Risk Owners/BPO

Similar Messages

• CUP 5.3 (SP11) Risk Owner Approval in CUP workflow

  Hello Experts,
  I have a question...
  When you create a risk in RAR, is there any way you can send an approval request automatically to a Risk Owner already set in RAR?
  Unfortunately, there is no such option for risk in the CUP custom approver determinator.
  We want to set risk owners different from business process owners,* and risk owners are the ones responsible for risk approval.
  *We don't want to set the "business process" as an approver determinator.
  I would appreciate your advice.
  HM

  When you create a risk in RAR, is there any way you can send an approval request *automatically* to a Risk Owner already set in RAR?
    - CUP (Page 19/33)?
  Unfortunately, there is no such option for risk in the CUP custom approver determinator.
  There is - Request Type - Attribute
  Please have a look at the following document to create RISK (RAR) approval workflows in CUP (Page 19/33 - CAD):
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e03cd86c-3aa7-2a10-1aa6-e845902f555d?quicklink=index&overridelayout=true
  Thanks
  Himadama

• Mitigation Control Owner instead of Risk Owner.

  Hi All,
  In a Provisioning request after Risk analysis if there is any SOD found then request needs to be forwarded to Mitigation Control Owner instead of Risk owner
  Please advice whether standard Functionality in GRC 10.1 address this requirement or it needs development.
  Thanks in Advance

  Hi Babu,
  There is no standard functionality to forward this to mitigatiion control owner.
  Even forwarding to risk owner ,you may need some customization as per SAP Note 1670504.
  Thanks,
  Mamoon

• Risk Owners approval using ABAP Function class

  Dear All
  I have implemented ABAP function class ZCL_GRAC_WFA_RISK_OWNER to identify the risk owners once the role approval is done, the Workflow is working fine with one exception.
  My scenario is like this - i have mapped P059 risks to PR risk approver coming from PR role, S007 risks is mapped to SD risk approver coming from SD role, so when the role owner have approved both the roles, i would like to send seperate risk approval requests to 2 diff risk approvers as per my mapping.
  But currently P059 & S007 risks are routed to both approvers at the same time & when one of them approves the risks - both risks get approved & provisioning is taking place.
  i would like 2 risk approval to be put in place - any idea on how to acheive this?
  Naveen

  Dear Hari
  Thanks for your response.. Yes i have implemented the note 1670504..
  As mentioned earlier i have checked my Risk approval Stage setting with both options "ALL APPROVERS" & "ANY ONE APPROVER"
  but still when one of the risk owner approves all the risks are get approved & the provisioning is completed.
  PFA
  Do let me know if you have any more options.
  Naveen

• RAR: Upload risk owners

  Hi,
  Is it possible to assign risk owners to risks via an upload file of some sort? I would have thought that this should be part of the Risk Description Template found in the configuration guide. This does not seem to be the case.
  Any ideas of how I can do this?
  Regards,
  Mo

  Hi Muhammad,
  You can upload Risk Owners using Mitigation template. As Risk owners has to be created under administrators of mitigation and then only can be assigned to Risks under Risk ID of Rule Architect
  Once you upload the Risk owners using mitigation template, the drop down will allow you to assign the Risk owners to the Risk IDs.
  Thanks and Best Regards,
  Srihari.K

• What are the roles & responsibilities of Risk Monitors & Risk Owners!

  I need a documentation where the roles & responsibilities of a risk monitor and risk owner are stated. I was assigned to do a documentation for this. can someone help me on this? Thanks.

  Risk Owner:
  The role has the authorization to run access risk maintenance and access risk analysis!
  SoD, maintain owners in AC, risk analysis.
  Risk Monitor:
  Has the authorization to run risk analysis, mitigating control assignment and assign mitigating controls to an access risk.

• GRC AC 5.3 - CUP automatically pick up Risk Owners?

  Hi GRC Experts,
  Just wanted to know, is there any way CUP can pick up Risk Approvers without configuring them in CAD? Role approvers automatically get picked up when choosing the "Role" as the approver determinator within a CUP "stage"; Is there any such option for a CUP stage to pick up the Risk Approvers in the same manner?
  Thanks and Best regards,
  Sandeep

  Hi Chinmaya,
  Firstly, thanks for your help and support.
  According to the post, I mean when the user manager or approver, receives the request to assign one role to a user, the approver has to decide the needs of the user to use that role.
  Then the approver can check (clicking on Risk Analysis button) the number of concflicts or criticals risk that the user could violate. The issue is when the approver launched the anaylisis and it shows same conflict risks that have been mitigated in the previously assignment. It may show the possible risks between the new role and the others, isn´t it?, or instead of the case ,that the oldest risks are showed. Must that  risks showed  as mitigated?
  Thanks, regards.

