SAP BusinessObjects GRC 10.0 Integration Guide Access & Process Control 10.0

Similar documents
How to Integrate SAP Crystal Server with SAP Business One

SCM605 Sales Processing in SAP ERP

CR500. CRM Middleware COURSE OUTLINE. Course Version: 10 Course Duration: 2 Day(s)

SAPSCM. Overview of the SAP Supply Chain Management Application COURSE OUTLINE. Course Version: 15 Course Duration: 3 Day(s)

SCM610. Delivery Processing in SAP ERP COURSE OUTLINE. Course Version: 10 Course Duration: 3 Day(s)

Business One in Action - How to change the valuation method of an item?

SCM601. Processes in Logistics Execution COURSE OUTLINE. Course Version: 10 Course Duration: 3 Day(s)

AC605 Profitability Analysis

SCM520. Purchasing COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

FS242. Deposits Management in Banking Services from SAP 8.0 COURSE OUTLINE. Course Version: 10 Course Duration: 4 Day(s)

BO100. Reporting with SAP BusinessObjects BI Solutions for SAP NetWeaver BW COURSE OUTLINE. Course Version: 15 Course Duration: 20 Hours

Business One in Action Alternative Items in Marketing Document

TM430. Strategic Freight Management in SAP Transportation Management COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)8 Hours

AC210. New General Ledger Accounting (in SAP ERP) COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

PLM120 Document Management

BPC440 SAP Business Planning and Consolidation: Consolidation

AC010. Business Processes in Financial Accounting COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

PLM230. SAP Project System Controlling COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

PUBLIC Setup 4.6 Systems for MAI

Sizing SAP Quality Issue Management, Version 1.0

MOB320. SAP Agentry Work Manager for IBM Maximo COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

Migration from SAP BO PC 7.5 NW Version to SAP BO PC 10 NW Version

TTM12. SAP Transportation Management II (SAP TM) COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

EWM100. Extended Warehouse Management - Processes COURSE OUTLINE. Course Version: 10 Course Duration: 3 Day(s)

SM100. SAP Solution Manager Configuration for Operations COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

EWM100. Processes in SAP Extended Warehouse Management - Overview COURSE OUTLINE. Course Version: 16 Course Duration: 5 Day(s)

Migration Scenarios for Subsequent Implementation of Functions

SCM510 Inventory Management and Physical Inventory

Delta Overview Student Lifecycle Management EHP 4 (Business Suite 7)

Business One in Action - How to generate a report showing a list of AR Invoices paid through cheques?

How to Create EU Sales Reports in SAP Business One 8.82 (DE)

Store Specific Consumer Prices

Sales Quotation. SAP Best Practices

SAP Best Practices for Subsidiary Integration in One Client Consolidation Preparation: Intercompany Reconciliation

TERP10. SAP ERP Integration of Business Processes COURSE OUTLINE. Course Version: 16 Course Duration: 10 Day(s)

Business One in Action How does SAP Business One Deal with Realized and Unrealized Exchange Rate Differences?

SAP Best Practices for Subsidiary Integration in One Client Intercompany Revenue Planning and Reporting with CO-PA

WebDAV & remote support platform for SAP Business One

SAP BusinessObjects GTS 8.0: How to Customize US Re-Export

Sales Order Processing with Collective Billing. SAP Best Practices

Quality Management for Procurement with Vendor Evaluation. SAP Best Practices

New UI for Cost Center Planning with SAP ECC 6.0 EhP6. August, 2012

What are the Specifics Concerning the Authorizations of a Composite Provider?

