SAP GRC PC 10.1 Policy Management

Similar Messages

• SAP GRC 10.0 Risk Management - Forecasting Horizon Scoring Analysis Mode

  Hi everyone,
  In SAP GRC 10.0 Risk Management Support Package 7, we need to assess a corporate risk by performing an automatic analysis aggregation based on a scoring analysis profile.
  The problem is that corporate risks must be created based on a forecasting horizon.
  So, can we create forecasting horizons with scoring analysis mode? How? Must be enabled through customizing or applying a SAP note?
  Best Regards,
  Chema Traveso

  Hi,
  I think this is still user-specific, as it was in 5.X. I have checked the new GRC authorisation object parameters delivered within the roles and also tried to see if a Admin user was able to see all the variants created by the different users, but so far I have not found a solution.
  It may be worthwhile to raise this in "IdeaPlace", hoping it gets enough votes and SAP's attention for implementing in a future Support Pack delivery.

• Enterprise Risk Management Approach in SAP GRC

  Hi All,
  Can you please let me know  as to what is the approach followed for implementation of  Enterprise Risk Management (ERM) in SAP GRC.  Also please tell me how the internal control frameworks like COSO, COBIT is mapped to ERM in SAP GRC.
  Regards
  Vivek

  Dear Vivek,
  While assigning roles to users, you will be displayed the risks that are identified with those roles, if any. You can either mitigate or remove the roles.
  The process covered by GRC Risk management includes the following steps:
  -Risk Planning: Determines the approach to risk management in each business area or project. This includes setting up the risk management organization and defining risk thresholds . This phase is partially supported by a software application.
  -Risk Identification and Analysis: Identifies the risks in order to analyze and prioritize them along different attributes, such as probability of occurrence and potential total loss associated to the risk.
  -Risk Response: Decides on actions needed to respond to a risk. One action could be to actively mitigate the risk to reduce probability of occurrence and/or potential impact.
  -Risk Monitoring: Includes the regular update of risk information and the risk reporting to monitor progress along the risk management process.
  The Risk Management application provides a set of different reporting capabilities based on the individual needs of the target groups:
  -A set of built-in reports that are delivered with the application. These reports allow risk managers to review the current risk state.
  -Visual Composer based dashboards that provide information about the current risk status on an aggregated basis. The dashboards fulfill the risk reporting needs of senior managers and line managers.
  Step 1: You maintain the Risk structure
  1. You set up the organizational hierarchy
  2. You set up the Activity Hierarchy
  3. You set up the Risk Hierarchy
  Step 2: You perform the Risk Assessment
  1. You identify the risks
  2. You analyze the risks
  3. You respond to risks
  4. You document the Incidents
  Step 3: You analyze risk reports
  1. You generate risk reports
  2. You report the incidents
  Step 4: You analyze the dashboards
  Refer SAP documentation on GRC for more information.
  Regards,
  Naveen.

• Solution Manager and a SAP GRC AC 5.3

  Hello,
  We have a Solution Manager and a SAP GRC AC 5.3
  We ant to know if somebody knows how to connect or the architecture os infrastructure to connect the Solution MAnager with the GRC.
  What we have to do is... If someone in the Solman does a user or role request, the SAP GRC gets this request and begins the necesary workflows.
  I need help
  Best regards.
  Pablo Mortera.

  Hi,
  As per your requirement, you want that the request should be automatically trigerred from Solman to GRC.
  In GRC, CUP is used to provision the user and roles. The request can directly be created in CUP by a functionality known as HR triggers however this requires SAP_HR module which is not present in Solman.
  So it is not possible to create request directly from solman. User can login to CUP and then can create the request for his login.
  Regards,
  Shweta

• Integrate external identity management solution in SAP GRC Access Control

  We need to integrate an external identity management solution into SAP GRC Access Enforcer. Some white paper mention extensibility is provided by web services. It seems that none of these web services are documented. Does anybody have infos about these services and documentation. Any hint is appreciated.
  thanks
  Detlef

