SAP GRC 10.0 Risk Management - Forecasting Horizon Scoring Analysis Mode

Similar Messages

• SAP GRC 10.0 - Risk Analysis - Define global variant

  Hi Experts,
  We are implementing SAP GRC 10.0 and we have a question about variant management in Access Risk Analysis.
  When we saved a variant, it seems that this variant is user specific.
  Is it to possible to define this variant as default for all users?
  Thanks.
  Best regards,
  Nicolas RICHARD

  Hi,
  I think this is still user-specific, as it was in 5.X. I have checked the new GRC authorisation object parameters delivered within the roles and also tried to see if a Admin user was able to see all the variants created by the different users, but so far I have not found a solution.
  It may be worthwhile to raise this in "IdeaPlace", hoping it gets enough votes and SAP's attention for implementing in a future Support Pack delivery.

• BC sets activation for GRC 10.0 Risk Management

  Hi ,
  I am new to  Risk management,please suggest  the required list of   BC set for activation.
  Thanks in advance,
  Varun

  Hi Varun ,
  Apart from the common BC sets , You also need to activate RM Specific BC sets.
  You can find the list in  Installation Guide " SAP Access Control, SAP Process Control, and SAP Risk  Management 10.0/10.1"
  ( https://websmp108.sap-ag.de/~form/sapnet?_SCENARIO=01100035870000000202&_SHORTKEY=01100035870000718172 )
  Here is the list for your quick reference:
  BC_SET_ANALYSIS_PROFILE
  BC-SET_ACTIVITY_TYPES
  BC_SET_BENEFIT_CATEGORY
  BC_SET_DEFINE_CATEGORIES_POWL
  BC_SET_DEFINE_THREE_POINT_ANALYS
  BC_SET_DRIVER_CATEGORY
  BC_SET_IMPACT_CATEGORY
  BC_SET_IMPACT_LEVEL
  BC-SET_INFLUENCE_STRENGTH
  BC_SET_MAINTAIN_DEFAULT_QUERY
  BC-SET_MAINTAIN_OPP_RESP_TYPES
  BC_SET_MAINTAIN_USER_RESP
  BC_SET_OBJECTIVE_CATEGORIES
  BC_SET_PROBABILITY_LEVEL_ID
  BC_SET_PROBABILITY_LEVEL_MATRIX
  BC-SET_RESPONSE_EFFECTIVENESS
  BC-SET_RESPONSE_TYPE
  BC_SET_RISK_APETITE
  BC_SET_RISK_LEVEL
  BC_SET_RISK_LEVEL_MATRIX
  BC_SET_RISK_PRIORITY_MATRIX
  BC_SET_ROLES
  BC_SET_SPEED_OF_ONSET
  BC-SET_LOSS_MATRIX_COLORS
  BC_SET_UNIT_MEASURE
  BC-SET_RISK_RESPONSE_TYPE
  BCSET-GRRM-GRFNV_POLICYTYPE
  BCSET-GRRM-GRRMVPOLICYRESP
  BCSET-GRRM-GRFNV_POLICYTYPE 
  BCSET-GRRM-GRRMVPOLICYRESP 
  Thanks & Regards
  Uma Shankar T

• Enterprise Risk Management Approach in SAP GRC

  Hi All,
  Can you please let me know  as to what is the approach followed for implementation of  Enterprise Risk Management (ERM) in SAP GRC.  Also please tell me how the internal control frameworks like COSO, COBIT is mapped to ERM in SAP GRC.
  Regards
  Vivek

