- SAP Community
- Products and Technology
- Additional Q&A
- GRC 10 ARA: Mitigation Control mass assignment for...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC 10 ARA: Mitigation Control mass assignment for different Organisations
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 11-24-2014 1:31 PM
Dear GRC Experts,
we have an issue where a GRC End User is responsible for assigning Mitigation Controls. This GRC End User is authorised via object GRAC_MITC to assign controls for
Organsiation A - Controls follow range A*
and Organisation B - Controls follow range B*.
So the End User wants to use Mitigation Control mass assignment from the User Level Risk Analysis report.
For a SOD that is mitigated by a Control A* and a Control B* the GRC application will enter everytime Control A* into the Mitigation Control Assignment table that is popping up when using button "Mitigate Risk".
This table is nice for mass assignment but if in this table a mass change is required before submitting it´s very unhandy.
In our case the End User needs to assign a control B* instead of control A* that was selected by the GRC application - so he has to remove controls A* from every line and remove it by control B*.
Does anybody if the Mitigation Mass assignment table can be handled differently or will be enhanced during next GRC Support Packs? We are on GRC 10 SP 12.
Many thanks and best regards,
Markus
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Markus,
so far there is no functionality that supports your requirement. If the user has authorization for both controls the system will automatically propose the first from the list.
May be you might have a look at the following document that elaborates how mass mitigation can be performed with the help of local files (e.g. Excel):
Let us know if you need further details.
Best regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Alessandro,
thanks for your reply. I have checked your document which is really helpful but as we require a solution for the GRC end user the use of the up/download report is not applicable.
Reason for that is as far as I know the authorisation for the report cannot be limited to a certain GRC organisation or control range.
We do have several different organisations working in the same GRC client so limited authorisation to only change mitigation assignments of the own organisation is very important.
Any solution for this?
Thanks and regards,
Markus
Answers (0)
- SAP ECC Conversion to S/4HANA - Focus in CO-PA Costing-Based to Margin Analysis in Financial Management Blogs by SAP
- GRC Risk Management Series: Risk Analysis profile in Technology Blogs by Members
- The 5 Pitfalls to Avoid in Adverse Media Monitoring in Supply Chain Management Blogs by Members
- 2024 SAP Cloud Identity Services & IAM Portfolio: What’s New? in Technology Blogs by Members
- Why Safety Data Sheets and What's New in Technology Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.