Risk analysis Report Error in GRC AC 10.0

Similar Messages

• Ad hoc Risk Analysis report is returning incorrect Risk Level for some Risks

  We are running GRC AC 10.0 with SP 16.  After application of Support Pack 16, some of our ad hoc risk analysis reports are returning incorrect risk levels.  For example:  Risk F024 Open closed periods and inappropriately post currency or tax entries is set as High.  When the Ad hoc report is run, the risk F024 will show on a user with a level of Medium.  We have generated our ruleset and have followed the normal procedures used to implement the support pack.  Any ideas what is causing this issue?  I have exhausted my knowledge and search attempts.
  Any help is appreciated.
  Sara B.

  Hi Kevin
  Many thanks for your post, we did run a full BRA but no luck unfortunately. Some Risks still reporting as Medium when they should be Critical or High. Oddly it is reporting correctly against some risks just not for all!
  Cheers
  Hussain

• Issue with risk analysis report in GRC10.0

  Hi All,
  We are running the user risk analysis report from NWBC: Reports and Analytics -> Access Risk Analysis Reports -> User Risk Violation report.
  This report is not fetching all the data even though user has all the required authorizations.
  We are getting the data when we execute the dashboard reports.
  Any one has idea?
  Cheers
  Hari

  Alessandro,
  Thanks for the reply. I am aware of this.
  Problem is when dash board report is showing the risk for the user but risk anaylsis report in Reports and Analytics is not showing the risks to that user.
  As per our investigation, the risk data that is displaying in the risk anaylsis report in Reports and Analytics is incomplete. We didn't find any errors in SLG1. Also there is no issues from authorizations side.
  Regards
  Hari

• GRC_10 Risk Analysis Report

  Hi,
  i should extend the risk analysis report with more details from diffrent tables, they hold special role details.
  I havent found an idea how to do this.
  Could i extend the standard report for risk analysis with more columns?
  Is there something like user.exits or enhancement-points?
  thank you very much indeed
  best regards
  Alex

  Hi Alex,
  did you have a chance to look at standard SAP Help information about different types of reports and information available?
  If not yet -please take a look at:
  Risk Analysis Reports - SAP GRC Access Control - SAP Library
  What exactly information you would like to add to reports?
  Standard reports can by customized by adding some additional fields which are hidden in standard view.
  There is also an option to add custom fields and data,
  Lets us know,
  Filip

• Role Based Risk Analysis Report

  Hello All,
  When I executed the Risk Analysis report for a role with SOD Risk Level = ALL and Report type = SOD at Authorization Object level, the results come back as "NO CONFLICT FOUND".  this is the correct response.
  However, I executed the Risk Analysis report for the same role with SOD Risk Level = HIGH and Report type = SOD at Authorization Object level, the results come back SOD conflicts based on the conflicting transactions.  Is there a bug with analyzing roles using this option?
  Also, when I click on the Detail Report button, I received object data that does not appear correct.
  Please Help.  Thanks.
  Edited by: Michael Johnson on Apr 8, 2009 8:54 PM

  Hi Babiji,
  Are you using any specific tools for SOD's? If you are using GRC tool, then it can be done using compliance calibrator Role level Risk analysis.In addition to what Sneha has said,
  To find out the conflicting roles in CC version 5.2 the path is INFORMER->Risk Analysis->Role level.In Virsa 4.0 you have the option of carrying out risk anaysis at role level by executing the t-code /N/VIRSA/ZVRAT.
  In section Analysis type, choose Roles and enter the list of roles.
  In section SOD Risk level, choose the appropriate risk.
  Then choose the appropriate report type and report format before executing it.
  This will display all the roles with the levels of risk associated with it and then you can mitigate these as per your organizational policies & procedures.
  Thanks,
  Saby..

