Configuration Settings and Purpose in GRC10 Risk Management

Dear all,

This document contains some of the configuration settings and purpose of use with impact while working in GRC10 Risk Management.

I hope its useful.

1.Maintain configuration for Maintain Entity Role Assignment

SPRO->Governance, Risk and Compliance->General Settings-> Authorizations->Maintain Entity Role Assignment.
Maintain a new entry as:

               Entity: G_AI

               Role: SAP_GRC_FN_ADISSUE_PROCESS

               Unique: Check this checkbox

               Application: Process Control and Risk Management.

Purpose: 1.To avoid the dump ‘The ASSERT condition was violated’ when submitting created issue in risk and opportunity.

                              2.To avoid the dump ‘CL_GRFN_ISSUE=================CP’ while creating issue in Ad Hoc tasks

2.Filter settings for risk category

          SPRO> Governance, Risk and Compliance >Reporting> Select Report GRRM_R1> for filter ID: RG_T, set value: Pattern match with child

          Purpose: Risk category used as selection field in reports like Survey results for risk survey with risk category and heatmap.risk templates

3.Customizing for Case Management

SPRO (IMG) -> Governance Risk and Compliance -> Process Control -> Cases -> Check Customizing for Case Management.

And activate the Customizing for Case Management

     Purpose: To avoid the exception WDR_ADAPTER_EXCEPTION error when creating response under Response and Enhancement Plan management.

4.Define responses for Policies

          SPRO -> Governance, Risk and Compliance -> Risk Management -> Response and Enhancement Plan -> Responses for Policies

             Purpose: Once a policy is assigned to the risk, then the policy becomes response. From that moment the policy is handled as response.
                      If you open the assigned object, then response UI is opened not policy UI.
                     And the response statuses are Active/Draft not policy statuses.
                     Please note that the policy status is projected into response completeness/effectiveness. So if the policy status is changed, then                     response completeness/effectiveness is changed correspondingly.

5.Maintain Object category

SPRO>Governance, Risk and Compliance -> Risk Management -> Master Data Setup -> Maintain Objective Categories.

Maintain the categories there.

Purpose: we need to make objective categories as active otherwise we cannot find the objective categories in NWBC while creating under master data work center.

6.Configuration of Incident and/or a Loss attributes

SPRO >Governance, Risk and Compliance>Risk Management>Open Incident Loss database

Click the link Maintain Incident and Loss Attributes; Add the attributes as many as wanted and make sure to select the field Attribute Type as Internal Structure and field Attribute Relation as Both (Incident and Loss). The last field you define if you want to see the same attribute as incident and/or Loss.

After that, select each one of the attributes and click the left option Values and add possible values for the same;

Save your changes and move back to the SPRO Menu

Now add the same attributes to one specific Organization Unit

Select the option Assign Incident/Loss Attributes to Organizational Unit

Select the Organization Unit and add the attributes created the steps before, Save

          Purpose: To create Incident reports in NWBC

7.Incident workflow tasks configuration

SPRO>Governance, Risk and Compliance -> General Settings -> Workflow -> Workflow E-mail Notifications -> Maintain Workflow Notifications.
The notification maintenance appears. Select the line for scenario GRCNOTIFICATION.
Run following entry in the left side tree menu Business Scenario -> Filter Basic Data -> Filter Settings.
Add following tasks into the filter TS45607923, TS45607924, TS76300066, TS76300062, TS45607926, TS76300067 and TS76300068.

Purpose: For notification workflows

8.Configuration of Response types

SPRO -> Governance, Risk and Compliance> Risk Management -> Response and Enhancement Plan ->

Maintain Response Types

                         Click on “New Entries” and enter a numeric value for the response type you want to set up.

                          In the second column, enter a descriptive text.

                         Save the entry.

Purpose: 1.To avoid the error Assert Condition was violated in creating any response catalog,

                                            2.Response type drop down list is empty in Response creation screen.

9.Configure the Response purpose texts

          SPRO -> Governance, Risk and Compliance -> Risk Management -> Response and Enhancement Plan

                     ->Maintain Response and Enhancement Plan Purpose

          Purpose: Response purpose texts are empty in response creation screen.

10.Define Activity types

                         SPRO -> Governance, Risk and Compliance -> Risk Management -> Master Data Setup ->

                                        Maintain Activity Types.

Purpose: The Activity Type represents on hierarchy of the activities and used to group similar activity

categories under one activity type in the application.

11.Define Maintain Probability Levels

                         SPRO-> GRC Risk Management -> Risk and Opportunity Analysis -> Maintain Probability Levels

               Purpose: 1.used to select Probability Reduction while creating the risk analysis.

                                2.Risk level cannot be calculated if probability levels are not maintained

12.Activate risk types

               SPRO->Governance, Risk & Compliance-> Master Data Setup-> Activate Risk Type.

                 Select the Active Check box under Risk Type Activation.

                    Purpose: We cannot create Corporate/Operational Risks under Risks tab

                          NWBC>Assessments-> Risk Assessments-> Risks & Opportunities.Select the Risks tab->

                         Create a Risk

Regards

Baithi