Dear all,

 

This blog will give you an overview about Continuous Control Monitoring(CCM) in GRC Process Control.

Intentionally this blog in two parts for better understanding.

 

Continuous control monitoring functionality is used to monitor the Controls and CCM is called with different names though concept will be same.

 

  • Automated Rules Framework (ARF)
  • Automated Controls Framework (ACF)
  • Automated Monitoring Framework (AMF)
  • Continuous Control Monitoring (CCM)
  • Continuous Monitoring Framework (CMF)

 

The integration of compliance management software with SAP ERP systems for the purpose of setting up test and monitoring scenarios.

 

Data sources is nothing but which data is read from which system using the GRC Integration Framework and which type of analysis this data is subjected to.

 

In GRCV 10.0 -9 types of data sources

In GRCv10.1-10 types of data sources, (Added HANA based data source)

 

Steps to follow:

This blog is based on Sub scenario: SAP QUERY for data source

Refer the below link for Sub scenario:Configurable.

Business Rule Functionality – Governance, Risk and Compliance – SCN Wiki

 

Create data source from RULE SETUP work center

 

Click on Create

Select sub scenario as SAP Query in Object field

Select the Main connector from F4

Now select the Query from Query Lookup

Click on Connector tab, it will give you target connector.

Now SAVE the data source

 

Now open the created data source from catalog and change status to IN REVIEW and SAVE.

Now again open the data source from catalog and change status to ACTIVE and SAVE

Only ACTIVE data sources can be used in Business rules

 

Business rules are the selection criteria for the data to be analyzed and contain analysis rules and logic for applying and issuing the criteria. The analysis rules form the core of the CMF and they are used to determine whether as the result of a test, for example, an issue is to be generated with a specific status.

Business rules are created from RULE SETUP work center

Click on Create

Select the created data source from Search box

Click Continue

Depends on requirement you can select/unselect the filters in step@2 Filter Criteria

 

Deficiency Criteria

It is like condition if data matches to defined criteria then it is considered as defect.

 

Select Customer number from deficiency fields (Select/un select deficiency)

Step@4 Conditions and Calculations (#Not Used#)

 

It is related to BRF+ used in cases where field values not retrieved from defined data sources.

 

Step@5                Output format

Step@6 Technical Settings

Step@7 Ad-hoc Query

 

Select the data collection and click on Start to show the output as defined in deficiency criteria

Step@8 Attachments and Links

 

Once we come to STEP@8 then only the save button will be enabled.

  Click the save button

  Click on Change this business rule and change the status from IN REVIEW to ACTIVE.

 

Now assign the created business rule to control

       

Please refer PART-2    Continuous Control Monitoring-GRCV10.0 Process Controls#Part2

 

 

Regards

Baithi

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

Leave a Reply