Ad hoc Risk Analysis report is returning incorrect Risk Level for some Risks

We are running GRC AC 10.0 with SP 16.  After application of Support Pack 16, some of our ad hoc risk analysis reports are returning incorrect risk levels.  For example:  Risk F024 Open closed periods and inappropriately post currency or tax entries is set as High.  When the Ad hoc report is run, the risk F024 will show on a user with a level of Medium.  We have generated our ruleset and have followed the normal procedures used to implement the support pack.  Any ideas what is causing this issue?  I have exhausted my knowledge and search attempts.
Any help is appreciated.
Sara B.

Hi Kevin
Many thanks for your post, we did run a full BRA but no luck unfortunately. Some Risks still reporting as Medium when they should be Critical or High. Oddly it is reporting correctly against some risks just not for all!
Cheers
Hussain

Similar Messages

  • Risk analysis Report Error in GRC AC 10.0

    Dear GRC,
    I had problem with Risk analysis Report in GRC Access Request form
    When i run the Risk analysis report on Action Level , Permission Level , Critical Action Level and Critical Permission Level then report showing as "No Violations" but if i run the Risk analysis report only on Critical Action Level and Critical Permission Level then report showing too many Violations.
    I maintained Action Level , Permission Level , Critical Action Level and Critical Permission Level as default risk analysis type in SPRO Configuration Parameters settings.
    i am not understanding why system behaves like this. Could you please help me on this.
    System Details : GRC AC 10.0 , SP-12
    Thanks a lot for swift response.
    Best Regards,
    RK

    Hi GRC Team,
    Please help me on this. I am waiting for your replay.
    Regards,
    KR

  • GRC Risk analysis reports are not checking all possible risk conflicts set up in the rule set that lead to risks.

    Dear All,
    After running the risk analysis it shows only the first conflict for a risk in the rule set (Rule ID 0001). We have already Generated SOD ruleset. Also during migration from 5.3 to AC10.1 all the rulesets were imported properly.
    What could be reason??
    Thanks for your help.
    Regards,
    Abhisshek

    Abhisshek,
    there is already a thread with the same question:  Dear all I only get result for one rule id and not with others what should be an issue?
    Regards,
    Alessandro

  • Issue with risk analysis report in GRC10.0

    Hi All,
    We are running the user risk analysis report from NWBC: Reports and Analytics -> Access Risk Analysis Reports -> User Risk Violation report.
    This report is not fetching all the data even though user has all the required authorizations.
    We are getting the data when we execute the dashboard reports.
    Any one has idea?
    Cheers
    Hari

    Alessandro,
    Thanks for the reply. I am aware of this.
    Problem is when dash board report is showing the risk for the user but risk anaylsis report in Reports and Analytics is not showing the risks to that user.
    As per our investigation, the risk data that is displaying in the risk anaylsis report in Reports and Analytics is incomplete. We didn't find any errors in SLG1. Also there is no issues from authorizations side.
    Regards
    Hari

  • AC 5.3 RAR - combined risk analysis reports for regular auth. and SPM auth.

    Dear All,
    we have users that have regular day-today authorization and also FF authorization.
    Does the Batch Risk Analysis takes into account both authorizations when doing the risk analysis for those users ? will we see it in the reports ?
    Thanks
    Yudit

    ok, so basically the answer is no, in the RAR components we do not have risk analysis for the combinations of the roles assigned to the user and to his FF ID.
    in that case, at what stage does the system checks for those combined risks ?
    is it checked when we manage the risk analysis phase in the CUP request that is asking to assign the FF ID to the user ?
    thanks
    Yudit

  • Risk analysis reports in IDM 6.0

    Hi
    I was trying to run risk analysis report to detect deleted users in Red hat linux. I was not sure what report to run. I tried various things like user report, resource accoutn report etc. However these reports gave the the list of users deleted in IDM but not the resource. Can i somehow create a customized report to do this?
    Any help regarding this matter is appreciated
    Thanks
    Man

    Hi,
    Please check following path in easy access
    1) Accounting ->Controlling -> Product Cost Controlling ->Product Cost Planning ->Information System
    2) Accounting ->Financial Accounting ->Fixed Assets ->Information System
    Best Regards,
    Madhu