  Dear Vivek,
  While assigning roles to users, you will be displayed the risks that are identified with those roles, if any. You can either mitigate or remove the roles.
  The process covered by GRC Risk management includes the following steps:
  -Risk Planning: Determines the approach to risk management in each business area or project. This includes setting up the risk management organization and defining risk thresholds . This phase is partially supported by a software application.
  -Risk Identification and Analysis: Identifies the risks in order to analyze and prioritize them along different attributes, such as probability of occurrence and potential total loss associated to the risk.
  -Risk Response: Decides on actions needed to respond to a risk. One action could be to actively mitigate the risk to reduce probability of occurrence and/or potential impact.
  -Risk Monitoring: Includes the regular update of risk information and the risk reporting to monitor progress along the risk management process.
  The Risk Management application provides a set of different reporting capabilities based on the individual needs of the target groups:
  -A set of built-in reports that are delivered with the application. These reports allow risk managers to review the current risk state.
  -Visual Composer based dashboards that provide information about the current risk status on an aggregated basis. The dashboards fulfill the risk reporting needs of senior managers and line managers.
  Step 1: You maintain the Risk structure
  1. You set up the organizational hierarchy
  2. You set up the Activity Hierarchy
  3. You set up the Risk Hierarchy
  Step 2: You perform the Risk Assessment
  1. You identify the risks
  2. You analyze the risks
  3. You respond to risks
  4. You document the Incidents
  Step 3: You analyze risk reports
  1. You generate risk reports
  2. You report the incidents
  Step 4: You analyze the dashboards
  Refer SAP documentation on GRC for more information.
  Regards,
  Naveen.

• How SAP Risk Management may be interfaced with SAP Strategy Management?

  Hello,
  Any document, any customer experience around integration between SAP BusinessObjects Strategy Management and SAP BusinessObjects Risk Management would be very appreciated.
  Best regards
  Jean-Luc

  Hi Renaud,
  where you able to create your webservice and use it from GRC RM?
  If yes, I would be interested in - 'How do i connect SAP RM 3.0 with that web service'
  Regards
  Holger

• Risk Management & Process controls for non SAP client

  Hi Forum Gurus,
  I need clarity on the following:  Can Risk managment 3.0 and Process controls be implemented for a non-SAP client?
  i.e. Our client does not run SAP, but they are interested in RM and PC, so is this possible to implement?
  Any advice would be highly appreciated.
  Kind regards,
  PREVO.

  Hi Prevo,
  Process control and Risk management 3.0 are delivered within same installation package files so it is same for both the applications .
  Also real time agents for Oracle or peoplesoft are avaialble if you want to leverage the automated control functionality of PC 3.0 in non SAP environment.
  Remember the automated control functionality is the optional feature of PC3.0.If you wish only to use the manual controls features of PC 3.0 you dont need RTAs(real time agent).
  You can find further information about manual controls at http://service.sap.com
  use the quicklink '/rkt' then the following menu path: SAP Business Objects for GRC Solutions -> SAP BO Process Control 3.0 -> Technology Consultant
  Regards
  Debraj

• Integrate external identity management solution in SAP GRC Access Control

  We need to integrate an external identity management solution into SAP GRC Access Enforcer. Some white paper mention extensibility is provided by web services. It seems that none of these web services are documented. Does anybody have infos about these services and documentation. Any hint is appreciated.
  thanks
  Detlef

  Unfortunately Access Enforcer doesn't implement a number of critical requirements and implementing it "as is" would be a lot of steps backwards in our process.
  what do the published webservices do? Is there any documentation about them?
  In a part of our process, we must manually pick the current roles(1), the pending roles(2) (roles that were approved but not given due to training prerequisites) and the requested new roles(3) and make the simulation in the VCC.
  The information (1) and (2) and (3) we have in our internal system, the information (1) we have inside VCC and (2) and(3) must be manually inputted by the operator to run the simulations. Since this operation is repeated 6000+ times a month in my company, eliminating this manual input will cause a great gain in efficiency.
  Other thing that we want to do is to create a job where it would automatically desassociate the mitigating controls if the user does not have the risks anymore (users can lose roles automatically in some events here, so it would be coherent that the user also loses the associated mitigating controls)
  IMHO as a former programmer, these are classic cases where I would like to consume some webservices for this tasks to avoid a lot of ctrc ctrlv from the operators (inefficient and error prone)
  VCC has any documentation that would help me to find how I would do this integrations?
  Thanks in advance

• Are GRC Access Control, Process Control and Risk Management separate?

  Are these 3 different modules that you have to purchase separately or are they included in one suite?

