MITIGATION CONTROL CREATION

Hi
     I am Rakesh, my question is  while creating a mitigation
control, in the reports tab there is a field called action.what is
this action and what is the use of it?
thanks in advance for the reply

I think this field was meant as a reference as to what report/transaction you run to mitigate the risk. Based on this and the frequence you put in, the system could check if the monitor actually ran the transactions required for performing the mitigating control.
But, as Amol is saying, this is free text, and you can put whatever you want in there - however, if you put a transaction code (action in GRC speak) it will look up the tranaction text
Note that this is based purely on what I think I remember, so don't go selling this as a feature
/henrik

Similar Messages

  • Mitigating Control creation and application in SAP GRC 10

    Hi Expert,
    We have SAP GRC Access Control 10 being implemenmted for our client.  While trying to create Mitigating Control, we just realized that Before creating mitigating controls you need to create a Root Org entry, this replaces the Business Units in previous AC versions which is visible only when we activate the GRC-PC Application.
    My queries are:
    1. Is it that Mitigation control can only be created if PC is enable.
    2. What about Licencing if GRC-PC Application is used for Mitigating Control Creation.
    Thanking you i advance.
    Thanks & Regards,
    Abhimanu Kumar Singh

    HI,
    Thank you for the response, I just checked and could find that I can create Mitigating control without PC application. It is just that PC relevant fields are not displayed.
    However can anybody answer as to what happens if I use PC to create Mitigating Control, Do I have to purchase the license for SAP GRC PC or it is ok for shared resources.
    Thanks again.
    Thanks & Regards,
    Abhimanu Kumar Singh

  • GRC AC V10 - Mitigation Control Approval Workflow

    Hi guys,
    can me explain somebody the difference between the processID SAP_GRAC_CONTROL_ASGN und SAP_GRAC_CONTROL_MAINT?
    And as well can somebody provide me the initiator rule ID for both so that we can have a detailed look into the brfplus rule.
    We only want to mitigate controls via an controlowner approval and not a process for the creation of new controls.
    That means an asisgnment approval workflow for mitigation controls.
    Thanks a lot.

    Hello Alexa,
    Did you ever employ SAP_GRAC_CONTROL_ASGN ? Were you able to identify the included agents ?
    I am interested in identifying approvers for mitigating controls who can be included in the workflow but are not risk owners. Would you have any suggestions for this type of agent ?
    Any information would be appreciated.
    Thanks,
    Jamie

  • Mitigation Control Migration From 53. to GRC10

    Hello,
    Can you please let me know where do I find a templete for downloading Mitigation Controls from 5.3 and how do I upload them in GRC 10?
    An early reply would be highly appreciated.
    Thank you.

    Hello,
    Can you share how you migrated the mitigation controls?
    While migration of the mitigation controls
    I get an error "Creation of object ID 00000000 is not allowed"
    I have different buisness processes for risks/functions and the mitigations...Is it something to do with that? or shoudl i create the business processes in GRC 10 before migration?
    I am pretty much stuck here...any help is really appreciated.
    Thanks,
    Raghav

  • Mitigation control usage in PC 10

    Hi Experts,
    I am able to create Mitigation control under the PC of GRC 10. The same can be seen under the Mitigation control tab of AC. However, I am unable to see the mitigation controls that are designed under AC for assignment in PC. 
    Is there any configuration that has to be done to connect both AC and PC?
    Please let me know.
    Thanks,
    Suma

    Hello Adreas,
    Thanks for the reply.
    As you mentioned i have maintained the organization under Setup --> Organizations. However, I am still unable to see Mitigation controls under the subprocess.
    I see that I can create a new mitigation control when I navigate through Master data>select specific organization code> select the subprocess-->add new control. This tab shows the creation of new Mitigation control. However, it does not diplay the mitigation controls that were created under AC.
    Am I missing something? Please suggest.
    Thanks,
    Suma

