on 01-25-2013 10:37 AM
Hi GRC Gurus,
As per PC 3.0 the following is the hierarchy in which sign off will happen.
Process Control sends the sign-off survey tasks and instances to the owners of all levels subject to sign-off, based upon your configuration of the Default Sign-Off Level parameter and the organizations scheduled for sign-off. For details on this parameter, refer to the Survey Parameters and Defaults section in Sign-Off Survey Master Data.
Process Control sends the sign-off survey tasks and e-mail notifications first to the respondent (owners of the objects) at the lowest level subject to sign-off (for example, subprocess owners first, then process owners, then organization owners).
After the respondent for each lower level subject to sign-off has completed the sign-off task, Process Control then sends the survey tasks and e-mail notifications to the respondent of the next higher level subject to sign-off. The sign-off survey tasks and e-mail notifications will proceed up each level, until finally reaching the topmost level of the sign-off hierarchy.
However in PC 10.0 I do not find a level below organisation to trigger sign off survey. I tried with owner roles at sub-process and process level also but to no avail. Kindly throw some light.
Regards
KSolaiappan
Hi,
Even in PC3.0 the signoff process is only on organization level and never on the levels below organization.
Regards,
Smita.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Smita,
Please see the link http://help.sap.com/saphelp_grcpc20/helpdata/en/a7/85f3fbd6ac4382abebcdbc729e6157/content.htm
There are three options provided.
1. Organisation only
2. Process and Organisation only.
3. Sub-process, process and organisation.
Regards
KSolaiappan
Hi Smita,
Thanks for your reply.
Chapter 5 of the above guide provides as follows:
5.1 The revised clause 49 requires annual certification by CEO/CFO on the design and operating effectiveness of internal control over financial reporting. The internal control framework explained in the preceding section ( refers to the guide) forms the basis of this certification.
5.2 The certification process is based on a bottom-up approach. Line managers provide assurance on the design and operating effectiveness of internal control based on the internal control framework created.
5.3 The accountability starts with the CEO and CFO and then delegated to various process owners throughout the organization. Regardless of documentation and performance of testing for operational effectiveness, process owners take responsibility for their respective business process and controls. Process owners provide assurance upwards periodically ( eg. Each quarter) to a designated authority (e.g., Chief Risk Officer) to ensure that execute management provides assurance to the senior management on the operations of internal controls, status of deficiencies, changes in the design to process controls.
5.4 The designated authority ( e.g. Chief Risk Officer) in turn provides assurance to CEO and CFO on completion of the assessment process that the following have been disclosed and reported to the Auditors and the Audit Committee:
5.5 Based on the above, the CEO and CFO provide certification on the internal controls to the Board.
The functionality as was existing in PC 2.0 meets the above requirement exactly and I do not think SOX requirement would be different.
I would like to know the reason behind removing such a useful functionality in a higher version. Any document on this withdrawal will be handy.
Even in Peoplesoft there is sign off options at subprocess level. Why not in SAP GRC.
"Sign-Off Options in Peoplesoft
Sign-Off Level Specify the level at which sign offs are required. Options are:
Subprocess: Select to require sign offs only
by subprocess owners.
Subprocess and Bus. Process: Select to require sign offs by both subprocess owners and business process owners."
Thanks & Regards.
KSolaiappan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.