  Unfortunately Access Enforcer doesn't implement a number of critical requirements and implementing it "as is" would be a lot of steps backwards in our process.
  what do the published webservices do? Is there any documentation about them?
  In a part of our process, we must manually pick the current roles(1), the pending roles(2) (roles that were approved but not given due to training prerequisites) and the requested new roles(3) and make the simulation in the VCC.
  The information (1) and (2) and (3) we have in our internal system, the information (1) we have inside VCC and (2) and(3) must be manually inputted by the operator to run the simulations. Since this operation is repeated 6000+ times a month in my company, eliminating this manual input will cause a great gain in efficiency.
  Other thing that we want to do is to create a job where it would automatically desassociate the mitigating controls if the user does not have the risks anymore (users can lose roles automatically in some events here, so it would be coherent that the user also loses the associated mitigating controls)
  IMHO as a former programmer, these are classic cases where I would like to consume some webservices for this tasks to avoid a lot of ctrc ctrlv from the operators (inefficient and error prone)
  VCC has any documentation that would help me to find how I would do this integrations?
  Thanks in advance

• CAreer in SAP BASIS comaprision with SAP GRC/Security

  Hi Everyone,
  I am an SAP BASIS consultant with 2 years of experience working in a MNC company,
  I want to change my career to SAP GRC/SAP Security, i have some basic knowledge on SAP Security,
  COuld you please advice me, which one to choose,?
  Does  SAP GRC/Security has demand , and can we get oportunities to work abroad compared to SAP BASIS ?
  which one has more scope SAP BASIS or SAP Security/GRC ?
  Because in BASIS, i am not getting enough scope to work on some good things like Installation, upgrades, Migration,
  i am doing a very basic kind of work like tranports, job scheduling, monitoring, and other small activities ?
  So request you people to advice me ?
  <removed_by_moderator>
  Read the "Rules of Engagement"
  regards
  Rakesh  Rao
  Message was edited by: Juan Reyes

  Hi Rakesh
  I saw your post in GRC and was waiting of it to appear here
  First up - 2 years is still junior. You may find batch jobs, transports, monitoring, etc all mundane but it is a foundation and learning ground work and foundations to being a good Basis Administration. And one things for sure, an awesome basic (I name my best-techy-friend) makes a huge difference on project timelines and deliverables for the rest of us.
  Installation and Upgrades come with time. Whilst still performing junior tasks you could focus on reading up on approaches in case an opportunity in your job comes us and be prepared to prove to your management that you are ready for a bigger responsibility.
  Switching to GRC/Security would be pointless unless you have a desire to learn GRC or Security. These are my background and they are undervalued until things go wrong (insurance policy in a way).
  If you do switch you will reset your 2 years of domain experience back to 0 and you will start off with password resets and basic user administration
  It takes time to work through the ranks. It was 3 years before I got to build my first role. I spent my first few years in security on email chasing approvals, password resets, user account creation, running reports for audit - sounds familiar to what you are doing now?
  You have to master the basics before you are trusted and ready for the more complex activities. By knowing what you are doing now you will be more successful when the time comes to step up and do migrations, upgrades and installations. Support production by mastering you technical analysis skills is how you can break through being a fresher/junior
  Regards
  Colleen
  Ps - if your motivation is more than "good things" happy to answer questions specific to security and GRC.
  Also, boring doesn't mean it can't get interesting nor does it mean it's a worthless activity: SPAU transport imported before patching!!
  Message was edited by: Colleen Lee
  Added link for when transports go bad

