ARIS Audit Manager Implement Consistent, Companywide Compliance Management The days when a company could focus solely on its internal processes are long gone. Business relationships with part- ners, suppliers, and customers have become at least just as important. In addi- tion, the existence and implementation of stricter external regulations is playing an increasingly important role in the corpo- rate structure. To follow the requirements of the regulations, it is necessary to identi- fy affected processes, analyze risks, inte- grate necessary controls in the processes, and monitor their execution. Ensuring com- pliance with these regulations is called compliance management. ARIS Audit Manager provides companies with com- prehensive support for compliance man- agement. The process-oriented software solution enables the efficient introduction and operation of a company-wide compli- ance management system that meets the requirements of various current and future regulations. Basel II, Sarbanes-Oxley Act, Solvency II, GwG, KonTraG, MaRisk, Corporate Governance, ISO Standards – all of these buzzwords and acronyms stand for many regulations with which companies must comply today. The resulting requirements are as various as the laws and regulations themselves. It is in the companies’ best interests to meet these requirements to avoid violating legal principles and to satisfy industry-specific quality guidelines. Companies are faced with one fundamental question: How can these risks be eliminated and how can the company ensure that legal requirements are met? Audit-Ready Internal Control System Important for almost all regulations: a company’s internal control system must be ready for an audit at any time. Complete documentation of controls, as well as defined processes and responsibilities, must exist for the coordinated elimination of any weaknesses. The same applies to document releases and test intervals. In addition, the test data must be processed at certain times with a view to the target group, i.e., for external or internal auditors or man- agement. For all of the aforementioned tasks, it is strategically important to establish a cen- tral compliance strategy and an efficient compliance organization. In turn, various efforts are combined in a consolidated compliance management system, and synergies from personnel resources, data, IT, and existing knowledge are efficiently utilized. A Complete Package for a Regulated Economic Environment - ARIS Compliance Management Solution ARIS Compliance Management Solution consists of several sub-components and fully cov- ers and integrates all areas with the aim of optimizing results and quality. ARIS Business Architect process modeling software is the foundation for monitoring all internal controls. Within this software, master data of the compliance management system is documented in its entirety, serving as a basis for continuous monitoring of the suitability and effectiveness of the internal controls within ARIS Audit Manager. After automatically synchronizing the control and test data, ARIS Audit Manager performs a test run with a workflow – beginning with the automatic request of the persons responsible for the test and ending with sign-off and preparation of the data for external audits. The audit workflow system provides the testers with all essential information, guides them through the test and the associated documentation, and triggers necessary follow-up actions depending on the test results.
The days when a company could focussolely on its internal processes are longgone. Business relationships with part-ners, suppliers, and customers havebecome at least just as important. In addi-tion, the existence and implementation ofstricter external regulations is playing anincreasingly important role in the corpo-rate structure. To follow the requirementsof the regulations, it is necessary to identi-fy affected processes, analyze risks, inte-grate necessary controls in the processes,and monitor their execution. Ensuring com-pliance with these regulations is calledcompliance management. ARIS AuditManager provides companies with com-prehensive support for compliance man-agement. The process-oriented softwaresolution enables the efficient introductionand operation of a company-wide compli-ance management system that meets therequirements of various current and futureregulations.
Basel II, Sarbanes-Oxley Act, Solvency II, GwG, KonTraG, MaRisk, Corporate Governance,ISO Standards – all of these buzzwords and acronyms stand for many regulations with whichcompanies must comply today. The resulting requirements are as various as the laws andregulations themselves. It is in the companies’ best interests to meet these requirements toavoid violating legal principles and to satisfy industry-specific quality guidelines. Companiesare faced with one fundamental question: How can these risks be eliminated and how canthe company ensure that legal requirements are met?
Audit-Ready Internal Control System
Important for almost all regulations: a company’s internal control system must be ready foran audit at any time. Complete documentation of controls, as well as defined processes andresponsibilities, must exist for the coordinated elimination of any weaknesses. The sameapplies to document releases and test intervals. In addition, the test data must be processedat certain times with a view to the target group, i.e., for external or internal auditors or man-agement. For all of the aforementioned tasks, it is strategically important to establish a cen-tral compliance strategy and an efficient compliance organization. In turn, various efforts arecombined in a consolidated compliance management system, and synergies from personnelresources, data, IT, and existing knowledge are efficiently utilized.