  Hi Anne,
  If you are refering to GRC Access Controls 5.3, Process Control 3.0 and Risk Management 3.0 - All 3 are separate.
  A new version of GRC 10.0 has been launched which is currently in ramp up. This has all the above 3 in one suite.
  Thanks and Best Regards,
  Srihari.K

• SAP GRC PC 10.1 Policy Management

  Hi Gurus,
  I am performing a Policy Management Cycle in SAP GRC PC 10.1, and I find the following problem. The approver receives in the Workinbox the notification for perform the approval of the policy, and, if he decide Send to Rework, no one receives the rework, but if I activate a fallback user, he receives everything
  I configured the following business events in the SPRO Actibity : "Maintain Custom Agent Determination Rules".
  Business
    Event
  Role
  Entity ID
  Subtype
  Business Event
    Name
  0FN_AHISSUE_DEFAULT_PRC
  1
  SAP_GRC_SPC_CRS_POLICY_OWNER
  POLICY
  Default processor for ad-hoc issue
  0FN_AHISSUE_DEFAULT_PRC
  1
  SAP_GRC_SPC_GLOBAL_ORG_OWNER
  ORGUNIT
  Default processor for ad-hoc issue
  0FN_POLICY_APPROVE
  1
  SAP_GRC_SPC_CRS_PLC_APPR
  POLICY
  Approve policy
  0FN_POLICY_DEFAULT_APPR
  1
  SAP_GRC_SPC_GLOBAL_ORG_OWNER
  ORGUNIT
  Default apporver for policy
  0FN_POLICY_DEFAULT_APPR
  2
  SAP_GRC_SPC_GLOBAL_ORG_ADMIN
  ORGUNIT
  Default apporver for policy
  0FN_POLICY_REVIEW
  1
  SAP_GRC_SPC_CRS_PLC_REVIEW
  POLICY
  Review policy
  0FN_ISSUE_NOTIFY
  1
  SAP_GRC_SPC_CRS_POLICY_OWNER
  POLICY
  Send notification to object owner
  I am working with a copy of the standard roles, so I configure the table with the copy of these roles.
  In the transaction SWIA an error appears which says in field Executed Action: "No Action". I am wondering if maybe it could happens because user WF_BATCH (user used for the workflow) doen't have enought authorizations.
  I also test it in the sandbox and it works perfect (without fallback and with SAP_ALL in WF_BATCH user).
  Some help will be appreciated.
  Thanks!

  Hello Giridhar,
  What parameters are you referring to?
  You meant the parameters in General Configuration in AC?
  Best Regards,
  Fernando

• Available now: New Business Transformation Study for Aurubis on the 7 month implementation and success with SAP Commodity Risk Management

  We just published a Business Transformation Study with Aurubis AG, the world’s leading integrated copper producer, on how SAP Commodity Risk Management solution helps them to hedge commodity price risks with the highest accuracy and integration and to meet stringent compliance regulations like EMIR with lowest risk, effort, and cost.
  With SAP Commodity Risk Management, all business processes related to commodity derivatives including the settlement, accounting and payment processes are now integrated and generated within the existing SAP ERP system. Please read the BTS here .

  Thanks Samuli.
  You're right, it seems BAdI HRESS_NWBC_MENU_EXT will work. I think I didn't make myself very clear as I didn't say that launchpad menu will no longer be used with NWBC since we will use the left side navigation, much user friendly and quicker to access to.
  Reading SAP documentation it seems this BAdI (available from EHP7+) will solve my issue.
  Thanks for the hint.
  Do you see any blocking point from moving SAP Portal to SAP NWBC for HTML even with 12000+ users?
  Thanks again.
  Best Regards,
  AS

• Solution Manager and a SAP GRC AC 5.3

  Hello,
  We have a Solution Manager and a SAP GRC AC 5.3
  We ant to know if somebody knows how to connect or the architecture os infrastructure to connect the Solution MAnager with the GRC.
  What we have to do is... If someone in the Solman does a user or role request, the SAP GRC gets this request and begins the necesary workflows.
  I need help
  Best regards.
  Pablo Mortera.

