This document provides a quick reference guide for 12 GRC reports in MIT's system. It lists each report's name and use, what information it contains, and how to access it. The reports provide insights into risk violations, user behavior, access rules, role assignments, transaction usage, and mitigating controls to help understand and manage risk exposure.
This document provides a quick reference guide for 12 GRC reports in MIT's system. It lists each report's name and use, what information it contains, and how to access it. The reports provide insights into risk violations, user behavior, access rules, role assignments, transaction usage, and mitigating controls to help understand and manage risk exposure.
This document provides a quick reference guide for 12 GRC reports in MIT's system. It lists each report's name and use, what information it contains, and how to access it. The reports provide insights into risk violations, user behavior, access rules, role assignments, transaction usage, and mitigating controls to help understand and manage risk exposure.
01 Risk Violations This report can be used to gain Risk count by risk level and Navigate to the ‘Reports and Click on the ‘Risk Violations’ insight into MIT’s overall process. Analytics’ tab. report located in the ‘Access exposure to risk. The report Dashboards’ section. provides an overview of risk violations across all MIT ECC systems. 02 User Analysis This report can be used to gain Risk count by risk type and Navigate to the ‘Reports and Click on the ‘User Analysis’ insight into MIT’s overall user. Analytics’ tab. report located in the ‘Access exposure to risk. The report Dashboards’ section. provides an overview of user violations across all MIT ECC systems. 03 Violations Comparisons This report can be used to gain Violation count and Navigate to the ‘Reports and Click on the ‘Violations insight into the progress MIT is comparison over time. Analytics’ tab. Comparisons’ report located in making with respect to the ‘Access Dashboards’ reducing and mitigating risk section. exposure. The report provides an overview of violations remediation/mitigation progress. 04 Access Rule Library This report can be used to Rule count by risk level and Navigate to the ‘Reports and Click on the ‘Access Rule understand MIT’s GRC rule set. process. Analytics’ tab. Library’ report located in the The report provides an ‘Access Dashboards’ section. overview of risk rules in GRC. 05 SUIM Roles by Role Name This report can be used to Report shows: Execute transaction SUIM (in Click on the ‘Roles’ node and understand the mapping List of transaction ECC) double click on the option for between single and composite codes included in the “By Role Name” roles. The report displays roles which single roles are assigned Other composite roles Or use Transaction Code to a composite role. which have a selected S_BCE_68001418 single role Users assigned to the roles GRC Reports – Quick Reference Guide
Report Use Information How do I get to it?
06 User to Role Relationship This report can be used to List of all users with access to a Navigate to the ‘Reports and Click on the ‘User to Role determine all users assigned to particular role or set of roles. Analytics’ tab. Relationship’ report located in a role. the ‘Role Management Reports’ section. 07 Role Relationship with User - This report can be used to List of all roles assigned to a Navigate to the ‘Reports and Click on the ‘Role Relationship User Group determine what roles are user or users in a user group. Analytics’ tab. with User / User Group’ report assigned to a user. located in the ‘Role Management Reports’ section. 08 SUIM Users by User ID This report can be used to Roles and profiles assigned to Execute transaction SUIM (in Click on the “User” node and display which roles users have users. ECC) then “Users by Complex and compare their access by Selection Criteria”. Then double sorting by role. click on the option for “By User ID”
Or use Transaction Code
S_BCE_68001394 09 Count Authorizations for Users This report can be used to view Roles and profiles assigned to a Navigate to the ‘Reports and Click on the ‘Count the roles and profiles assigned user/users (composite roles are Analytics’ tab. authorization for Users’ report to a user. not included; however, single located in the ‘Security Reports’ roles assigned via composite section. roles are) along with the number of authorizations in each. 10 Action Usage by User Role and This report can be used to Count and last execution of Navigate to the ‘Reports and Click on the ‘Action Usage by Profile determine transaction usage by transaction usage by a user or Analytics’ tab. User, Role and Profile’ report a user. set of users during a period or located in the ‘Security Reports’ on a particular date. section. 11 Mitigation Control Report This report can be used to find Approvers, monitors and risks Navigate to the ‘Reports and Click on the ‘Mitigation Control information on the mitigating mitigated by a mitigating Analytics’ tab. Report’ report located in the controls defined in GRC. control as defined in the ‘Access Risk Analysis Reports’ system. section. GRC Reports – Quick Reference Guide
Report Use Information How do I get to it?
12 User Level This report can be used analyze SODs, critical actions or Navigate to the ‘Access Click on the ‘User Level’ report for risk violations at the user permissions and critical roles or Management’ tab. located in the ‘Access Risk level. The report can also be profiles. Analysis’ section. used to find the mitigating controls assigned to users, as well as any invalid mitigating control assignments. 13 User Level Simulation This report can be used carry New risk violations that will Navigate to the ‘Access Click on the ‘User Level out simulations at the user result due to changes to user Management’ tab. Simulation’ report located in level for the purpose of access. the ‘Access Risk Analysis’ understanding whether the section. addition or removal of certain access either creates or eliminates SODs and other risks. 14 Role Level This report can be used analyze SODs, critical actions or Navigate to the ‘Access Click on the ‘Role Level’ report for risk violations at the role permissions. Management’ tab. located in the ‘Access Risk level. Analysis’ section. 15 Role Level Simulation This report can be used carry New risk violations that will Navigate to the ‘Access Click on the ‘Role Level out simulations at the role level result due to changes to roles. Management’ tab. Simulation’ report located in for the purpose of the ‘Access Risk Analysis’ understanding whether the section. addition or removal of certain access either creates or eliminates SODs and other risks. 16 Profile Level This report can be used analyze SODs, critical actions or Navigate to the ‘Access Click on the ‘Profile Level’ for risk violations at the profile permissions. Management’ tab. report located in the ‘Access level. Risk Analysis’ section. 17 Profile Level Simulation This report can be used carry New risk violations that will Navigate to the ‘Access Click on the ‘Role Level out simulations at the profile result due to changes to Management’ tab. Simulation’ report located in level for the purpose of profiles. the ‘Access Risk Analysis’ understanding whether the section. addition or removal of certain access either creates or eliminates SODs and other risks.