Risk Management in PS

Hi everyone!
Does anyone know if the there's any functionality in SAP to handle Risk Management?
What the client needs to know is if SAP has any available tool to manage risks in project. When they are building up the solution for a client, they consider several risks that may arise. And during the execution of the project, they monitor those risks constantly. They can occurr or not, and sometimes other risks not detected can arise and have to be handled. Do you know if there's something in PS to address this?
Thanks in advance!
Regards,
Thalos.

Hi
Yes, it is possible to handle risk management in SAP PS.
Risk management need to consider the following:-
a) Event: What could happen?
b) Probability: How likely is it to happen?
c) Impact: How bad will it be if it happens?
d) Mitigation: How can you reduce the Probability (and by how much)?
e) Contingency: How can you reduce the Impact (and by how much)?
f) Reduction = Mitigation X Contingency
g) Exposure = Risk u2013 Reduction
Event you need to link with your network activities, means each activity you need to identify the risk involved.
Probability and Impact of the risk should be recorded on each activity which can be done through user fields.
For Mitigation and Contingency you can use DMS to maintain on each network activity.
If any Risk/ event occurred on an activity which you can identify through user status, and reporting can be done through notification.
If detailed mitigation plan need to be recorded you can record it through notification using class and charecteristics in order to record the values.
Create a Query / Z report to analyse the risk.
Tnx.
Abdul

Similar Messages

Two questions about Risk Management 2.0

hi experts,
Please find below two questions about Risk Management:
-In SPRO, Risk Management>Create top node: after completing information and executing I have this error:
Error in the ABAP Application Program
The current ABAP program "/ORM/ORM_CREATE_TOP_NODES" had to be terminated
because it has
come across a statement that unfortunately cannot be executed.
The following syntax error occurred in program "/ORM/SAPLORM_API_SERVICES " in
include "/ORM/LORM_API_SERVICESU10 " in
line 97:
"Bei PERFORM bzw. CALL FUNCTION "GET_ORGUNIT_THRESHOLDS" ist der Aktual"
"parameter "I_ORGUNIT_ID" zum Formalparameter "IV_ORGUNIT_ID" inkompati"
"bel."
The include has been created and last changed by:
Created by: "SAP "
Last changed by: "SAP "
Error in the ABAP Application Program
The current ABAP program "/ORM/ORM_CREATE_TOP_NODES" had to be terminated
because it has
come across a statement that unfortunately cannot be executed.
Do you know where it could come from?
-On the Portal>Risk Management
when I click in a link under the risk management menu(activities and risks, risk report, document risk,...) i alway have an internal server error:
While processing the current request, an exception occured which could not be handled by the application or the framework.
If the information contained on this page doesn't help you to find and correct the cause of the problem, please contact your system administrator. To facilitate analysis of the problem, keep a copy of this error page. Hint: Most browsers allow to select all content, copy it and then paste it into an empty document (e.g. email or simple text file).
Do we have to set up some customizing points before accessing these links?
Thank you !
Regards,
Julien

Hi Julien ,
I have the same error what u described as :-
-On the Portal>Risk Management
when I click in a link under the risk management menu(activities and risks, risk report, document risk,...) i alway have an internal server error:
While processing the current request, an exception occured which could not be handled by the application or the framework.
If the information contained on this page doesn't help you to find and correct the cause of the problem, please contact your system administrator. To facilitate analysis of the problem, keep a copy of this error page. Hint: Most browsers allow to select all content, copy it and then paste it into an empty document (e.g. email or simple text file).
Do we have to set up some customizing points before accessing these links? "
Are you able to solve this. Please let me know how to resolve this???
Thanks
Regards,
Atul

How SAP Risk Management may be interfaced with SAP Strategy Management?