  • Risk Analysis Reports Format

    Hello Experts,
    What is main difference between Risk Analysis Report Formats ....
    Summary
    Detail
    Management Summary
    Executive Summary
    Please explain in depth and which scenarios we are using these reports. Please give a one business example.
    Regards,
    Babu

    Dear Babu,
    trying to help you.
    Summary: gives you an overview of conflicts on action level. Can be used to discuss with business what is causing the risk.
    Detail: gives you an overview of conflicts on authorization level. Can be used to analyze how a conflict can be removed.
    Management summary: gives you an overview of risks on user level. Can be used to report how many risks are currently in the system on user level. E.g. userA has 3 risks, userB has 2 risks, etc.
    Executive Summary: gives you an overview of risks on risk level. Can be used to have a general overview of applicable risks in the system. E.g. riskA has no conflicts, riskB has 7 conflicts, etc.
    Best if you just analyze and you will see the differences. If you have a particular question do not hesitate to contact us.
    Regards,
    Alessandro

  • GRC_10 Risk Analysis Report

    Hi,
    i should extend the risk analysis report with more details from diffrent tables, they hold special role details.
    I havent found an idea how to do this.
    Could i extend the standard report for risk analysis with more columns?
    Is there something like user.exits or enhancement-points?
    thank you very much indeed
    best regards
    Alex

    Hi Alex,
    did you have a chance to look at standard SAP Help information about different types of reports and information available?
    If not yet -please take a look at:
    Risk Analysis Reports - SAP GRC Access Control - SAP Library
    What exactly information you would like to add to reports?
    Standard reports can by customized by adding some additional fields which are hidden in standard view.
    There is also an option to add custom fields and data,
    Lets us know,
    Filip

  • Role Based Risk Analysis Report

    Hello All,
    When I executed the Risk Analysis report for a role with SOD Risk Level = ALL and Report type = SOD at Authorization Object level, the results come back as "NO CONFLICT FOUND".  this is the correct response.
    However, I executed the Risk Analysis report for the same role with SOD Risk Level = HIGH and Report type = SOD at Authorization Object level, the results come back SOD conflicts based on the conflicting transactions.  Is there a bug with analyzing roles using this option?
    Also, when I click on the Detail Report button, I received object data that does not appear correct.
    Please Help.  Thanks.
    Edited by: Michael Johnson on Apr 8, 2009 8:54 PM

    Hi Babiji,
    Are you using any specific tools for SOD's? If you are using GRC tool, then it can be done using compliance calibrator Role level Risk analysis.In addition to what Sneha has said,
    To find out the conflicting roles in CC version 5.2 the path is INFORMER->Risk Analysis->Role level.In Virsa 4.0 you have the option of carrying out risk anaysis at role level by executing the t-code /N/VIRSA/ZVRAT.
    In section Analysis type, choose Roles and enter the list of roles.
    In section SOD Risk level, choose the appropriate risk.
    Then choose the appropriate report type and report format before executing it.
    This will display all the roles with the levels of risk associated with it and then you can mitigate these as per your organizational policies & procedures.
    Thanks,
    Saby..

  • GRC AC 10 (BRM) Risk Analysis Report type is editable

    Hi,
    In  GRC10 – BRM  Risk analysis at “Action Level”, “Permission Level”, “Critical Action”, “Critical Permission” and “Critical Role/Profile” is editable.
    When i start to create a role in the Risk Analysis step, Permission Level is always selected .Selection is fine as this is configured this way (Parameter in SPRO 1023 -Default Report Type for Risk Analysis).  But exist the option to deselect "Permission Level". 
    As you can Permission level is always selected and not editable?
    Regards

    Hi,
    I guess Cristian mentions attached BRM screen. I have same issue; how to change default values of report type in BRM like parameter 1023 changes in access request.
    Also, if we change default value of check box, Cristian can set non-editable fields through SE80.

  • Can you download RAR Risk Analysis reports to something other than Excel?

    When you run a RAR Risk Analysis and go to export the resulting reports, RAR automatically exports this into an Excel spreadsheet.
    Is it possible to export the reports into some other kind of format/tool?  (SQL would be ideal.)
    We are on GRC 5.3 SP13.
    Thanks.

    Our CMG group runs a company-wide risk analysis 2-3 times a year to use in their SOD Review process.  We are looking into loading this report into QuickView to give them more capabilities with using the report.  QV will work with Excel, but you have to load every spreadsheet and every page separately. 
    We are looking to see if we could download it into some other format that would contain all of the report in just one file.  Would make the QV load easier.  Something like SQL would probably be ideal.
    Thanks.

