Risk Management with LoC

Similar Messages

• How SAP Risk Management may be interfaced with SAP Strategy Management?

  Hello,
  Any document, any customer experience around integration between SAP BusinessObjects Strategy Management and SAP BusinessObjects Risk Management would be very appreciated.
  Best regards
  Jean-Luc

  Hi Renaud,
  where you able to create your webservice and use it from GRC RM?
  If yes, I would be interested in - 'How do i connect SAP RM 3.0 with that web service'
  Regards
  Holger

• Intercompany with Risk management

  Hi SAP Prof,
  These is an issue with intercompany with multiple line items and each line item belongs to different company code...
                 I have created intercompany sales order with multiple items(Each item belong to different Ccode) and i have assigned the payment guarantee procedure in order at header level and saved the order..
                 Now,in my present company scenario i want to assign Finanacial Document in delivery at Header Level in Fianancial Processing Tab Page...
  The problem is that How can i Assign a single Financial doc.....?
                  If anybody knows the solution for the above querry then please let me Know....

  Hi
  Asper myt knowledge you can complete these settings:
  MM - Purchasing - Foreign trade /customs - Documentary payments - Basic settings
  1. Define a FI document type.
  2. Define the Bank Functions
  3.Define  Indicators for FI documetn. here you can maintainthe controls for FI document process in the order.
  4. Define bank indicators.
  same path in Relations
  1. specify the controls of Banks in FI document
  2. Specify the FI document control
  Same path  in Risk management of FI document
  1. Define forms for payment guarantee procedure
  2. Define and assign payment gurantee schema
  3. Activate documentary payments per itemcategory
  I hope it willhelpful.
  Regards,
  SK

• Available now: New Business Transformation Study for Aurubis on the 7 month implementation and success with SAP Commodity Risk Management

  We just published a Business Transformation Study with Aurubis AG, the world’s leading integrated copper producer, on how SAP Commodity Risk Management solution helps them to hedge commodity price risks with the highest accuracy and integration and to meet stringent compliance regulations like EMIR with lowest risk, effort, and cost.
  With SAP Commodity Risk Management, all business processes related to commodity derivatives including the settlement, accounting and payment processes are now integrated and generated within the existing SAP ERP system. Please read the BTS here .

  Thanks Samuli.
  You're right, it seems BAdI HRESS_NWBC_MENU_EXT will work. I think I didn't make myself very clear as I didn't say that launchpad menu will no longer be used with NWBC since we will use the left side navigation, much user friendly and quicker to access to.
  Reading SAP documentation it seems this BAdI (available from EHP7+) will solve my issue.
  Thanks for the hint.
  Do you see any blocking point from moving SAP Portal to SAP NWBC for HTML even with 12000+ users?
  Thanks again.
  Best Regards,
  AS

• Risk Management implementation with SEM

  Hello, someone knows enterprises that have imeplemented risk managemente with the SEM solution? Or another solution from SAP? Thanks

  No one answered my question.

• Risk Management interactive reports drill up error

  Hi,
  I have been working with Risk Management 10 in SAP GRC recently.  I noticed that when using the Risk Manager Interactive Reports in the Report section (Heat Map and Overview Report), I have received an error when trying to drill back up to the parent organizational unit after I have drilled down to the child sub organization.
  Our current workaround is to click on the <All> unit, close the window, and then reopen the window and drill back down to the parent unit.  While this workaround has been successful when using the reports so far, it is difficult to communicate this error to other users when they attempt to use the reports.
  Are there any fixes to this error, or any plans to fix?  Otherwise, is there a feature that needs to be adjusted in Risk Management?  Thanks.

  Bump

• Risks associated with digital signatures

  We are looking to develop a process to use digital signatures on PDF documents, send them via email to a line manager, who adds his digital signature as a "stamp of approval" who then emails them to a specific department for processing. Are there any risks associated with using digital signatures in adobe, and general best practices for their usage, or best practices to mitigate the risks associated with them.

  If you procure and use commercially-issued credentials (not self-signed), digital signatures are much safer than any other signatures.
  1. They tell you whether the signed document has been altered. The document's author may specify which alterations (like form fill or signing) are acceptable. A digital signature tells you what kind of alterations in the document occurred after signing. In Acrobat you can always get the signed version before any alterations occurred.
  2. The digital signature tells you who the signer is (not only from the appearance but from the signing credential which is present in the signatures).
  3. The signing credential of a digital signature can be verified on-line that it has not been revoked and is still good. Acrobat has a feature to embed revocation information in the document, so that you can get verification that the signing credential was good at the signing time even if you do not have Internet access.
  4. In Acrobat the last signer can lock the signature, so that no other modifications of the document are allowed.
  So, there are many advantages to using digital signatures. The only risk that you have is that a signing credential can be stolen if someone has an access to the computer or token where the credential is stored AND gets hold of the credential's password. Each credential is password protected, so you guard this password as you guard any other password. If you suspect that someone got hold of your credential and password you can always ask the credential's issuer to revoke this credential and to issue you a new one. In this case the only time span when someone may use your credential is the time lag between the time the credential was stolen and the time the issuer revoked it.