• 500   Internal Server Error in GRC 5.3 Enterprise Role Management

  Hi All;
  We've installed Sap GRC Access Control 5.2 on Sap Netweaver 7.0.
  We installed SAP NetWeaver 7.0 (2004s)
  SAP Internet Graphics Service (SAP IGS)
  VIRCC00_0.SCA -SP15
  VIRAE00_0.SCA -SP15
  VIRRE00_0.SCA -SP15
  VIRFF00_0.SCA -SP15
  VIRSANH  -SP15
  VIRACCNTNT.SAR-SP15
  Our sp levels are for abap side;
  SAP_ABA     700     0014
  SAP_BASIS     700     0014
  PI_BASIS     2005_1_700     0014
  SAP_BW     700     0016
  VIRSANH     530_700     0015
  When we started to configure the components according to the Configuration Guide,In Enterprise Role Management part,i want to do the Configuring Risk Analysis Integration with RAR but on the CONFIGURATION tab when i navigate to the Miscellaneous,the page gives me the error message :
  "500   Internal Server Error
    SAP J2EE Engine/7.00 
    Application error occurred during request processing.
    Details:   java.lang.NullPointerException: null
  The logs are;
  #1.5 #0050568C003D006800000011000026540004A12E73AF8A7C#1303120788268#com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager#sap.com/irj#com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager.addDefaultAlias#J2EE_GUEST#0##n/a##98478fc069a211e0cef50050568c003d#Thread[ConfigurationEventDispatcher,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error##Plain###
  [BEGIN] Exception -
  javax.naming.NameNotFoundException: Child not found: Collaboration_Integration_WebEx at portal_content [Root exception is javax.naming.NameNotFoundException: Child not found: Collaboration_Integration_WebEx at portal_content]
       at com.sapportals.portal.pcd.gl.PcdFilterContext.filterLookup(PcdFilterContext.java:407)
       at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1248)
       at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
       at com.sapportals.portal.pcd.gl.PcdProxyContext.proxyLookupLink(PcdProxyContext.java:1353)
       at com.sapportals.portal.pcd.gl.PcdProxyContext.proxyLookup(PcdProxyContext.java:1300)
       at com.sapportals.portal.pcd.gl.PcdProxyContext.lookup(PcdProxyContext.java:1067)
       at com.sapportals.portal.pcd.gl.PcdGlContext.lookup(PcdGlContext.java:68)
       at com.sapportals.portal.pcd.gl.PcdURLContext.lookup(PcdURLContext.java:238)
       at javax.naming.InitialContext.lookup(InitialContext.java:347)
       at com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager.addDefaultAlias(SCFSystemManager.java:239)
       at com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager.doAliasOperations(SCFSystemManager.java:111)
       at com.sap.ip.collaboration.sync.impl.scf.config.ServiceRegistryConfiguration.refreshCache(ServiceRegistryConfiguration.java:203)
       at com.sap.ip.collaboration.sync.impl.scf.config.ServiceRegistryConfigEventListener.refreshConfigCache(ServiceRegistryConfigEventListener.java:13)
       at com.sap.ip.collaboration.sync.impl.scf.config.AbstractConfigEventListener.configEvent(AbstractConfigEventListener.java:28)
       at com.sapportals.config.event.ConfigEventService.dispatchEvent(ConfigEventService.java:227)
       at com.sapportals.config.event.ConfigEventService.configEvent(ConfigEventService.java:112)
       at com.sapportals.config.event.ConfigEventDispatcher.callConfigListeners(ConfigEventDispatcher.java:308)
       at com.sapportals.config.event.ConfigEventDispatcher.flushEvents(ConfigEventDispatcher.java:251)
       at com.sapportals.config.event.ConfigEventDispatcher.run(ConfigEventDispatcher.java:110)
  Caused by: javax.naming.NameNotFoundException: Child not found: Collaboration_Integration_WebEx at portal_content
       at com.sapportals.portal.pcd.gl.xfs.XfsContext.getChildAtomicName(XfsContext.java:431)
       at com.sapportals.portal.pcd.gl.xfs.XfsContext.lookupAtomicName(XfsContext.java:235)
       at com.sapportals.portal.pcd.gl.xfs.BasicContext.lookup(BasicContext.java:919)
       at com.sapportals.portal.pcd.gl.PcdPersContext.lookup(PcdPersContext.java:387)
