Professional Documents
Culture Documents
Existing Process: 1.1. Downsides of Current Process
Existing Process: 1.1. Downsides of Current Process
As per the current process following steps are carried to update the manual controls,
An excel file with the list of manual controls are being sent to all the Risk Managers.
Risk Managers reviews each control with respect to the system and update the status (as given
below) of each control accordingly. They revert the updated file within the specified timeline.
1 = Compliant
-1 = Non-Compliant
Not Applicable
Once the details are received from risk managers of all the landscape the data is been
consolidated in a single file according to the system, post verification the consolidated file is
shared with UI5 team.
In turn UI5 team uploads the file to table ZGRC_PAHI in the backend, so that table data is
overwritten. The updated data will be available in the backend table and Security Dashboard.
File used for the Q4 Manual controls review (HANA, ABAP, JAVA) and the consolidated file is
attached below,
Manual effort is required in preparing, sending, and consolidating the manual control files.
Manual effort is required in uploading the updated file to the custom table.
There is no change documents/data archive available for the custom table, hence the historic
data remains in the mail or in shared folder.
Whole process is time consuming and there are chances of Human/Manual errors.
Page 1 of 2
2. Requirement
To build a custom table with the front-end screen and provide access to Risk manager for the
developed solution.
Custom solution should allow Risk managers to update the status of each control against the
respective system. The update should be done in any of the below methods,
Direct input in the screen
Update the excel template locally and upload it there
TMG for ztable
Risk Managers should have access only to update the status of the systems belonging to their
landscape.
Once the data against the control is updated the new data should be appended to the table,
old data should not be overwritten.
Manual controls template file for ABAP, JAVA & HANA systems should be available for users
to download and upload.
If the control status is updated in the table, a notification should be triggered to Governance
Team for review.
Once the custom table is updated, there should be a mechanism to refresh the data to actual
ZGRC_PAHI table. The refresh should happen from the last updated value (Delta Refresh).
Access to refresh the data should be available only with Governance team.
A Reminder mail should be triggered to the risk managers to update the manual controls in
the custom solution if not updated on time.
Page 2 of 2