SAP Process Control Implementation and Configuration
Transcript of SAP Process Control Implementation and Configuration
GRC330SAP Process Control Implementation and Configuration
..
COURSE OUTLINE.
Course Version: 17Course Duration:
SAP Copyrights, Trademarks and Disclaimers
© 2021 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.
Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.
National product specifications may vary.
These materials may have been machine translated and may contain grammatical errors or inaccuracies.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.
© Copyright. All rights reserved. iii
Typographic Conventions
American English is the standard used in this handbook.
The following typographic conventions are also used.
This information is displayed in the instructor’s presentation
Demonstration
Procedure
Warning or Caution
Hint
Related or Additional Information
Facilitated Discussion
User interface control Example text
Window title Example text
iv © Copyright. All rights reserved.
Contents
ix Course Overview
1 Unit 1: Enterprise Risk and Compliance
1 Lesson: Introducing Enterprise Risk and Internal Control Management
1 Lesson: Explaining Core Processes Supporting Enterprise Risk and Compliance
3 Unit 2: Governance
3 Lesson: Explaining Governance and Internal Control in an Overview3 Lesson: Explaining SAP Process Control Overview in an Overview3 Lesson: Explaining Process Control Integration Scenarios3 Lesson: Explaining SAP Process Control 12.0 System Requirements
5 Unit 3: Implementation Planning
5 Lesson: Explaining Harmonization Concepts5 Lesson: Describing User Access and the User Experience5 Lesson: Explaining User Access Using the SAP Business Client5 Lesson: Explaining User Access Using SAP Fiori Launchpad5 Lesson: Using Delegation and SAP Business Client Personalization5 Lesson: Performing Process Control Entry Page Configuration
7 Unit 4: Configuration Requirements
7 Lesson: Performing the Customization of General Tasks7 Lesson: Creating Shared Master Data and Reports7 Lesson: Explaining Workflow Customization7 Lesson: Explaining Authorization and Role Configuration (IMG)7 Lesson: Explaining Process Control-Specific Customizing
© Copyright. All rights reserved. v
9 Unit 5: Creation and Management of Master Data
9 Lesson: Explaining Master Data in an Overview9 Lesson: Setting Up an Organization Hierarchy9 Lesson: Setting Up the Risk Catalog and Control Objectives9 Lesson: Setting Up the Account Group Hierarchy9 Lesson: Setting Up the Central Process Hierarchy10 Lesson: Setting Up the Indirect Entity-Level Control Hierarchy10 Lesson: Assigning Subprocesses to the Organization10 Lesson: Maintaining Organizational and Business Process Role
Assignments10 Lesson: Explaining the Harmonized Risk Model10 Lesson: Uploading Master Data with MDUG11 Lesson: Explaining the Master Data Change Request Workflow
13 Unit 6: Compliance Framework
13 Lesson: Configuring a Multi-Compliance Framework (MCF)
15 Unit 7: Surveys and Manual Testing
15 Lesson: Introducing Surveys and Manual Testing in Process Control15 Lesson: Explaining the Planner15 Lesson: Explaining the Assessment Survey Process15 Lesson: Survey Disclosure15 Lesson: Explaining Manual Testing16 Lesson: Offline Forms and Data Sheets16 Lesson: Explaining Issue Remediation
17 Unit 8: Ad Hoc Issues
17 Lesson: Describing Issue Management Concepts
19 Unit 9: Continuous Control Monitoring
19 Lesson: Introducing Continuous Monitoring19 Lesson: Explaining Continuous Monitoring: Preconfiguration19 Lesson: Creating a Data Source19 Lesson: Creating a Business Rule19 Lesson: Assigning Business Rules to a Control20 Lesson: Scheduling a Continuous Monitoring Job20 Lesson: Setting Up a Configurable Rule Subscenario20 Lesson: Using ABAP Reports20 Lesson: Explaining the CCM Content Upload Capabilities
21 Unit 10: Closing Activities
21 Lesson: Explaining the Meaning of Sign-Off in the Context of ICS Management
21 Lesson: Explaining Aggregation of Deficiencies
vi © Copyright. All rights reserved.
23 Unit 11: Reporting
23 Lesson: Explaining reports for Process Control23 Lesson: Explaining the dashboard in an overview
© Copyright. All rights reserved. vii
viii © Copyright. All rights reserved.
Course Overview
TARGET AUDIENCEThis course is intended for the following audiences:
● Application Consultant
● Business Process Architect
● Business Process Owner/Team Lead/Power User
● Enterprise Architect
● Solution Architect
© Copyright. All rights reserved. ix
x © Copyright. All rights reserved.
UNIT 1 Enterprise Risk and Compliance
Lesson 1: Introducing Enterprise Risk and Internal Control ManagementLesson ObjectivesAfter completing this lesson, you will be able to:
● Introduce Enterprise Risk and Internal Control Management
Lesson 2: Explaining Core Processes Supporting Enterprise Risk and ComplianceLesson ObjectivesAfter completing this lesson, you will be able to:
● Explain Core Processes supporting Enterprise Risk and Compliance
© Copyright. All rights reserved. 1
Unit 1: Enterprise Risk and Compliance
2 © Copyright. All rights reserved.