       at com.sapportals.portal.pcd.gl.PcdFilterContext.filterLookup(PcdFilterContext.java:403)
       ... 18 more
  [END] Exception -
  Exception id: [0050568C003D007500000039000026540004A12E88C68DAE]"
  #1.5 #0050568C003D006D000000A7000026540004A12E79B6901C#1303120889408#System.err#sap.com/tc~kw_tc#System.err#J2EE_GUEST#0##n/a##9ea951f069a211e0c6f00050568c003d#SAPEngine_Application_Thread[impl:3]_39##0#0#Error##Plain###Apr 18, 2011 1:01:29 PM      com.sap.kw.framework.FrontController [SAPEngine_Application_Thread[impl:3]_39] Info: FrontController: app init failed ...
  #1.5 #0050568C003D006D000000A8000026540004A12E79B6925E#1303120889408#System.err#sap.com/tckw_tc#System.err#J2EE_GUEST#0##n/a##9ea951f069a211e0c6f00050568c003d#SAPEngine_Application_Thread[impl:3]_39##0#0#Error##Plain###Apr 18, 2011 1:01:29 PM      com.sap.kw.framework.FrontController [SAPEngine_Application_Thread[impl:3]_39] Path: Caught java.lang.NullPointerException: FATAL ERROR: Could not load E:
  usr
  sap
  MGD
  DVEBMGS00
  j2ee
  cluster
  server0
  apps
  sap.com
  tckw_tc
  servlet_jsp
  SAPIKS2
  root
  WEB-INF
  ApplConfig.xml
       at com.sap.kw.framework.XMLConfiguration.<init>(XMLConfiguration.java:53)
       at com.sap.kw.actions.ApplConfig.init(ApplConfig.java:83)
       at com.sap.kw.framework.FrontController.init(FrontController.java:222)
       at com.sap.engine.services.servlets_jsp.server.runtime.context.WebComponents.addServlet(WebComponents.java:139)
       at com.sap.engine.services.servlets_jsp.server.container.ApplicationThreadInitializer.loadServlets(ApplicationThreadInitializer.java:386)
       at com.sap.engine.services.servlets_jsp.server.container.ApplicationThreadInitializer.run(ApplicationThreadInitializer.java:110)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  #1.5 #0050568C003D007200000021000026540004A12E7AD53183#1303120908190#com.sap.slm.exec.message.SLMApplication#sap.com/tcslmslmapp#com.sap.slm.exec.message.SLMApplication#J2EE_GUEST#0##n/a##a061141069a211e0890c0050568c003d#SAPEngine_Application_Thread[impl:3]_32##0#0#Error##Java###"CfgObjectLoadVisitor" cannot load com.sap.slm.util.config.objects.CfgSDTServer from SLM configuration. Cannot read configuration in path ''SLM''##
  #1.5 #0050568C003D001B00000002000026540004A12E7B3058F9#1303120914164#com.sap.sl.ut##com.sap.sl.ut####n/a##e362b43069a211e0c20e0050568c003d#SAPEngine_System_Thread[impl:5]_29##0#0#Info#1#/System/Server#Plain### Location :<com.sap.sl.ut> is initialized!#
  #1.5 #0050568C003D001B00000004000026540004A12E7B3059B1#1303120914164#com.sap.sl.ut##com.sap.sl.ut####n/a##e362b43069a211e0c20e0050568c003d#SAPEngine_System_Thread[impl:5]_29##0#0#Info#1#/System/Server#Plain### Cotegory :</System/Server> is initialized and bound to Location: <com.sap.sl.ut>#
  #1.5 #0050568C003D001B00000006000026540004A12E7B3076F4#1303120914172#com.sap.sl.ut##com.sap.sl.ut####n/a##e362b43069a211e0c20e0050568c003d#SAPEngine_System_Thread[impl:5]_29##0#0#Info#1#/System/Server#Plain###Establishing db connection...#
  #1.5 #0050568C003D002400000297000026540004A12E7CC1E87F#1303120940477#com.sap.portal.prt.sapj2ee.error##com.sap.portal.prt.sapj2ee.error####n/a##39c1422069a211e08b030050568c003d#SAPEngine_System_Thread[impl:5]_86##0#0#Error#1#/System/Server#Java###Exception while starting: sap.com/ccxsysbgear
  [EXCEPTION]
  #1#com.sap.engine.services.deploy.container.DeploymentException: <Localization failed: ResourceBundle='com.sap.engine.services.deploy.DeployResourceBundle', ID='Exception while starting: SAPJ2EE::sap.com/grc~ccxsysejbear', Arguments: []> : Can't find resource for bundle java.util.PropertyResourceBundle, key Exception while starting: SAPJ2EE::sap.com/grc~ccxsysejbear
       at com.sap.portal.prt.sapj2ee.SAPJ2EEPortalRuntime.getAndStartSAPJ2EEApplicationItem(SAPJ2EEPortalRuntime.java:876)
       at com.sap.portal.prt.sapj2ee.PortalRuntimeContainer.prepareStart(PortalRuntimeContainer.java:511)
