Fast!
Marie-Luise Wagener
SAP SE
Agenda
Wrap-up
Management
Enterprise Risk: Fraud
Risk Responses
Regulations
Process
Control
User can
Access
enter vendor
& PO Violations
User can Monitor Access
enter invoices & Status
payments
Detection Audit
Management
Management
Fraud
Plan
Audit
Fraud Analysis Alert Execute
Report
USER_ID_ATTRIBUTES:
The user ID. If this entry is
not maintained, default value
OBJECTGUID is mapped to
the field.
USER_NAME_ATTRIBUTE:
The user name. If this entry
is not maintained, default
value CN is mapped to the
field.
USER_OBJECT_CLASS:
The object class of the user.
If this entry is not
maintained, default value
USER is mapped to the
field.
Note:
The LDAP user information stored in SAP
Audit Management is not automatically
refreshed.
If the source information has changed,
you need to run program
GRCAUD_SYNC_USER_CACHE to
update the information.
It is recommend that you schedule a
background job to run the program
regularly to keep the user information up
to date.
Please note:
Importing controls requires SAP
Process Control 10.1 SP06 or The import program creates copies of the objects under the
above, or you have applied SAP specified view.
Note 2004563 in SAP Process
Control. The system assigns a global ID to each item imported. If the
item already exists in the system, the program updates the
object with the latest information from the source system.
Importing risks requires SAP
Risk Management 10.1 SP06 or
above, or you have applied SAP SAP Audit Management delivers the program
Note 2028174 in SAP Risk GRCAUD_IMPORT_MD for importing master data from
Management. SAP Process Control and SAP Risk Management.
http://help.sap.com/saphelp_fra110/helpdata/en/6b/f3815268ed224fe10000000a445394/content.htm?frameset=/en/a8/79f3534437783ae100
00000a44176d/frameset.htm¤t_toc=/en/ab/ce1b52bd543c3ae10000000a441470/plain.htm&node_id=73&show_children=false
Additional adaptions
Page with Flow Logic Create the same entries underneath Z_GRCAUD in Pages with
Flow logic, including the respective code
These can also actually be tested.
Update Launchpad in
LPD_CUST with
respective folder and
details
The solution allows you to use simple data It is possible to create custom fields for
types in creating custom defined fields. These four objects since SP04. These are:
are:
• Audit
• Integer Data Type: Used as a numeric field • Audit Finding
input • Auditable Item
• Audit Action
• Character Data Type: Used as a free text
field input
The process of creating a custom field is as 1. Identify the object requiring the custom defined field:
follows:
Audit – GRCAUD_AUDIT-> ROOT
1. Identify the object requiring the custom
defined field Auditable Item – GRCAUD_AUDITABLE_ITEM-> ROOT
a. GRCAUD_AUDIT
b. GRCAUD_AUDITABLE_ITEM
c. GRCAUD_ACTION
Please note:
For Audit Finding, select FINDING in this step
instead of ROOT.
Navigate to the
Extension Include field and
drill down to append the
structure
Practical Example:
Clear cache:
Choose Execute
Transactions:
/n/iwfnd/cache_cleanup
/n/iwbep/cache_cleanup
APPROVE_WORK_PROGRAM
APPROVE_DRAFT_REPORT
APPROVE_FINAL_REPORT
approveAuditReport
approveWorkProgram
REJECT_WORK_PROGRAM
REJECT_DRAFT_REPORT
REJECT_FINAL_REPORT
Please note:
Feature also supported for Notifications.
Empty Level field is treated as 0.
Program name:
GRCAUD_IMPORT_ORG
Update cluster:
GRCAUD_VC_IDM with ADTBL as object type and ID
expression ZADTB
Result
/default_host/sap/bc/ui5_ui5/sap/
No BC Sets
Please bear in mind that the customizing is
copied from client 000, and that with Support
Pack upgrades the respective delta has to be
imported as well.
/UI5/RESET_CACHEBUSTER
The browser cache is deleted automatically
and periodically. This report allows you to
reset the cache immediately.
Notifications
Notifications can be copied from client 000,
can be customized in SO10, and then
transported via RSTXTRAN.
Prepare the Business Blueprint Consider time and material for “homework”
Stick to the standard Manage expectations and work on solutions considering the data model
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate
company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.
Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its
affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and
services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as
constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop
or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future
developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time
for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-
looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place
undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.