  • ARA: "[P/G]" symbol in Risk Analysis Report???

    Hi,
    I have noticed a peculiar symbol in Access Risk analysis while performing permission level analysis. The symbol is "[P/G]<TCODE>".
    I have not this before. Any idea why this is coming and how I can resolve this?
    Please see the screenshot for the same.
    Recently, our target system is upgraded. I am sure if this is coming because of that. Earlier, it was working fine.
    Also, system is showing unknown risks violations for roles and all of them are preceded by "[P/G]" symbol.
    Please advise.
    Regards,
    Faisal

    Alessandro,
    Thanks for your reply.
    Yes, these actions are assigned to functions.
    Secondly, I re-generated the rules and the result is same. Also, I used
    our quality system (upgrade is not done yet) and analyzed the same role and it gave expected results!
    I am using same GRC system but different target systems. ERP Development system is causing problem where as ERP Quality system is not.
    Based upon my analysis, I see some problem with our ERP development system which is not showing appropriate results. But not sure what to do.
    Any help please?
    Regards,
    Faisal

  • After the risk analysis I am trying to mitigate the users with risk ID and I am getting an authorization error.

    Dear All,
    I am trying to mitigate some users and after running risk analysis when I am trying to mitigate them I am getting an error saying I am not authorized to do so.
    I have requird roles to do my activity-

    Dear Prasant,
    I am getting above error.
    I have required roles
    GRC_CONTROL_APPROVER
    GRC_RISK_OWNER
    Regards,
    Abhishek

  • Org Rule anlaysis when performing mitigation from risk analysis report do not mitigate the user from management summary report message!

    Hi,
    When in the User Level>Mitigation screen this comment appears  (*). When taking the path to  ‘summary’(a) or ‘detail’ (b) doesn't change when we select the button  MITIGATE RISK (**).  What was the intent of the below message?
    What is the intent of the message ?

    Hi Pranjal,
    please see note: http://service.sap.com/sap/support/notes/1972382
    Regards,
    Alessandro

  • Report Pdf output getting Junk characters for some boiler Plate fields

    Hi All
    For Dunning Letter Report registered in Oracle Applications,made changes in Column headings like added customer number as Kunde for German Letter
    but in pdf output it's appearing as junk characters even date field is happening like that. It's happening for German, Spanish, Italy and French Letters. Working ok for Netherlands, English.
    any input to fix this solution will be great
    Thanks
    Kamalakar.G

    Maybe you check the NLS_LANGUAGE-settings on the client where you "edit" the reports-definition.

Maybe you are looking for

  • Replace exact string from a list seperated by ":" delimeiter

    Hi, How can I replace PROJ1 with PROJ4 and cover all the following options, when items are seperated by ":" delimiter. 1)     PROJECT_NAME=PROJ1 2)     PROJECT_NAME=PROJ1:PROJ2 3)     PROJECT_NAME=PROJ2:PROJ1 4)     PROJECT_NAME=PROJ1:PROJ11 5)     P

  • FM for uploading Purchase reuisations into SRM

    Hi SAP guru's, I need to Upload purchase reuisations form legacy system to SRM , here i am using BBP_PD_SC_CREATE and BBP_PD_SC_SAVE, but uploading data from legacy system to internal table which Function Module  i will use, plz give me ASAP, Thank u

  • Is there an archive page for Flash Player plugins for PORTABLE versions of web browsers?

    Is there an archive page for downloads of Flash Player plugin installers for the PORTABLE versions of web browsers like Firefox ESR? One of my web browsers is Firefox ESR 10.0.7 and it is a PORTABLE version of Firefox that apparently needs a differen

  • Title Bar hidden behind Apple Mac menu bar

    Hi I am using Elements Organizer 12.1 and, for some reason, the title bar is hidden behind my Apple Mac menu bar.  Does anyone know how to click behind the menu bar so I can access the Elements title bar? Thanks Richard

  • Apple logo in the centre of the screen and not responding

    I received my Apple TV yesterday, it was fairly easy to set up, I had it working with sync'd and streamed content. This morning I switch on my TV and find the Apple logo in the centre of the screen, but it's not responding to the remote other than th