SAP Process Control

Is May 25th, 2018 looming over your head?

The new General Data Protection Regulation (GDPR) effective May 25, 2018 is right around the corner and it is critical that organizations get educated and take action in preparation.  Simply put, all organizations that collect and process personal data of EU data subjects regardless of size will be affected.  Organizations processing personal data must demonstrate lawful purpose combined with ongoing accountability and governance with much stronger protection measures. Even though …

Read More »

Anti-ClickJacking and GRC

Clickjacking is an UI-redressing attack where an attacker tricks a user to click on something different than the user is aware of. This attack makes use of standard possibilities in HTML and does not use weaknesses in the code of the application. To tackle the Clickjacking, SAP deployed a mechanism which while building the application disables any threat of clickjacking. While building a BSP application, system adds a logic of …

Read More »

Visualization capabilities in GRC 10.1 Reporting using SAP Lumira

Reporting is always an important topic for customers. There are standard reports delivered in SAP GRC- Process Control 10.1 and Risk Management 10.1. Most of these delivered reports are not in graphical format like pie charts, bar graphs and the output is mostly in ALV format. This blog demonstrates the enhanced GRC Reporting capabilities by leveraging SAP Lumira. SAP Lumira is a reporting tool which provides the ability to visualize data …

Read More »

Operational DATA Provider Enablement for analytical reporting on GRC Process Control 10.1

  Operational Data Provisioning is implemented in a modeling environment used together with the search and provides a metadata view in which a Data Source can be given analytical properties in order to define an Operational Data Provider (ODP). Operational Data Provisioning uses ODPs here to allow semantically related Data Sources to act as Info Providers, so that the data is available to the Analytic Engine in an Operational Analytics …

Read More »

How to Carry forward Open Issues after Sign-off in SAP GRC Process Control

SAP Process Control (PC) offers sign-off functionality to formalize accountability for the status of internal controls across the organizational hierarchy. Some companies use the sign-off process to support certain regulatory requirements such as the Section 302 attestation required by the Sarbanes-Oxley Act of 2002. Other companies use sign-off primarily as a method of letting upper management know the organization owners who report to them have reviewed internal control test results …

Read More »

MDUG : Use it, Don’t abuse it!

SAP GRC Master data upload generator (MDUG) is an effective tool to upload Master data in the GRC Process Control system. This tool leverages MS Excel and can be used with tcode GRFN_MDUG.   When the program is run with option selected “Generate Template”, an Excel file is generated. Data is maintained in this excel file and an XML file is uploaded in the system where the data needs to …

Read More »

The Impact of GDPR for Organizations that Run on SAP

The General Data Protection Regulation (GDPR) is a new privacy regulation in Europe that protects the personal data for any individual “based” in the EU, regardless of citizenship or where the data is being held. This regulation will be enforced in May 2018 and outlines strict fines for those companies found to be out of compliance. In fact, the maximum fine (for the most serious infringements) is “up to 4% …

Read More »

Policy Localization

Most of us who are using Policy feature provided in GRC Process control, know about the below listed processes in Policy life cycle management 1> Create and Document Policy 2> Review and Approve Policy 3> Publish and Distribute Policy 4> Review and monitor reports on Policy and Policy status A less known area though, is ‘Localization of Policy’ and this is what I will talk about in this blog. Localization of policy is …

Read More »

Maintenance of BC-Sets

BC-Sets are group of data retrieved from the tables maintained by the maintenance view assigned to the IMG node. Several BC-Sets can be assigned to one IMG node. IMG node again is a maintenance view in the backend system.   How to maintain the context of existing BC-Sets Execute the transaction SCPR3 Choose the BC-SET you need to maintain by double clicking on the BC-Set   Then Click on the …

Read More »

Prepare for the new EU General Data Protection Regulation and co-innovate with SAP GRC

The final text of the General EU Data Protection Reform has been published. It brings a number of compliance obligations, improving the privacy rights of the individuals. For instance, the right to object and the right for data portability. It also requires data breaches to be notified within 72 hours. A comprehensive guide is available here.  The reform imposes organizations to perform Data Protection Impact Assessments (DPIAs) as part of …

Read More »