Subcontracting. SAP Best Practices

SAP HANA Cloud Connector Solution Brief

SYSTEM LANDSCAPE OPTIMIZATION GROUP S CLIENT TRANSFER SERVICE FAST TRACK TO MINIMIZING YOUR SYSTEM LANDSCAPE S COMPLEXITY

SAP Library Documentation for Electronic Correction Letters (CC-e)

SAP Workforce Performance Builder 9.5

SCM525. Consumption-Based Planning and Forecasting COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

Intercompany Cross-Border Central Sourcing SAP Best Practices Baseline Package

SAP BUSINESS OBJECTS INTEGRATION WITH SAP NETWEAVER BPM

SAP Transportation Management. Visual Business Configuration with SAP TM

SAP Mobile Application Certification Overview. SAP Integration and Certification Center November 2011

Remote Support Platform for SAP Business One. June 2013 Partner External

SRMCS OCI to UI5 Cross Catalog Search. Consulting Purchasing Solutions SAP Deutschland AG & Co. KG 2013

Customer Reference for:

Interaction Center for Automotive

Application Lifecycle Management (ALM)

SAP Sourcing / CLM Webcast Object Migration. March 2012

Customer Reference for:

GaRO: Business in Your Pocket

User Access Review (UAR) Reference Guide SAP Access Control 10.1

MIGRATING FROM DESKTOP INTELLIGENCE TO WEB INTELLIGENCE. Saurabh Abhyankar. Tomasz Zima. Solution Management

SAP GRC Access Control: Installation Best Practices FAQ

SAP NetWeaver Portal 7.3

RKT Live Expert Session

The Critical Role of Management Support in OCM Initiatives - A Tale of Two Projects

How To Create and Use an SAP ME Process Workflow

U.S. FDA TiTle 21 CFR PART 11 ComPliAnCe ASSeSSmenT of SAP ReCiPe management

SAP Simple Finance Transforming Finance with Instant Insight. CFO overview

ORGANIZATIONS, PROCESSES,

How To... Implement a Transformation End Routine

How To Set Up and Use SAP ME Complex Assembly

How To Set Up and Use the SAP ME Time Sensitive Material Feature

SAP Enterprise Point-of-Sale 3.1 SP07

Master Guide. SAP S/4HANA Supply Chain for secondary distribution 1.0

Sizing SAP Central Process Scheduling 8.0 by Redwood

BI Standardization: Reduce TCO + Improve Usability Chicago User Group - Nov. 18, 2011 Mike Watschke, Global COE for BI, EIM & DW

Consulting Solution. Batch Management Batches on plant level + EWM. Contact: Matthias Nater for questions & contract details

PS Project System. SAP ERP Central Component

Time Recording. SAP Best Practices

PSEG increases IT operational efficiency with RUN SAP Like a Factory and SAP Solution Manager

Managing the Smart Grid with the next IT Generation Examples, Trends and next Steps

Analytics for Human Capital Management

SAP BusinessObjects BI 4.x & SAP NetWeaver BW. Mapping BEx Query Elements to SAP BusinessObjects BI4 Query Panel

SAP HANA Cloud Integration for SAP Sales and Operations Planning. Contact: Ben Hofmans, George Keller, Subha Ramachandran March 27, 2014

Configuring Substitution in MSS

How does all this work together BW, BW on HANA, Suite on HANA, HANA Live. Part 5: Customer Landscape #5

SAP Consulting Solution. SCS 3 rd Party Monitor. User Documentation. SAP Deutschland AG & Co. KG. Hasso-Plattner-Ring 7 D Walldorf

EHP4 for SAP ERP 6.0 March 2010 English. Revenue Planning (172) Business Process Documentation. SAP AG Dietmar-Hopp-Allee Walldorf Germany

Configuration of Warehouse Management with Preconfigured Processes

SAP Cloud Reference Systems. Scenario Outline. Cash and Liquidity Management (Processing Payables and Payments)

SAP AG hereby confirms that the interface software for the product SmartExporter 2.0

Process and Data- Exchange Solution for Utilities. White Paper

Planning for Peak Performance with SAP BusinessObjects Business Intelligence Platform. Greg Myers, SAP Mentor August 12, 2011

Security Considerations and Certificate Requirements. SAP Business One Cloud Landscape Workshop

