ARIS - SHARE YOUR IDEAS
is a standard requirement for GRC use cases.
It is used as a documentation of the business processes with respect to the allocated risks and controls. Auditors (internal and external) use to request this report as a starting point for any GRC-related audit.
Based on a selection of Business Processes, the report shows a table of all risks and controls with relevant attributes, such as responsabilities/roles/names, frequencies, terms, organisation and description. Each user can start the report and it shows the content depending on the user's rights.
I suggest to provide this as a standard ARIS_GRC report.
Sample attached, in German. (1st sheet = selection summary; 2nd sheet = headlines with sample content) The rights of the user stated on sheet 1 define the content shown in sheet 2.