• SAP GRC 10.0 Risk Management - Forecasting Horizon Scoring Analysis Mode

  Hi everyone,
  In SAP GRC 10.0 Risk Management Support Package 7, we need to assess a corporate risk by performing an automatic analysis aggregation based on a scoring analysis profile.
  The problem is that corporate risks must be created based on a forecasting horizon.
  So, can we create forecasting horizons with scoring analysis mode? How? Must be enabled through customizing or applying a SAP note?
  Best Regards,
  Chema Traveso

  Hi,
  I think this is still user-specific, as it was in 5.X. I have checked the new GRC authorisation object parameters delivered within the roles and also tried to see if a Admin user was able to see all the variants created by the different users, but so far I have not found a solution.
  It may be worthwhile to raise this in "IdeaPlace", hoping it gets enough votes and SAP's attention for implementing in a future Support Pack delivery.

• CUP 5.3 is coming back with all risks associated with a user

  HI, i know this has probably come up in the past but i'm not finding it anywhere in the forum.  we are having a problem with CUP 5.3 provisioning as it's bringing up all risks associated with a user rather than the new ones for the role being requested.  this is especially aggravating for roles that do not have a conflict.  i'm thinking this might be a very simple answer but i'm not finding it anywhere.
  thanks
  ryan

  Ryan,
  Excuse me for the link. the problem was because a 'P' at the end
  This is the correct one: Did CUP risk analysis change with SP7?
  And, as per my knodelge, There's no way to show only the "new risks" in CUP risk analysis.
  If you want to use GRC succesfully, first you have to "get clean". Check here (Note 1593056 - Best Practices for Remediation of
  Segregation of Duties risk):
  The Risk Analysis and Remediation (RAR) application is part of the "Get Clean" methodology which is at the core of GRC Access Control. The first step of any Access Control project should be to "Get Clean" of any segregation of duties violations through the use of RAR. Once clean, Compliant User Provisioning, Enterprise Role Management and SuperUser Privilege Management are tools used to "Stay Clean".
  If you've already identified the risk, mitigate them. This is the best practise. I undertand your problem, but until you finish the "clean procedure" you should use an alternative workflow for CUP.
  Cheers,
  Diego.

• Enterprise Project Management with Empty (from tasks) Projects

  Project Management is not only about Gantt and schedule. It's about collaboration, status reporting, resource requirements risk management and budget management.
  Project Server supports us with all of that with features like resource plan, status reports, team sites and risk list. You can also manage budget and progress with unscheduled tasks
  Have any of you gone this way of managing the non-schedule project information on either empty projects (without tasks) or "grocery-list" projects (with tasks as budget/effort entries, but no schedule)?
  Thanks,

  Yes, I know clients that do this. Project Server has many uses :)
  Paul
  Paul Mather | Twitter |
  http://pwmather.wordpress.com | CPS

• Risk Management in PS

  Hi everyone!
  Does anyone know if the there's any functionality in SAP to handle Risk Management?
  What the client needs to know is if SAP has any available tool to manage risks in project. When they are building up the solution for a client, they consider several risks that may arise. And during the execution of the project, they monitor those risks constantly. They can occurr or not, and sometimes other risks not detected can arise and have to be handled. Do you know if there's something in PS to address this?
  Thanks in advance!
  Regards,
  Thalos.

  Hi
  Yes, it is possible to handle risk management in SAP PS.
  Risk management need to consider the following:-
  a) Event: What could happen?
  b) Probability: How likely is it to happen?
  c) Impact: How bad will it be if it happens?
  d) Mitigation: How can you reduce the Probability (and by how much)?
  e) Contingency: How can you reduce the Impact (and by how much)?
  f) Reduction = Mitigation X Contingency
  g) Exposure = Risk u2013 Reduction
  Event you need to link with your network activities, means each activity you need to identify the risk involved.
  Probability and Impact of the risk should be recorded on each activity which can be done through user fields.
  For Mitigation and Contingency you can use DMS to maintain on each network activity.
  If any Risk/ event occurred on an activity which you can identify through user status, and reporting can be done through notification.
  If detailed mitigation plan need to be recorded you can record it through notification using class and charecteristics in order to record the values.
  Create a Query / Z report to analyse the risk.
  Tnx.
  Abdul

