SAP Process Control Implementation and Configuration

GRC330SAP Process Control Implementation and Configuration

..

COURSE OUTLINE.

Course Version: 17Course Duration:

SAP Copyrights, Trademarks and Disclaimers

© 2021 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.

Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.

National product specifications may vary.

These materials may have been machine translated and may contain grammatical errors or inaccuracies.

These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.

© Copyright. All rights reserved. iii

http://global12.sap.com/corporate-en/legal/copyright/index.epx

Typographic Conventions

American English is the standard used in this handbook.

The following typographic conventions are also used.

This information is displayed in the instructor’s presentation

Demonstration

Procedure

Warning or Caution

Hint

Related or Additional Information

Facilitated Discussion

User interface control Example text

Window title Example text

iv © Copyright. All rights reserved.

Contents

ix Course Overview

1 Unit 1: Enterprise Risk and Compliance

1 Lesson: Introducing Enterprise Risk and Internal Control Management

1 Lesson: Explaining Core Processes Supporting Enterprise Risk and Compliance

3 Unit 2: Governance

3 Lesson: Explaining Governance and Internal Control in an Overview3 Lesson: Explaining SAP Process Control Overview in an Overview3 Lesson: Explaining Process Control Integration Scenarios3 Lesson: Explaining SAP Process Control 12.0 System Requirements

5 Unit 3: Implementation Planning

5 Lesson: Explaining Harmonization Concepts5 Lesson: Describing User Access and the User Experience5 Lesson: Explaining User Access Using the SAP Business Client5 Lesson: Explaining User Access Using SAP Fiori Launchpad5 Lesson: Using Delegation and SAP Business Client Personalization5 Lesson: Performing Process Control Entry Page Configuration

7 Unit 4: Configuration Requirements

7 Lesson: Performing the Customization of General Tasks7 Lesson: Creating Shared Master Data and Reports7 Lesson: Explaining Workflow Customization7 Lesson: Explaining Authorization and Role Configuration (IMG)7 Lesson: Explaining Process Control-Specific Customizing

© Copyright. All rights reserved. v

9 Unit 5: Creation and Management of Master Data

9 Lesson: Explaining Master Data in an Overview9 Lesson: Setting Up an Organization Hierarchy9 Lesson: Setting Up the Risk Catalog and Control Objectives9 Lesson: Setting Up the Account Group Hierarchy9 Lesson: Setting Up the Central Process Hierarchy10 Lesson: Setting Up the Indirect Entity-Level Control Hierarchy10 Lesson: Assigning Subprocesses to the Organization10 Lesson: Maintaining Organizational and Business Process Role

Assignments10 Lesson: Explaining the Harmonized Risk Model10 Lesson: Uploading Master Data with MDUG11 Lesson: Explaining the Master Data Change Request Workflow

13 Unit 6: Compliance Framework

13 Lesson: Configuring a Multi-Compliance Framework (MCF)

15 Unit 7: Surveys and Manual Testing

15 Lesson: Introducing Surveys and Manual Testing in Process Control15 Lesson: Explaining the Planner15 Lesson: Explaining the Assessment Survey Process15 Lesson: Survey Disclosure15 Lesson: Explaining Manual Testing16 Lesson: Offline Forms and Data Sheets16 Lesson: Explaining Issue Remediation

17 Unit 8: Ad Hoc Issues

17 Lesson: Describing Issue Management Concepts

19 Unit 9: Continuous Control Monitoring

19 Lesson: Introducing Continuous Monitoring19 Lesson: Explaining Continuous Monitoring: Preconfiguration19 Lesson: Creating a Data Source19 Lesson: Creating a Business Rule19 Lesson: Assigning Business Rules to a Control20 Lesson: Scheduling a Continuous Monitoring Job20 Lesson: Setting Up a Configurable Rule Subscenario20 Lesson: Using ABAP Reports20 Lesson: Explaining the CCM Content Upload Capabilities

21 Unit 10: Closing Activities

21 Lesson: Explaining the Meaning of Sign-Off in the Context of ICS Management

21 Lesson: Explaining Aggregation of Deficiencies

vi © Copyright. All rights reserved.

23 Unit 11: Reporting

23 Lesson: Explaining reports for Process Control23 Lesson: Explaining the dashboard in an overview

© Copyright. All rights reserved. vii

Course Overview

TARGET AUDIENCEThis course is intended for the following audiences:

● Application Consultant

● Business Process Architect

● Business Process Owner/Team Lead/Power User

● Enterprise Architect

● Solution Architect

© Copyright. All rights reserved. ix

UNIT 1 Enterprise Risk and Compliance

Lesson 1: Introducing Enterprise Risk and Internal Control ManagementLesson ObjectivesAfter completing this lesson, you will be able to:

● Introduce Enterprise Risk and Internal Control Management

Lesson 2: Explaining Core Processes Supporting Enterprise Risk and ComplianceLesson ObjectivesAfter completing this lesson, you will be able to:

● Explain Core Processes supporting Enterprise Risk and Compliance

© Copyright. All rights reserved. 1

Unit 1: Enterprise Risk and Compliance

2 © Copyright. All rights reserved.

