Governance, Risk &
Compliance Management

Software AG's ARIS Governance, Risk & Compliance Management
Platform enables enterprises to confidently meet internal and external
legal requirements and standards while efficiently managing risks.


ARIS GRC – Part 1
Watch now


ARIS GRC – Part 2
Watch now


ARIS Community Promo Box
450,000 members & growing
Join us


Efficiently manage your business risks

Meet internal and external legal and regulatory requirements and manage enterprise risks using the ARIS Governance, Risk and Compliance (GRC) Management Platform. Our process-driven solution combines Business Process Analysis (BPA) with audit-proof workflows, turning risk and compliance management into a strategic GRC management tool.

What you can do with this platform

Assess & manage risk
  • Identify, document, assess and report on risk impacts and probabilities
  • Reduce risks with appropriate measures
  • Simulate risks in a process
  • Document incidents and losses
Identify & solve issues
  • Create workflows and initiate improvements for identified issues
  • Track and follow-up on issue-related action items
  • Define clear issue resolution responsibilities
  • Document issues from creation to completion
Manage controls & monitor performance
  • Build and verify an effective internal control system
  • Use predefined workflows and automatically triggered notifications
  • Manage various laws and regulations and prove compliance to external auditors
  • Manage and track performance results using management dashboards
Plan, execute and report on audits
  • Plan and schedule audits with individual steps
  • Reduce paperwork and manual tasks
  • Gain insight into upcoming steps and preparation times
  • Generate reports with audit findings and results

Key benefits

Comply with confidence Establish controls and acceptable levels of risk. Stay in alignment with your organization’s objectives and policies. Reduce conflicts between business and control departments.
Increase business agility Identify non-conformance and the root cause to take quick action.
Adapt faster to new regulations Break down legislation and regulations into control requirements that can be handled sensibly.
Identify and decrease risks Identify, document and assess risks; evaluate financial impact and probability; and define measures to minimize risks.
Decrease risk of penalties Minimize top management exposure to devastating penalties for compliance violations.
Manage questionnaires with predefined scores Conduct periodic or one-time surveys—scenarios include risk identification, supplier audits, business impact analysis and more.
Analyze and communicate risk exposure Simulate risk events along defined business process chains; analyze dependencies between business processes, risks and controls; and use statistical methods to define risk probabilities and damage distributions. Describe and analyze risk scenarios in detail; describe different risk scenarios; and communicate risk treatment to third parties.
Decrease complexity Integrate all regulatory demands into a single approach and Internal Control System (ICS). Create issues for identified problems and weaknesses in the internal control system so improvements can be initiated. Track action with two-stage issue workflow.
Improve monitoring and reporting Monitor GRC processes with desktop or mobile dashboards. Reduce redundancy and ensure consistency in data and reports.
Improve efficiency Standardize GRC processes using an integrated platform across all different risk and compliance areas. This central hub also provides a “single point of truth” for all compliance activities.
Simplify audits Schedule audit related tasks and get efficient support for your time management and reporting. The platform also includes a “self-audit” capability and a seamless audit trail. Reduce audit fees and re-use process documentation.
Manage incidents efficiently Use the system to easily document incidents and resulting loss or damage. Basel II and Solvency II requirements are covered. Publish corporate guidelines and get confirmation from the appropriate people that policies have been applied. Launch and document training.
Use real data in real-time Monitor operational processes continuously and trigger test cases, risk assessments, incidents or issues automatically if necessary. Be proactive instead of reactive. Cover 100 percent of data instead of just samples.