• Error while accessing Risk Management 3.0

  Hi,
  I get the below error when I click on Risk Management navigation bar
  "Portal runtime error.
  An exception occurred while processing your request. Send the exception ID to your portal administrator.
  Exception ID: 07:26_23/11/09_0002_2466451
  Refer to the log file for details about this exception."
  The error log is as below:
  07:26_23/11/09_0002_2466451
  [EXCEPTION]
  com.sapportals.portal.prt.runtime.PortalRuntimeException: Exception in SAP Application Integrator occured: Unable to parse template &#39;&lt;System.Access.WAS.protocol&gt;://&lt;System.Access.WAS.hostname&gt;/sap/bc/webdynpro/&lt;WebDynproNamespace&gt;/&lt;WebDynproApplication&gt;/;sap-ext-sid=&lt;ESID[url_ENCODE]&gt;?sap-ep-iviewhandle=007&lt;ESID[HASH]&gt;&amp;sap-wd-configId=&lt;WebDynproConfiguration&gt;&amp;sap-ep-iviewid=&lt;IView.ShortID&gt;&amp;sap-ep-pcdunit=&lt;IView.PCDUnit.ShortID&gt;&amp;sap-client=&lt;System.client&gt;&amp;sap-language=&lt;Request.Language&gt;&amp;sap-accessibility=&lt;User.Accessibility[SAP_BOOL]&gt;&amp;sap-rtl=&lt;LAF.RightToLeft[SAP_BOOL]&gt;&amp;sap-ep-version=&lt;Portal.Version[url_ENCODE]&gt;&amp;sap-wd-tstamp=&lt;$TimeStamp&gt;&amp;&lt;FPNInfo[IF_false PROCESS_RECURSIVE]&gt;&amp;sap-explanation=&lt;User.Explanation[SAP_BOOL]&gt;&amp;&lt;StylesheetIntegration[IF_true PROCESS_RECURSIVE]&gt;&amp;&lt;Authentication&gt;&amp;&lt;DynamicParameter[PARAMETER_MAPPING PROCESS_RECURSIVE]&gt;&amp;&lt;ForwardParameters[QUERYSTRING]&gt;&amp;&lt;ApplicationParameter[PROCESS_RECURSIVE]&gt;&#39;; the problem occured at position 310. Cannot process expression &lt;System.client&gt; because Invalid System Attribute:
  System:    &amp;#39;SAP_LocalSystem&amp;#39;,
  Attribute: &amp;#39;client&amp;#39;.
       at com.sapportals.portal.appintegrator.AbstractIntegratorComponent.doContentPass(AbstractIntegratorComponent.java:125)
       at com.sapportals.portal.appintegrator.AbstractIntegratorComponent.doContent(AbstractIntegratorComponent.java:98)
       at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:209)
       at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114)
       at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
       at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:215)
       at com.sapportals.portal.prt.pom.PortalNode.service(PortalNode.java:645)
       at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
       at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:753)
       at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:235)
       at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:541)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:430)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)

  Hi Amarnath,
  looks to me like an issue with the Portal System Object that point to your RM ABAP system, the exception states that
  "Cannot process expression <System.client> because Invalid System Attribute: System: 'SAP_LocalSystem', Attribute: client"
  So it seems the client attribute is not maintained properly in the Portal Config...
  Cheers,
  Dominic
  Edited by: Dominic Yow-Sin-Cheung on Nov 25, 2009 8:52 AM

• Dyman & Associates Risk Management Projects: 10M Passwords Publicized For Research

  We've all heard of this before: a hacker releasing a certain number of passwords and usernames, presumably just for the lulz. But this time, we're talking about 10 million records posted by no less than a security specialist himself.
  Security expert Mark Burnett has published 10 million sets of usernames and passwords online in an effort to equip the security sector with more information, while also getting himself potentially tagged as a criminal.
  He clarified that his release of the username-password list is solely for white-hat purposes -- to aid research in making login authentications more effective and fraud-proof. Burnett insisted that he does not intend to help facilitate any illegal activity
  or defraud people by his actions.
  "I could have released this data anonymously like everyone else does but why should I have to? I clearly have no criminal intent here. It is beyond all reason that any researcher, student, or journalist have to be afraid of law enforcement agencies that
  are supposed to be protecting us instead of trying to find ways to use the laws against us," he said in his post.
  Leaking a massive amount of user data into the wild certainly does not sound like great help for most people but for security professionals, it's an important tool for research. For instance, how else would they know that online users are generally bad at choosing
  passwords? 
  In his post, he shared that he would often get requests for his password data from researchers but he would just decline them before. But since he also know its importance, he decided to publish a clean data set for the public. 
  "A carefully-selected set of data provides great insight into user behavior and is valuable for furthering password security. So I built a data set of ten million usernames and passwords that I am releasing to the public domain."
  To be fair, Dyman & Associates Risk Management Projects confirms that analyzing a username-password set seems to be more helpful for the security researchers.
  According to him, it was by no means an easy decision but he eventually posted it after weighing down a number of factors. And though Burnett said he believes most of the data are already expired and unused, the domain part of the logins and any keyword that
  could link it to a certain site were still  removed to make it difficult for those with criminal intent. 
  Besides, Dyman & Associates Risk Management Projects experts agreed with him in saying that if a hacker would need such a list in order to attack someone, he's not going to be much of a threat.
  Burnett has previously helped in collecting the recent list of worst passwords to alarm people into adopting better practices when it comes to their login credentials.
  Lastly, he imparted the following warning for complacent users: "Be aware that if your password is not on this list that means nothing. This is a random sampling of thousands of dumps consisting of upwards to a billion passwords."

