The most effective features are the basic ones to evaluate and control risk. We have many specific small models inside of ARIS Risk and Compliance Manager, like issue management. These are smaller add-ons depending on the needs. You are including specific models as well. The basic ones do exactly what is required for risk management: identification, evaluation, control, mitigation, and modification. And, we have dashboards with the possibility to configure compliance policies and risk limits based on which we can create alarms. If there are maximum limits, we create alarms attached to the responsible people. Normally, there is someone that identifies the risk, and then you have the risk owner. These people [normal users] can send notifications to the risk owner, who will evaluate the risk and decide whether it's important to control it or not. I remember a project where the customer wanted to control all risks and assigned many people to identify them. They started identifying risks everywhere. After a few years, the customer realized that it didn't make sense to control all of them. So, they created limits—levels of risk the company was willing to accept because it was more expensive to implement controls than to manage the risk. So, regarding ARIS Risk and Compliance Manager, you can implement all the risks and policies you can imagine because it's very customizable. You can customize a lot of things.
