This blog will give you an overview about Continuous Control Monitoring(CCM) in GRC Process Control.
Intentionally this blog in two parts for better understanding.
Continuous control monitoring functionality is used to monitor the Controls and CCM is called with different names though concept will be same.
- Automated Rules Framework (ARF)
- Automated Controls Framework (ACF)
- Automated Monitoring Framework (AMF)
- Continuous Control Monitoring (CCM)
- Continuous Monitoring Framework (CMF)
The integration of compliance management software with SAP ERP systems for the purpose of setting up test and monitoring scenarios.
Data sources is nothing but which data is read from which system using the GRC Integration Framework and which type of analysis this data is subjected to.
In GRCV 10.0 -9 types of data sources
In GRCv10.1-10 types of data sources, (Added HANA based data source)
Steps to follow:
This blog is based on Sub scenario: SAP QUERY for data source
Refer the below link for Sub scenario:Configurable.
Create data source from RULE SETUP work center
Click on Create
Select sub scenario as SAP Query in Object field
Select the Main connector from F4
Now select the Query from Query Lookup
Click on Connector tab, it will give you target connector.
Now SAVE the data source
Now open the created data source from catalog and change status to IN REVIEW and SAVE.
Now again open the data source from catalog and change status to ACTIVE and SAVE
Only ACTIVE data sources can be used in Business rules
Business rules are the selection criteria for the data to be analyzed and contain analysis rules and logic for applying and issuing the criteria. The analysis rules form the core of the CMF and they are used to determine whether as the result of a test, for example, an issue is to be generated with a specific status.
Business rules are created from RULE SETUP work center
Click on Create
Select the created data source from Search box
Depends on requirement you can select/unselect the filters in step@2 Filter Criteria
It is like condition if data matches to defined criteria then it is considered as defect.
Select Customer number from deficiency fields (Select/un select deficiency)
Step@4 Conditions and Calculations (#Not Used#)
It is related to BRF+ used in cases where field values not retrieved from defined data sources.
Step@5 Output format
Step@6 Technical Settings
Step@7 Ad-hoc Query
Select the data collection and click on Start to show the output as defined in deficiency criteria
Step@8 Attachments and Links
Once we come to STEP@8 then only the save button will be enabled.
Click the save button
Click on Change this business rule and change the status from IN REVIEW to ACTIVE.
Now assign the created business rule to control
Please refer PART-2 Continuous Control Monitoring-GRCV10.0 Process Controls#Part2