Fiori Apps for SAP GRC
With changing market conditions, organizations grow and rapidly change as a response. SAP Governance, Risk, and Compliance solutions help companies manage regulations and compliance to keep risk at a minimum in keeping with the fast-paced nature of change. With efficient risk management businesses perform better and protect organizational values.
Bottlenecks in approval cost the company money by delaying the ability to address critical business requirements. Fiori Apps for SAP Governance, Risk and Compliance helps in easy integration of SAP GRC activities into existing processes and mobilizing key SAP GRC operations.
Access Approver App
Application Type: Transactional (SAP Fiori (SAP UI5))
The Access Approver app enables managers to review and approve time-sensitive and critical operational access requests. This allows authorized employees to gain access to the systems they need in a timely manner and complete their jobs. You can drill-down to see which requests have risks and gain more information about the risk level and actions that created the risks.
With the Access Approver app, you can-
- Display and review access requests with access details
- Review risks associated with a request if risk analysis has been performed in prior
- Add comments before approving or rejecting requests
- Forward requests to another employee when further analysis and simulation are needed
Access Control User App
Application Type: Factsheet (SAP Fiori (SAP UI5))
The Access Control User app allows security managers to view contextual information about the Access Control User. The app provides general information about user groups, systems, firefighter privileges, roles assigned and mitigated risks. The drill-down feature provides detailed information on each entity.
With the Access Control User app, you can-
- Navigate to other related factsheet apps such as Analyze Risk app
Access Risk App
Application Type: Factsheet (SAP Fiori (SAP UI5))
View contextual information about Access Risks with the Access Risks app. Navigate to its related entities and view facts on the risk entailed such as the type of risk, business process, unmitigated users, unmitigated roles and risks that are pending. The app also lets users view when a risk was last changed and by whom.
With the Access Risk app, you can-
- Navigate to other related apps such as Analyze Roles and Analyze Users
Check Request Status App
Application Type: Transactional (SAP Fiori (SAP UI5))
The Change Request Status app allows searching for access requests submitted to the user by the user, requests submitted by others to the user and requests submitted by the user for others. See the approval status for each item of the request as – Approved, Pending Approval and Rejected. It is also possible to display to whom each item was routed.
With the Change Request Status app, you can-
- Search for a role by request number, role name, role description, and request reason
- Display the contact information for each approver and send the approver a message
Compliance Approver App
Application Type: Transactional (SAP Fiori (SAP UI5))
Let compliance officials perform a risk analysis before deciding to approve, reject or forward access requests submitted for approval. The official can preview which risks would be added/removed based on the addition or retraction of an access. The official can thus mitigate risks as needed and add comments about the decision.
With the Compliance Approver app, you can-
- Display number of days a request has been pending
- View the risks associated with each access requested
- Search for access requests by request number or username
Mitigation Control App
Application Type: Factsheet (SAP Fiori (SAP UI5))
Mitigation Control allows users to mitigate certain risk violations and it can be assigned to Users, Roles, Profiles or HR Objects to mitigate a risk. The Mitigation Control fact sheet app displays contextual information about the Mitigation Controls.
With the Mitigation Control app, you can-
- View details about mitigated users, mitigated roles, owners, expired mitigated roles, expired mitigated users, and the execution due dates
Request Access App
Application Type: Factsheet (SAP Fiori (SAP UI5))
The Request Access app allows security managers to search for and select roles that allow access to specific applications within your company landscape. The user can select the roles required and submit a request for access. The roles are assigned to the user once the request is approved.
With the Request Access app, you can-
- Search roles based on various criteria such as role name, role description, business process, functional area, company, action, and system
- Choose a predefined reason or specify a reason for the request
- View status of your request by navigating to Check Request Status app
Request Access for Others App
Application Type: Transactional (SAP Fiori (SAP UI5))
The Request Access for Others app allows the user to search and select another employee to whom specific roles can be assigned. This allows the new user to access specific applications within your company landscape. A request for access is sent for the required role and once it is approved, the role is assigned.
With the Request Access for Others app, you can-
- Search users based on first name, last name, user id or by email (depending on your configuration)
- Choose a predefined reason or specify a reason for the request
- View status of your request by navigating to Check Request Status app
Enterprise Risk Report App
Application Type: Transactional (SAP Fiori (SAP UI5))
The Enterprise Risk Report app allows users to identify, display and analyze risks by establishing a risk framework. By consolidating information from different GRC sources, the app presents information in an aggregated and consistent fashion to decision makers. Analyze risks for their potential impact and address them through a set of controls and response measures. The app bridges the gap between individual Risk and Compliance Officer to the Executives of their organization.
With the Enterprise Risk Report app, you can-
- Obtain details about new risks which may emerge, for instance, through a shift in strategy, operations or competitive landscape
- Taken action on changed risks that require immediate action
- Monitor risks that need attention but does not require immediate action