  Hi,
  As per your requirement, you want that the request should be automatically trigerred from Solman to GRC.
  In GRC, CUP is used to provision the user and roles. The request can directly be created in CUP by a functionality known as HR triggers however this requires SAP_HR module which is not present in Solman.
  So it is not possible to create request directly from solman. User can login to CUP and then can create the request for his login.
  Regards,
  Shweta

• Risk Management interactive reports drill up error

  Hi,
  I have been working with Risk Management 10 in SAP GRC recently.  I noticed that when using the Risk Manager Interactive Reports in the Report section (Heat Map and Overview Report), I have received an error when trying to drill back up to the parent organizational unit after I have drilled down to the child sub organization.
  Our current workaround is to click on the <All> unit, close the window, and then reopen the window and drill back down to the parent unit.  While this workaround has been successful when using the reports so far, it is difficult to communicate this error to other users when they attempt to use the reports.
  Are there any fixes to this error, or any plans to fix?  Otherwise, is there a feature that needs to be adjusted in Risk Management?  Thanks.

  Bump

• SAP GRC 10.0 on ECC

  Hi Guys,
  We are planning on implementing SAP GRC 10.0. Our Basis guy has suggested that we can use ECC (EHP 6) box for installing the add on(GRCFND_A) component for it. The reason for this is to avoid adding another system to the landscape and to reduce the cost of implementation
  Are there any known issues using this approach?
  Thanks in advance,
  Silver

  Hi
  the GRC project is totally IT driven.
  I get why you are having to drive this - especially when you have to respond to audit requirements and your focus is on support processes.
  However, GRC is all about business risk management - Governance, Risk and Compliance (well internal controls). The GRC System is just the tool to manage this. Without business buy in how is this going to be successful? Who will review business process to determine what a risk is? Who in a senior leadership position will determine what risks are acceptable? Who will determine appropriate controls, report on them, and more importantly enforce them? Who in a leadership position will champion the project and support why a user must work a certain why (including access removed from them)?
  I get that you are focussing on a POC and trying to minimise cost but what happens post POC? I've given recommendations where I've said don't put in GRC until you sort your process and culture. I've done this as much as the innner techy in me knows I won't get to play with a new toy because without all the business buy-in you will have a system built and deployed that gives you a false sense of security when it comes to managing access controls.
  Another way to look at the SP issues - what happens if it's on ECC and the functional team (aka the business representatives) demand an SP increase for their functionality? They proceed to increase SP and now your functionality stops working.. which then impacts the business as you can't process their access requests and give them timely access to the system (assume this is your business case). Are your basis team going to tell the business that they can't have the SP stack increase because IT needs the system on a certain level and they need to wait until next time it's compatible?
  Good luck with your POC. I understand it will allow you to use the tool and check what will work for the business. If you are still undecided on system landscape post POC, take care in having that decision made for you. As you go down the POC path and time runs out the project may move from POC to design/build and now that it's working there will be reluctance to move it to a separate system.
  Regards
  Colleen

• Scope of SAP GRC

  Hi Experts,
  Need ur valuable suggestion..
  I am getting opportunity to work on GRC module.
  How is the scope for GRC Consultant in near future?? Is it very specialized module.
  awaiting ur reply..
  Julie

  Hi Julie,
  SAP GRC as it name states is on Governance Risk and Compliance. It has very good scope and it has below submodules:
  1) Access Control
  2) Process Control
  3) Risk Management
  4) Employee Health Security
  5) Global Trade Service
  The GRC module has focus on Security and compliance, which is need of the hour.
  It will take some time to get exposure to all sub-modules; however expertise in sub-modules like AC, PC and RM is also highly respected.
  You will get added advantage if you also have funtional experince as well.
  Hope you will be able decide based on the above inputs.
  regards,
  Jwalant

• Download SAP GRC for ECC 6.0

  How can I download SAP GRC for ECC 6.0?

  GRC applications comprise Access Control, Process Control, Global Trade Service, Environmental Compliance, Environment Health & Service, Risk Management, etc.
  The software license for these applications scales with the licensing organization's revenue or an equivalent metric.
  You'll obtain a quotation from your account manager.