Overview of SAP BusinessObjects Risk Management 10.0



Similar documents
SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned

GRC 10.0 Pre-Installation

Template Business Blueprint

Reverse Transport Mechanism in SAP BI

SAP CRM Campaign Automation

Organizational Management- Organizational Structure Creation

Converting and Exporting Data in XML Format

Minimize Access Risk and Prevent Fraud With SAP Access Control

Extending The Value of SAP with the SAP BusinessObjects Business Intelligence Platform Product Integration Roadmap

LSMW: Upload Master Data using Batch Input Recording

SAP Change Control - One Integrated Process to Manage Software Solution Deployments SAP AG

Understanding BEx Query Designer: Part-2 Structures, Selections and Formulas

Embedding Crystal Reports inside ECC ALV Reports

Integrated Testing Solution Using SAP Solution Manager, HP-QC/QTP and SAP TAO

Solution Manager Service Desk an End-to-End Helpdesk Solution

SAP Workflow in Plain English

Understanding DSO (DataStore Object) Part 1: Standard DSO

Selecting the Right SAP BusinessObjects BI Client Product based on your business requirements for SAP BW Customers

Display Options in Transaction SE16

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management

Web Application Designer for Beginners

Automating Invoice Processing in SAP Accounts Payable

CA Workload Automation for SAP Software

Creating Content Using SO10 Objects and Text Symbols

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

Query OLAP Cache Optimization in SAP BW

Reading Sample. Integration Scenarios with Other Project Management Tools. Contents. Index. The Author. Project Management with SAP Project System

Guidelines for Effective Data Migration

SAP CRM System 6.0/7.0. For more information, visit the Customer Relationship Management homepage

Extractor in R/3 and Delta Queue

Enterprise Resource Planning Analysis of Business Intelligence & Emergence of Mining Objects

Multi Provider Creation Based on Sales and Planning Info Cubes

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT

Registration, Evaluation, Authorization and Restriction of Chemicals (REACH) Compliance

How To Use The Sap Process Control Application

RSA ARCHER OPERATIONAL RISK MANAGEMENT

SAP NetWeaver Developer Studio 7.30 Installation Guide

How to Modify, Create and Delete Table Entries from SE16

Phase 2: Business Blueprint Chapter 4 Phase 2: Business Blueprint

SAP NetWeaver Information Lifecycle Management

Step by Step Guide How to Copy Flat File from Other Application Server to BI and Load through Info Package

SAP FI - Automatic Payment Program (Configuration and Run)

Step by Step guide of Report-to- Report Interface in BW Reporting

Stefan Glatzmaier, Michael Sokollek. Project Portfolio Management with SAP. RPM and cprojects. Bonn Boston

SAP Master Data Governance for Enterprise Asset Management. Dean Fitt Solution Manager, Asset Management Solutions, SAP SE Stavanger, 21 October 2015

Case Study of a Segregation of Duties Project

SAP BusinessObjects Dashboards

SAP CRM 7.0 E2C Setup: CRM via Toolset

SAP Preventive Maintenance The Core and More. Len Harms - Vesta

Step by Step Procedure to Create Broadcasters, to Schedule and to Enhance of SAP- BI Queries from Query Designer

SDN Community Contribution

ALM 271 From End-User Experience Monitoring to Management Dashboards and Reporting Stefan Lahr, SAP Active Global Support September, 2011

... Foreword Introduction... 21

Master Data Services Environment

SAP BW - Excel Pivot Chart and Pivot Table report (Excel)

Configuration and Utilization of the OLAP Cache to Improve the Query Response Time

How Accenture is taking SAP NetWeaver Identity Management to the next level. Kristian Lehment, SAP AG Matthew Pecorelli, Accenture

Solution Documentation for Custom Development

What is new in EhP5 for HCM- Talent Management

Business-Driven, Compliant Identity Management

Compounding in Infoobject and Analyzing the Infoobject in a Query

Configuration of Enterprise Services using SICF and SOA Manager

Why NetDimensions Learning

Creating and Scheduling Publications for Dynamic Recipients on SAP Business Objects Enterprise

