Creation and Managing of Risks using workflow in Access Control:

Take an example :

You have to configure Workflow for Risk Management in Access Control.

The requirement is process flow is : see the diagram.

1. Step A1 à The user creates the Risk ID in ARA and submits the request for approval(Users are GRC functional/Admin/Approvers Users not End users)

1. Step B1 to B3 à The Risk owner receives the e-mail notification to approve the request. The Risk Owner can click on the Link provided in the e-mail notification or alternatively, can login to the GRC Inbox and can approve or reject the request

Approval of the request will make the new or updated Risk ID available in the Risk ID library. The Rejection of the Request will end the process without saving the Risk ID. E-mail notification is sent to the Requestor upon approval or rejection of the Request.

To achieve this you need to Enable workflow and maintain parameters and pre requisite.

First : Maintain Risk Owners for Risk ID.

First : Maintain Risk Owners for Risk ID.

Go to NWBC>SETUP> Access Rule Maintenance>Access Risk> Select Risk > Risk Owner Tab.

(can be updated in Mass during Ruleset upload as well)

Save it.

Now Maintain Parameter.

1063           Risk Maintenance                                  YES

1101           Create Request for Risk Approval          YES

1102           Update Request for Risk Approval         YES

1103           Delete Request for Risk Approval          YES

1110           High                                                     14(defined in User Provision Request priority)

Parameter 1063:

The application allows users to create and modify risks.

Set the value to YES to require the application to send an approval workflow item to the Risk Owner (or to any alternate workflow agent you set) for approval.

The screen displays a Submit button.

If this parameter is set to Yes, you must also configure parameters 1101, 1102, 1103, and 1110.

Parameter 1101:

You maintain the list of available request types in the Customizing activity Define Request Type under Governance, Risk, and Compliance > Access Control > User Provisioning.

This parameter is only valid if parameter 1063 is set to Yes.

Parameter 1102:

You maintain the list of available request types in the Customizing activity Define Request Type under Governance, Risk, and Compliance > Access Control > User Provisioning.

This parameter is only valid if parameter 1063 is set to Yes

Parameter 1103:

You maintain the list of available request types in the Customizing activity Define Request Type under Governance, Risk, and Compliance > Access Control > User Provisioning.

This parameter is only valid if parameter 1063 is set to Yes.

Parameter 1110:

You maintain the list of priority values in the Customizing activity Maintain Priority Configuration under Governance, Risk, and Compliance > Access Control > User Provisioning. You assign the MSMP Process ID of SAP_GRAC_RISK_APPR to risk approval priorities.

Note: This parameter is only valid if parameter 1063 is set to Yes

Once parameter are saved the button of in risk maintenance  gets changed from Save to Submit.

Now Maintain MSMP

Go to MSMP via SPRO>GRC>ACCESS CONTROL.WORKFLOW FOR ACCESS CONTROL>MAINTAIN MSMP.

or execute tcode GRFNMW_CONFIGURE_WD.

Here we have used standard Initiator, and default path and standard approver.

I have selected all approver ..for thos risk id who has more than 1 risk owners and all need to approve.

you can keep it as anyone for only 1 approver to approve

Save it.

Check for Route mapping.

Save and activate to generate version.

Now whenever a risk is modified or created/deleted it will go for approval of risk owner.