• SharePoint Risk Management

  Hi,
  I want to create Project Risk Management in SharePoint 2013. Can you please provide some idea how to create it.
  Thanks,

  Hi
  This will get you started with the project
  http://pm-foundations.com/2011/04/10/using-sharepoint-to-manage-risks-issues/
  http://www.slideshare.net/echo4sharepoint/risk-management-in-sharepoint-governance
  Please remember to mark the replies as answers if they help 
  Amit Kotha

• Risk Management Plan ERP WW Implementation

  Hello All
  I´m developing a Risk Management Plan and need to identify risks related to ERP implementation in multiple geographies. The implementations will be based on the same template and the template, a base model, will be managed in a centralized way by the corporation, both from a process and from an IT perspective, e.g., process changes that impact the base model will be approved by a centralized group responsible for the integrity of the base model. These changes, if approved, will be incorporated to the base model under a strict versioning and configuration management policy. The Business and IT organizations will have to manage both the integrity of the base model (and its versions) and the rollout of specific versions to the geographies. Geographies include Latin America, North America, Africa.
  I´m willing to identify risks of the strategy to the business itself (the strategy I described above) and it´s impact on the IT organization/processes that will need to support it. This company already runs SAP on it´s biggest business unit, now it will be expanding the solution to smaller BUs in other countries. The base model currently used by the corporation is different than the base model (template) that will be implemented in the smaller BUs, for historical reasons.
  A good start could be a Risk Assessment (part of a typical Risk Management Plan) of an ERP implementation project with similar characteristics, e.g.: multiple geographies, different Business Units in these geographies, having to ensure integrity of the base model (template), etc...
  Does anyone have anything similar to this that I could use as a start? Thanks.
  Message was edited by:
          José Welington Nogueira Filho

  Hi Jose,
  Its quite interesting that you are working on Risk management . Risk management Plan requires to analyze the organization based on its Operations,Financial activities.
  As per my understnading Risk management process is involved or can be segregated based on the following classification .
  a) Financial Risk
  b) Operational Risk
  c) Strategic Risk
  d)External Risk
  Your Risk management Plan cna start up with the identify, categorize and analyze enterprise risks.
  a) Financial Risk:
          -  Based on the complexity ,size and nature of organization identify first top
             ten financial risks in the company.
  b) Operational Risks:
          -  Quality
          -  Hiring and retention
          - Supply Chain
          - Succession Planning
  c) Strategic Risks:
          - Intellectual Property Infringement / Counterfiet
          - Business Model and portfolio
          - Resource alignment
  d) Exteran Risks:
          - Catastophic/Business Interrruption
          - Technological innovation
          - Competetors
  While coming to Risk management Life-Cycle:
  1. Validation and verification
  2. Risk Treatment process
  3. Governance & Monitoring
  Based on the Low and high point methods you can identify the risks and give ranks based on the risk priority and prepare a graphical presentation .
  As per above risks classification i am giving you more classification it will help you to prepare your Risk management plan in detailed ananlysis:
  a) Financial Risks:
         -  Cash Flow
         - Credit
         -  Debit
         - Equity
         - Interest rates
  b) Operational Risks;
        - Catastophe /BI
        - Change Mangement
        - Security
  c) Strategic risks:
        - Brand repuatation
        - Business Model Portfolio
        -Channel
        - IP Infringment/Counterfiet
        - Quality
        - Resource allocation /Alignment
  d) External Risks:
         - Competeiotrs
         - Customers Needs / Product support
         - Legal / anti-trust
         - Regulatory / Taxation
         - Technological Innovations
  This information will help you to start your Risk analysis Plan. Please let me know if you need any thing esle on this.
  Please award points if this is helpful.
  Regards,
  Ramesh Choragudi