_EXT_3

AT_LINK

document:

  • link

 

Indicates the linked documents.

ARIS document storage Title 1

ARIS document storage Title 2

ARIS document storage Title 3

ARIS document storage Title 4

AT_ADS_TITL1

AT_ADS_TITL2

AT_ADS_TITL3

AT_ADS_TITL4

document:

  • name
  • title

 

Indicates the linked documents.

ARIS document storage link 1

ARIS document storage link 2

ARIS document storage link 3

ARIS document storage link 4

AT_ADS_LINK_1

AT_ADS_LINK_2

AT_ADS_LINK_3

AT_ADS_LINK_4

document:

  • link

 

Indicates the linked documents.

 

 

manager_
group

 

Is identified via the connection to the role. A corresponding link to the risk manager in ARIS Risk & Compliance Manager is saved.

Assertions

AT_AAM_ASSERTIONS_EXIST_OCCURRENCE

AT_AAM_ASSERTIONS_COMPLETENESS

AT_AAM_ASSERTIONS_RIGHTS_OBLIGATIONS

AT_AAM_ASSERTIONS_VALUATION_ALLOCATION

AT_AAM_ASSERTIONS_PRESENTATION_DISCLOSURE

AT_AAM_ASSERTIONS_NA

assertions

 

The enumeration is set in ARIS Risk & Compliance Manager depending on the values that are set. A dependency of values exists. The first five values cannot occur in combination with the last entry.

*The M column specifies whether the attribute is a mandatory field.

Mappings transferred to ARIS Risk & Compliance Manager only if the risk is marked as Risk Management-relevant

ARIS attribute

API name

ARCM attribute

M*

Notes

Risk management-
relevant

AT_GRC_RISK_MANAGEMENT_RELEVANT

risk_management_relevant

 

 

Assessment activities

AT_GRC_ASSESSMENT_ACTIVITIES

assessment_
activities

 

Describes the assessment steps.

Assessment frequency

AT_GRC_ASSESSMENT_FREQUENCY

assessment_
frequency

(X)

Defines the frequency at which risk assessments are automatically generated. This attribute is only mandatory if the Risk Management-relevant attribute is set to true.

Event-driven assessment allowed

AT_GRC_EVENT_DRIVEN_ASSESSMENTS_ALLOWED

event_driven_
allowed

 

Indicates whether manually created assessments are allowed for risks. Is automatically set to true during import from ARIS to ARIS Risk & Compliance Manager if the Assessment frequency attribute is set to Event-driven.

Time limit for execution in days

AT_GRC_RISK_ASSESSMENT_DURATION

assessment-
duration

(X)

Specifies the duration for executing a risk assessment. This attribute is only mandatory if the Risk Management-relevant attribute is set to true. This attribute is not mandatory if the Assessment frequency attribute has the value Event-driven.

Start date of risk assessment

AT_GRC_START_DATE_OF_RISK_ASSESSMENTS

assessments_
startdate

(X)

Specifies the date as of which risk assessments are generated. This attribute is only mandatory if the Risk Management-relevant attribute is set to true. This attribute is not mandatory if the Assessment frequency attribute has the value Event-driven.

End date of risk assessment

AT_GRC_END_DATE_OF_RISK_ASSESSMENTS

assessments_
enddate

 

Specifies the date as of which risk assessments are no longer generated.

*The M column specifies whether the attribute is a mandatory field.

Further Risk (ARIS) to Risk (ARCM) attributes

ARIS attribute

API name

ARCM attribute

M*

Notes

risk_assessment_owner_group

(X)

Is identified via the connection to the role. A corresponding link to the risk owner in ARIS Risk & Compliance Manager is saved. This attribute is only mandatory if the Risk Management-relevant attribute is set to true.

risk_reviewer_group

(X)

Is identified via the connection to the role. A corresponding link to the risk reviewer in ARIS Risk & Compliance Manager is saved. This attribute is only mandatory if the Risk Management-relevant attribute is set to true.

risk_category

 

Is identified via the connection to the risk category. A corresponding link to the risk hierarchy element in ARIS Risk & Compliance Manager is saved.

organizational_unit

 

Is identified via the connection to the organizational unit. A corresponding link to the organization hierarchy element in ARIS Risk & Compliance Manager is saved.

application_system_type

 

Is identified via the connection to the application system type. A corresponding link to the application system type hierarchy element in ARIS Risk & Compliance Manager is saved.

*The M column specifies whether the attribute is a mandatory field.