GRC-PC & Multiple Compliance Framework (MCF)

Similar Messages

• How to apply compliance framework oem 12c

  Hi
  At Compliance Library I got the default Compliance Frameworks. One of them is the "PCI DSS (Version 2.0)" framework .. When I click Enterprise - Compliance - Results and then I click Compliance Frameworks on Evaluation Results I have "No data to display."
  I have watched this clip Oracle Enterprise Manager 12c: Compliance Framework Overview - YouTube but they only point out how to apply different standards.
  Can you help me get result for entire framework
  Thanks in advance
  Regards Lazar

  Hi
  At Compliance Library I got the default Compliance Frameworks. One of them is the "PCI DSS (Version 2.0)" framework .. When I click Enterprise - Compliance - Results and then I click Compliance Frameworks on Evaluation Results I have "No data to display."
  I have watched this clip Oracle Enterprise Manager 12c: Compliance Framework Overview - YouTube but they only point out how to apply different standards.
  Can you help me get result for entire framework
  Thanks in advance
  Regards Lazar

• SAP GRC 5.2 Compliance Calibrator rule sets for HR module

  HI All,
  The company i am working for has done installation of GRC 5.2. I would like to download the SAP out of box Compliance Calibrator rule sets for HR function module in a spreadsheet format.
  I would like to download the rule set for risks at Function level, Tcode level and also at authorization object level in ABAP and Roles, actions and permissions in JAVA.
  I will discuss with the BPAs, internal auditors and come up with a new rule set exclusively for my company needs with the help of the above spreadhseet.
  Please tell me what steps i need to do to get this thing done.

  Please go through the process but save these as txt files for UNIX. I am not sure about 5.2 but CC4 was not uploading rule files correctly if file was not saved for TXT for UNIX.
  Regards,
  Harry Sidhu

• SAP GRC Access Control - Compliance Calibrator - License Cost

  Dear all,
  I have some questions on Compliance Calibrator implementation.
  1. Do  we have to pay additional cost for the license to implement Compliance Calibrator?
  2. Since SAP GRC 5.3 is just released, which one do you recommend? SAP GRC 5.2 or 5.3?
  3. What would be the major difference between Compliance Calibrator in GRC 5.2 and 5.3?
  Best regards,
  Rolando

  Hi Rolando-
  1. Yes, there lies some license cost and the amount should not as much as taking SAP R/3 license. I am not sure of exact amount but its nominal as compared to other SAP products.
  2. SAP always recommend for the latest version available and why not one would go for latest version if you are paying something for that.
  Also, it depends on your existing R/3 version and its compatibility. In short run, you can choose per your existing versions but in long run everyone has to move to latest version. Say for example whoever is using SAP R/3 technology with whatever version, they all need to upgrade to ECC6.0 by 2011 with extension upto 2013. I am not sure of any such information about GRC AC though.
  3. Some enhancement have been done with CC 5.3. Those features include-
  1. Risk analysis for SAP Enterprise Portal and UME
  2. BI integration for custom reporting
  3. Reporting enhancement features include additional auditor, business manager and IT reports
  4. SOD management by exception. Can be integrated with workflow.
  5. Import/Export of configuration data
  6. Migration scripts
  7. Download and print capability on every report.
  Some performance improvements-
  1. Concurrent risk analysis.
  2. batch mode risk analysis
  3. Improved memory mgmnt etc.
  Hope it gives you now some more visibility.
  Cheers!
  Ashok

• SAP GRC 10 : Can we connect GRC to multiple clients within the same system

  We are having this requirement to connect SAP GRC to two different clients within the QA System.
  Just wondering whether this is possible to connect at the same time. We have created connectors in both the clients in ECC  and in GRC we have connectors for both ECC Cllients. When I try to add the connector for second client in SPRO , it is not even showing up entry for that
  Please confirm whether we can do this

  Hi Anil
  If you have two ECC clients you would create two connectors to GRC. You would need two SM59 RFC connections (one for each client) to map them through.You can map them to the same logical group though.
  What is not working for you? Did you define both clients as their own connectors?
  Regards
  Colleen

• SAP GRC 5.2 Compliance Calibrator

  How can I generate the list of SoD conflicts arising from a particular rule.
  Thanks & Regards
  Srikanth R

  Hi Srikant,
  Can you provide an example of any "Rule ID" that you want to search on?
  What kind of output you are looking for?
  Regards,
  Sirish.

