Existing process

As per the current process following steps are carried to update the manual controls,

 An excel file with the list of manual controls are being sent to all the Risk Managers.
 Risk Managers reviews each control with respect to the system and update the status (as given
below) of each control accordingly. They revert the updated file within the specified timeline.
 1 = Compliant
 -1 = Non-Compliant
 Not Applicable
 Once the details are received from risk managers of all the landscape the data is been
consolidated in a single file according to the system, post verification the consolidated file is
shared with UI5 team.
 In turn UI5 team uploads the file to table ZGRC_PAHI in the backend, so that table data is
overwritten. The updated data will be available in the backend table and Security Dashboard.
 File used for the Q4 Manual controls review (HANA, ABAP, JAVA) and the consolidated file is
attached below,

HANA Baseline Sirius Baseline Global PI Baseline Q4_Manual

Tracking_Q4.xlsx Tracking_Q4.xlsx Tracking_Q4.xlsx Controls_26th December 2018.xlsx

1.1. Downsides of Current Process

 Manual effort is required in preparing, sending, and consolidating the manual control files.
 Manual effort is required in uploading the updated file to the custom table.
 There is no change documents/data archive available for the custom table, hence the historic
data remains in the mail or in shared folder.
 Whole process is time consuming and there are chances of Human/Manual errors.

Page 1 of 2
2. Requirement

Front-end Screen Update Refresh

Custom ZGRC_PAHI
(For RM) Table Table

 To build a custom table with the front-end screen and provide access to Risk manager for the
developed solution.
 Custom solution should allow Risk managers to update the status of each control against the
respective system. The update should be done in any of the below methods,
 Direct input in the screen
 Update the excel template locally and upload it there
 TMG for ztable
 Risk Managers should have access only to update the status of the systems belonging to their
landscape.
 Once the data against the control is updated the new data should be appended to the table,
old data should not be overwritten.
 Manual controls template file for ABAP, JAVA & HANA systems should be available for users
to download and upload.
 If the control status is updated in the table, a notification should be triggered to Governance
Team for review.
 Once the custom table is updated, there should be a mechanism to refresh the data to actual
ZGRC_PAHI table. The refresh should happen from the last updated value (Delta Refresh).
 Access to refresh the data should be available only with Governance team.
 A Reminder mail should be triggered to the risk managers to update the manual controls in
the custom solution if not updated on time.

Page 2 of 2