https://community.sap.com/t5/additional-q-a/grc-reports-and-analytics/qaa-p/11930225#M154758 <HTML><HEAD></HEAD><BODY><P>Massoud,</P><P></P><P>I work with several clients and this depends on the setup. Each company is different and uses different processes and functionalities. Therefore there is no guideline what and how often should be analyzed. E.g. if you are using Access Request Management to provision users, then you maybe want to check open requests, overdue requests, maybe you are using SLAs, then you need to check them, etc. etc. etc.</P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P>Alessandro</P></BODY></HTML> Mon, 19 Sep 2016 13:31:22 GMT alessandr0 2016-09-19T13:31:22Z https://community.sap.com/t5/additional-q-a/grc-reports-and-analytics/qaq-p/11930224 <HTML><HEAD></HEAD><BODY><P>Hi Folks</P><P></P><P>For the much experienced GRC 10 Consultants I would like to ask: what are the most, say 10 or 20, GRC reports a GRC/SAP Security Consultant will run on daily, weekly, monthly or annually as part of GRC/SAP Security work operations.</P><P></P><P>regards</P><P>Massoud</P></BODY></HTML> Mon, 19 Sep 2016 08:30:19 GMT https://community.sap.com/t5/additional-q-a/grc-reports-and-analytics/qaq-p/11930224 former_member251721 2016-09-19T08:30:19Z https://community.sap.com/t5/additional-q-a/grc-reports-and-analytics/qaa-p/11930225#M154758 <HTML><HEAD></HEAD><BODY><P>Massoud,</P><P></P><P>I work with several clients and this depends on the setup. Each company is different and uses different processes and functionalities. Therefore there is no guideline what and how often should be analyzed. E.g. if you are using Access Request Management to provision users, then you maybe want to check open requests, overdue requests, maybe you are using SLAs, then you need to check them, etc. etc. etc.</P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P>Alessandro</P></BODY></HTML> Mon, 19 Sep 2016 13:31:22 GMT https://community.sap.com/t5/additional-q-a/grc-reports-and-analytics/qaa-p/11930225#M154758 alessandr0 2016-09-19T13:31:22Z https://community.sap.com/t5/additional-q-a/grc-reports-and-analytics/qaa-p/11930226#M154759 <HTML><HEAD></HEAD><BODY><P>HI Alessandro</P><P>Thanks for the reply. May be I should have been more specific.</P><P>I am new to GRC10 hence the question. But I have history with older versions.</P><P></P><P>If you for example look at the header " access management" under the Reports and analytic you will see there are over 47 reports. Surely, not all of them will be used on the operation of GRC on daily or weekly basis by the GRC consultant or other stake holders/responsible who need GRC for its reports. ?</P><P></P><P>regards</P><P>Massoud</P></BODY></HTML> Mon, 19 Sep 2016 22:33:32 GMT https://community.sap.com/t5/additional-q-a/grc-reports-and-analytics/qaa-p/11930226#M154759 former_member251721 2016-09-19T22:33:32Z https://community.sap.com/t5/additional-q-a/grc-reports-and-analytics/qaa-p/11930227#M154760 <HTML><HEAD></HEAD><BODY><P>Massoud,</P><P></P><P>as I mentioned it depends on the setup. Personally I do use these reports once I have to check something. E.g. with the UAR History Report or UAR Status Report I check the status after I have ran UAR reviews. Others like Requests with conflicts and mitigations can be used to analyze requests.</P><P></P><P>Rather than the Reports and Analytics tab I more often use the application "Search Request" and "Provisioning Logs". </P><P></P><P>It all depends on your function and what you need to check. There is no right or wrong.</P><P></P><P>Regards,</P><P>Alessandro</P></BODY></HTML> Tue, 20 Sep 2016 11:36:02 GMT https://community.sap.com/t5/additional-q-a/grc-reports-and-analytics/qaa-p/11930227#M154760 alessandr0 2016-09-20T11:36:02Z https://community.sap.com/t5/additional-q-a/grc-reports-and-analytics/qaa-p/11930228#M154761 <HTML><HEAD></HEAD><BODY><P>Massoud,</P><P></P><P>As a GRC admin, my experience is much like Alessandro's: I too use the Search Request function more often than the reports on the Reports and Analytics tab. It is only when specific questions arise, such as questions about the mitigated objects or the available mitigating controls, that I need to run any of those reports. They are more for the business, and it is your job as the GRC expert to figure out which of those reports will meet the needs of your business users. If you do not yet know what the pain points of your business users are, you might need to ask them. We run the SOD reports on users and roles and distribute them monthly as a courtesy to our key users, and the User Access Review reports are run during UAR periods. There is no way that Alessandro or anyone here can tell you which ones will be helpful to you or to your users. That is for you to figure out, by running them and seeing what information is returned. That is why they pay you the big bucks <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.sap.com/108/images/emoticons/happy.gif"></SPAN></P><P></P><P>Gretchen</P></BODY></HTML> Tue, 20 Sep 2016 12:06:49 GMT https://community.sap.com/t5/additional-q-a/grc-reports-and-analytics/qaa-p/11930228#M154761 Former Member 2016-09-20T12:06:49Z