IP AUDITS IN THE CORPORATE CONTEXT Key Objectives & Requirements

Upgrade to SAP NetWeaver Process Integration 7.3

SAP BusinessObjects BI 4.x - Comparing interface options to SAP NetWeaver BW & SAP NetWeaver BW on SAP HANA - Ingo Hilgefort, SAP May 2013

Customer Contract Management. SAP Business ByDesign

Transcription:

SAP BusinessObjects GRC 10.0 Integration Guide Access & Process Control 10.0 Applies to: SAP BusinessObjects Access Control 10.0, SAP BusinessObjects Process Control 10.0 Summary SAP BusinessObjects Access Control (AC) is an enterprise software application that enables organizations to control access and prevent fraud across the enterprise, while minimizing the time and cost of compliance. The application streamlines compliance processes, including access risk analysis and remediation, business role management, access request management, superuser maintenance, and periodic compliance certification. AC delivers immediate visibility of the current risk situation with real-time data. SAP BusinessObjects Process Control (PC) is an enterprise software solution for compliance and policy management. The compliance management capabilities enable organizations to manage and monitor their internal control environment. This provides the ability to proactively remediate any identified issues, and then certify and report on the overall state of the corresponding compliance activities. The policy management capabilities support the management of the overall policy lifecycle, including the distribution and attestation of policies by target groups. These combined capabilities help reduce the cost of compliance and improve management transparency and confidence in overall compliance management processes. With the release of GRC 10.0, Access Control and Process Control are offered as an integrated solution, both at the data layer and at the user interface layer. This new unified platform enables increased harmonization of key master data. Organization, process and control structures can now be shared across components of Access Control and Process Control, which supports a more integrated approach to governance, risk, and compliance. Access risks identified in Access Control can be mitigated using controls managed by Process Control, as an example. This document details methods for harmonizing data across Access Control and Process Control. Authors: Ankur Baishya, SAP Customer Solution Adoption GRC Solution Management Created on: 31 August, 2011 Version: 3.0

Typographic Conventions Type Style Example Text Description Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options. Cross-references to other documentation Icons Icon Description Caution Note or Important Example Recommendation or Tip Example text Example text Example text <Example text> EXAMPLE TEXT Emphasized words or phrases in body text, graphic titles, and table titles File and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools. User entry texts. These are words or characters that you enter in the system exactly as they appear in the documentation. Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system. Keys on the keyboard, for example, F2 or ENTER.

Table of Contents Applies to:... 1 Summary... 1 1. Management Overview... 9 2. Technical Prerequisites... 10 3. Enable PC Controls for AC Assignment... 10 3.1 Shared Data... 10 3.2 Maintain Owners... 11 3.3 Maintain Organization Unit... 12 3.4 Assign Owners to Org Unit... 13 3.5 Select Organization Unit Subprocess / Control... 14 3.6 Edit Local Control for Assignment in Access Control... 14 3.7 Assign Local Control to Access Risk... 16 4. Manage AC Created Controls in Process Controls... 18 4.1 Identify Business Processes in Process Control to be shared with Access Control.. 18 4.2 Create Access Control Business Processes... 19 4.3 Map AC Business Processes to PC Processes... 21 4.4 Create AC Mitigating Control... 24 4.5 Maintain the Mitigating Control in Process Control... 26 5. Related Content... 28 6. Feedback... 28

1. Management Overview Two main scenarios are described in this document: Enabling local controls in Process Control for assignment in Access Control Managing Access Control mitigating controls in Process Control The GRC 10.0 platform provides the option of sharing master data across capabilities. Specifically, organizations, processes, subprocesses, and controls can be shared between Access Control and Process Control. Organization data can be shared or segmented based on a companies internal policies. Access to data is controlled by user authorization. Integration provides various benefits across different application uses, including: Unified Master Data decreases the total cost of ownership and provides more consistent data across the system landscapes Shared Application Roles no redundancy in control and risk owners Full cycle remediation process end-to-end compliance across GRC processes Integration is also available by creating a PC SOD Control, which offers automated access risk analysis from an automated control in Process Control. Page 9