       at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationLocalAndWait(DeployServiceImpl.java:4361)
       at com.sap.engine.services.deploy.server.ReferenceResolver.processReferenceToApplication(ReferenceResolver.java:589)
       at com.sap.engine.services.deploy.server.ReferenceResolver.processMakeReference(ReferenceResolver.java:399)
       at com.sap.engine.services.deploy.server.ReferenceResolver.beforeStartingApplication(ReferenceResolver.java:328)
       at com.sap.engine.services.deploy.server.application.StartTransaction.beginCommon(StartTransaction.java:162)
       at com.sap.engine.services.deploy.server.application.StartTransaction.beginLocal(StartTransaction.java:141)
       at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhasesLocal(ApplicationTransaction.java:356)
       at com.sap.engine.services.deploy.server.application.ParallelAdapter.runInTheSameThread(ParallelAdapter.java:132)
       at com.sap.engine.services.deploy.server.application.ParallelAdapter.makeAllPhasesLocalAndWait(ParallelAdapter.java:250)
       at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationLocalAndWait(DeployServiceImpl.java:4450)
       at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationsInitially(DeployServiceImpl.java:2610)
       at com.sap.engine.services.deploy.server.DeployServiceImpl.clusterElementReady(DeployServiceImpl.java:2464)
       at com.sap.engine.services.deploy.server.ClusterServicesAdapter.containerStarted(ClusterServicesAdapter.java:42)
       at com.sap.engine.core.service630.container.ContainerEventListenerWrapper.processEvent(ContainerEventListenerWrapper.java:144)
       at com.sap.engine.core.service630.container.AdminContainerEventListenerWrapper.processEvent(AdminContainerEventListenerWrapper.java:19)
       at com.sap.engine.core.service630.container.ContainerEventListenerWrapper.run(ContainerEventListenerWrapper.java:102)
       at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
       at com.sap.engine.core.thread.impl5.SingleThread.execute(SingleThread.java:81)
       at com.sap.engine.core.thread.impl5.SingleThread.run(SingleThread.java:152)
  Caused by: com.sapportals.portal.prt.runtime.PortalRuntimeException: [ExternalApplicationItem.prepare]: SAPJ2EE::sap.com/grc~ccxsysejbear
       at com.sapportals.portal.prt.core.broker.ExternalApplicationItem.prepare(ExternalApplicationItem.java:188)
       at com.sapportals.portal.prt.core.broker.SAPJ2EEApplicationItem.prepare(SAPJ2EEApplicationItem.java:232)
       at com.sapportals.portal.prt.core.broker.SAPJ2EEApplicationItem.start(SAPJ2EEApplicationItem.java:192)
       at com.sapportals.portal.prt.service.sapj2ee.Mediator.getAndStartExternalApplication(Mediator.java:132)
       at com.sap.portal.prt.sapj2ee.StartPortalApplication.coreRun(StartPortalApplication.java:59)
       at com.sap.portal.prt.sapj2ee.StartPortalApplication.run(StartPortalApplication.java:36)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  Caused by: com.sapportals.portal.prt.core.broker.PortalApplicationNotFoundException: Could not find portal application ccxsysbgear
       at com.sapportals.portal.prt.core.broker.PortalApplicationItem.prepare(PortalApplicationItem.java:415)
       at com.sapportals.portal.prt.core.broker.ExternalApplicationItem.prepare(ExternalApplicationItem.java:180)
       ... 9 more
  #1.5 #0050568C003D00750000003B000026540004A12E88C693CF#1303121142088#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#sap.com/grc~reear#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#J2EE_ADMIN#117##YDSAPGRC_MGD_2172750#J2EE_ADMIN#4bfa377069a311e0b9230050568c003d#SAPEngine_Application_Thread[impl:3]_1##0#0#Error#1#/System/Server/WebRequests#Plain###application [RE] Processing HTTP request to servlet [REController] finished with error.
  The error is: java.lang.NullPointerException: null
  Exception id: [0050568C003D007500000039000026540004A12E88C68DAE]#
  waiting for your responses as soon as possible because the system has to be up and running till wednesday.
  Tahnx in advance

