Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Human Resource Management

Rule count by risk level and process.

advertisement 
GRC Training – Reporting Job Aid 04: Access Rule Library
Job Aid 04 Access Rule Library
USE
This report can be used to understand MIT’s GRC rule set. The report provides an overview of risk rules in GRC.
INFORMATION
Rule count by risk level and process.
RELATED PROCESSES

Process 5: Periodic Compliance Reviews
SPECIFIC SCENARIOS



Step 5A: Analyze report data by Risk Level. (Pie Chart)
Step 5B: Analyze Access Rules by Business Process. (Table)
Step 5C: Analyze report data by Business Process. (Bar Graph)
1
GRC Training – Reporting Job Aid 04: Access Rule Library
Step
1
Description
Navigate to the ‘Reports
and Analytics’ tab.
2
Click on the ‘Access Rule
Library’ report located in
the ‘Access Dashboards’
section.
Screenshot
2
GRC Training – Reporting Job Aid 04: Access Rule Library
3
The report will show
information on rules that
are defined within all rule
sets within the GRC
environment.
3
GRC Training – Reporting Job Aid 04: Access Rule Library
4
The report data can be
filtered to provide
information pertaining to
rules that are specific to
Actions and Permissions.
The report can also be
filtered to provide
information on Critical
Actions, Critical Permissions,
and Access Risks, including
how many of each exist. In
this case, ‘Actions’ is
selected.
5A-1
Analyze report data by risk
level.
Scroll over the different
pieces of the pie chart to
see information about
unmitigated violations at
each risk level.
Click on the ‘Low’ risk level
piece of the pie chart for
more information about
rules that pertain to Low
Level Risks.
4
GRC Training – Reporting Job Aid 04: Access Rule Library
5A-2
Analyze the data. This data
can also be exported. See
the ‘Export Data from GRC’
reference document (R8) for
further information.
Access Risk ID: The 4-digit ID
representing each Low Risk (as
defined in the standard rule
set) for which violations exist
Description: Business
description of the Access Risk
Business Process: The 4-digit ID
representing the Business
Process to which the Access
Risk has been mapped in the
standard rule set
Business Process Description:
The business description for
the Business Process to which
the Access Risk has been
mapped in the standard rule
set
Risk Level: The risk level
defined for each Access Risk in
the standard rule set
Active: Whether the rule is
active
Rule Count: The number of
rules for each Access Risk that
exist
5
GRC Training – Reporting Job Aid 04: Access Rule Library
5A-3
Click on the ‘Rule Count’ link
for each Access Risk to view
the actual rule definitions.
In this case, clicking on ‘3’
for Access Risk ‘F009’ shows
the details of the 3 rules
that make up that Risk.
6
GRC Training – Reporting Job Aid 04: Access Rule Library
5B-1
Analyze Access Rules by
Business Process.
Scroll over the different line
items of the Business
Process Table to see
information about rules for
Risks mapped to each
Business Process.
Click on the ‘HR and Payroll’
Risk row of the Table for
more information about
rules for HR/Payroll Risks.
7
GRC Training – Reporting Job Aid 04: Access Rule Library
5B-2
Analyze the data. This data
can also be exported. See
the ‘Export Data from GRC’
reference document (R8) for
further information.
Access Risk: The 4-digit ID
representing each Finance-Risk
(as defined in the standard rule
set) for which violations exist
Description: Business
description of the Access Risk
Business Process: The 4-digit ID
representing the Business
Process to which the Access
Risk has been mapped in the
standard rule set
Business Process Description:
The business description for
the Business Process to which
the Access Risk has been
mapped in the standard rule
set
Risk Level: The risk level
defined for each Access Risk in
the standard rule set
Active: Whether the rule is
active
Rule Count: The number of
rules for each Access Risk that
exist
8
GRC Training – Reporting Job Aid 04: Access Rule Library
5C-1
Analyze report data by
Business Process.
Scroll over the different bars
of the Business Process Bar
Graph to see information
about Rules for Risks tied to
each Business Process.
Click on the ‘FI00’ Risk bar
of the Graph for more
information about Rules
related to Finance Risks.
9
GRC Training – Reporting Job Aid 04: Access Rule Library
5C-2
Analyze the data. This data
can also be exported. See
the ‘Export Data from GRC’
reference document (R8) for
further information.
Access Risk: The 4-digit ID
representing each Finance-Risk
(as defined in the standard rule
set) for which violations exist
Description: Business description
of the Access Risk
Business Process: The 4-digit ID
representing the Business
Process to which the Access Risk
has been mapped in the
standard rule set
Business Process Description:
The business description for the
Business Process to which the
Access Risk has been mapped in
the standard rule set
Risk Level: The risk level defined
for each Access Risk in the
standard rule set
Active: Whether the rule is
active
Rule Count: The number of rules
for each Access Risk that exist
10
Related documents
Articulate Engage Word Output
Articulate Engage Word Output
System Center Client Management - Financial Executives International
System Center Client Management - Financial Executives International
Earth Day presentation
Earth Day presentation
USE
USE
Document
Document
Table 1: Frequency of contact with LFP patients
Table 1: Frequency of contact with LFP patients
the entry requirements here
the entry requirements here
Click here for details and registration information
Click here for details and registration information
GS 090 - National University of Ireland, Galway
GS 090 - National University of Ireland, Galway
Dr. Ahmed Abdel Azeem, B.SC. Pharma, Clinical Ph. Diploma, M.Sc
Dr. Ahmed Abdel Azeem, B.SC. Pharma, Clinical Ph. Diploma, M.Sc
Governance, Risk and Compliance (GRC)
Governance, Risk and Compliance (GRC)
course/project proposal - Gerace Research Centre
course/project proposal - Gerace Research Centre
Document11324403 11324403
Document11324403 11324403
accountability, responsibility and transparency
accountability, responsibility and transparency
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC Strategy
LogicalApps Sales Playbook
LogicalApps Sales Playbook
tyco's approach to compliance challenges
tyco's approach to compliance challenges
Making the Implicit Explicit in the Teaching of Chemical Equilibrium
Making the Implicit Explicit in the Teaching of Chemical Equilibrium
Download
advertisement