UNIT 2 Governance
Lesson 1: Explaining Governance and Internal Control in an OverviewLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe how Process Control helps strengthen internal controls
Lesson 2: Explaining SAP Process Control Overview in an OverviewLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe how Process Control provides an effective solution for managing internal control and compliance activities
Lesson 3: Explaining Process Control Integration ScenariosLesson ObjectivesAfter completing this lesson, you will be able to:
● Explain the integrated approach of SAP GRC solutions
● Describe the main integration points within SAP GRC solutions
● Describe the main integration points between SAP GRC solutions and other applications
Lesson 4: Explaining SAP Process Control 12.0 System RequirementsLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the technical requirements for SAP GRC12.0 installation
© Copyright. All rights reserved. 3
Unit 2: Governance
4 © Copyright. All rights reserved.
UNIT 3 Implementation Planning
Lesson 1: Explaining Harmonization ConceptsLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the purpose of the common technical platform
Lesson 2: Describing User Access and the User ExperienceLesson ObjectivesAfter completing this lesson, you will be able to:
● Explain the benefits from a streamlined end user experience
Lesson 3: Explaining User Access Using the SAP Business ClientLesson ObjectivesAfter completing this lesson, you will be able to:
● Explain the work centers and their functionality
Lesson 4: Explaining User Access Using SAP Fiori LaunchpadLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe SAP Fiori and the apps delivered for SAP Process Control 12.0
Lesson 5: Using Delegation and SAP Business Client PersonalizationLesson ObjectivesAfter completing this lesson, you will be able to:
● Explain enhancements to user delegation and perform personalization of the UI
Lesson 6: Performing Process Control Entry Page ConfigurationLesson Objectives
© Copyright. All rights reserved. 5
After completing this lesson, you will be able to:
● Describe entry pages and their configuration
● Introduce updates to the authorization concept and delivered content for SAP Process Control
Unit 3: Implementation Planning
6 © Copyright. All rights reserved.
UNIT 4 Configuration Requirements
Lesson 1: Performing the Customization of General TasksLesson ObjectivesAfter completing this lesson, you will be able to:
● Customize general tasks
Lesson 2: Creating Shared Master Data and ReportsLesson ObjectivesAfter completing this lesson, you will be able to:
● Configure shared master data settings
Lesson 3: Explaining Workflow CustomizationLesson ObjectivesAfter completing this lesson, you will be able to:
● Configure workflow in the IMG
Lesson 4: Explaining Authorization and Role Configuration (IMG)Lesson ObjectivesAfter completing this lesson, you will be able to:
● Identify all role related configuration activities related to Process Control implementation
Lesson 5: Explaining Process Control-Specific CustomizingLesson ObjectivesAfter completing this lesson, you will be able to:
● Perform Process Control-specific customizing tasks in the IMG
© Copyright. All rights reserved. 7
Unit 4: Configuration Requirements
8 © Copyright. All rights reserved.
UNIT 5 Creation and Management of Master Data
Lesson 1: Explaining Master Data in an OverviewLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe methods for loading master data
● Identify master data configuration process and procedure
● Describe master data types
Lesson 2: Setting Up an Organization HierarchyLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe organization hierarchies
● Explain procedure for creating and maintaining organization hierarchies
Lesson 3: Setting Up the Risk Catalog and Control ObjectivesLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the risk catalog and control objectives
● Explain the procedure for maintaining risk definitions
Lesson 4: Setting Up the Account Group HierarchyLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the accounts work set functionality
● Create an account group
Lesson 5: Setting Up the Central Process HierarchyLesson Objectives
© Copyright. All rights reserved. 9
After completing this lesson, you will be able to:
● Describe process hierarchies
● Explain procedure for creating and maintaining processes, subprocesses and controls
Lesson 6: Setting Up the Indirect Entity-Level Control HierarchyLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe indirect entity-level controls
● Create an indirect entity-level control group
Lesson 7: Assigning Subprocesses to the OrganizationLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the process for mapping a central process hierarchy to an organization
● Describe the concept of local control
● Explain what constitutes a shared services provider and a referenced control
Lesson 8: Maintaining Organizational and Business Process Role AssignmentsLesson ObjectivesAfter completing this lesson, you will be able to:
● Explain the process for maintaining the user to role assignment in Process Control
● Describe the process for performing mass maintenance of user to role assignments
Lesson 9: Explaining the Harmonized Risk ModelLesson ObjectivesAfter completing this lesson, you will be able to:
● Explain how risk management risks can be assigned in PC’s control framework
● Explain how risk harmonization affects the risk-based scoping and monitoring of risks
Lesson 10: Uploading Master Data with MDUGLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the process to upload master data using MDUG
Unit 5: Creation and Management of Master Data
10 © Copyright. All rights reserved.
● Describe the process for generating an MDUG template and uploading data
Lesson 11: Explaining the Master Data Change Request WorkflowLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe required configuration for master data change request workflow
● Describe how the requestor makes the desired change to a master data object
© Copyright. All rights reserved. 11
Unit 5: Creation and Management of Master Data
12 © Copyright. All rights reserved.