  Hi Bilge,
  did you put your text in a blender before sending it?
  I understood everything works fine except the miscellaneous menu item in the configuration tab of ERM?
  Have you already tried to clear all browser cache, close all browsers and try it again?
  Best,
  Frank

• SAP GRC 10.0 on ECC

  Hi Guys,
  We are planning on implementing SAP GRC 10.0. Our Basis guy has suggested that we can use ECC (EHP 6) box for installing the add on(GRCFND_A) component for it. The reason for this is to avoid adding another system to the landscape and to reduce the cost of implementation
  Are there any known issues using this approach?
  Thanks in advance,
  Silver

  Hi
  the GRC project is totally IT driven.
  I get why you are having to drive this - especially when you have to respond to audit requirements and your focus is on support processes.
  However, GRC is all about business risk management - Governance, Risk and Compliance (well internal controls). The GRC System is just the tool to manage this. Without business buy in how is this going to be successful? Who will review business process to determine what a risk is? Who in a senior leadership position will determine what risks are acceptable? Who will determine appropriate controls, report on them, and more importantly enforce them? Who in a leadership position will champion the project and support why a user must work a certain why (including access removed from them)?
  I get that you are focussing on a POC and trying to minimise cost but what happens post POC? I've given recommendations where I've said don't put in GRC until you sort your process and culture. I've done this as much as the innner techy in me knows I won't get to play with a new toy because without all the business buy-in you will have a system built and deployed that gives you a false sense of security when it comes to managing access controls.
  Another way to look at the SP issues - what happens if it's on ECC and the functional team (aka the business representatives) demand an SP increase for their functionality? They proceed to increase SP and now your functionality stops working.. which then impacts the business as you can't process their access requests and give them timely access to the system (assume this is your business case). Are your basis team going to tell the business that they can't have the SP stack increase because IT needs the system on a certain level and they need to wait until next time it's compatible?
  Good luck with your POC. I understand it will allow you to use the tool and check what will work for the business. If you are still undecided on system landscape post POC, take care in having that decision made for you. As you go down the POC path and time runs out the project may move from POC to design/build and now that it's working there will be reluctance to move it to a separate system.
  Regards
  Colleen

• SAP GRC 10.0 - Risk Analysis - Define global variant

  Hi Experts,
  We are implementing SAP GRC 10.0 and we have a question about variant management in Access Risk Analysis.
  When we saved a variant, it seems that this variant is user specific.
  Is it to possible to define this variant as default for all users?
  Thanks.
  Best regards,
  Nicolas RICHARD

  Hi,
  I think this is still user-specific, as it was in 5.X. I have checked the new GRC authorisation object parameters delivered within the roles and also tried to see if a Admin user was able to see all the variants created by the different users, but so far I have not found a solution.
  It may be worthwhile to raise this in "IdeaPlace", hoping it gets enough votes and SAP's attention for implementing in a future Support Pack delivery.

• SAP GRC 5.3 Ramp up

  Does SAP GRC 5.3 Ramp up have complete integration with NW IDM 7.0?
  Note:
  We have enaged with SAP for GRC 5.3 Ramp up program and also we have the plans of integrating NW IDM 7.0 & GRC 5.3.

  Well, my previous project we have integrated Siteminder with AE 5.2 using Apache as the web server and its production now.
  Netweaver IDM can be integrated with AE and CC.
  Check out for the document.,
  SAP NetWeaver® Identity Management GRC Integration
  Thanks.
  Regards,
  Muthu Kumaran KG

• Scope of SAP GRC

  Hi Experts,
  Need ur valuable suggestion..
  I am getting opportunity to work on GRC module.
  How is the scope for GRC Consultant in near future?? Is it very specialized module.
  awaiting ur reply..
  Julie

  Hi Julie,
  SAP GRC as it name states is on Governance Risk and Compliance. It has very good scope and it has below submodules:
  1) Access Control
  2) Process Control
  3) Risk Management
  4) Employee Health Security
  5) Global Trade Service
  The GRC module has focus on Security and compliance, which is need of the hour.
  It will take some time to get exposure to all sub-modules; however expertise in sub-modules like AC, PC and RM is also highly respected.
  You will get added advantage if you also have funtional experince as well.
  Hope you will be able decide based on the above inputs.
  regards,
  Jwalant

• Alternatives to SAP GRC Tool to monitor compliance & automatic provisioning

  Hello Gurus,
  Not sure if this would be the right forum to ask this but surely there exist tools in the market which are viable alternatives to the SAP GRC Tool. We are a large semiconductor firm and currently manage role assignments, user provisioning and auditing manually.It is a huge cost overhead and is labor intensive.
  Looking at possible alternatives?
  SAP GRC Tool is a strong contender but I am trying to weigh in other options with it and their comparisons.
  To your minds, what would be the biggest advantage of implementing GRC versus any other third party tool? What is the distinctive edge it provides? This is also to help me build a strong business for pushing GRC to the management.
  Appreciate any thougts/ideas/suggestions, at the earliest!! Much appreciated.
  -Tan
  Edited by: Tania Nijhawan on Jul 21, 2011 2:19 AM