Hello,
Any document, any customer experience around integration between SAP BusinessObjects Strategy Management and SAP BusinessObjects Risk Management would be very appreciated.
Best regards
Jean-Luc

Hi Renaud,
where you able to create your webservice and use it from GRC RM?
If yes, I would be interested in - 'How do i connect SAP RM 3.0 with that web service'
Regards
Holger

Risk Management interactive reports drill up error

Hi,
I have been working with Risk Management 10 in SAP GRC recently. I noticed that when using the Risk Manager Interactive Reports in the Report section (Heat Map and Overview Report), I have received an error when trying to drill back up to the parent organizational unit after I have drilled down to the child sub organization.
Our current workaround is to click on the <All> unit, close the window, and then reopen the window and drill back down to the parent unit. While this workaround has been successful when using the reports so far, it is difficult to communicate this error to other users when they attempt to use the reports.
Are there any fixes to this error, or any plans to fix? Otherwise, is there a feature that needs to be adjusted in Risk Management? Thanks.

Bump

BC sets activation for GRC 10.0 Risk Management

Hi ,
I am new to Risk management,please suggest the required list of BC set for activation.
Thanks in advance,
Varun

Hi Varun ,
Apart from the common BC sets , You also need to activate RM Specific BC sets.
You can find the list in Installation Guide " SAP Access Control, SAP Process Control, and SAP Risk Management 10.0/10.1"
( https://websmp108.sap-ag.de/~form/sapnet?_SCENARIO=01100035870000000202&_SHORTKEY=01100035870000718172 )
Here is the list for your quick reference:
BC_SET_ANALYSIS_PROFILE
BC-SET_ACTIVITY_TYPES
BC_SET_BENEFIT_CATEGORY
BC_SET_DEFINE_CATEGORIES_POWL
BC_SET_DEFINE_THREE_POINT_ANALYS
BC_SET_DRIVER_CATEGORY
BC_SET_IMPACT_CATEGORY
BC_SET_IMPACT_LEVEL
BC-SET_INFLUENCE_STRENGTH
BC_SET_MAINTAIN_DEFAULT_QUERY
BC-SET_MAINTAIN_OPP_RESP_TYPES
BC_SET_MAINTAIN_USER_RESP
BC_SET_OBJECTIVE_CATEGORIES
BC_SET_PROBABILITY_LEVEL_ID
BC_SET_PROBABILITY_LEVEL_MATRIX
BC-SET_RESPONSE_EFFECTIVENESS
BC-SET_RESPONSE_TYPE
BC_SET_RISK_APETITE
BC_SET_RISK_LEVEL
BC_SET_RISK_LEVEL_MATRIX
BC_SET_RISK_PRIORITY_MATRIX
BC_SET_ROLES
BC_SET_SPEED_OF_ONSET
BC-SET_LOSS_MATRIX_COLORS
BC_SET_UNIT_MEASURE
BC-SET_RISK_RESPONSE_TYPE
BCSET-GRRM-GRFNV_POLICYTYPE
BCSET-GRRM-GRRMVPOLICYRESP
BCSET-GRRM-GRFNV_POLICYTYPE
BCSET-GRRM-GRRMVPOLICYRESP
Thanks & Regards
Uma Shankar T

SAP GRC 10.0 Risk Management - Forecasting Horizon Scoring Analysis Mode

Hi everyone,
In SAP GRC 10.0 Risk Management Support Package 7, we need to assess a corporate risk by performing an automatic analysis aggregation based on a scoring analysis profile.
The problem is that corporate risks must be created based on a forecasting horizon.
So, can we create forecasting horizons with scoring analysis mode? How? Must be enabled through customizing or applying a SAP note?
Best Regards,
Chema Traveso

Hi,
I think this is still user-specific, as it was in 5.X. I have checked the new GRC authorisation object parameters delivered within the roles and also tried to see if a Admin user was able to see all the variants created by the different users, but so far I have not found a solution.
It may be worthwhile to raise this in "IdeaPlace", hoping it gets enough votes and SAP's attention for implementing in a future Support Pack delivery.

Intercompany with Risk management

Hi SAP Prof,
These is an issue with intercompany with multiple line items and each line item belongs to different company code...
               I have created intercompany sales order with multiple items(Each item belong to different Ccode) and i have assigned the payment guarantee procedure in order at header level and saved the order..
               Now,in my present company scenario i want to assign Finanacial Document in delivery at Header Level in Fianancial Processing Tab Page...
The problem is that How can i Assign a single Financial doc.....?
                If anybody knows the solution for the above querry then please let me Know....