A Complete Package for a Regulated Economic Environment -ARIS Compliance Management Solution
ARIS Compliance Management Solution consists of several sub-components and fully cov-ers and integrates all areas with the aim of optimizing results and quality.
ARIS Business Architect process modeling software is the foundation for monitoring allinternal controls. Within this software, master data of the compliance management systemis documented in its entirety, serving as a basis for continuous monitoring of the suitabilityand effectiveness of the internal controls within ARIS Audit Manager.
After automatically synchronizing the control and test data, ARIS Audit Manager performs atest run with a workflow – beginning with the automatic request of the persons responsiblefor the test and ending with sign-off and preparation of the data for external audits. Theaudit workflow system provides the testers with all essential information, guides themthrough the test and the associated documentation, and triggers necessary follow-upactions depending on the test results.
About IDS Scheer
The software and consulting company IDSScheer is the leading provider of BusinessProcess Management and IT solutions. With itsARIS Platform for Process Excellence, IDSScheer offers its customers an integrated andcomplete tool portfolio for strategy, design,implementation and controlling of businessprocesses thus supporting them around theentire process lifecycle. As part of the ARISPlatform for Process Excellence, ARIS Toolset isthe world’s best selling tool for process opti-mization. A strategic co-operation with SAPmakes the ARIS tools and methods standardsfor the NetWeaver platform.Thanks to the integrated approach of ARIS Val-ue Engineering, IDS Scheer consultants buildbridges between corporate strategy, theprocesses derived from it, the IT solutions need-ed to support it and also the controlling of run-ning processes.IDS Scheer was founded in 1984 by Prof.August-Wilhelm Scheer and now with some2300 employees serves about 4,000 customersin over 50 countries. In 2004, the companyearned revenues of more than 280 million Euro.
“ARIS”, “IDS” and “Y” symbol are registered trademarks ofIDS Scheer AG, Saarbruecken. “SAP NetWeaver” is a trade-mark of SAP AG, Walldorf. Allother trademarks are the prop-erty of their respective owners. All rights reserved. The con-tents of this document are subject to copyright. Anychanges,modifications, additions or amendments require pri-or written consent from IDS Scheer AG, Saarbrücken. Repro-duction in any form is only permitted onthe condition that thecopyright notice remains on the actual document. Publicationor translation in any form requires prior written consent fro-mIDS Scheer AG, Saarbrücken.
Change Management Processes for Control System Weaknesses
Tests cannot be changed once they have been closed by the system or user. For all tests thatcannot be carried out in time or have ineffective controls, a process is triggered to ensurethat the person in charge is notified and takes action to restore the operability of the inter-nal control system (deficiency management). The system documents and logs all processesso management can trace them during the sign-off process and external auditors can easilywork with them.
Linking the Control System to Processes
An essential legal requirement is linking the control system to the relevant processes. ARISCompliance Management Solution fulfills this requirement. All internal controls and theirtests are linked to the processes in which the risks were identified. Employees can accessthe relevant process, risk, and compliance information through a Web-based compliance orrisk portal, which provides comprehensive data on test information, risk data, or emergencyplans at the click of a mouse.
Performing self-assessments on the basis of integrated questionnaires (e.g., an ARIS COSOQuestionnaire) or utilizing interfaces to monitor the assignment of access privileges in theapplication system during daily operation (authorization workflow, risk-bearing combina-tions of access rights) allows for the implementation of adequate risk control.
At any time, the management view offers a detailed overview of the test activity status,enabling early detection of weaknesses in the internal control system. In addition, a secondinstance evaluates all completed tests regarding their execution and quality. Thus, a revi-sion-safe, consolidated documentation of all tests conducted can be created, released, andpublished by management at any time and without a great deal of effort.
New processes or process changes and questions regarding their compliance are integrat-ed immediately into the corporate process architecture so they can be transferred quickly tothe portal and test environments.