  • Error while uploading mitigation controls

    Dear All,
    While uploading the mitigation controls i am facing with the below error. Can you please help me in resolving this error.
    Error in table dataVIRSA_CC_MITUSER
    SQL:=>Insert into  VIRSA_CC_MITMON(MITREFNO,MONITORID) Values(?,?)
    Record::Line Number :21 : D VIRSA_CC_MITMON TESTC1 TEST1
    Below is the text file which i am uploading into the RAR for test purposes
    M     VIRSA_CC_ADMIN     USERID     NAME     EMAILID     ROLEID               
    D     VIRSA_CC_ADMIN     TEST1     TEST1     test     M          
    M     VIRSA_CC_BUSUNIT     BUSID                              
    D     VIRSA_CC_BUSUNIT     TH                              
    M     VIRSA_CC_BUSUNITT     BUSID     LANG     DESCN                    
    D     VIRSA_CC_BUSUNITT     TH     EN     Thailand                    
    M     VIRSA_CC_BUAPPVR     BUSID     APPROVERID                    
    D     VIRSA_CC_BUAPPVR     TH     TEST1                         
    M     VIRSA_CC_BUMONITOR     BUSID     MONITORID                         
    D     VIRSA_CC_BUMONITOR     TH     TEST1                         
    M     VIRSA_CC_MITREF     MITREFNO     BUSID     APPROVERID               
    D     VIRSA_CC_MITREF     TESTC1     TH     TEST1                    
    M     VIRSA_CC_MITREFT     MITREFNO     LANG     DESCN                    
    D     VIRSA_CC_MITREFT     TESTC1     EN     Test mitigation control               
    M     VIRSA_CC_MITRISK     MITREFNO     RISKID                         
    D     VIRSA_CC_MITRISK     TESTC1     F006*                         
    M     VIRSA_CC_MITMON     MITREFNO     MONITORID                         
    D     VIRSA_CC_MITMON     TESTC1     TEST1                         
    M     VIRSA_CC_MITRPT     MITREFNO     ACTIONS     VSYSKEY     MONITORID     FREQUENCY          
    M     VIRSA_CC_MITUSER     MITREFNO     RISKID     USERID     VALIDFROM     VALIDTO     MONITORID     STATUS
    M     VIRSA_CC_MITROLE     MITREFNO     RISKID     ROLEID     VALIDFROM     VALIDTO     MONITORID     STATUS
    D     VIRSA_CC_MITROLE     TESTC1     F006*     Z1.*.ASST-SC-FINC-MGR     6/9/2010     7/25/2010     TEST1     0     
    M     VIRSA_CC_MITHROBJ     MITREFNO     RISKID     HROBJ     HROBJTYP     VALIDFROM     VALIDTO     MONITORID     STATUS
    M     VIRSA_CC_MITPROF     MITREFNO     RISKID     PROFILE     VALIDFROM     VALIDTO     MONITORID     STATUS
    M     VIRSA_CC_MITUSRORG     MITREFNO     RISKID     USERID     ORGRULEID     VALIDFROM     VALIDTO     MONITORID     STATUS
    M     VIRSA_CC_DETDESC     OBJECT_TYPE     OBJECT_ID     LANG     DETAIL_DESCN     
    D     VIRSA_CC_DETDESC     MIT     TESTC1     EN     Test Mitigation control                    
    We are not mitigating users now. Only roles are getting mitigated and hence we have not provided any values to the MIT USER table.
    Thanks and Best Regard,
    Srihari.K

    Dear Varun,
    Thanks for your reply. It helped me a lot. But however i am facing the following issue while uploading the mitigation controls
    After exporting the mitigation file from RAR, we opened the text file in a spreadsheet format and added few lines to the file and saved in the same text format or in UTF-8 format also
    After uploading the same into RAR again after changes we are facing similar errors mentioned in above query.
    But when we add lines  directly in the wordpad and upload the file then it is successful.
    We have to add so many mitigation controls and roles to be assigned for which excel would be easy way to dump.
    Is there anything wrong we  are doing here in editing and converting the files.
    Thanks and Best Regards,
    Srihari.K

  • Control creation of PR from project before release

    Dear All,
    Can we make settings such as before releasing the project system should not allow us to create PR/PO ?
    regds,
    CB

    Hi
    As mentioned by Ahmed,
    You can control creation of PR for particular time period by using WBS User status Profile configuration or Locking all account assignment data.
    Else you can use Res/PR key as From Release and needs to be defined in N/W Profile
    Also you use FM for status change for Activity
    Swapnil Kharul
    Edited by: SWAPNIL PRAMOD KHARUL on Sep 26, 2009 9:36 AM

  • Detect obsolete mitigating control assignments?