Survey management Distribute questionnaires with predefined scores:
  • Conduct self-assessments or audit surveys
  • Re-use templates for periodic surveys
  • Track and evaluate survey results
  • Store results in the central repository
Issue management Manage problems and weaknesses in the ICS and let people know about them for fast resolution. Action tracking helps ensure follow-up on every defined activity:
  • Document every issue, from creation to completion
  • Create a central escalation workflow
  • Assign issues to the right process steps
Incident management Use a comprehensive workflow for incident management:
  • Categorize incidents by criteria, such as type of business and incident type or cause
  • Meet Basel II and Solvency II requirements
  • Evaluate expected losses
Control management Create and monitor controls after identifying compliance risks:
  • Deal with deficiencies in a timely and coordinated way with fully documented processes and responsibilities
  • Document control execution
  • Improve testing workflow
  • Quickly adapt to new laws and regulations
  • Demonstrate complete audit trail
Policy management Map policies, stored in a central repository, to business context with clearly defined responsibilities, affected processes, entities and more. Policy owners gather stakeholder approvals and then publish official policies. Employees can attest they’ve received policies and sign a formal confirmation. A seamless audit trail makes reporting fast and easy:
  • Assure clear transparency about responsibilities and context
  • Use policy workflows for approval, publishing and review
  • Count on an integrated workflow and notification mechanism
Regulatory change management Quickly and easily analyze business elements affected by regulatory changes:
  • Trigger responsible personnel to perform and document review tasks
  • Manage required changes via an issue management workflow
  • Give top management a top-level view of the change process using dashboards
  • Quickly adapt to new laws and regulations
  • Demonstrate a complete audit trail
Loss management Document losses resulting from incidents and classify them into different types:
  • Distribute losses according to organizational units, processes, cost centers and IT systems
  • Compare losses with risk capital and improve risk evaluation
  • Meet Basel II and Solvency II requirements
  • Use historical data for risk evaluation
Operational risk management
  • Easily identify and document risks in your processes, including financial and security risks
  • Evaluate risks for various impacts and probabilities
  • Visualize your risk status
  • Develop strategies to reduce enterprise risk
  • Trigger alarms when thresholds are reached
  • Count on support across the entire process, from risk identification, documentation and analysis through to risk monitoring
Audit management Our platform offers an integrated GRC system with one relational database aligned to business processes. This helps internal auditors manage paperwork and schedule audit-related tasks and get support for time management and reporting:
  • Reduce audit times and audit costs
  • Use Gantt charts for visualization on time axis
  • Create an undoubted audit trail
Modeling and process risk simulation Model your processes, including all relevant risk and compliance data:
  • Link risks and controls directly to the suitable process steps, and map them to the business context
  • Simulate risk events along defined business process chains
  • Analyze dependencies between business processes, risks and controls
  • Define all GRC-related data
  • Conduct what-if analyses
  • Store information in the central repository
Collaboration Unlock the power of collaborative process improvement:
  • Use an easy link between ARIS Connect and ARIS Risk & Compliance Manager
  • Engage anyone, anywhere, anytime
  • Design, publish and create dashboards all in one tool
  • Link people, processes and IT
Publishing Publish risk and compliance information via Web portals for easy access:
  • Control who gets what information via rights or role-based access
  • Customize process portals to your corporate "look and feel"
  • Publish GRC information quickly, flexibly, reliably
  • See easy and intuitive views of process models
  • Improved acceptability with a business-oriented presentation
Analysis Analyze process information, such as time and costs, using standard or customized analysis and queries:
  • Quickly identify improvement potential
  • Understand and increase the business value of processes
  • Improve and benchmark your business
Governance Manage the process of process management:
  • Implement processes in a lightweight, model-driven way
  • Make changes without IT’s involvement
  • Reduce implementation efforts by 50 percent
Monitoring & reporting
  • Provide seamless documentation of all compliance-related activities to external auditors
  • Demonstrate the effectiveness of risk management, internal audit activities, and policy publishing and attestation
  • Verify every user, action and result, along with time and date
  • Generate evaluations of the current status of test cases or risk assessments at any time
Dashboarding Quickly create dashboards that give managers up-to-date information on GRC activities:
  • Visualize top-level KPIs and analyze data in a variety of ways
  • See real-time snapshots of risk and compliance status
  • Easily identify ownership and responsibility
  • Gain an integrated view of GRC and BPA topics
Continuous monitoring
  • Respond in real-time to risk levels or control exceptions
  • Gain transparency into every single process and 100 percent data coverage
  • Trigger workflow tasks for immediate action automatically

Business needs

Compliance management Identify the necessary internal measures (controls) to ensure compliance, establish a regular schedule to assess effectiveness and report to the respective authorities about status and findings. Adapt faster to new laws and regulations and create synergies between overlapping regulatory requirements by creating one company-specific requirements catalog.
Risk management Define the right controls to mitigate risks and install effective measures to reduce their consequences if they occur. Use heat maps and bow tie methodology to visualize and analyze risk status. Determine risk probabilities and damage distributions by simulating risk events along business-process chains.
Policy management Improve corporate governance by understanding the full life cycle of a policy, from creation and release to the assessment of its effectiveness. Communicate important policies to employees.
Audit management Analyze and assess quality as well as other performance areas. Usually this includes scheduling audit-related tasks, managing paperwork, organizing findings and reporting results. Our platform helps you reduce costs of temporary staff, such as auditors, and re-use best practices for different audits. Gain insight into upcoming tasks and preparation times. Get a real-time overview of your company’s risk and control landscape.


ARIS Risk and Compliance Manager Used to implement and efficiently operate an enterprise-wide compliance and risk management system.
ARIS Architect/ARIS Designer Flagship ARIS products used to create, analyze, manage and administer the whole enterprise model, from strategy over business processes to information architectures, application landscapes and services.
ARIS Connect Provides individual user perspectives combined with social networking capabilities that allow people to contribute to process improvement based on their unique skills and experiences.
ARIS Aware Improve the transparency of your enterprise and drive better decisions based on powerful visualizations of reliable data analytics.
ARIS GRC Cloud Your GRC projects can start immediately in the cloud on a subscription basis. ARIS GRC Cloud is available in a private cloud environment and in different sizes, providing the right flexibility as your projects change and grow.


I’m Georg Wilhelm, director of ARIS product management. I’m here to help you understand the value of ARIS for GRC management. Have a question or an idea for a new feature? Let’s talk!

Email me


Get compliant with the EU GDPR

Find out what you can do today to ensure your organization meets the data protection standards mandated by the EU GDPR.

Watch video


Brilliant business processes

See how to manage and constantly adapt your processes with ARIS. Drive your business in the right direction and manage your digital future!

Watch the video
SAG GDPR Website Rotating Banner Image


Get GDPR compliant by May 2018

Avoid the steep fine! As of May 2018, every organization that does business in the EU will have to comply with the General Data Protection Regulation. ARIS & Alfabet can help—see how.

Download e-book


10 key takeaways you need to know

Digitalization presents new opportunities, new risks and new regulations. See how a digital GRC management system helps you keep everything under control.

Read the white paper
Support login