on 03-02-2012 7:13 PM
Dear Experts,
Can anyone explain me the purpose/usage of Report Tab in Mitigration Control. I have browsed the forum but could not understand the actual need of this tab as I found different answers.
Thanks,
Raj
HI Raj,
Access Controls is used as a documental tool for Mitigating Controls, rather than a implementing tool, i.e. you apply the control against the role/user, but the actual application of the control is performed outside of Access Control. This may be realized by running a custom SAP report to monitor the usage of the risky functions within the ECC system etc.
Access Control allows you to document such reports against the Mitigation Control, so this is the purpose of the tab. Given that GRC 10.0 integrates AC and PC, Mitigating Controls is master data that is shared amongst the different GRC modules, so I get the feeling Process Controls might utilize the "Report" data and check if the reports are being monitored by the control monitor/s at the scheduled frequency etc.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Kaushal for the explanation.
I am confused with the configuration of report tab.
I understand that ACTION is a free text in the report tab. What should be entered here. Can we enter any name or is there any particular SAP report name has to be entered. Please give an example for the ACTION.
Also Frequency is used. As far as I know we have schedule CONTROL MONITOR job for alter generation. If we run this job daily at what point the system will generate alert. Is it when frequency defined the report tab elapsed or How is it configured. I am just confused. Please help.
Thanks,
Raj
Hi Raj,
Action is for the t-code of the SAP Report. A brief explanation below will help in understanding
If you have a mitigation control that Mr. Z will run X report using Y t-code on a frequent basis of monthy or quarterly and reviews the report.
Then you need to give that Report name- X, in Action - Y T-code and frequency as Monthly/Quarterly. This helps for the system to check if the t-code has been executed or not in that frequency by the Monitor and generates a Alert [based on alert generation configuration]
Best Regards,
Srihari.K
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.