Understanding OLAP Processor and RSRT

End-to-End Integration Testing of SAP-centric Solutions. ALM Solution Management Active Global Support (AGS) SAP AG

Moving Forward with IT Governance and COBIT

Inventory Management (0IC_C03) Part - 3

Introduction to HCM Processes and Forms

Deploying Crystal Reports on Top of a SAP BI Query

Enterprise Risk Management in Compliance 360

Application Control Effectiveness for SAP. December 2007

Today s Volatile World Needs Strong CFOs

Different Types of Alerts for Process Chains. Table of Content

SAP BW 7.3: Exploring Semantic Partitioning

SAP MRS Multiresource Scheduling Info session Atul Wakankar May 2013

How to Integrate CRM 2007 WebClient UI with SAP NetWeaver Portal

My Inbox in SAP Fiori Simplifying Workflow for End Users

Business User driven Scorecards to measure Data Quality using SAP BusinessObjects Information Steward

SAP BusinessObjects Design Studio Overview. Jie Deng, Product Management Analysis Clients November 2012

Step by Step Guide for Language Translation Tool

REALTECH ChangePilot 1.0

Enhancing Performance Management System (Performance Appraisal) with EHP4

SAP Business Intelligence Adoption V6.41: Software and Delivery Requirements. SAP Business Intelligence Adoption February 2015 English

Introduction to Supplier Relationship Management p. 29 e-procurement and SRM p. 30 The SRM Vendor Landscape p. 34 Why SAP SRM p. 34 Summary p.

Exposing RFC as Web Service and Consuming Web Service in Interactive Forms in ABAP

SAP Fiori Design rapid-deployment solution

SAP CRM 7.0 for Newbies: (Part 1) Simple BOL Object Creation for CRM Webclient UI

ORACLE APPLICATION ACCESS CONTROLS GOVERNOR FOR PEOPLESOFT

SPDD & SPAU Adjustments Handbook

Kaseya 2. Quick Start Guide. Version 1.0

Business ByDesign. The SAP Business ByDesign solution helps you optimize project management

How to Assign Transport Request for Language Translation?

Create Automatic Mail Notification/ Alert for Process Chain Monitoring

New, changed, or deprecated features

Introducing SAP s Landscape and Data Center Innovation Platform. Phil Jackson SAP Solution Engineer

ABAP Debugging Tips and Tricks

SAP MM: Purchase Requisition with Classification and Workflow Approval

Transcription:

Overview of SAP BusinessObjects Risk Management 10.0 Applies to: SAP BusinessObjects Risk Management 10.0, SAP NetWeaver 7.0, Enhancement Package 2. For more information, visit the Governance, Risk, and Compliance homepage Summary SAP Risk Management enables an enterprise-wide risk management process as mandated by certain legal requirements and recommended by best practice management frameworks. This article provides a high level understanding of SAP GRC Risk Management10.0.and its Assessment work centre. It s compiled from the information available on various SAP sites and from the expert sessions on GRC 10.0. Author: Charukesh R Gaikwad Company: KPMG India Created on: 10 May 2011 Author Bio Charukesh Gaikwad is working as SAP GRC Consultant in KPMG ERP Advisory services. 2011 SAP AG 1

Table of Contents Risk Management 10.0: Introduction... 3 New and Enhanced Features: Released Notes... 3 New Focus Areas:... 3 Risk Management 10.0: Landscape... 4 Risk Terminology in GRC 10.0... 5 Risk Management Process... 6 Workflows in Risk Management 10.0:... 7 Event-based workflows... 7 Planner-based workflows... 7 Integration:... 8 Integration with EH&S... 8 Analysis Automation:... 8 Integration with Process Controls 10.0:... 8 Reusing the PC Central Process Hierarchy in RM... 8 Assessment Work centre for Risk Management 10.0... 9 Risk Assessments... 9 Incident Management... 11 Scenario Management... 11 Surveys:... 12 Assessment Planning:... 12 Related Content... 13 Disclaimer and Liability Notice... 14 2011 SAP AG 2