• The GRC Consultant

  In a regulated economy, success is measured on the speed, transparency, integrity and compliance capabilities of the organization’s business processes and  the system landscape. The key to success, would then translate into an effective audit of the organization’s SAP system, with specific focus on security and control. General Controls specialists reviewing Application  Controls may not deliver the desired level of comfort in identifying control weaknesses in an SAP environment. This requires knowledge of the SAP system  security,  auditability, risks  and  controls.  The  introduction  of  SAP  Netweaver  has  further enhanced  the  need  for  having  a  better  understanding  on  the  key  aspects  of  security,  user authentication and authorization, across platforms.
  To get into the GRC space, I do believe that consultants must have a fair understanding of:
  - the main business processes in the mySAP Business Suite covering the Purchase to Pay Cycle, Order to Cash Cycle, Inventory Management, Accounting etc.
  - SAP Basis Security covering User Management and Authorizations, Roles, Infrastructure Security, Netweaver Security, Single Sign-On in Heterogeneous Landscapes etc
  - SAP tools like MIC, AIS, Compliance Calibrator etc
  - regulatory requirements like SOX, JSOX, Basel II etc
  - compliance frameworks like COSO, Cobit etc
  - auditing standards like AS1, AS2, AS3, AS4 from SEC
  - international accounting standards
  - risk assessment and risk management in enterprises
  - preventive, detective, corrective and deterrent controls to mitigate risks
  The GRC initiative from SAP is definitely a step in the right direction. I do believe that exchange of ideas through this forum will be a catalyst to good governance and will definitely help organizations in meeting their compliance objectives.

  Greetings to the Forum and Babu,
  It is indeed a pleasure that SAP has started this forum and has heavyweights like Babu involved and participating.
  SAP has been a front runner in the GRC space and is indeed doing a tremendous job to further the cause of a unified and holistic approach towards GRC, justifiably, the industry is perceiving the other players as laggards in this space.
  I am attempting to provide a laundry list of all the resources available on the internet pertaining to GRC in general and SAP GRC in particular.I am passionate and committed to SAP GRC and would like to see this forum grow by leaps and bounds.
  <b>Generic information on GRC and regulations</b>
  1.  http://www.isaca.org/ for CISA and Systems Auditing and a whole range of subjects in GRC
  2. http://www.aicpa.org/ for SOX
  3. http://www.sec.gov/ for SOX
  4. http://pcaobus.org/ for SOX
  5. http://www.theiia.org/ for Internal Audit
  6. https://www.isc2.org/ for Security
  7. http://www.sebi.gov.in/ for Clause 49
  8. http://www.fsa.go.jp/ for J SOX
  9. http://www.frc.org.uk/corporate/internalcontrol.cfm for Turnbull guidance on Internal control
  10 http://www.osc.gov.on.ca/ for Bill 198/CSOX.
  11. Apart from these there are numerous other regulations like Kon Traag, FDA, ROHS, WEEE  all of which are part of the Governance, Risk and Compliance Ecosystem.
  In my next post I will give a laundry list of all resorces available for the SAP GRC ecosystem.
  Thankyou,
  Happy blogging!

• GRC! Realmente devo investir em aprende-lo só agora?

  Boa noite,
  Sou consultor PI da Gafisa S.A construtora em SP.
  Aqui não precisamos implementar o GRC, a SPED foi feito por um software de terceiro e a única coisa que temos desenvolvida no PI são interfaces que levam informações para o SQL desse software terceirizado.
  Gostaria de saber se com o limite do prazo para a entrega da SPED, é realmente importante aprender como utilizar o GRC nessa altura do campeonato ? O GRC possui alguma outra funcionalidade tão bem utilizada além da NFE ? Se eu sair do meu atual emprego em 1 ano. Nessa data daqui à 1 ano, terão oportunidades para NFE ou já estará tudo implementado e será algo já extinto ?
  Gostaria de sugestões de vocês que estão tão envolvidos com esse módulo, e gostaria de saber se devo estudar sobre o GRC afim de aumentar minhas habilidades de PI.
  Muito Obrigado,
  Diego Crespo

