on 05-22-2015 11:26 AM
Hello experts,
We are in GRC AC 10.1 SP7 and for ARA module we are creating a mitigation control. But after create this master data no mitigation control are showed on the list.
In NWBC->Master Data->Mitigating Controls we created a simple mitigation control test with:
Owner and Monitor are indicated and associated to the Organization;
Only AC component are activate (we not have PC component);
We are not using WF approval (parameters 1061 = NO and 1062 = NO);
If we going to SPRO > Governance, Risk and Compliance > Shared Master Data Settings > Set Up Structure: Expert Mode we can see the mitigation control created below Local Control;
This will impact naturally when we will try to mitigate the risk after a risk analysis;
Anyone knows why we cannot see and use the mitigation control that we just have created?
Best regards
In this case the mitigation control only appears if plan variant of the organizational structure is set to 01. In our case we are using plan variant 013 because we need to import organizational structure from our back end system (in there is set to 013 and we need to replicate this in GRC system for a request approval flow purpose).
Any idea how we can set a different plan variant that is not 01 and maintain the mitigation control functionality on?
Why standard have this behavior between different plan variants and at same time allows changing the plan variant.
Thanks and Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Basis kaar,
Check the tables HRP1000 and HRP1001.
For further information, you can start your search by typing HRP* in SE16/SE16n
Regards,
Deepak M
P.S: Please go through the rules of SCN and try searching for the same question in forum and then post the discussion as a separate thread please instead of continuing in the old disuccion. Thanks in advance.
Hello Pedro,
Please Check this note
190062 - Plan Version recommendation for Mitigation Control
Regards,
Deepak M
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Pedro,
Did you create the Subprocess - whcih I couldnt find in above screenshots.
Do the following:
1. Create the Business Process and subprocess in --> NWBC--> Master Data--> Business PRocesses.
2. Create controls under Sub Process, As you use only AC, you can create all your control under one Subprocess. For e.g - IT Process --> IT Subprocess --> List of 30 controls.
3. Now goto NWBC --> Master Data--> Organizations--> Assign Subprocess--> Assign Control.
4. You will see all the controls will appear under Mitigation COntrol tab once assigned this way.
Rajesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Rahesh, thanks for your reply.
Hi follow your indications but because we are not using PC component I´m not able to see Buiness processes in master data (NWBC--> Master Data--> Business PRocesses).
What is the purpose of creating processes and subprocesses in NWBC if those were created in SPRO?
Thanks
Dear Pedro,
strange issue - can you please check the following:
- limitation of authorization (GRAC_MITC)?
- check your queries (do you have a filter active)?
From my point of view the mitigating control is saved but your are just not able to see it.
Let us know.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Alessandro, thanks for your reply.
I check the points you mentioned:
- Limitation of authorization (GRAC_MITC) = * . The user has SAP_ALL profile;
- Queries: there is no queries activated or any filters apply;
What controls this view? This could be something in webdynpro?
What tables should I consider to analyze?
Thanks
Hi Pedro,
1. have you created mit. control from NWBC. then it should appear, after you assign Monitor and owner, as defined in your Child Org. unit.
Pre-requsite: Define owners in child org. unit
2. Local Controls in Shared Master data means that they can also be used in PC. Since you are not using PC, it is no meaning viewing that.
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.