Jul 16, 2014 The Batch Risk Analysis is run as background job in GRC by using transaction GRACBATCHRA (program GRACBATCHRISKANALYSIS). This is the same batch risk analysis that is run to update the management reports and companies should be running this on a frequent basis to ensure their management reports are accurate.
PurposeThe core functionality in SAP GRC is Risk and Impact Analysis which will help the organizations to achieve their motto “GET CLEAN and STAY CLEAN”. During one of the implementations I am working for we noticed lot of issues/bugs with the risk analysis functionality and based on our findings decided to write a blog which can be useful for others to consider below scenarios during implementation ?Mitigation Policy Configuration – To restrict approvers from approving requests with Unmitigated RisksFirst enable configuration parameter 1072 – Mitigation of critical risk required before approving the request as YES. This is applicable for both Critical Action and Critical Permission Risks.Mitigation Policy can be configured using BRF+ to enforce the approvers to mitigate the risks before approving an access request. Under the Application Mapping, there is the Application ID: ‘Request Mitigation Policy’. The BRF+ Function for this App ID is maintained by default. The BRF+ rule is created to identify which risk requires mitigation and which risk does not require. If there is no BRF+ Rule created for Mitigation Policy, then please remove the entry from IMG.Once this entry is deleted, kindly execute the scenario again.
Now the Approver cannot approve the request if risks are not mitigated.