Number of risks / rules
Hello GRC guys,
I am very new to GRC and currently i am trying to set up a demo system.
After doing some basic steps in RAR, i soon found a good description for "configuration steps after installation".
And as soon as i found this guide a question arose:
Why do they have more than 170.000 violations, and we have NONE?? I followed the steps provided in RULE UPLOAD of config guide and found the new SP08 for delta upgrading rules.
Looking at "Rule Architect" -> Rule Library, Action Level, we have about 16.000 active rules.
Why do they so many more rules than we have?
For ECC 6.0, upload R3* fileset.
please check the configuration parameter under Configuration > Risk Analysis > Additional Option-
"Consider Org. Rules when updating the Management reports and during Risk
Analysis Web Service Call ".
If this config parameter is set to YES this means that Organizational Rules are considered during Risk Analysis. If you do not have Organizational Rules set up in Rule Architect, Risk Analysis will display zero violations in the report. Change this option to NO if you do not have Organizational Rules set up.
Check SAP note - 1169541
After setting it, run again batch risk analysis job full sync.
I hope it will help.