• Risk analysis after approval in CUP

  Hi,
  Can it be possible? CUP to do automatic risk analysis after the request is approved by the role approvers.  If there are no risks, roles will get provisioned. If risks exist based on the risk ID to have the request forwarded to the risk owner where the mitigation control, monitor details are entered.
  Please provide your inputs.
  Thanks
  R R

  Not a good idea, generally.
  What you can do is have the risk analysis performed automatically on request submission. The approvers would see the risks, but you can allow them to ignore them and have a detour on the last approval step.
  This has a few quirks:
  - if your last approval is a role approver, i.e. there may be a split approval to several people, the detour is tricky.
  - if one of the approvers changes something in the request, the risk analysis is invalid.
  I would also question the general idea - usually in case of risks, one of the approvers should also take action. If all they do is approve, get them out of the way.
  Unfortunately there is no step that says "automatic risk analysis, no manual approval required". That's an enhancement I would also welcome.
  Frank.

• Risk Analysis and Remediation Mitigating Control Monitoring Alerts

  Hello,
  We have configured an alert for a Mitigating Control.  The Monitor must execute the report every day (report frequency = 1) or an alert email is sent to the Risk Owner.
  The Risk Owner recieves the Alert email and the Alert is logged on the Alerts tab only for the first two days after the report is not executed by the Monitor.  Is there a setting somewhere that controls why the alert is not generated after two days?
  thanks
  Tammi

  Correction.
  The email is only sent for 2 days.  The alert is logged on the Alert Monitor tab every day.

• Configure Access Control Owner screen

  Hi All,
  I am working on SAP GRC project and it's very new to me. I have one user and that user has Access control owners screen.
  This role displaying all the Central Owner in the table. When I click one role than Open button gets activated. When i click open button it's navigating to Owner assignment screen in Central Owner Administration. In here i am having two doubts,
  1. Is this possible to create duplicate screen of Owner assignment screen
  2. If possible how to configure that in Access Control Owners screen.
  Your valuable answers will be appreciated.
  Thanks in advance.
  Regards,
  Kathiresan R

  Hi Kathiresan,
  its not possible for creating duplicate entries for one user with similar owner administration in Access Control Owners tab.
  and it is possible, for one user we can able to assign multiple responsibilities.
  Once we are in to Access control Owners screen
  -> select the user id which you want assign additional responsibility like Risk Owner, MC owner and FF role owner etc.
  -->Click on open button and select multiple responsibilities and save the data.
  And make sure that user should have the required roles before assigning the responsibilities in access control owners.
  Thanks,
  Siva

• Risk Management 10: Assign users based on Org structure

  Hello,
  In GRC Risk Management 10, you can assign users to a risk in the roles tab of a risk. 
  Is it possible to be able to assign any employee in HR org structure to one of these roles such as Risk Owner?
  More specifically, would it be possible to create a link such that only the employees in the assigned organization unit in the risk are shown in the list of users to be assigned to one of these roles?
  Thanks

  we have the scenarioas below
  need to integrate the third party HR system ORG structure entity to the Role based travle management approval task.
  but the process and workflow structure for all the department are same.
  only the roles are different for each user.
  no need to disple the standard  approval role in Process initiation.
  Custom role should be populated based on the selection from the first action.
  example: if the user need cash and he should select the cash need option from
                first action then the finace approver should appear in next action.
                if not it should not appear.
  please advice which GP callable object is best for this process.
  i have the plan to use the webdynpros..
  regards
  Sukumar

• AC 5.3  Critical Action Alert Emails not being sent

  HI:
  We have set up Critical Action alerts for a couple of transactions and while the on-line alert logs are being generated correctly, the alert email is not being sent to the Risk Owner.
  Does anyone know where I can trouble shoot this issue?
  Thanks,
  Margaret

  >
  Alpesh Parmar wrote:
  > Margaret,
  >
  >     Have you set up the SMTP server in visual admin? RAR needs to use this server details to send out an email.
  >
  > Alpesh
  Hi AlpeshMargaret,
  Where are the instructions for setting up the SMTP server in visual admin for the purpose of Alert Generation? I am not seeing this in the Configuration Guide. Could you point me to the correct documentation?
  Thanks!
  Jes

