cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC Reports and Analytics

Go to solution
former_member251721
Explorer

on ‎09-19-2016 9:30 AM

0 Kudos

Hi Folks

For the much experienced GRC 10 Consultants I would like to ask: what are the most, say 10 or 20, GRC reports a GRC/SAP Security Consultant will run on daily, weekly, monthly or annually as part of GRC/SAP Security work operations.

regards

Massoud

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

alessandr0
Active Contributor
‎09-19-2016 2:31 PM
0 Kudos

Massoud,

I work with several clients and this depends on the setup. Each company is different and uses different processes and functionalities. Therefore there is no guideline what and how often should be analyzed. E.g. if you are using Access Request Management to provision users, then you maybe want to check open requests, overdue requests, maybe you are using SLAs, then you need to check them, etc. etc. etc.

Hope this helps.

Regards,

Alessandro

Show replies
Show replies
former_member251721
Explorer
‎09-19-2016 11:33 PM
0 Kudos

HI Alessandro

Thanks for the reply. May be I should have been more specific.

I am new to GRC10 hence the question. But I have history with older versions.

If you for example look at the header " access management" under the Reports and analytic you will see there are over 47 reports. Surely, not all of them will be used on the operation of GRC on daily or weekly basis by the GRC consultant or other stake holders/responsible who need GRC for its reports. ?

regards

Massoud

alessandr0
Active Contributor
‎09-20-2016 12:36 PM
0 Kudos

Massoud,

as I mentioned it depends on the setup. Personally I do use these reports once I have to check something. E.g. with the UAR History Report or UAR Status Report I check the status after I have ran UAR reviews. Others like Requests with conflicts and mitigations can be used to analyze requests.

Rather than the Reports and Analytics tab I more often use the application "Search Request" and "Provisioning Logs".

It all depends on your function and what you need to check. There is no right or wrong.

Regards,

Alessandro

Former Member
‎09-20-2016 1:06 PM
0 Kudos

Massoud,

As a GRC admin, my experience is much like Alessandro's: I too use the Search Request function more often than the reports on the Reports and Analytics tab. It is only when specific questions arise, such as questions about the mitigated objects or the available mitigating controls, that I need to run any of those reports. They are more for the business, and it is your job as the GRC expert to figure out which of those reports will meet the needs of your business users. If you do not yet know what the pain points of your business users are, you might need to ask them. We run the SOD reports on users and roles and distribute them monthly as a courtesy to our key users, and the User Access Review reports are run during UAR periods. There is no way that Alessandro or anyone here can tell you which ones will be helpful to you or to your users. That is for you to figure out, by running them and seeing what information is returned. That is why they pay you the big bucks

Gretchen

Answers (0)

Ask a Question