Risk Management 10.0: Introduction SAP Risk Management enables an enterprise-wide risk management process as mandated by certain legal requirements and recommended by best practice management frameworks. SAP Risk Management uses the various work centers of the GRC, in which you can carry out all Risk Management activities. Risk Management 10.0 is part of newly released SAP Governance Risk & Compliance (GRC) 10.0 which also comprised of Access Control 10.0, Process control 10.0, and Global Trade Services. New and Enhanced Features: Released Notes SAP BusinessObjects Risk Management 10.0 includes the following new features and enhancements: Multiple stakeholders can now participate in collaborative risk assessment, which improves productivity by reducing administrative time spent conducting workshops, by aggregating participant feedback, and by documenting risk assessment results. The graphical view provides a visual workbench for non-experts to model risks and their relationship to business impacts and responses, and bridges the gap between risk management and the business functions of an organization. By allowing risks to be assigned to corporate policies and enabling procedures to be assigned as risk mitigations, integration with policy management ensures that the company is appropriately mitigating the risks required to comply with the corporate policies currently in its residual risk profile. Integrated issue management documents and follows up on issues identified for risks, activities, responses, opportunities and scenarios. The risk catalog serves as a repository for risk templates and best-practice responses to risks. The catalog distributes risks across the organization and provides a unified view on risks across the enterprise. The response catalog is a repository for best-practice risk responses to mitigate, transfer, and avoid risk. Risk scoring is a new assessment tool that uses a point system approach to complement qualitative and quantitative risk assessment methods, thus making it easier for non-experts to assess risk. Enhanced overview dashboards provide greater usability and aggregation capabilities when analyzing loss structure and reviewing risks. New Focus Areas: Source: SAP GRC Solutions 10.0: Live Expert Sessions 2011 SAP AG 3

Risk Management 10.0: Landscape The GRC 10.0 suite runs on AS ABAP 7.02 SP6 or higher. Access Control, Process Control and Risk Management are contained in one ABAP add-on GRCFND_A Source: GRC 10.0 Pre installation Guide on SAP BPX Front end: The front-end needs a web browser or (optionally) a client installation of the NetWeaver Business Client 3.0 (NWBC).The web browser can be used to access the embedded NWBC or GRC via the NetWeaver Portal The Adobe flash player 10 is used for displaying dashboards e.g. RM heat map. SAPGUI 7.10 PL 15 or higher is required for administration or customizing tasks note that SAPGUI 7.20 is recommended due to the end-of-maintenance of SAPGUI 7.10. The Crystal Reports Adapter (CRA) is required for viewing (GRC) Crystal Reports. Portal: The NetWeaver Portal 7.02 can be used optionally. The GRC Portal Content contains the GRC Portal UI elements to access the GRC suite. The Portal s AS Java can contain an Adobe Document Services instance, in effect Portal and ADS may be shared on one AS Java instance ERP and Non SAP Business Applications: The GRC solutions can communicate with SAP ERP and non-sap business applications via plug-ins. NW Function Modules hold the AC functions for ERP systems without HR (former non-hr RTA).PC relevant features are contained in the plug-in GRCPIERP, for example, for running automated controls and the HR relevant functions for AC (former HR RTA). GTS functions are part of the SLL-PI plug-in, for example, for GTS integration into the Logistics, HR, FI/CO and/or HCM processes in SAP ERP.Non-SAP ERP systems can also be connected via adapters from an SAP Partner company BI Content: NetWeaver BW can be used for reporting via the GRC BI Content.The GRC BI Content is part of BI Content 7.06NetWeaver BW 7.02 is used for the GRC BI Content. 2011 SAP AG 4