  Muita informacao misturada no mesmo canto.
  Vamos tentar desmistificar alguns conceitos:
  - SPED: projeto nacional conceitual, que visa a reducao do chamado "Custo Brasil", focando principalmente na eliminacao de obrigacoes em papel e "simplificando" (ou reduzindo o numero de) reports e processos eletronicos;
  - EFD (tb chamado "SPED Fiscal"): Escrituracao Fiscal Digital, report eletronico que visa substituir diversos livros fiscais, entre eles nota fiscal de saida, de entrada, inventario etc. Faz parte, num contexto macro, do projeto nacional SPED.
  - ECD (tb chamado "SPED Contabil"): Escritruacao Contabil Digital, report eletronico que visa substituir obrigacoes contabeis (e.g. Diario, Razao etc). Faz parte, num contexto macro, do projeto nacional SPED.
  - NF-e: Nota Fiscal eletronica, que criou um novo processo de autorizacao online para emissao de notas modelo 55 (em substituicao às notas modelo 1/1A). Faz parte, num contexto macro, do projeto nacional SPED.
  - SAP GRC NFE: solução SAP para o processo de NF-e. Utiliza o produto SAP Process Integration (SAP PI) para a comunicacao com Business Partners externos (e.g. SEFAZs, fornecedores (p/ recepcao de XML) e clientes (p/ envio de XML));
  - GRC: Governance, Risk & Compliance, uma suite de solucoes SAP que endereçam issues de governança, gerenciamento de risco e conformidade legal. Além do SAP NFE, existem diversas outras solucoes classificadas como GRC: SAP Access Control, SAP Process Control, SAP GTS, SAP EH&S etc. Todas essas solucoes sao independentes das outras no sentido de que não tem necessariamente a mesma arquitetura (e.g. usando o SAP PI).
  Quando vc diz que vcs utilizaram software de 3o p/ o "SPED", vc quis dizer p/ a NF-e ou EFD/ECD?
  A data limite de entrega do "SPED", imagino que esteja falando do EFD/ECD, que nao tem nada a ver com NF-e.
  P/ NF-e, existem diversas ondas de obrigatoriedade, com certeza muitas empresas já foram, mas existem ainda diversas para entrarem, então acho q ainda existe um mercado potencial pelos proximos 2 anos, no minimo. Com certeza, depois disso a tendencia é cair. O SAP NFE nao deve ser encarado como sendo um modulo a ser aprendido e viver só dele, mas sim como uma porta de entrada para os processos dentro do SAP. Uma vez aprendido o NFE, vc pode dar um foco mais funcional (no SD e MM) ou mais tecnico, no PI. Vai depender do seu perfil.
  Abs,
  Henrique.
  PS: vou mover o tópico p/ o forum de Discussoes Gerais

• Help with multiple iphones on 1 itunes!

  Hello. I just backed up my iphone onto my itunes and I was going to back up my moms as well, but it was trying to sync her phone, and all my info as well. How can we have 2 or three different iphones on the same itunes?! HELP!

  Hi
  The problem with using multiple javascript frameworks on on page is that each framework modifies how javascript works and this leads to incompatibility problems between the scripts. The simplest way to fix this is only to use one framework, alternatively check the documentation for the frameworks as there is often a snippet of code that one can use to stop the framework from modifying the browsers native javascript interpreter.
  You must include the snippet for each js framework.
  PZ

• Help with multiple js on 1 page

  Hi guys im tryin to run a slider js and a also a light box js on the same page but only one of them works- which ever is on top can someone please tell me hoew to overcome this? Its driving me nuts
  Here is the code.
  <script type="text/javascript" src="/js/jquery.js"></script>
      <script type="text/javascript" src="/js/smart-gallery.min.js"></script>
  <script type="text/javascript" src="/js/prototype.js"></script>
      <script type="text/javascript" src="/js/scriptaculous.js?load=effects,builder"></script>
      <script type="text/javascript" src="/js/lightbox.js"></script>
      <link rel="stylesheet" href="/css/lightbox.css" type="text/css" media="screen" />
      <link href="/css/styles.css" rel="stylesheet" type="text/css" media="screen">
      <link href="/css/print.css" rel="stylesheet" type="text/css" media="print">
      <link rel="stylesheet" href="/css/smart-gallery.css" type="text/css" media="screen" />
      <meta http-equiv="content-type" content="text/html; charset=utf-0" />
      <meta http-equiv="content-type" content="cache" />
      <meta name="robots" content="index,follow" />
      <meta name="keywords" content="enter keywords" />
      <meta name="description" content="Quality kitchens, joinery , furniture and much much more" />
      <!-- TemplateBeginEditable name="doctitle" -->
      <title>Native Timber Joinery - www.NTjoinery.co.nz</title>
      <!-- TemplateEndEditable -->
      <script type="text/javascript">
          $(document).ready(function() {
         $('#smart-gallery').gallery({ imagedisplaytime: 8000,
     stickthumbnails: true, random: true
     </script>

  Hi
  The problem with using multiple javascript frameworks on on page is that each framework modifies how javascript works and this leads to incompatibility problems between the scripts. The simplest way to fix this is only to use one framework, alternatively check the documentation for the frameworks as there is often a snippet of code that one can use to stop the framework from modifying the browsers native javascript interpreter.
  You must include the snippet for each js framework.
  PZ

• No staggered windows with XCode 3 in a Cocoa multiple document application

  I want to release a new version of an application that I developed using the Cocoa multiple document framework. With XCode 2.x when I opened new document windows they were staggered so that the user could see that there was more than one document open. Since I switched to XCode 3, new document windows are created at the same location on the screen and new ones cover the older ones. I liked the old way. I can't find anything about this in the documentation or release notes. Is this the new way to do this according to the Human Interface Guidelines or a bug or what?