    Hello,
    What report/s would you use to detect obsolete mitigating control assignments?
    The scenario is: A user has been assigned a mitigating control, let's say during the CUP workflow, to mitigate a certain risk that came with a certain role. Later, that role is removed from the user. Now the user is in the scope of a mitigating control. However, the user is not even subject to the risk in question anymore.
    Which way (periodically?) could you detect these cases and clean up the mitigating control assignments?
    Thanks and regards
    Patrick

    Hey,
    My experience of cleaning up controls has not been very straight forward.
    I have had to perform various risk analysis reports and look up a list of user accounts that have been marked as "Expired" etc.
    It can be slightly more difficult  if, like many organisations, you decide to assign a control with a infinite validity period (i.e. 12.12.9999).
    The Business and Internal Control team need to be very proactive about regularly monitoring the controls and reviewing the assignments. This is one reason why I strongly recommend that controls are only assigned for a set period (i.e. 365 days/1 year), so a compulsory review takes place by the control owners/business on a regular basis. This makes the controls much more affective, robust and fit for purpose.
    Happy to hear other's opinions and ideas.

  • Mitigation control errors out in CUP approval

    We are on GRC 5.3 SP8 and I am trying to create a mitigating control in RAR.  Once it goes for approval into CUP, it erroru2019s out when I try to approve it.  Here is the message:
    2010-05-25 10:57:43,367 [SAPEngine_Application_Thread[impl:3]_9] ERROR com.virsa.ae.commons.utils.StringEncrypter$EncryptionException: Invalid PKCS#5 padding length: 32
    com.virsa.ae.service.ServiceException: com.virsa.ae.commons.utils.StringEncrypter$EncryptionException: Invalid PKCS#5 padding length: 32
         at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.getCCDocument(RequestExitServiceHelper.java:315)
         at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callCCExitService(RequestExitServiceHelper.java:263)
         at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callExitServiceForApprovedRequest(RequestExitServiceHelper.java:51)
         at com.virsa.ae.accessrequests.bo.RequestBO.callExitService(RequestBO.java:5391)
         at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5230)
         at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5023)
         at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:946)
         at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(AccessController.java:219)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    Caused by:
    com.virsa.ae.commons.utils.StringEncrypter$EncryptionException: Invalid PKCS#5 padding length: 32
         at com.virsa.ae.commons.utils.StringEncrypter.decrypt(StringEncrypter.java:200)
         at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.getCCDocument(RequestExitServiceHelper.java:305)
         ... 32 more
    Thanks,
    Peggy

    Hello Peggy,
      Did you recently upgraded your NW Java Support package? If yes, then kindly check the SAP Note "1417651 - Unable to retrieve connector & application configuration"
    The problem is coming due to change in NW encryption algorithm and impacted GRC as well. This is fixed in SP10 of GRC.
    Regards, Varun

  • Workaround for non-SAP mitigating control reminders

    Dear all,
    Our business users would like to document mitigating controls in RAR 5.3 regardless of whether they are connected with an SAP report. They would also like to receive email reminders for those controls.
    Unfortunately, the frequency of the control can only be defined per connected SAP report and reminders will only be sent for controls if the SAP report has not been executed.
    Have you been exposed with a similar requirement? It seems like a natural thing to ask from a business perspective. RAR 5.3, however, is not designed in that way.
    Have you come up with any feasible workarounds for this?
    My current approach would be to create a dummy Z-report per SAP system (such as Z_MANUAL_MITCTRL) that control monitors have to call once to confirm the execution of their control.
    Cheers and best regards
    Patrick

    Hello,
    Regarding your question, in fact this is dependant on how your UME (User Management Engine) is configured on your WAS (Web Application Server). If the UME is connected to your R/3 back-end then the user need to have a R/3 account to connect to CC, otherwise if your UME is "independant" then you just need to create an account in the UME.
    Regards,
    Jérôme.

  • Bringing mitigating controls from PC to AC in GRC 10.0

    Hi ,
    I am going through remediation process in GRC 10.0, However there are no mitigation controls setup in AC.
    my client is asking me to copy all the mitigating controls from PC to AC.
    Is this possible ? if yes, What will be the process ?
    Thank you.