SAP NetWeaver 7.02 Search & Classification: SAP NetWeaver 7.02 Search & Classification may be used for searching documents attached to objects in some GRC solutions, such as Process Control or Risk Management Adobe Document Services: An instance of Adobe Document Services (ADS) should be accessible from the GRC AS ABAP for generating offline forms. Although it is technically optional, it is highly recommended for generating PDF reports. These ADS can be an existing instance and can also be shared with other applications The Portal s AS Java can contain an Adobe Document Services instance, so Portal and ADS may be shared on one AS Java instance. Risk Terminology in GRC 10.0 Risk Management, Process Control, and Access Control have several risk-related terms. The following table provides an overview of risk terms, their definitions and the location in the applications where they are used. Term Explanation Location in Application Risk SAP NetWeaver application for managing Entire Risk Management application Management enterprise-wide risks Risk An uncertain event or condition that, if it Entire Risk Management application occurs, has a negative impact on business objectives Risk The evaluation of risks through definition Assessments work center assessment and mitigation via responses Risk template A template to be used for creating actual Master Data work center, Risk Catalog risks Primary risk A risk used in a scenario, which has no risks influencing it Assessments work center, Scenario Management Top risks A report containing user-defined risks that are very significant to management Reports and Analytics work center, Management section Influenced risk A risk influenced by another risk Assessments work center, Risks and Opportunities Affected risk A risk affected by a response Assessments work center, Responses Risk event A risk that has not occurred Assessments work center, Incident Management Inherent risk Overall risk before response Assessments work center, Risks and Opportunities, Analysis tab of a risk Residual risk Overall risk after response Assessments work center, Risks and Opportunities, Analysis tab of a risk Proposed risk, A risk proposed by a casual user My Home work center, Ad-hoc tasks risk proposal Risk appetite Level of risk to be supported, which can be Master Data work center, Organizations described qualitatively and quantitatively Underlying risk Risk defined on lower level of organization Assessments work center, Risks and Opportunities Risk category User-defined category of risk Master Data work center, Risks and Responses, Risk Catalog Parent risk category A high-level user-defined risk category Master Data work center, Risks and Responses, Risk Catalog Risk incident An incident entered directly for a risk Assessments work center, Risks and Opportunities, Risk Incidents tab, and Incident Management section. Risk level Specifies degree of risk using traffic light icons Assessments work center, Risks and Opportunities Risk factor Synonym of influence factor, a risk with Assessments work center, Risks and 2011 SAP AG 5

probability and impact data attached Opportunities Risk summary A report summarizing all risks per period, Reports and Analytics work center organization, and so on Risk analysis Analysis of one risk Assessment work center, Risks and Opportunities, Analysis tab of a risk Risk scenario A scenario containing several risks to be analyzed and evaluated Assessments work center, Scenario Management Risk aspect A field in reports evaluating risks. By checkmarking this field in reports, the user can see how an impact level would be rated if the risk were seen from the perspective (aspect) of a different organizational unit. Reports and Analytics work center, Risks per Organizational Unit Risk instance A risk template applied to an individual risk is considered as an instance of the risk template, or risk instance. Assessments work center, Risks and Opportunities, Analysis tab Local risk The same as a risk instance Assessments work center, Risks and Opportunities, Analysis tab Access risk A risk defined for Access Control, specifying the severity of an irregularity related to Segregation of Duties (SOD) risks. Access Management work center, Access Risk Analysis section SOD risk The same as an access risk Access Management work center, Access Risk Analysis section Risk Management Process 2011 SAP AG 6