UNIT 6 Compliance Framework
Lesson 1: Configuring a Multi-Compliance Framework (MCF)Lesson ObjectivesAfter completing this lesson, you will be able to:
● Configure a multi-compliance framework
© Copyright. All rights reserved. 13
Unit 6: Compliance Framework
14 © Copyright. All rights reserved.
UNIT 7 Surveys and Manual Testing
Lesson 1: Introducing Surveys and Manual Testing in Process ControlLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the purpose of surveys and tests in Process Control
● Describe the evaluation process
Lesson 2: Explaining the PlannerLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe Planner features
● Navigate Planner
● Use Planner Monitor
Lesson 3: Explaining the Assessment Survey ProcessLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the assessment surveys
● Create entries in the survey question library
● Create, plan, and complete a survey
Lesson 4: Survey DisclosureLesson ObjectivesAfter completing this lesson, you will be able to:
● Discuss how a survey can be used
● Create, plan, and complete disclosure survey
Lesson 5: Explaining Manual Testing
© Copyright. All rights reserved. 15
Lesson ObjectivesAfter completing this lesson, you will be able to:
● Describe manual control test plans
● Create a manual test plan
● Plan and complete a manual test of effectiveness
Lesson 6: Offline Forms and Data SheetsLesson ObjectivesAfter completing this lesson, you will be able to:
● Download the offline testing forms
● Describe how to complete the form and submit
● Execute and review the data sheet report
Lesson 7: Explaining Issue RemediationLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the issue and remediation process
● Create an issue and remediation plan
● Discuss retesting options
Unit 7: Surveys and Manual Testing
16 © Copyright. All rights reserved.
UNIT 8 Ad Hoc Issues
Lesson 1: Describing Issue Management ConceptsLesson ObjectivesAfter completing this lesson, you will be able to:
● Discuss Ad Hoc issues
● Configure Ad Hoc issues
● Create Ad Hoc issues
● Discuss Remediation and Monitoring
© Copyright. All rights reserved. 17
Unit 8: Ad Hoc Issues
18 © Copyright. All rights reserved.
UNIT 9 Continuous Control Monitoring
Lesson 1: Introducing Continuous MonitoringLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe features of continuous monitoring and its functionality
● Explain the business benefits of these features
Lesson 2: Explaining Continuous Monitoring: PreconfigurationLesson ObjectivesAfter completing this lesson, you will be able to:
● Define CCM-relevant connectors for the Integration Framework
● Maintain connection settings
Lesson 3: Creating a Data SourceLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the purpose and function of data sources
● Create a data source
Lesson 4: Creating a Business RuleLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe business rule purpose and functionality
● Create a business rule
● Change an existing business rule
Lesson 5: Assigning Business Rules to a ControlLesson Objectives
© Copyright. All rights reserved. 19
After completing this lesson, you will be able to:
● Describe business rule assignment
● Assign a business rule to a control
Lesson 6: Scheduling a Continuous Monitoring JobLesson ObjectivesAfter completing this lesson, you will be able to:
● Create a continuous monitoring job
● View a continuous monitoring job
Lesson 7: Setting Up a Configurable Rule SubscenarioLesson ObjectivesAfter completing this lesson, you will be able to:
● Create a data source for the configurable rule subscenario
● Create a business rule for the configurable rule subscenario
Lesson 8: Using ABAP ReportsLesson ObjectivesAfter completing this lesson, you will be able to:
● Validate an ABAP report
● Create a data source with subscenario ABAP report
● Create a business rule for subscenario ABAP report
Lesson 9: Explaining the CCM Content Upload CapabilitiesLesson ObjectivesAfter completing this lesson, you will be able to:
● Explain the business benefits of using the import and export functionality
● Describe the import and export features
● Perform the import and export in the GRC system
Unit 9: Continuous Control Monitoring
20 © Copyright. All rights reserved.
UNIT 10 Closing Activities
Lesson 1: Explaining the Meaning of Sign-Off in the Context of ICS ManagementLesson ObjectivesAfter completing this lesson, you will be able to:
● Explain the meaning of sign-off in the context of ICS management
● Prepare and trigger the sign-off process in the planner
● Explain results and reporting
Lesson 2: Explaining Aggregation of DeficienciesLesson ObjectivesAfter completing this lesson, you will be able to:
● Explain Aggregation of Deficiencies (AoD) in Process Control
● Distinguish between the bottom-up approach and aggregation at the top
● Describe the options for analysis in the AoD process
© Copyright. All rights reserved. 21
Unit 10: Closing Activities
22 © Copyright. All rights reserved.
UNIT 11 Reporting
Lesson 1: Explaining reports for Process ControlLesson ObjectivesAfter completing this lesson, you will be able to:
● Navigate reports
● Describe Crystal integration
● Discuss the multi-compliance framework in reporting
● Explain SAP SAP Fiori Apps for Process Control
Lesson 2: Explaining the dashboard in an overviewLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe dashboard features and navigation
● Configure dashboard prerequisites
© Copyright. All rights reserved. 23