    Hi Sri,
    you can achieve by downloading and uploading the mitigations.
    Go to SE38 and use the following program GRAC_DOWNLOAD_MIT_ASSIGNMENTS to download the file and make necessary changes to it and upload the file by using the following program GRAC_UPLOAD_MIT_ASSIGNMENTS.
    and put the active column in the file as X.
    Regards,
    Venugopal Ireni

  • Mass maintenance of Mitigation controls in GRC 10.0

    Dear All,
    How to do mass maintenance of mitigation in ARA of GRC 10.0. We successfully migrated the mitigation controls from 5.3 to 10.0. I need to change the monitors for many user conflicts and also add new user conflict mitigation controls. Is it possible to do a mass changes in GRC 10.0 as there is no upload functionality for mitigation controls
    Thanks and Best Regards,
    Srihari.K

    Hi Sri,
    you can achieve by downloading and uploading the mitigations.
    Go to SE38 and use the following program GRAC_DOWNLOAD_MIT_ASSIGNMENTS to download the file and make necessary changes to it and upload the file by using the following program GRAC_UPLOAD_MIT_ASSIGNMENTS.
    and put the active column in the file as X.
    Regards,
    Venugopal Ireni

  • Transport of mitigation controls from GRC Dev to GRC Production in 10.0

    Hi All,
    Is there an option to transport mitigation controls from Dev to Prod in 10.0. Where is that option available. We could not find even download or upload option unlike 5.3 in 10.0
    Thanks and Best Regards,
    Srihari.K

    Hi
    I can see that this question is marked as answered . Could you please update what steps were taken for transporting mitigation controls? Thanks
    Best Regards
    Srilakshmi S

  • CUP-5.3-SP13-Mitigation Controls by rol/users

    Hi all!
    Since RAR consider mitigations contros both by rol and users, If I have the role ZROL1 mitigated for the ID risk P001* then, would be able CUP to consider this mitigation control even when CUP is managing users?
    I mean, if ZROL1 has a mitigation control, would appear at the request the ID risk whenever I add this role to a user?
    Many thanks in advance! any help would be welcomed.
    Margarita.

    Hi Margarita,
    If you want it will consider the role level mitigation controls. So in the request risk violation will not be shown.
    For this u need check the option, consider mitigation control in CUP. Configuration-> Risk anlsysis.
    Also in RAR following things needs to be done.
    RAR Configuration->Risk analysis-> Defaults values.
    Exclude mitigated Risk as yes.
    RAR Configuration-> Risk Analysis ->Additional options
    Include Role/Profile Mitigating Controls in User Analysis  as yes.
    If above values are defined as No. than Risk Voilation will be shown in the request.
    Kind Regards,
    Srinivasan

  • CUP - Mitigation Controls in a Detour Workflow

    Hello everybody,
    I have a problem with a detour workflow in CUP.
    I choose the detour condition: "SoD violation".
    So in theory, if there is no conflicts the workflow don't take the detour path.
    We supposed that the user request has an SoD conflict.
    In the stage(s) before the detour, if we assign a mitigation control that mitigate the risk, the detour is still taken.
    I think the workflow swich systematically to the detour if the request had a conflict, even if the risks were deleted by an Mitigation Controls assignment.
    Does anyone have a solution to avoid the detour path if we mitigate the risks?
    Thank you in advance!!

    Ben,
       This is how CUP works. There is no configuration which allows you to ignore SOD violaton even if there is mitigation. You will have to live with this for now.
    Regards,
    Alpesh

Maybe you are looking for

  • Down load times out I have a NB 305 toshuba 32 bit

    a box comes uo and says timed out. Internet Exployer say it blcoks foxfire.

  • MBP, 15", mid-2010, Yosemite, is sluggish!

    Hello, I have read the post below this one "MacBook suddenly started running slow" posted by "stephjonas", and have completed the first step given by Linc as follows....  (also, I checked my battery cycle count which is 262 out of a maximum of 1,000)

  • Arch freezes for a few seconds from time to time

    It freezes for a 5-10 seconds and after that, everything work fine again. After one of these, I made dmesg: [ 0.000000] Initializing cgroup subsys cpuset [ 0.000000] Initializing cgroup subsys cpu [ 0.000000] Linux version 3.8.8-2-ARCH (tobias@T-POWA

  • Rows to display in narrative

    Hi , In narrative OBIEE, at the section : Rows to display . We can inpurt number of row to display, but I want to display from 4th to 8th of rows : Ex: 1      Robert Ter 2      NameTr 3      Iden Roo 4       Adam Lio I want to display row 2nd to row

  • Online customer service

    Not sure if this is the right forum for this, but I have to pose a question.  If online support can't make basic changes to customers accounts then how are they supposed to "support" the account? The definition of support being "To provide for or mai