• Risk analysis reports in IDM 6.0

  Hi
  I was trying to run risk analysis report to detect deleted users in Red hat linux. I was not sure what report to run. I tried various things like user report, resource accoutn report etc. However these reports gave the the list of users deleted in IDM but not the resource. Can i somehow create a customized report to do this?
  Any help regarding this matter is appreciated
  Thanks
  Man

  Hi,
  Please check following path in easy access
  1) Accounting ->Controlling -> Product Cost Controlling ->Product Cost Planning ->Information System
  2) Accounting ->Financial Accounting ->Fixed Assets ->Information System
  Best Regards,
  Madhu

• Risk Analysis Reports Format

  Hello Experts,
  What is main difference between Risk Analysis Report Formats ....
  Summary
  Detail
  Management Summary
  Executive Summary
  Please explain in depth and which scenarios we are using these reports. Please give a one business example.
  Regards,
  Babu

  Dear Babu,
  trying to help you.
  Summary: gives you an overview of conflicts on action level. Can be used to discuss with business what is causing the risk.
  Detail: gives you an overview of conflicts on authorization level. Can be used to analyze how a conflict can be removed.
  Management summary: gives you an overview of risks on user level. Can be used to report how many risks are currently in the system on user level. E.g. userA has 3 risks, userB has 2 risks, etc.
  Executive Summary: gives you an overview of risks on risk level. Can be used to have a general overview of applicable risks in the system. E.g. riskA has no conflicts, riskB has 7 conflicts, etc.
  Best if you just analyze and you will see the differences. If you have a particular question do not hesitate to contact us.
  Regards,
  Alessandro

• GRC AC 10 (BRM) Risk Analysis Report type is editable

  Hi,
  In  GRC10 – BRM  Risk analysis at “Action Level”, “Permission Level”, “Critical Action”, “Critical Permission” and “Critical Role/Profile” is editable.
  When i start to create a role in the Risk Analysis step, Permission Level is always selected .Selection is fine as this is configured this way (Parameter in SPRO 1023 -Default Report Type for Risk Analysis).  But exist the option to deselect "Permission Level". 
  As you can Permission level is always selected and not editable?
  Regards

  Hi,
  I guess Cristian mentions attached BRM screen. I have same issue; how to change default values of report type in BRM like parameter 1023 changes in access request.
  Also, if we change default value of check box, Cristian can set non-editable fields through SE80.

• GRC Risk analysis reports are not checking all possible risk conflicts set up in the rule set that lead to risks.

  Dear All,
  After running the risk analysis it shows only the first conflict for a risk in the rule set (Rule ID 0001). We have already Generated SOD ruleset. Also during migration from 5.3 to AC10.1 all the rulesets were imported properly.
  What could be reason??
  Thanks for your help.
  Regards,
  Abhisshek

  Abhisshek,
  there is already a thread with the same question:  Dear all I only get result for one rule id and not with others what should be an issue?
  Regards,
  Alessandro

• Risk Analysis: CUP Error: Exception Service

  Hi Guys,
  I am implementing GRC -CUP, where I found following error while performing the risk analysis from CUP.
  X - Risk analysis failed: Exception from the service : Inconsistency Org Rule Analysis Flag Parameter
  1. In RAR - we have not enabled Org. Rule Analysis.
  2. In CUP-Configuration tab- Risk Analysis link - I have disabled " Perform Org. rule Analysis"
  Yet, problem is coming in the system.
  Gurus,
  let me know if there are some errors from myside in RAR.
  Moreover, I am not able to integrate RAR with the CUP.
  Are there any steps which need to follow before integration?
  Thanks a ton
  SK

  Soumya,
     Can you look at the OSS Note # 1136379? I think you are missing the additional option "Consider Org. Rules when updating the Management reports and during Risk Analysis Web Service Call" part. Once you have set up everything similar to the OSS note option 2, test it.
  If it still doesn't work, bounce the server and test again.
  Regards,
  Alpesh

• Getting "Risk Analysis Failed " error while raising request from IDM

  Hi friends,
  Some of the User to Role mapping requests from IDM did not reach CUP (request ID = null) . When noticed the VDS log , we found the error from GRC webservice to be Risk Analysis Failed . We thought it might be an RAR issue , however , the request just got through CUP when submitted from GRC webservice directly . From RAR perspective also, everything looks ok .
  Please provide your thoughts as to whether this error is pertaining to some other issue or suggest me what I can check in Identity center to correct this .
  Thanks in advance for your help .