2. Technical Prerequisites In previous releases, AC and PC integration used web services. However, with the harmonized GRC10.0 platform, the use of web services is no longer required. NOTE This guide discusses only AC and PC Integration scenarios and associated process steps. Prior knowledge of AC and PC concepts is recommended. The prerequisites include the following: Install the GRCFND_A software component and activate AC and PC on the same client. Complete the post-installation steps for AC and PC listed in the SAP BusinessObjects Access Control 10.0 / Process Control 10.0 / Risk Management 10.0 Installation Guide at http://service.sap.com/instguides. For new deployments, the Organization, Control, Business Process, and Subprocess data shared between AC and PC must be identified and maintained in the platform. For customers upgrading to the 10.0 release, Organization, Control, Business Process and Subprocess data shared between AC and PC must go through data transformation before migration and upgrade. See the SAP BusinessObjects Access Control 10.0 Migration Guide (http://service.sap.com/instguides) for details. You must configure Access Risk Analysis in AC. Create the connector to your ERP system, either upload or activate the rule set, generate the rules, and perform synchronization in the following order: o o o o PFCG Role Profile User 3. Enable PC Controls for AC Assignment Data is shared between Access Control and Process Control. This data includes Organizations, Business Processes, Subprocesses, and Controls. How this data is exposed and shared to your users depends on how your business utilizes AC and PC. This chapter describes the steps to assign local controls in Process Control for use as mitigating controls in Access Control. This option allows customers with both products to leverage a single set of controls. The option also enables Access Control customers to measure the effectiveness of their mitigating controls via Process Control s automated and semiautomated testing. 3.1 Shared Data GRC 10.0 is a harmonized platform. Although maintenance of data within AC and PC is similar in 10.0 as it was in previous releases, there are some key differences. The following master data is shared between AC and PC for the release 10.0 integration scenario. Page 10

Organizations Business Processes Business Subprocesses Controls This diagram provides an overview of the steps required to enable local PC controls for assignment as mitigating controls in Access Control: Assign Owners as Monitors & Approvers (AC Owners) Select Compliance Org Unit (Organizations) Select Process / Subprocess (Org Unit) Select PC Local Control (Org Unit) Assign Monitor & Approver (Org Unit) Assign Mitigating Control ID Assign Access Risks Assign Approver & Monitor 3.2 Maintain Owners Go to Access Owners Access Control Owners Create On this screen, identify the users or user groups who should be Mitigation Monitors and Approvers. Page 11

3.3 Maintain Organization Unit Go to Master Data Organizations Navigate to the appropriate Organization Unit and click Open. Navigate to all tabs associated with the Organization Unit. Page 12

3.4 Assign Owners to Org Unit Organization Unit Owners Tab. Assign the appropriate owners to the Organization Unit by using the Add Row button. The list of owners available is based on the owners identified in step 3.2. Page 13

3.5 Select Organization Unit Subprocess / Control Organization Unit Subprocess Tab. Select the subprocess and control which will be assigned to an access risk. Click Open to view/edit the local control. 3.6 Edit Local Control for Assignment in Access Control Local Control General Tab. Update the Mitigating Control ID field. Note: Once saved, the mitigating Control ID cannot be changed. Page 14

Local Control Access Risks Tab. Assign the Access Risks that the Control will be available to mitigate in Access Control. Local Control Owners Tab. Assign a Mitigation Approver and Mitigation Monitor to the Control; one of each is required. The list of available owners is based on the owners assigned to the organization unit in step 3.4. Save changes to the control. Page 15

3.7 Assign Local Control to Access Risk Access Risk Analysis User Level Risk Analysis. Define and run an access risk analysis. Access Risk Analysis Risk Analysis Results. In the risk analysis results, select the access risks you assigned to the control in Step 3.6. Click the Mitigate Risk button. Page 16

Access Risk Analysis Assign Mitigation Controls. In the Assign Mitigation Control window you see the mitigating Control ID assigned to the access risks along with the Monitor ID. If you do not see the correct Control ID, search for it in the Control ID column. You can also view details of the control by highlighting a row and clicking View Details /Control ID. Click Save to save the mitigation control assignment. Page 17