  Hi Tania,
  GRC is a convenient grouping of solutions that have been developed and acquired over time. There are pros and cons in every application and no one can say that SAP GRC is 100% best and un comparable with any other compliance product in the market.
  But, I can strongly say that GRC gels well with all the SAP flavours such as ECC and BI, and it is easy to implement, incorporate, and manage.
  With the introduction of GRC 10, SAP is looking at more features and easy to manage compliance solutions. I bet you can't get A to B product comparision anywhere. I rather suggest you to look at the top ten features and advantages in different products in terms of deployment, adaptability, user friendlyness etc., and opt for the right one.
  Regards,
  Raghu

• Download SAP GRC for ECC 6.0

  How can I download SAP GRC for ECC 6.0?

  GRC applications comprise Access Control, Process Control, Global Trade Service, Environmental Compliance, Environment Health & Service, Risk Management, etc.
  The software license for these applications scales with the licensing organization's revenue or an equivalent metric.
  You'll obtain a quotation from your account manager.

• Advice on SAP GRC career

  Hello,
  My name is Vijay and I am from Denver, CO. I will be graduating with a Master's degree in Information Systems next month from Colorado State University. I have got a job as a ITPA Associate with a big four firm. My job description reads
  1. Assisting clients in matters of Data Assurance, ERP Controls, IT Risk and Security Assurance,Data Protection and Privacy, Project Assurance, and Advanced Risk and Compliance Analytics
  2. Providing ERP controls services to help audit and non-audit clients address risk and control needs around ERP systems
  3. Assessing, recommending, designing and configuring controls as they relate to businessprocesses, ERP application security, and Governance, Risk and Compliance (GRC)".
  4.Designing and assessing control related services around major ERP systems; and
  5.Translating business requirements to efficient and integrated ERP control frameworks.
  I am very new to SAP GRC. Can you please guide me through how to form a career path in SAP GRC?
  Thanks,
  Vijay

  Hi Vijay,
  SAP GRC is  good career path however you start your career basically as a sap security junior associate and finally lands up in the jobs like:
  SAP Security and Controls Consultant
  Senior SAP Security and Controls Consultant
  SAP Security and Controls Administrator
  SAP Security & GRC Consultant
  SAP GRC Manager
  SAP Process Controls Experts
  SAP Advisory Manager - IT Risk Transformation etc.
  Thanks & Regards
  Subhasish

• SAP GRC Access Control - Compliance Calibrator - License Cost

  Dear all,
  I have some questions on Compliance Calibrator implementation.
  1. Do  we have to pay additional cost for the license to implement Compliance Calibrator?
  2. Since SAP GRC 5.3 is just released, which one do you recommend? SAP GRC 5.2 or 5.3?
  3. What would be the major difference between Compliance Calibrator in GRC 5.2 and 5.3?
  Best regards,
  Rolando

  Hi Rolando-
  1. Yes, there lies some license cost and the amount should not as much as taking SAP R/3 license. I am not sure of exact amount but its nominal as compared to other SAP products.
  2. SAP always recommend for the latest version available and why not one would go for latest version if you are paying something for that.
  Also, it depends on your existing R/3 version and its compatibility. In short run, you can choose per your existing versions but in long run everyone has to move to latest version. Say for example whoever is using SAP R/3 technology with whatever version, they all need to upgrade to ECC6.0 by 2011 with extension upto 2013. I am not sure of any such information about GRC AC though.
  3. Some enhancement have been done with CC 5.3. Those features include-
  1. Risk analysis for SAP Enterprise Portal and UME
  2. BI integration for custom reporting
  3. Reporting enhancement features include additional auditor, business manager and IT reports
  4. SOD management by exception. Can be integrated with workflow.
  5. Import/Export of configuration data
  6. Migration scripts
  7. Download and print capability on every report.
  Some performance improvements-
  1. Concurrent risk analysis.
  2. batch mode risk analysis
  3. Improved memory mgmnt etc.
  Hope it gives you now some more visibility.
  Cheers!
  Ashok