Hi
Asper myt knowledge you can complete these settings:
MM - Purchasing - Foreign trade /customs - Documentary payments - Basic settings
1. Define a FI document type.
2. Define the Bank Functions
3.Define Indicators for FI documetn. here you can maintainthe controls for FI document process in the order.
4. Define bank indicators.
same path in Relations
1. specify the controls of Banks in FI document
2. Specify the FI document control
Same path in Risk management of FI document
1. Define forms for payment guarantee procedure
2. Define and assign payment gurantee schema
3. Activate documentary payments per itemcategory
I hope it willhelpful.
Regards,
SK

Risk Management & Process controls for non SAP client

Hi Forum Gurus,
I need clarity on the following: Can Risk managment 3.0 and Process controls be implemented for a non-SAP client?
i.e. Our client does not run SAP, but they are interested in RM and PC, so is this possible to implement?
Any advice would be highly appreciated.
Kind regards,
PREVO.

Hi Prevo,
Process control and Risk management 3.0 are delivered within same installation package files so it is same for both the applications .
Also real time agents for Oracle or peoplesoft are avaialble if you want to leverage the automated control functionality of PC 3.0 in non SAP environment.
Remember the automated control functionality is the optional feature of PC3.0.If you wish only to use the manual controls features of PC 3.0 you dont need RTAs(real time agent).
You can find further information about manual controls at http://service.sap.com
use the quicklink '/rkt' then the following menu path: SAP Business Objects for GRC Solutions -> SAP BO Process Control 3.0 -> Technology Consultant
Regards
Debraj

Are GRC Access Control, Process Control and Risk Management separate?

Are these 3 different modules that you have to purchase separately or are they included in one suite?

Hi Anne,
If you are refering to GRC Access Controls 5.3, Process Control 3.0 and Risk Management 3.0 - All 3 are separate.
A new version of GRC 10.0 has been launched which is currently in ramp up. This has all the above 3 in one suite.
Thanks and Best Regards,
Srihari.K

Risk Management 10: Assign users based on Org structure

Hello,
In GRC Risk Management 10, you can assign users to a risk in the roles tab of a risk.
Is it possible to be able to assign any employee in HR org structure to one of these roles such as Risk Owner?
More specifically, would it be possible to create a link such that only the employees in the assigned organization unit in the risk are shown in the list of users to be assigned to one of these roles?
Thanks

we have the scenarioas below
need to integrate the third party HR system ORG structure entity to the Role based travle management approval task.
but the process and workflow structure for all the department are same.
only the roles are different for each user.
no need to disple the standard approval role in Process initiation.
Custom role should be populated based on the selection from the first action.
example: if the user need cash and he should select the cash need option from
first action then the finace approver should appear in next action.
if not it should not appear.
please advice which GP callable object is best for this process.
i have the plan to use the webdynpros..
regards
Sukumar