  I see that part of my problem is terminology. The term for exposing new windows is cascading. It is possible to tell a document's window controllers to cascade its windows when initializing an NSDocument subclass like this:
  - (void) windowControllerDidLoadNib:(NSWindowController *) aController
  [super windowControllerDidLoadNib: aController];
  NSArray* myDocWindowControllers = [self windowControllers];
  int numControllers = [myDocWindowControllers count];
  unsigned int controllerNumber = 0;
  while(controllerNumber < numControllers){
  NSWindowController* theWindowController = [myDocWindowControllers objectAtIndex: controllerNumber];
  [theWindowController setShouldCascadeWindows: YES];
  controllerNumber ++;
  }

• IDM, GRC and position based security

  We use position based security in our ERP  system and are implementing GRC.  In our BI system the roles are directly assigned to the User ID, but we need them to dynamically update if a position change occurs.  We have this functionality working in QAS by implementing CUA, but we are considering if IDM can be used instead.  There seems to much less documentation on how to configure IDM with position based security (compared to CUA), so I have a few questions.
  Assuming IDM is receiving its provisioning requests from GRC, can it be configured to provision a role to the position on one system and a user on another?     
  How can IdM be configured to react to a position change and update the roles appropriately?
  Has anyone implemented GRC and IDM with position based security?
  Regards,
  Wayne

  Hi Wayne,
  In IdM, you can define business roles (for your positions) and map these to the technical roles that you can distribute to your SAP systems.
  You can configure IdM to react to changes in your HCM system and automatically create and distribute roles based upon e.g. the new job description of a user.
  I've attended Teched, and the SAP recommendation is to use IdM to manage your users and do the provisioning and to use GRC for compliance checking.
  So in HCM the position of a user changes (e.g. promotion), IdM picks this up and proposes a set of roles for the user, IdM sends this to GRC via web service, GRC checks for compliance (SOD) issues and if there are none, GRC tells IdM all is OK, then IdM starts the provisioning. If GRC reports issues, you should have a workflow in place to handle these.
  This is all theory though, I'm just getting started with IdM myself.
  Kind regards,
  Dagwin

• Authorization object - Compliance Certification Review

  Hy Guys,
  I need to disappear in GRC AC with options Compliance Certification Review.
  Is necessary  the end user not see this option.
  I'm block object GRAC_REQ in my roles type=11, but the option not disappear in GRC AC option Compliance Certification Review.
  Please, someone could help me
  Regards
  Martha

  Hi Martha,
  Did you try to deactivate the request type at "SPRO > GRC Access Control > User Provisioning > Define Request Types"?
  Regards,
  Aldo Kusuke

• Difference between GRC 5.2 and 5.3

  Hello,
  I am new to SAP GRC and want to know the key diffrenced betwen GRC 5.2 and 5.3

  Hi,
  Check below thread:
  SAP GRC Access Control - Compliance Calibrator - License Cost
  Thanks
  Sunny

• Differences and Similarities between MIC and PC3.0

  Hello Friends,
    Can anyone please provide me information about the following:
  1. Is PC3.0 next version of MIC?
  2. Can MIC be upgraded to PC3.0?
  3. If yes, how the data is migrated from MIC to PC3.0?
  4. What are the master data objects in MIC exactly match with that of PC3.0?
  5. What is the functionality of MIC that matched with PC3.0?
  6. What are major diffrences and similarities in MIC and PC3.0?
  Appreciate your help here!
  Regards, Ben

  Dear Ben,
  let me try to answer your questions:
  1. Is PC3.0 next version of MIC?
  MIC is a predecessor product for PC 3.0. With the aquisition of Virsa there was a new product introduced with the name "Process Control".
  2. Can MIC be upgraded to PC3.0?
  +There is a migration path for MIC 1.0 and MIC 2.0 to PC 3.0.
  3. If yes, how the data is migrated from MIC to PC3.0?
  You can find documentation for this in the service marketplace. There is a migration guide for MIC to PC 3.0. In The BPX there are also guides produced by the GRC RIG team.
  4. What are the master data objects in MIC exactly match with that of PC3.0?
  5. What is the functionality of MIC that matched with PC3.0?
  MIC was mainly build to support SOX compliance. PC 3.0 not only supports SOX compliance but theoretically as many compliance initiatives as you want. Both share a central organizational structure, a central contol catalogue, issue and remediation workflows for evaluations.
  6. What are major diffrences and similarities in MIC and PC3.0?
  PC 3.0 comes with a multi compliance framework, supports automated control tests, has much stronger reporting capabilities and export to excel. PC 3.0 has surveys and test plans and integration wit Risk Management 3.0. 
  You can look up more detailed information here:
  Service Marketplace:
  service.sap.com/rkt -> SAP BusinessObjects GRC Solutions -> ....
  BPX community:
  http://www.sdn.sap.com/irj/bpx/grc .....
  help.sap.com -> SAP BusinessObjects -> GRC solutions -> ....