Inhaltsverzeichnis

Alle Kapitel aufklappen
Alle Kapitel zuklappen
Preface
15
Target Audience
15
How to Read This Book
16
How This Book Is Organized
16
Conclusion
18
Acknowledgments
18
1 Introduction to SAP Process Control
21
1.1 History of SAP Process Control
21
1.1.1 Semi-Automated Controls
22
1.1.2 Manual Control Performance Integration with Continuous Control Monitoring
22
1.1.3 Standalone Jobs
22
1.1.4 Mass Maintenance of User Assignments
23
1.1.5 Introduction New Reports and Dashboards Based on SAP Fiori Tiles
23
1.2 Architecture and Landscape
24
1.3 Regulatory Requirements, Supported Systems, and Integrations
25
1.3.1 Regulatory Requirements and SAP Process Control
25
1.3.2 Business Benefit of SAP Process Control
28
1.3.3 Supported Systems
30
1.3.4 Integrations
30
1.4 Enterprise Risk and Internal Control Management
35
1.5 Enterprise Risk and Compliance Management
36
1.5.1 First Line of Defense
36
1.5.2 Second Line of Defense
37
1.5.3 Third Line of Defense
37
1.6 Summary
38
2 Governance
39
2.1 Strengthen Internal Controls
40
2.1.1 People
41
2.1.2 Processes
42
2.1.3 Technology
43
2.2 Manage Internal Controls
46
2.3 Integration Approach
51
2.3.1 SAP GRC Solutions
51
2.3.2 Third-Party Solutions
55
2.4 Summary
55
3 Prerequisites
57
3.1 Check License Agreements
57
3.1.1 Creating the SAP GRC System in the SAP for Me Portal
58
3.1.2 Generating and Applying the SAP GRC License
58
3.2 System Sizing
59
3.2.1 Initial Sizing
60
3.2.2 Expert Sizing
60
3.2.3 Customer-Specific Sizing
61
3.3 Component and Plug-In Requirements
61
3.3.1 SAP Process Control Component
62
3.3.2 SAP GRC Plug-Ins
62
3.4 Summary
63
4 Basic Configuration
65
4.1 Initial Configuration
65
4.1.1 Activate the Application in the Client
66
4.1.2 Activate the BC Sets
66
4.1.3 Activate Transaction SICF Services
69
4.1.4 Second-Level Authorizations: Maintain Authorization Customization
70
4.2 Workflow Configuration
71
4.2.1 Task-Specific Customizing
71
4.2.2 Entity Role Assignment
75
4.2.3 Custom Agent Determination
77
4.2.4 Fallback Users
88
4.3 Shared Master Data Settings
88
4.3.1 Create a Root Organization Hierarchy
89
4.3.2 Activate the Workflow for Master Data Changes
90
4.3.3 Maintain the Ability to Add Locally Defined Controls
92
4.4 Integration Framework
92
4.4.1 Create Connectors
93
4.4.2 Maintain Connectors and Connection Types
94
4.4.3 Maintain Connection Settings
96
4.5 Multiple Compliance Framework
98
4.5.1 Define Subtypes for Regulation-Specific Attributes
98
4.5.2 Configure Compliance Initiatives
100
4.5.3 Relate Regulation to Plan Usage
103
4.6 Other Configurations
105
4.6.1 Maintain Master Data Attribute Values
105
4.6.2 Check Customizing for Case Management
109
4.7 Introduction to Work Centers for SAP Process Control
112
4.7.1 My Home
113
4.7.2 Master Data
113
4.7.3 Rule Setup
115
4.7.4 Assessments
116
4.7.5 Access Management
116
4.7.6 Reports and Analytics
117
4.8 Summary
118
5 Master Data Management
119
5.1 Introduction to Master Data
119
5.1.1 Overview of Key Master Data Elements
120
5.1.2 Relationship between Master Data Attributes
121
5.2 Business Process Hierarchies
122
5.2.1 Business Process
122
5.2.2 Subprocess
124
5.2.3 Control
147
5.3 Organization Hierarchies
156
5.3.1 Creation of an Organization
156
5.3.2 Control Localization
159
5.3.3 Add a Control Directly under the Local Subprocess
161
5.4 Users and Roles
163
5.4.1 User Assignment
163
5.4.2 Replacing Users
164
5.4.3 Removing Users
165
5.4.4 Maintaining User Assignments from the Access Management Work Center
166
5.4.5 Central Delegation
168
5.5 Working with Indirect Entity-Level Controls
169
5.5.1 Indirect Entity-Level Control Group
169
5.5.2 Indirect Entity-Level Control
170
5.5.3 Localization of Indirect Entity-Level Controls
171
5.6 Approval Workflow for Master Data Changes
173
5.6.1 Request Change
174
5.6.2 Approve Change
174
5.6.3 Implement Change
175
5.6.4 Review Change
177
5.7 Uploading Master Data Using the Master Data Upload Generator
178
5.8 Summary
181
6 Control Evaluation
183
6.1 Introduction to Control Evaluation
183
6.2 Control Design Assessment
185
6.2.1 Define Survey Library
185
6.2.2 Scheduling Controls Using the Planner
196
6.2.3 Workflow Structure
206
6.2.4 Assessment and Issue Remediation Process
208
6.3 Control Self-Assessment
223
6.3.1 Define Survey Library
224
6.3.2 Scheduling Controls Using the Planner
224
6.3.3 Workflow Structure
224
6.3.4 Assessment and Issue Remediation Process
227
6.4 Manual Control Performance
227
6.4.1 Define Performance Plans
228
6.4.2 Scheduling Controls Using the Planner
230
6.4.3 Workflow Structure
236
6.4.4 Control Performance Process
239
6.4.5 Mass Maintenance of Performance Plans
244
6.5 Manual Test of Effectiveness
248
6.5.1 Define Manual Test Plans
249
6.5.2 Map Test Plans to Controls
252
6.5.3 Schedule Manual Controls Using the Planner
255
6.5.4 Workflow Structure
255
6.5.5 Control Testing and Issue Remediation Process
256
6.5.6 Usage of Control Performance Results
261
6.6 Reporting
262
6.7 Summary
263
7 Ad Hoc Issue Management
265
7.1 Configuration
265
7.1.1 Enable Ad Hoc Issues by Object Type
266
7.1.2 Maintain Ad Hoc Issue Sources
267
7.2 Issue Remediation Process
270
7.2.1 Stages
270
7.2.2 Reporting Ad Hoc Issues
272
7.2.3 Issue Remediation
276
7.2.4 Implementation of Remediation Plan
280
7.2.5 Close Issue
282
7.3 Reporting
285
7.4 Summary
287
8 Continuous Control Monitoring
289
8.1 Introduction to Continuous Control Monitoring
289
8.2 Data Sources
292
8.2.1 Usage of Configurable Subscenarios
292
8.2.2 Usage of Other Key Subscenarios
309
8.3 Business Rules
326
8.3.1 Configuration of Business Rules
327
8.3.2 Customized Date Filters and Runtime Determination Rules
346
8.3.3 BRFplus Condition and Calculations in a Business Rule
350
8.4 Perform Control Business Rule Assignment
357
8.5 Create an Automated Monitoring Job
359
8.5.1 Automated Monitoring Job
361
8.5.2 Standalone Job
366
8.6 Transport Procedure
367
8.6.1 Preparation Activities in the Original System for Transport
368
8.6.2 Activities in the Target System after Transport
373
8.6.3 Transport of BRFplus Business Rule Data
376
8.7 Export and Import Functionality
379
8.7.1 Export Data Sources and Business Rules Configuration
379
8.7.2 Import Data Sources and Business Rules Configuration
382
8.8 Usage of the SAP HANA Subscenario
383
8.8.1 Configuration of Calculation Views in SAP HANA
384
8.8.2 Establishing RFC Connectors
386
8.8.3 Creation of a Data Source in SAP Process Control
387
8.9 Reporting
389
8.9.1 Job Monitor
389
8.9.2 Monitoring Issue Status
391
8.9.3 Monitoring Remediation Status
391
8.10 Summary
392
9 Additional Features in SAP Process Control
393
9.1 Policy Lifecycle Management
393
9.1.1 Configuration of Policy
394
9.1.2 Policy Review/Approve Workflow
407
9.1.3 Policy Distribution Methods
409
9.2 Disclosure Surveys
412
9.2.1 Types of Disclosure Surveys
413
9.2.2 Schedule Disclosure Survey Using the Planner
413
9.2.3 Workflow Structure
416
9.2.4 Respond to Disclosure Survey and Ad Hoc Issue Remediation
416
9.3 Sign-Off Functionality
421
9.3.1 Sign-Off Process Overview and Prerequisites
422
9.3.2 Roles and Workflow
425
9.3.3 Scheduling Using the Planner
426
9.3.4 Perform Sign-Off
428
9.3.5 Post Sign-Off: Master Data Freeze
432
9.3.6 Monitor Sign-Off Report
433
9.4 Summary
434
10 Reporting
435
10.1 Reports by Work Centers
435
10.1.1 Key Reports under Master Data
436
10.1.2 Key Reports under Rule Setup
441
10.1.3 Key Reports under Assessments
444
10.1.4 Key Reports under Reports and Analytics
450
10.2 Personalization and Configuration
452
10.2.1 Personalize Columns
452
10.2.2 Personalize Organization Filters
458
10.3 Interpretation of Report Results
461
10.3.1 Report Interpretation with Time Frame Filters
461
10.3.2 Report Interpretation with Regulation Filters
462
10.4 Summary
463
11 SAP Fiori for SAP Process Control
465
11.1 SAP Fiori Apps for SAP Process Control
465
11.1.1 SAP Fiori Architecture
465
11.1.2 Terminology
467
11.2 SAP Fiori Configuration
468
11.2.1 Prerequisites
468
11.2.2 Activating SAP Gateway
469
11.2.3 Activating Internet Communication Framework Services
469
11.2.4 Maintain OData Services
470
11.2.5 Set Up Remote Function Call Connections
473
11.2.6 Mapping Remote Function Call Connections to the System Alias
473
11.2.7 Replicate the SAP Fiori Catalog
474
11.3 Working with SAP Fiori Apps
476
11.3.1 Creating Custom Catalogs
476
11.3.2 Create a Custom Group
479
11.4 Mapping Custom Catalogs, Groups, and Space IDs to Transaction PFCG Roles
481
11.4.1 Adding Catalogs to Transaction PFCG Roles
481
11.4.2 Adding Groups to Transaction PFCG Roles
482
11.4.3 Mapping Space IDs
483
11.5 Summary
487
12 SAP Financial Compliance Management
489
12.1 Overview
489
12.2 Master Data Elements
491
12.2.1 Controls
491
12.2.2 Organizations
494
12.2.3 Process
496
12.2.4 Regulations
497
12.2.5 Master Data Dashboards
498
12.3 Control Evaluation Procedures
500
12.3.1 Procedures
500
12.3.2 Work Packages
506
12.3.3 Perform Manual Procedures
509
12.3.4 Process Issues/Found Items
511
12.3.5 Evaluation Dashboards
513
12.4 Summary
515
The Authors
517
Index
519