Error while accessing Risk Management 3.0

Hi,
I get the below error when I click on Risk Management navigation bar
"Portal runtime error.
An exception occurred while processing your request. Send the exception ID to your portal administrator.
Exception ID: 07:26_23/11/09_0002_2466451
Refer to the log file for details about this exception."
The error log is as below:
07:26_23/11/09_0002_2466451
[EXCEPTION]
com.sapportals.portal.prt.runtime.PortalRuntimeException: Exception in SAP Application Integrator occured: Unable to parse template '<System.Access.WAS.protocol>://<System.Access.WAS.hostname>/sap/bc/webdynpro/<WebDynproNamespace>/<WebDynproApplication>/;sap-ext-sid=<ESID[url_ENCODE]>?sap-ep-iviewhandle=007<ESID[HASH]>&sap-wd-configId=<WebDynproConfiguration>&sap-ep-iviewid=<IView.ShortID>&sap-ep-pcdunit=<IView.PCDUnit.ShortID>&sap-client=<System.client>&sap-language=<Request.Language>&sap-accessibility=<User.Accessibility[SAP_BOOL]>&sap-rtl=<LAF.RightToLeft[SAP_BOOL]>&sap-ep-version=<Portal.Version[url_ENCODE]>&sap-wd-tstamp=<$TimeStamp>&<FPNInfo[IF_false PROCESS_RECURSIVE]>&sap-explanation=<User.Explanation[SAP_BOOL]>&<StylesheetIntegration[IF_true PROCESS_RECURSIVE]>&<Authentication>&<DynamicParameter[PARAMETER_MAPPING PROCESS_RECURSIVE]>&<ForwardParameters[QUERYSTRING]>&<ApplicationParameter[PROCESS_RECURSIVE]>'; the problem occured at position 310. Cannot process expression <System.client> because Invalid System Attribute:
System:    &#39;SAP_LocalSystem&#39;,
Attribute: &#39;client&#39;.
     at com.sapportals.portal.appintegrator.AbstractIntegratorComponent.doContentPass(AbstractIntegratorComponent.java:125)
     at com.sapportals.portal.appintegrator.AbstractIntegratorComponent.doContent(AbstractIntegratorComponent.java:98)
     at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:209)
     at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114)
     at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
     at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:215)
     at com.sapportals.portal.prt.pom.PortalNode.service(PortalNode.java:645)
     at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
     at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:753)
     at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:235)
     at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:541)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:430)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)

Hi Amarnath,
looks to me like an issue with the Portal System Object that point to your RM ABAP system, the exception states that
"Cannot process expression <System.client> because Invalid System Attribute: System: 'SAP_LocalSystem', Attribute: client"
So it seems the client attribute is not maintained properly in the Portal Config...
Cheers,
Dominic
Edited by: Dominic Yow-Sin-Cheung on Nov 25, 2009 8:52 AM

Dyman & Associates Risk Management Projects: 10M Passwords Publicized For Research

We've all heard of this before: a hacker releasing a certain number of passwords and usernames, presumably just for the lulz. But this time, we're talking about 10 million records posted by no less than a security specialist himself.
Security expert Mark Burnett has published 10 million sets of usernames and passwords online in an effort to equip the security sector with more information, while also getting himself potentially tagged as a criminal.
He clarified that his release of the username-password list is solely for white-hat purposes -- to aid research in making login authentications more effective and fraud-proof. Burnett insisted that he does not intend to help facilitate any illegal activity
or defraud people by his actions.
"I could have released this data anonymously like everyone else does but why should I have to? I clearly have no criminal intent here. It is beyond all reason that any researcher, student, or journalist have to be afraid of law enforcement agencies that
are supposed to be protecting us instead of trying to find ways to use the laws against us," he said in his post.
Leaking a massive amount of user data into the wild certainly does not sound like great help for most people but for security professionals, it's an important tool for research. For instance, how else would they know that online users are generally bad at choosing
passwords?
In his post, he shared that he would often get requests for his password data from researchers but he would just decline them before. But since he also know its importance, he decided to publish a clean data set for the public.
"A carefully-selected set of data provides great insight into user behavior and is valuable for furthering password security. So I built a data set of ten million usernames and passwords that I am releasing to the public domain."
To be fair, Dyman & Associates Risk Management Projects confirms that analyzing a username-password set seems to be more helpful for the security researchers.
According to him, it was by no means an easy decision but he eventually posted it after weighing down a number of factors. And though Burnett said he believes most of the data are already expired and unused, the domain part of the logins and any keyword that
could link it to a certain site were still removed to make it difficult for those with criminal intent.
Besides, Dyman & Associates Risk Management Projects experts agreed with him in saying that if a hacker would need such a list in order to attack someone, he's not going to be much of a threat.
Burnett has previously helped in collecting the recent list of worst passwords to alarm people into adopting better practices when it comes to their login credentials.
Lastly, he imparted the following warning for complacent users: "Be aware that if your password is not on this list that means nothing. This is a random sampling of thousands of dumps consisting of upwards to a billion passwords."