Workflows in Risk Management 10.0: The Risk Management application is shipped with a set of workflows that enable collaboration on risk management activities within a company by making use of the standard SAP workflow functionality. SAP workflows are based on the Guided Procedures that walk users through a risk management activity or process. Workflows in Risk Management can be classified according to whether they are: Event-based workflows These are predefined end-to-end processes triggered by user actions such as proposing a risk. Event-based workflows are defined using business events: A business event involves the assignment of a workflow task to a recipient, which is also known as agent determinators. Following are the event based workflows. Workflow name Description Trigger Risk proposal Incident validation KRI implementation request KRI localization request Propose control (for users of both Risk Management and Process Control) Ensures that users review a (potential) risk entered through the Propose Risk application and rework it if needed before it is stored in the risk database. Ensures that users check a reported incident for completeness and accuracy before it is stored in the incident database. Ensures the proper configuration and system setup for Key Risk Indicator (KRI) related data, which should be available for risk monitoring. Optional adjustment of an assigned KRI with respect to risk-specific settings Allows users (for example, Risk Managers) to propose a control to mitigate a risk. The control becomes part of the regular monitoring activities in Process Control. Risk proposed. Incident posted. KRI implementation request. KRI localization request. Risk mitigation using controls. Planner-based workflows These are workflows that are planned and triggered through the Risk Management Planner function. Following are the planner based workflows. Workflow name Description Activity validation Risk validation Opportunity validation Risk assessment Opportunity assessment Response update Allows a planner (for example, a risk manager) to obtain sign-off and confirmation on the current risk situation for an activity (such process, project, or company asset). Enables the risk manager to obtain sign-off and confirmation on the current risk (including the assigned responses). Enables the risk manager to obtain sign-off and confirmation on the current opportunity (including analysis and assigned enhancement plans). Supports risk managers by providing an update for risks in their areas of responsibility by sending out risk assessment work items. Supports the risk manager by providing an update for opportunities by sending out an opportunity assessment work item. Enables risk managers and risk owners to keep track of current risk responses by sending work items to the validator's work inbox 2011 SAP AG 7

Integration: Integration with EH&S Analysis Automation: Some enterprise risks are related to environmental and worker safety. SAP has a separate solution, Environment, Health and Safety Management (EH&S), where such risks can be processed by the solutionspecific mechanisms absent in operational risk management. Integrating EH&S using analysis automation allows you to track all enterprise risks using one application (Risk Management). Analysis automation creates EH&S risk assessments from risk analyses in Risk Management, tracking their probability and severity values, and copying those values to the corresponding analysis parameters according to rules predefined in Customizing. Risk managers are not required to have any EH&S background to create an EH&S risk assessment from a risk analysis. EH&S risk assessments are intended to be processed by an EH&S manager or other responsible user. Risk managers can use a specific report that runs in the background to track the current probability and impact levels of the EH&S-related risks that they create Integration with Process Controls 10.0: Risk templates are common to both Process Control and Risk Management. They can be defined and assigned from both the Risk Management and Process control applications. Source: SAP Risk Management Application Help Reusing the PC Central Process Hierarchy in RM You can use the central PC subprocesses as activity categories in GRC Risk Management. Furthermore, you can use the local PC subprocesses as local activities in RM. In this way, a defined RM activity category can later be used to assign (local) activities to it. Otherwise no direct assignment of a (local) activity to the activity category is possible. This enables you to structure your risk assessment and risk reporting processes, with the option of using the activity hierarchy (containing the assigned categories) primarily as a reporting or an assessment structure, or both. 2011 SAP AG 8