UNIT 2 Governance

Lesson 1: Explaining Governance and Internal Control in an OverviewLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe how Process Control helps strengthen internal controls

Lesson 2: Explaining SAP Process Control Overview in an OverviewLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe how Process Control provides an effective solution for managing internal control and compliance activities

Lesson 3: Explaining Process Control Integration ScenariosLesson ObjectivesAfter completing this lesson, you will be able to:

● Explain the integrated approach of SAP GRC solutions

● Describe the main integration points within SAP GRC solutions

● Describe the main integration points between SAP GRC solutions and other applications

Lesson 4: Explaining SAP Process Control 12.0 System RequirementsLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe the technical requirements for SAP GRC12.0 installation


Unit 2: Governance


UNIT 3 Implementation Planning

Lesson 1: Explaining Harmonization ConceptsLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe the purpose of the common technical platform

Lesson 2: Describing User Access and the User ExperienceLesson ObjectivesAfter completing this lesson, you will be able to:

● Explain the benefits from a streamlined end user experience

Lesson 3: Explaining User Access Using the SAP Business ClientLesson ObjectivesAfter completing this lesson, you will be able to:

● Explain the work centers and their functionality

Lesson 4: Explaining User Access Using SAP Fiori LaunchpadLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe SAP Fiori and the apps delivered for SAP Process Control 12.0

Lesson 5: Using Delegation and SAP Business Client PersonalizationLesson ObjectivesAfter completing this lesson, you will be able to:

● Explain enhancements to user delegation and perform personalization of the UI

Lesson 6: Performing Process Control Entry Page ConfigurationLesson Objectives


After completing this lesson, you will be able to:

● Describe entry pages and their configuration

● Introduce updates to the authorization concept and delivered content for SAP Process Control

Unit 3: Implementation Planning


UNIT 4 Configuration Requirements

Lesson 1: Performing the Customization of General TasksLesson ObjectivesAfter completing this lesson, you will be able to:

● Customize general tasks

Lesson 2: Creating Shared Master Data and ReportsLesson ObjectivesAfter completing this lesson, you will be able to:

● Configure shared master data settings

Lesson 3: Explaining Workflow CustomizationLesson ObjectivesAfter completing this lesson, you will be able to:

● Configure workflow in the IMG

Lesson 4: Explaining Authorization and Role Configuration (IMG)Lesson ObjectivesAfter completing this lesson, you will be able to:

● Identify all role related configuration activities related to Process Control implementation

Lesson 5: Explaining Process Control-Specific CustomizingLesson ObjectivesAfter completing this lesson, you will be able to:

● Perform Process Control-specific customizing tasks in the IMG


Unit 4: Configuration Requirements


UNIT 5 Creation and Management of Master Data

Lesson 1: Explaining Master Data in an OverviewLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe methods for loading master data

● Identify master data configuration process and procedure

● Describe master data types

Lesson 2: Setting Up an Organization HierarchyLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe organization hierarchies

● Explain procedure for creating and maintaining organization hierarchies

Lesson 3: Setting Up the Risk Catalog and Control ObjectivesLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe the risk catalog and control objectives

● Explain the procedure for maintaining risk definitions

Lesson 4: Setting Up the Account Group HierarchyLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe the accounts work set functionality

● Create an account group

Lesson 5: Setting Up the Central Process HierarchyLesson Objectives



● Describe process hierarchies

● Explain procedure for creating and maintaining processes, subprocesses and controls

Lesson 6: Setting Up the Indirect Entity-Level Control HierarchyLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe indirect entity-level controls

● Create an indirect entity-level control group

Lesson 7: Assigning Subprocesses to the OrganizationLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe the process for mapping a central process hierarchy to an organization

● Describe the concept of local control

● Explain what constitutes a shared services provider and a referenced control

Lesson 8: Maintaining Organizational and Business Process Role AssignmentsLesson ObjectivesAfter completing this lesson, you will be able to:

● Explain the process for maintaining the user to role assignment in Process Control

● Describe the process for performing mass maintenance of user to role assignments

Lesson 9: Explaining the Harmonized Risk ModelLesson ObjectivesAfter completing this lesson, you will be able to:

● Explain how risk management risks can be assigned in PC’s control framework

● Explain how risk harmonization affects the risk-based scoping and monitoring of risks

Lesson 10: Uploading Master Data with MDUGLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe the process to upload master data using MDUG

Unit 5: Creation and Management of Master Data


● Describe the process for generating an MDUG template and uploading data

Lesson 11: Explaining the Master Data Change Request WorkflowLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe required configuration for master data change request workflow