  The connector set up are all looking correct . However the requests are not getting raised in many cases .
  At one point we identified that , since our SAP systems have been migrated to DB2, some of the systems were down .
  So when the system is down we decided , Risk analysis is failing . however , now the systems are up and running and still the risk analysis is failing .

• Can you download RAR Risk Analysis reports to something other than Excel?

  When you run a RAR Risk Analysis and go to export the resulting reports, RAR automatically exports this into an Excel spreadsheet.
  Is it possible to export the reports into some other kind of format/tool?  (SQL would be ideal.)
  We are on GRC 5.3 SP13.
  Thanks.

  Our CMG group runs a company-wide risk analysis 2-3 times a year to use in their SOD Review process.  We are looking into loading this report into QuickView to give them more capabilities with using the report.  QV will work with Excel, but you have to load every spreadsheet and every page separately. 
  We are looking to see if we could download it into some other format that would contain all of the report in just one file.  Would make the QV load easier.  Something like SQL would probably be ideal.
  Thanks.

• UCCX 8.5.1 SU2 traffic analysis report errors out

  Anyone run into this before, I'm not seeing a bug fixed for this issue in SU3 either.
  If we have a call center outage or some issue effecting services, one day a month, and try to run the IVR traffic analysis report for the whole month (where one day we had outage) the report for that timeframe fails to run. If we adjust the report begin/end time to end before problem day/hour the report runs fine. Same for after that time to end of the month. We can also run the report for the single day of outage (whole 24 hour period) without problem to which is strange.
  Regarding the outage, it is where UCCX services stop for some reason. This is HA WAN setup. The systems were not powered down or shutdown unexpectedly. 
  Seems it is choking on the data and trying to divde by zero....
  We see this in logs,
  1: 11/6/2012 8:56:32 AM %CHC-LOG_SUBFAC-3-UNK:0 :Final Font Size=$rptFontSize
  1: 12/6/2012 11:20:36 AM %CHC-LOG_SUBFAC-3-UNK:The following SQL Command failed due to ()SQL Command=[call sp_ivr_traffic_analysis ('2012-11-01 5:00:00', '2012-12-01 5:59:59', -18000, 0 )]
  2: 12/6/2012 11:20:36 AM %CHC-LOG_SUBFAC-3-UNK:TraceDBError #1:(ADO Error# -2147467259|Description E22012: (-1202) An attempt was made to divide by zero.|Source Ifxoledbc|SQLState |NativeError -1202)
  3: 12/6/2012 11:20:36 AM %CHC-LOG_SUBFAC-3-UNK:Database Error | A runtime error occurred while executing the query. Please check log for more details
  4: 12/6/2012 11:30:32 AM %CHC-LOG_SUBFAC-3-UNK:Failed to run Interpreted SQL Command(call sp_ivr_traffic_analysis ('2012-11-01 5:00:00', '2012-12-01 5:59:59', -18000, 0 ))
  5: 12/6/2012 11:34:52 AM %CHC-LOG_SUBFAC-3-UNK:The following SQL Command failed due to ()SQL Command=[call sp_ivr_traffic_analysis ('2012-11-01 5:00:00', '2012-12-01 5:59:59', -18000, 0 )]
  6: 12/6/2012 11:34:52 AM %CHC-LOG_SUBFAC-3-UNK:TraceDBError #1:(ADO Error# -2147467259|Description E22012: (-1202) An attempt was made to divide by zero.|Source Ifxoledbc|SQLState |NativeError -1202)
  7: 12/6/2012 11:34:52 AM %CHC-LOG_SUBFAC-3-UNK:Database Error | A runtime error occurred while executing the query. Please check log for more details
  8: 12/6/2012 12:02:53 PM %CHC-LOG_SUBFAC-3-UNK:Failed to run Interpreted SQL Command(call sp_ivr_traffic_analysis ('2012-11-01 5:00:00', '2012-12-01 5:59:59', -18000, 0 ))
  9: 12/6/2012 4:00:13 PM %CHC-LOG_SUBFAC-3-UNK:The following SQL Command failed due to ()SQL Command=[call sp_ivr_traffic_analysis ('2012-11-01 5:00:00', '2012-12-01 5:59:59', -18000, 0 )]
  10: 12/6/2012 4:00:13 PM %CHC-LOG_SUBFAC-3-UNK:TraceDBError #1:(ADO Error# -2147467259|Description E22012: (-1202) An attempt was made to divide by zero.|Source Ifxoledbc|SQLState |NativeError -1202)
  11: 12/6/2012 4:00:13 PM %CHC-LOG_SUBFAC-3-UNK:Database Error | A runtime error occurred while executing the query. Please check log for more details
  12: 12/6/2012 4:18:56 PM %CHC-LOG_SUBFAC-3-UNK:Failed to run Interpreted SQL Command(call sp_ivr_traffic_analysis ('2012-11-01 5:00:00', '2012-12-01 5:59:59', -18000, 0 ))