Risk Management in Software Development

(Sigh) Another essay, yet more research...
This time, I'm looking into how risk management is done in the software industry. I'm basing my answer fairly heavily around the SEI risk management model, but as always I'm interested in any thoughts that this forum's Programmers and Software Engineers might have on the subject.
Does your company actually have a strategy for controlling risk? Does it work? I could read theory until my eyes water, but I'd quite like to know about risk management practices that are effective, from both the agile (c.f. XP) development viewpoint to those that work through the classic 'waterfall' model.
If you've a spare minute to add your comment, your time would be very much appreciated.
Cheers/

Correction for a duff link: This was the SEI link: http://www.sei.cmu.edu/programs/sepm/risk/

SharePoint Risk Management

Hi,
I want to create Project Risk Management in SharePoint 2013. Can you please provide some idea how to create it.
Thanks,

Hi
This will get you started with the project
http://pm-foundations.com/2011/04/10/using-sharepoint-to-manage-risks-issues/
http://www.slideshare.net/echo4sharepoint/risk-management-in-sharepoint-governance
Please remember to mark the replies as answers if they help
Amit Kotha

Risk Management Plan ERP WW Implementation

Hello All
I´m developing a Risk Management Plan and need to identify risks related to ERP implementation in multiple geographies. The implementations will be based on the same template and the template, a base model, will be managed in a centralized way by the corporation, both from a process and from an IT perspective, e.g., process changes that impact the base model will be approved by a centralized group responsible for the integrity of the base model. These changes, if approved, will be incorporated to the base model under a strict versioning and configuration management policy. The Business and IT organizations will have to manage both the integrity of the base model (and its versions) and the rollout of specific versions to the geographies. Geographies include Latin America, North America, Africa.
I´m willing to identify risks of the strategy to the business itself (the strategy I described above) and it´s impact on the IT organization/processes that will need to support it. This company already runs SAP on it´s biggest business unit, now it will be expanding the solution to smaller BUs in other countries. The base model currently used by the corporation is different than the base model (template) that will be implemented in the smaller BUs, for historical reasons.
A good start could be a Risk Assessment (part of a typical Risk Management Plan) of an ERP implementation project with similar characteristics, e.g.: multiple geographies, different Business Units in these geographies, having to ensure integrity of the base model (template), etc...
Does anyone have anything similar to this that I could use as a start? Thanks.
Message was edited by:
        José Welington Nogueira Filho

Hi Jose,
Its quite interesting that you are working on Risk management . Risk management Plan requires to analyze the organization based on its Operations,Financial activities.
As per my understnading Risk management process is involved or can be segregated based on the following classification .
a) Financial Risk
b) Operational Risk
c) Strategic Risk
d)External Risk
Your Risk management Plan cna start up with the identify, categorize and analyze enterprise risks.
a) Financial Risk:
        - Based on the complexity ,size and nature of organization identify first top
           ten financial risks in the company.
b) Operational Risks:
        - Quality
        - Hiring and retention
        - Supply Chain
        - Succession Planning
c) Strategic Risks:
        - Intellectual Property Infringement / Counterfiet
        - Business Model and portfolio
        - Resource alignment
d) Exteran Risks:
        - Catastophic/Business Interrruption
        - Technological innovation
        - Competetors
While coming to Risk management Life-Cycle:
1. Validation and verification
2. Risk Treatment process
3. Governance & Monitoring
Based on the Low and high point methods you can identify the risks and give ranks based on the risk priority and prepare a graphical presentation .
As per above risks classification i am giving you more classification it will help you to prepare your Risk management plan in detailed ananlysis:
a) Financial Risks:
       - Cash Flow
       - Credit
       - Debit
       - Equity
       - Interest rates
b) Operational Risks;
      - Catastophe /BI
      - Change Mangement
      - Security
c) Strategic risks:
      - Brand repuatation
      - Business Model Portfolio
      -Channel
      - IP Infringment/Counterfiet
      - Quality
      - Resource allocation /Alignment
d) External Risks:
       - Competeiotrs
       - Customers Needs / Product support
       - Legal / anti-trust
       - Regulatory / Taxation
       - Technological Innovations
This information will help you to start your Risk analysis Plan. Please let me know if you need any thing esle on this.
Please award points if this is helpful.
Regards,
Ramesh Choragudi

Risk Management in PS

Similar Messages

Maybe you are looking for