● Describe how the requestor makes the desired change to a master data object


Unit 5: Creation and Management of Master Data


UNIT 6 Compliance Framework

Lesson 1: Configuring a Multi-Compliance Framework (MCF)Lesson ObjectivesAfter completing this lesson, you will be able to:

● Configure a multi-compliance framework


Unit 6: Compliance Framework


UNIT 7 Surveys and Manual Testing

Lesson 1: Introducing Surveys and Manual Testing in Process ControlLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe the purpose of surveys and tests in Process Control

● Describe the evaluation process

Lesson 2: Explaining the PlannerLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe Planner features

● Navigate Planner

● Use Planner Monitor

Lesson 3: Explaining the Assessment Survey ProcessLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe the assessment surveys

● Create entries in the survey question library

● Create, plan, and complete a survey

Lesson 4: Survey DisclosureLesson ObjectivesAfter completing this lesson, you will be able to:

● Discuss how a survey can be used

● Create, plan, and complete disclosure survey

Lesson 5: Explaining Manual Testing


Lesson ObjectivesAfter completing this lesson, you will be able to:

● Describe manual control test plans

● Create a manual test plan

● Plan and complete a manual test of effectiveness

Lesson 6: Offline Forms and Data SheetsLesson ObjectivesAfter completing this lesson, you will be able to:

● Download the offline testing forms

● Describe how to complete the form and submit

● Execute and review the data sheet report

Lesson 7: Explaining Issue RemediationLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe the issue and remediation process

● Create an issue and remediation plan

● Discuss retesting options

Unit 7: Surveys and Manual Testing


UNIT 8 Ad Hoc Issues

Lesson 1: Describing Issue Management ConceptsLesson ObjectivesAfter completing this lesson, you will be able to:

● Discuss Ad Hoc issues

● Configure Ad Hoc issues

● Create Ad Hoc issues

● Discuss Remediation and Monitoring


Unit 8: Ad Hoc Issues


UNIT 9 Continuous Control Monitoring

Lesson 1: Introducing Continuous MonitoringLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe features of continuous monitoring and its functionality

● Explain the business benefits of these features

Lesson 2: Explaining Continuous Monitoring: PreconfigurationLesson ObjectivesAfter completing this lesson, you will be able to:

● Define CCM-relevant connectors for the Integration Framework

● Maintain connection settings

Lesson 3: Creating a Data SourceLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe the purpose and function of data sources

● Create a data source

Lesson 4: Creating a Business RuleLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe business rule purpose and functionality

● Create a business rule

● Change an existing business rule

Lesson 5: Assigning Business Rules to a ControlLesson Objectives



● Describe business rule assignment

● Assign a business rule to a control

Lesson 6: Scheduling a Continuous Monitoring JobLesson ObjectivesAfter completing this lesson, you will be able to:

● Create a continuous monitoring job

● View a continuous monitoring job

Lesson 7: Setting Up a Configurable Rule SubscenarioLesson ObjectivesAfter completing this lesson, you will be able to:

● Create a data source for the configurable rule subscenario

● Create a business rule for the configurable rule subscenario

Lesson 8: Using ABAP ReportsLesson ObjectivesAfter completing this lesson, you will be able to:

● Validate an ABAP report

● Create a data source with subscenario ABAP report

● Create a business rule for subscenario ABAP report

Lesson 9: Explaining the CCM Content Upload CapabilitiesLesson ObjectivesAfter completing this lesson, you will be able to:

● Explain the business benefits of using the import and export functionality

● Describe the import and export features

● Perform the import and export in the GRC system

Unit 9: Continuous Control Monitoring


UNIT 10 Closing Activities

Lesson 1: Explaining the Meaning of Sign-Off in the Context of ICS ManagementLesson ObjectivesAfter completing this lesson, you will be able to:

● Explain the meaning of sign-off in the context of ICS management

● Prepare and trigger the sign-off process in the planner

● Explain results and reporting

Lesson 2: Explaining Aggregation of DeficienciesLesson ObjectivesAfter completing this lesson, you will be able to:

● Explain Aggregation of Deficiencies (AoD) in Process Control

● Distinguish between the bottom-up approach and aggregation at the top

● Describe the options for analysis in the AoD process


Unit 10: Closing Activities


UNIT 11 Reporting

Lesson 1: Explaining reports for Process ControlLesson ObjectivesAfter completing this lesson, you will be able to:

● Navigate reports

● Describe Crystal integration

● Discuss the multi-compliance framework in reporting

● Explain SAP SAP Fiori Apps for Process Control

Lesson 2: Explaining the dashboard in an overviewLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe dashboard features and navigation

● Configure dashboard prerequisites


SAP Process Control Implementation and Configuration

Documents

Transcript of SAP Process Control Implementation and Configuration