Assessment Work centre for Risk Management 10.0 Risk Assessments The Risk Assessments section is used to create activities to be evaluated for risks and opportunities such as projects or business processes. These are assigned to risks and opportunities that you create. Besides specifying risks and opportunities, you can also: Analyze the risks and enter the appropriate responses to mitigate these risks. Document risks that have occurred (called incidents ). Define specific risk scenarios. Run risk assessment surveys. Risk and Opportunities: Risks and Opportunities section is where you enter risks and opportunities for your organization. Both a risk and an opportunity can be defined with or without a template Risks and opportunities are defined as follows: A risk is any event that can prevent management from meeting the business goals of an organization. An opportunity represents an uncertain event or condition that, if it occurred, would have a positive impact on business objectives. An opportunity can therefore be regarded as a positive aspect of a risk as defined in Risk Management. Opportunity Management refers to the analysis of opportunities. The process involves the following steps: Identifying and documenting the opportunities in an organization. Analyzing the expected benefits of an opportunity. Viewing and understanding any possible trade-offs between risks and opportunities. Graphical View Risk Creation: To centrally store risk-related information on an organization's risks and to simplify working with Risk Management, the application contains several functions enabling you to work in a graphical and easy-to-use interface. The graphical view has the following functions: Summary: This is a read-only section that provides overview information about the risk. Identify Risk: You define the risk with all its dependent information using drag and drop. Assess Risk: You assess the risk by entering or editing information about risk drivers, impacts, and other objects, which you can drag to the working area of the screen. Mitigate Risk: You can mitigate the risk by proposing new mitigation measures, existing responses, or controls. Risk Response and Enhancement plans: A risk response is any counter-measure taken to mitigate a risk. Risk responses are planned and/or executed within the context of the given risk, and have the intention of reducing the risk exposure. Documenting and managing response strategies helps to proactively manage risks in your organization. Responses can be used to lower the chance of the risk occurring (that is, the probability) or to lower the potential impact of the risk event if it occurs. 2011 SAP AG 9

The influence of the response on the risk exposure is split into the following three independent factors: Mitigating reduction of all responses, leading to the calculated residual risk analysis. Entering a value for the completeness of the response Entering a value for the effectiveness of the response The following three steps are essential to reducing the probability or impact of risks defined for an organization: Define impact and probability data and Risk and Opportunity Analysis. Reduce the impact and probability of the risk by creating responses and controls, enabling you to mitigate the risk and monitor the costs. Carry out a risk analysis to view the results of the risk mitigation measures that were implemented, and make additional resources available if necessary. Activities: An activity is any project, process, or an object within your business or organization that might be affected by a specific risk. Typical types of activities are: Processes: Potentially all operational and administrative processes within an enterprise. Projects: Potentially all internal and customer projects. Objects: Refers to generic activities that are neither a project nor a process. You can define all the activities that need to be monitored through dedicated risk management procedures, in this way structuring risk management in different areas of the business. These structures can later be used for reporting.you must assign all activities to an activity category. For each activity, you can do the following: Specify the activity category and validity period, as well as enter relevant constraints and assumptions for the activity. Assign users/roles responsible for processing the activity. Link the corresponding risks and opportunities identified for that activity. Display any surveys to be executed for the activity. Display and print out a PDF fact sheet with relevant activity information. Working with Context: Contexts in Risk Management enable you to store data from other networked applications, such as those in the SAP Business Suite. This data is then used to carry out assessments in Risk Management.The context of a risk describes the environment in which a risk can occur. A context is made up of dimensions and their corresponding values. When you select a dimension, you more closely define the environment or context of the risk. The focus is on integration with the following areas: SAP Enterprise Asset Management (EAM) SAP Environment, Health & Safety Management (EH&S) SAP Management of Change (MOC) Supply Chain Management (SCM) 2011 SAP AG 10