4. Manage AC Created Controls in Process Controls This section discusses how to maintain Mitigating Controls (created in Access Control) in Process Control. This option allows users familiar with Access Control to continue maintaining Mitigating Controls in the same user interface they used before. However, the control they maintain will also display and be available from Process Control. The benefit of this option is there is little impact on existing Access Control users. Yet the mitigating controls can be measured for effectiveness via Process Control s automated and semi-automated testing. Create Process & Subprocess (IMG) Assign Owners as Monitors & Approvers (AC Owners) Select Compliance Org Unit (Organizations) Create Control (Access Risk) Map PC Process & Subprocess (PC Process) Assign Monitor & Approver (Org Unit) Assign Mitigating Control ID Assign Access Risks Assign Approver & Monitor 4.1 Identify Business Processes in Process Control to be shared with Access Control Master Data Activities and Processes Business Processes. Identify the Process and Subprocess that will be shared between Access Control and Process Control. Page 18

4.2 Create Access Control Business Processes Access Control Business Processes are maintained in the backend IMG. SPRO SAP IMG Reference Governance, Risk and Compliance Access Control Maintain Business Processes and Subprocesses Create Business Processes and Subprocesses which map to the Business and Subprocesses in Process Control identified in 4.1. Page 19

Enter the Business Process, save it and select the green arrow to go back. Select the process you created and double click Business Subprocess Enter the Subprocesses, save it and select the green arrow to navigate back Page 20

4.3 Map AC Business Processes to PC Processes Master Data Activities and Processes Business Processes. In this step you map the processes created in the AC IMG to the Processes in PC. This step allows controls created in AC to be assigned in PC. Page 21

Select the Process and click Open. In the Process, map the Process you created in Step 4.2. These display in the Business Process drop down. Next, choose a subprocess to map and click Open. Page 22

In the Subprocess, map the Subprocess you created in Step 4.2. These display in the Business Subprocess dropdown. Page 23

4.4 Create AC Mitigating Control The Mitigating Control screen is used by Access Control for creating mitigating controls that are assigned to access risks. Although this screen is not needed to create mitigating controls (as described in Chapter 3), customers may continue creating mitigating controls using this interface. It is important to have completed the mapping steps described in section 4.3 before creating controls using this interface. In the Mitigating Controls list, click the Create button to create a new mitigating control Page 24

Enter the Mitigating Control information. Select the correct Organization Unit to assign the mitigating control. Select the Process and Subprocess. These display based on the entries done in Step 4.2 Assign the Access Risks that this mitigating control is valid for. Assign an Approver and Monitor Owner to the mitigating control. One of each is required. Review Chapter 3 for more information on assigning owners. Page 25

4.5 Maintain the Mitigating Control in Process Control The Mitigating Control created in Step 4.4 can now be maintained using the Process Control maintenance screens. Go to Master Data Organization. Find the Organization Unit you assigned the mitigating control, and click Open On the Organization Screen, select the Subprocess tab. On this tab you will find the Subprocess and Control assigned to Organization Unit. Select the control and click Open The control information entered on the mitigating control screen is available. The control can now be updated with testing plans and other effectiveness testing details. The Access Risks and Owners tabs are also available and contain the details of the access risks and owner assignments made from the mitigating control screen. Page 26

The Access Risks Screen. The Owners Screen. Page 27

5. Related Content On the Web go to: http://help.sap.com Business User Governance, Risk and Compliance www.sdn.sap.com/irj/bpx/grc 6. Feedback Your feedback regarding this document is important to us. Send comments to GRC_RIG@sap.com Copyright/Trademark 7. copyrigth Copyright 2011 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iseries, pseries, xseries, zseries, eserver, z/vm, z/os, i5/os, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Oracle Corporation. JavaScript is a registered trademark of Oracle Corporation, used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects S.A. in the United States and in other countries. Business Objects is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. Page 28

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback