Skip to Content
Former Member
Jun 21, 2012 at 10:52 AM

GRC 10.0- How to perform Risk analysis by Org Level


Dear GRC Gurus

Requirement: When running e.g. SOD Analysis for User we would like to select a particular business unit to understand the scale of the violations within that particular area.

Scenario: We have implemented GRC10, the 2 modules are ARA and SPM. When extracting results they are for the entire group/company. What are requirements if we want to obtain breakdown by business unit/company code?

My initial thoughts are:

  • the user record would need to contain the business unit, this is not currently the case
  • the business unit in the user record would need to equate/synch to an org unit within GRC
  • within the GRC tab ‘Master Data’ there is the option ‘organisations’, we have currently maintained one node in the organisation hierarchy. If we manually maintain the underlying company codes, as per ECC6.0 there will be no direct relationship between these GRC units and the ECC company codes. GRC would need the logic. Can this information be synched from ECC to GRC?

If a solution existed we would then be able to advise each business unit of the scale of violations and nature of violations in their area.

Are further GRC modules required to realise this solution? In order to obtain graphics by business unit what would be approach?

Many Thanks