You can also use contexts to define your own customer-specific content. The following areas contain Context tabs that you can use to enter context data. Note that in some of these areas, the tab is called Allowed Dimensions. Risks, risk templates, risk categories Opportunities, opportunity templates, opportunity categories Responses, response templates, enhancement plans Risk Management reporting, where context dimensions can be used as reporting filters. Risk Assessment reports: In the Risk Assessment Reports section of the Risk Assessment work center, you can run various reports to review the results of your risk assessment process. You can run separate reports to evaluate your top risks and the incidents that occurred within a specific period. Incident Management Risks that occur are called incidents. For each recorded incident, you can also record individual losses. Documenting incidents provides historical information to identify and analyze the drivers of risks, and enables you to design response actions for risks that have characteristics similar to the documented incidents. The process of managing incidents involves recording them and includes validation to ensure that incident data is correct and properly states the impact of the incident. In this way, you can analyze, control, and understand your losses, so that you can decide on how to reduce them. You can use the workflow functions to carry out an analysis of your losses, and provide an audit trail for incidents leading to losses. The systematic recording of incidents enables you to: Better predict your organization's risk exposure. Anticipate new losses. Monitor and mitigate existing risks. Adjust existing risk practices where necessary. In the incident management process, you document and save each incident, which then triggers a workflow item for the validator. The objective of the validation step is to ensure that the documented incident data is correct and represents an accurate impact on the organization. Scenario Management In Scenario Management, you can define scenarios to be used for Risk Management. Scenarios are events that link risks in a logical way and then show the effect of a scenario change on these events. After defining a scenario containing individual linked risks, you can use the scenarios that you have defined for simulation and testing.scenarios can be managed by corporate risk managers, unit risk managers, or other risk owners. The tasks involved in scenario management are as follows: Classifying and grouping scenarios via classifications and if necessary, scenario subclassifications if a detailed structure is needed Deciding what organizational units, activity categories and risk categories are affected by each scenario Providing an initial estimate of the impact of the scenario on the organization Defining the risks and modeling their dependencies via the inclusion of influenced risks within the scenario Forwarding this information to a group of risk owners, after which each risk can be documented by the risk owner it belongs to All users responsible for risks can change the loss values for primary (that is, non-influenced) risks and see the results on influenced risks and on the scenario. 2011 SAP AG 11

Surveys: A survey is a gathering of sample data or evaluations that is considered to be representative of the whole. Within GRC, surveys are used to obtain information on the existence and evaluation of risks (RM) or the adequacy of controls (PC). Surveys are used to carry out assessments on objects such as risks, activities, or policies, for example. The assessments are defined via plans in the Planner. Surveys can be handled via workflow or through the Survey library. The Question and Survey Library: The Question Library lists the user-defined questions that you can use within your surveys. Each question comprises the category, text and answer type of the question along with other information like its status (active/inactive) and the created by(user) and created on (date) information. Using the Question Library, you can create a new question, open question for editing, delete questions and upload question from file. The Survey Library lists the user-defined surveys that you can use to obtain information on the existence and evaluation of risks (RM) or the adequacy of controls (PC). Each survey comprises the category, title and description of the survey along with other information like the questions in the survey, survey status (active/inactive) and the created by(user) and created on (date) information. Using the Survey Library, you can create a new survey, open surveys for editing and delete unscheduled surveys. You can use the questions defined in the Question Library with the surveys listed in the Survey Library. Assessment Planning: Risk Management Planner: Using the Planner, you can plan risk assessments, collaborative risk assessments, risk surveys, activity survey, risk indicator surveys, opportunity assessments, and risk and activity validation. You can access the Planner under Assessment Planning in the Assessments work center. The window that opens displays all Process Control and Risk Management plans and associated activities. Using the Planner, you can do the following: Display existing plans, create a new plan, or copy and change an existing plan. Display the organizations for which plans are to be used. Display planning dates, including the start date, due date, and actual end date. Display the status of a plan. Split a plan, which has not executed, involving more than one organization. 2011 SAP AG 12

Related Content SAP BUSINESSOBJECTS ACCESS CONTROL 10.0 SAP Library- Risk management SAP GRC Solutions 10.0: Live Expert Sessions For more information, visit the Governance, Risk, and Compliance homepage 2011 SAP AG 13

Disclaimer and Liability Notice This document may discuss sample coding or other information that does not include SAP official interfaces and therefore is not supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade. SAP will not be held liable for any damages caused by using or misusing the information, code or methods suggested in this document, and anyone using these methods does so at his/her own risk. SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article or code sample, including any liability resulting from incompatibility between the content within this document and the materials and services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the content of this document. 2011 SAP AG 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information