Configuration Settings and Purpose in GRC10 Risk Management
This document contains some of the configuration settings and purpose of use with impact while working in GRC10 Risk Management.
I hope its useful.
1.Maintain configuration for Maintain Entity Role Assignment
SPRO->Governance, Risk and Compliance->General Settings-> Authorizations->Maintain Entity Role Assignment.
Maintain a new entry as:
Unique: Check this checkbox
Application: Process Control and Risk Management.
Purpose: 1.To avoid the dump ‘The ASSERT condition was violated’ when submitting created issue in risk and opportunity.
2.To avoid the dump ‘CL_GRFN_ISSUE=================CP’ while creating issue in Ad Hoc tasks
2.Filter settings for risk category
SPRO> Governance, Risk and Compliance >Reporting> Select Report GRRM_R1> for filter ID: RG_T, set value: Pattern match with child
Purpose: Risk category used as selection field in reports like Survey results for risk survey with risk category and heatmap.risk templates
3.Customizing for Case Management
SPRO (IMG) -> Governance Risk and Compliance -> Process Control -> Cases -> Check Customizing for Case Management.
And activate the Customizing for Case Management
Purpose: To avoid the exception WDR_ADAPTER_EXCEPTION error when creating response under Response and Enhancement Plan management.
4.Define responses for Policies
SPRO -> Governance, Risk and Compliance -> Risk Management -> Response and Enhancement Plan -> Responses for Policies
Purpose: Once a policy is assigned to the risk, then the policy becomes response. From that moment the policy is handled as response.
If you open the assigned object, then response UI is opened not policy UI.
And the response statuses are Active/Draft not policy statuses.
Please note that the policy status is projected into response completeness/effectiveness. So if the policy status is changed, then response completeness/effectiveness is changed correspondingly.
5.Maintain Object category
SPRO>Governance, Risk and Compliance -> Risk Management -> Master Data Setup -> Maintain Objective Categories.
Maintain the categories there.
Purpose: we need to make objective categories as active otherwise we cannot find the objective categories in NWBC while creating under master data work center.
6.Configuration of Incident and/or a Loss attributes
SPRO >Governance, Risk and Compliance>Risk Management>Open Incident Loss database
Click the link Maintain Incident and Loss Attributes; Add the attributes as many as wanted and make sure to select the field Attribute Type as Internal Structure and field Attribute Relation as Both (Incident and Loss). The last field you define if you want to see the same attribute as incident and/or Loss.
After that, select each one of the attributes and click the left option Values and add possible values for the same;
Save your changes and move back to the SPRO Menu
Now add the same attributes to one specific Organization Unit
Select the option Assign Incident/Loss Attributes to Organizational Unit
Select the Organization Unit and add the attributes created the steps before, Save
Purpose: To create Incident reports in NWBC
7.Incident workflow tasks configuration
SPRO>Governance, Risk and Compliance -> General Settings -> Workflow -> Workflow E-mail Notifications -> Maintain Workflow Notifications.
The notification maintenance appears. Select the line for scenario GRCNOTIFICATION.
Run following entry in the left side tree menu Business Scenario -> Filter Basic Data -> Filter Settings.
Add following tasks into the filter TS45607923, TS45607924, TS76300066, TS76300062, TS45607926, TS76300067 and TS76300068.
Purpose: For notification workflows
8.Configuration of Response types
SPRO -> Governance, Risk and Compliance> Risk Management -> Response and Enhancement Plan ->
Maintain Response Types
Click on “New Entries” and enter a numeric value for the response type you want to set up.
In the second column, enter a descriptive text.
Save the entry.
Purpose: 1.To avoid the error Assert Condition was violated in creating any response catalog,
2.Response type drop down list is empty in Response creation screen.
9.Configure the Response purpose texts
SPRO -> Governance, Risk and Compliance -> Risk Management -> Response and Enhancement Plan
->Maintain Response and Enhancement Plan Purpose
Purpose: Response purpose texts are empty in response creation screen.
10.Define Activity types
SPRO -> Governance, Risk and Compliance -> Risk Management -> Master Data Setup ->
Maintain Activity Types.
Purpose: The Activity Type represents on hierarchy of the activities and used to group similar activity
categories under one activity type in the application.
11.Define Maintain Probability Levels
SPRO-> GRC Risk Management -> Risk and Opportunity Analysis -> Maintain Probability Levels
Purpose: 1.used to select Probability Reduction while creating the risk analysis.
2.Risk level cannot be calculated if probability levels are not maintained
12.Activate risk types
SPRO->Governance, Risk & Compliance-> Master Data Setup-> Activate Risk Type.
Select the Active Check box under Risk Type Activation.
Purpose: We cannot create Corporate/Operational Risks under Risks tab
NWBC>Assessments-> Risk Assessments-> Risks & Opportunities.Select the Risks tab->
Create a Risk
Thanks for sharing your experiences and immense knowledge.
Mighty useful and another 5 star document from you.
Good information on configuration part
Thanks for sharing the information.
Nice document, very helpful