- SAP Community
- Products and Technology
- Additional Q&A
- Business Unit/ Org.Unit - GRC 5.3/GRC 10.0
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Business Unit/ Org.Unit - GRC 5.3/GRC 10.0
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 01-27-2014 2:52 AM
Dear GRC consultants,
I was working with GRC 5.3 system in my previous project. Recently we have migrated to GRC 10.0. I always had a question on my mind about GRC mitigation controls being attached to business unit or Org.Units.
Why a mitigation control needs to be tagged to a business unit [GRC 5.3] or to Org.Unit [GRC 10.0]?
What is the benefit of tagging a control to these units or org,hierarchy?
Although I am creating mitigation controls following the process provided by documents, I wanted to understand the reason behind this. Someone please help me to understand the purpose of Business Unit or Org.Unit and how are they beneficial in GRC process.
Thanks in advance.
Regards,
Sai.
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi sai,
There is no diffrence between Business unit and org unit,in GRC 5.3 called as Business unit and come down to GRC 10.0 called Organization unit,in 10.0 basically we create Root organization,under root organization we will create child oraganization(nothing but business units)you will define child org's based upon your client requirement.
why this child oraganizations required is,when creation of mitigation controle ids it will ask for organization unit(nothing but business unit) you will define diffrent mitigation controles for different business process.It shold be easy to idetifying for your customer....
Regards
Ravikumar.ch
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Ravi,
Thanks a lot for your insight in this.
I understand there is no difference between Business Units and Org.Units.
But, I wanted to understand why Org.Heirarchy is being used in case of mitigation controls. Why not they use business process which is being used while creating Functions and Risks.
What is the difference between Org.Hierarchy and Business Process. Why should a mitigation control be assigned to a Org.hierarchy? I doubt there should be some important benefit out of it rather than just identifying mitigation controls for different org.units.
Regards,
Sai.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi sai,
Org Hieraachy is nothing but your company and diffrent child units(org units) and Business process is nothing but like Finance,HR,Basis ....these things
when ever for creation of mitigation controles in 10.0 it will ask for two things one org Hierachy and process.In this case u need to segregate your mitigation controles to Org hierachy to process wise you want create this controles.
Because of large org's having lot of risks shold be there, at the time of mitigation u could not understand what type of id will assigen to which risk.u will created process wise mitigation controles u can easily assigen particular mitigation controler id to particular risks.
And org heirachy you wil define pariticular mitigation id's to particular org units,because of some org units they have thier own funtionalites.that's way u will define organization heirachy is importent at time of mitigation controle id's creation.
And one thing GRC 5.3 we are used Business units and 10.0 just name changed and Organizations units that's it .........both shold be same......
I think i had provided helpfull information for u i have any doubt let me know......
Regards
Ravikumar.ch
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Sai,
There can be multiple business units under one Organisation. When you create mitigation control under organisation it will be applicable to all business units tagged to that organisation.
However, when you tag mitigation control to business unit, it will be available only for that BU. While mitigating you can filter mitigation controls based on business unit. If it is applicable only for BU, then it will not show for other business units.
Hope it helps
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Customer & Partner Roundtable for SAP BTP ABAP Environment #12 in Technology Blogs by SAP
- SAP Named a Leader in the 2024 Gartner Magic Quadrant for Transportation Management Systems in Supply Chain Management Blogs by SAP
- ISAE 3000 for SAP S/4HANA Cloud Public Edition - Evaluation of the Authorization Role Concept in Enterprise Resource Planning Blogs by SAP
- Define Bank Accounts to be Included in PEPPOL in Enterprise Resource Planning Q&A
- New 1H 2024 SAP Successfactors Time (Tracking) Features in Human Capital Management Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.