Show TOC

Process documentationPerforming Automated Testing and Monitoring Locate this document in the navigation structure

 

You can automate the testing of control effectiveness and monitoring of controls in the ERP system. All automated tests of effectiveness and monitoring of controls use automated test rules to determine the exception data to extract from the ERP system. The following graphic illustrates that an automated test rule is assigned to a control within Process Control to run a program within the ERP system to test or monitor data in the ERP system:

This graphic is explained in the accompanying text.

You can use automated test rules to do the following:

  • Transaction data — Identify transactions based on thresholds or identify transactions outside of the tolerance settings

  • Configuration data — Monitor all or specific changes to configuration settings, identify values within configuration settings, or perform blank checks.

  • Master data — Monitor all or specific changes to master data, identify values of critical fields, or perform blank checks.

Process Control records historical information in a change log to monitor changes to configuration settings and master data over the entire timeframe of the control. For more information, see the SAP Access Control 10 / Process Control 10 / Risk Management 10 Operations Guide.

You can use automated test rules to fully or partially automate the testing of a control, as follows:

  • Fully automated testing — The system determines the control rating and creates issues for remediation processing, based on test results.

  • Semi-automated testing — You manually review the test results and determine the control rating and the issues for remediation.

Process

  1. Create a business rule

    You must create a rule and define your testing or monitoring parameters. You create and maintain the rules by choosing:   Rule Setup   Continuous Monitoring   Business Rules  .

  2. Assign business rules to controls

    You assign one or more automated test rules to the control that you want to test or monitor. You can also specify one or more testing or monitoring frequencies for each control-rule assignment. You assign the rules to the controls by choosing:   Rule Setup   Continuous Monitoring   Business Rule Assignment  . For more information, see Assigning a Business Rule to a Control.

  3. Schedule the monitoring or the test of control effectiveness

    • You use the Scheduler to schedule a control monitoring job. See Schedule a Continuous Monitoring Job.

    • You use the Process Control Planner to schedule control effectiveness testing. This executes the rules based upon the business rule assignments. The monitoring schedule and control effectiveness testing can recur regularly or execute on a one-time basis.

The system executes the testing and monitoring activities as follows:

  1. On the start date, Process Control executes the test or monitoring activities and passes the rule information to the program (plug-in) in the ERP system.

  2. The program executes based upon the business rule assignment.

    1. The business rules identify exceptions in configuration data and transaction data based on the rule for a given period.

    2. When the rule execution is complete, the program on the ERP system sends an exception report to Process Control.