  Mohammed,
  It is common, in many of the Cisco Express 8.5 environments we have looked at, for the Total Incoming Calls given on a Traffic Analysis report to be a higher number than an Application Report.
  The Traffic Analysis Report counts every unique sessionID (unique call) that is inbound (contact type of 1).  The Application Reports do a similar thing but qualify (filter) only the records that have an application assigned.
  There are simply times where inbound calls have been directed to an "agent" without having an applicaiton assigned.
  The best thing the reporting user can do is to run a query on his or her database such as: 
       select * from ContactCallDetail where contactType=1and startDateTime > '2012-11-16 10:00:00' and startDateTime < '2012-11-16 11:00:00';
  Usually when an application is not assigned to the record in the ContactCallDetail table it is because the destination type is equal to 1, which is an 'Agent' instead of a 'route point'.
  So if you modify your select statement to filter by destinationType, you can quickly find the records that don't have the application assigned. 
  Example:  select * from ContactCallDetail where contactType = 1 and destinationType = 1 and startDateTime > '2012-11-16 10:00:00 and startDateTime < 2012-11-16 11:00:00';
  When you look at these records, you will see the agent that took the call from the destinationID field.  The number in that field should match up with the field called 'resourceID' in a table called 'resouce';
       Example:  select * from resource where resouce=6011; where 6011 was the number you found in the destinationID field.
  If there is still confusion about the source of the call - then talk to that agent and find out what is was.
  Good Luck and let me know if you need further help.
  Ron Reif
  [email protected]

• AC 5.3 RAR - combined risk analysis reports for regular auth. and SPM auth.

  Dear All,
  we have users that have regular day-today authorization and also FF authorization.
  Does the Batch Risk Analysis takes into account both authorizations when doing the risk analysis for those users ? will we see it in the reports ?
  Thanks
  Yudit

  ok, so basically the answer is no, in the RAR components we do not have risk analysis for the combinations of the roles assigned to the user and to his FF ID.
  in that case, at what stage does the system checks for those combined risks ?
  is it checked when we manage the risk analysis phase in the CUP request that is asking to assign the FF ID to the user ?
  thanks
  Yudit

• ARA: "[P/G]" symbol in Risk Analysis Report???

  Hi,
  I have noticed a peculiar symbol in Access Risk analysis while performing permission level analysis. The symbol is "[P/G]<TCODE>".
  I have not this before. Any idea why this is coming and how I can resolve this?
  Please see the screenshot for the same.
  Recently, our target system is upgraded. I am sure if this is coming because of that. Earlier, it was working fine.
  Also, system is showing unknown risks violations for roles and all of them are preceded by "[P/G]" symbol.
  Please advise.
  Regards,
  Faisal

  Alessandro,
  Thanks for your reply.
  Yes, these actions are assigned to functions.
  Secondly, I re-generated the rules and the result is same. Also, I used
  our quality system (upgrade is not done yet) and analyzed the same role and it gave expected results!
  I am using same GRC system but different target systems. ERP Development system is causing problem where as ERP Quality system is not.
  Based upon my analysis, I see some problem with our ERP development system which is not showing appropriate results. But not sure what to do.
  Any help please?
  Regards,
  Faisal