Process Control facilitates the monitoring of data to ensure controls in your ERP system are operating effectively, and to identify weaknesses or potential deficiencies on a timely basis. You can create the following monitoring controls within Process Control to identify exceptions in your ERP system based on your deficiency parameters:
Configuration Controls – to identify potential unauthorized configuration settings or parameters in the ERP system.
Master Data Controls – to identify suspect master data in the ERP system.
Transaction Data Controls – to identify unusual business transactions in the ERP system
You can customize your automated monitoring controls to review data based on your filter parameters and test period. You then schedule the automated monitoring controls at any frequency you choose based upon your configuration.
Note
If issues are identified for automated control monitoring, redoing the monitoring control for the same period returns the same results. For this reason and to ensure that issues are identified on a timely basis, some companies perform control monitoring more frequently than either manual testing or automated testing of control effectiveness.
Automated test rules can automate your monitoring procedures. The rule filters and the deficiencies set within them identify exceptions in the data within the ERP system. For more information, see Performing Automated and Semi-automated Tests of Effectiveness, Creating a Business Rule, and Creating and Changing Data Sources.
If exceptions are found, the system automatically creates an issue when exceptions are Identified.
If no exceptions are found, no results are returned. The activity is logged with an Adequate deficiency rating in the Job Monitor. If you discover an issue that should be addressed, you can create an ad hoc issue, regardless of the deficiency rating. For more information, see Identifying, Creating and Assigning Ad Hoc Issues.
The following figure illustrates the steps in performing automated controls monitoring:
A monitoring control may be semi-automated based on its control design. However, if issues are found, the workflow tasks between automated and semi-automated control monitoring are the same. Shown below is the test failure routing for automated and semi-automated control monitoring based upon delivered business content.
Note
The receiver of issues and tasks in the table below represent the predelivered configuration by SAP. You can define your own settings in the Customizing activity found at
. For more information, see the SAP BusinssObjects Process Control 10.0 Security Guide.Rule with Issue Deficiency Rating |
Automated: Issues Go to |
Semiautomated: Issues Go to |
---|---|---|
Rule with Deficiency (H/M/L) |
Control Owner |
Control Owner |
Rule with Review Required |
Control Owner |
Control Owner |
Rule with No Deficiency |
N/A |
N/A |
Process Control performs automated control monitoring based on the schedule you create in the Monitoring Scheduler. The schedule triggers the monitoring in the ERP system based upon the rules to determine if the data represents an exception. For more information, see Creating a Business Rule and Assigning a Business Rule to a Control.
The ERP system returns any exceptions to Process Control. The issues have a deficiency rating of High, Medium, Low, or Review Required, depending on the rule settings. You define your tolerance settings for deficiencies in the rule.
If no exceptions are identified, the monitoring job schedule is completed and no workflow is required. The job monitor shows that the job has completed its execution with Adequate deficiency rating.
If you discover an issue that should be addressed, you can create an ad hoc issue, regardless of the deficiency rating. For more information, see Identifying, Creating and Assigning Ad Hoc Issues.
If exceptions are identified, this automatically creates an issue. The system routes the issue to the person assigned the task to receive the issues. In the delivered Business Configuration (BC) set, this person has the Control Owner role.
Note
You have the option of assigning the task to another role, depending on your business requirements and organization.