• Process control inheritence to child org units - GRC 10.0

  Hi All,
  We created few process controls in Parent Org Unit - X. We assigned mitigation control ID and access risks to these controls along with control owners. These process controls are being used as Standard Global Controls
  We created another Child Org Unit - Y and copied the sub-process and then selected only 1 or 2 controls which are applicable to the Child Org Unit. This will allow us to use few Global controls and create local controls if required.
  Now the issue we observed that the Child Org Unit does not carry the Mit. Ctrl ID & Access Risks & Owners from the same control of Parent Org Unit. When we tried to provide the same Mit. Ctrl ID it is stating Mit. Ctrl is not UNIQUE.
  Our requirement is we would like to have the same Mit. Ctrl ID for Global Controls both at Parent & Child Org Unit and different Mit. ID for local controls at Child org unit. This will be easy to identify controls which are from Global & Local for testing and other reporting purposes.
  We understood that since we are copying the sub-process to Child Unit it is taking only Process control details, not the access control information as it is provided in Org Unit
  Can somebody please guide how to acheive the above requirement. How to inherit all the controls from Parent to Child Org unit reflecting Mit. Ctrl ID, Access Risks and Owners
  We are on PC 10.0 - SP07
  Thanks and Best Regards,
  Srihari.K

  Hi Sabita,
    Did you check this article on Content Life Cycle Mngt supports all SAP GRC products. Check the link for detailed article and I hope this would be right direction for your company to go.
  http://www.sdn.sap.com/irj/bpx/go/portal/prtroot/docs/library/uuid/e0431d8f-2298-2e10-5fb0-87840e285f4c
  warm regards,
  Asok Christian

• Standard Approvers on GRC 10.0

  Hi Guys,
  I've got a quick queston for you all.
  Do you know where I can define the Point of Contact and Security Agents in GRC 10?
  I have assigned the user ID as a Point of Contact in the "Access Control Owners" area but I cannot find where to associate that user to a functional area or into the master data setup in the NWBC. I'm sure I'm missing a setup step here where the standard approvers are identified against the relevant data elements.
  I have the workflow paths setup in the MSMP workflow config, but it cannot determine the recipients for the approval and therefore it goes nowhere!
  If you can help, it will be greatly appreciated.
  Cheers, Simon

  Hi Triera,
  That's not strictly true. It is possible to derive risk owner into the decision table but it does not allow you to have it as the result in this case. Creating FM rules is effectively ABAP coding. For BRF+ I would use the Flat Rules and then setup the details in the decision tables.
  Having chewed this around with a few colleagues, we came to the conclusion that its actually a fairly stupid requirement in the end anyway. Picture the scene...
  You have multiple roles in the request and then you submit it.
  Each of these roles then generate risks based upon the access. There could be multiple risks for each role and some roles which could indeed generate risks which might have multiple owners. They could also create risks when assigned together but that is only visible after each role owner has approved. Effectively, this could have endless branches and sub branches and explode out the required approvals. Once those branches get split, the approver (risk owner will only be looking at their own risk) and then would not really be assessing the total request as such.
  It works fine as a requirement if you'll only have 1 risk generated but any more than that and it gets proper messy.
  I still think there is value in being able to use agents across different Process IDs and so it's not completely dead but I'm not going to advocate Risk Owner directly in this manner for the access request process. The closest I would get is to effectively generate the CAD on the new technology (directly mapped users) and manage it from there.
  Cheers,
  Simon

• Role assignment not working

  Hi everyone,
  I am trying to assign different roles to different users for GRC - Risk Management 10.0; however it seems like standard roles don't have any affect on type of activity. I have maintained various levels of roles (e.g. risk owner, risk expert, risk manager, etc) using PFCG and assigned almost every role to the users; but it doesn't give them the authorization to create or edit anything, they can only display.
  The only workaround for this was assigning a role with the authorization object GRFN_USER (with 02 Change value enabled) or assigning SAP_GRC_FN_ALL (Power user role which also contains object GRFN_USER). However this would allow users to do "anything" they want which obviously isn't what I seek.
  I have tried changing customization options such as Maintain Custom Agent Determination Rules and Maintain Entity Role Assignment, it hasn't solved anything so far.
  I urgently require your assistance on this issue. Thank you.
  Regards,
  Seckin

  Hi,
  I 'm facing same kind of problem.
  Case 1:
  I tried with:
                    Assigning users to group (abap role) which didn't worked.
                    Assigning UME Role to group (abap role) which worked. Then i assigned the user to the UME Role, but the user is not getting the backend authorizations.
                    Assigning the portal role to the group (abap role), then when i assiged a user to the abap role from R/3 automatically the user is getting the portal role.
  How can i do the same from portal?
  Case2:     
  While distributing the portal roles to the ABAP system (System Administrator -> Permissions -> SAP Authorizations), the status is showing as "Role transfer compleated". but when i checked from the R/3 transaction WP3R, there are no portal roles.
  Why are the portal roles not getting transfered even though the status is green?
  Mr.Chowdary