The purpose of this WIKI page is to explain the Integration with Bow-Tie Builder in Risk Management 10.0, on how this integration works, to what extend it is supported and requirements to be considered.
The Bow-Tie Builder scenario is one of the supported integration scenarios in Risk Management 10.0, this page contains 2 sections explaining the scope of this integration, which will explain utilizing the existing risk in Risk Management in this scenario and creating of a new risk with template from Business Suite (referred as BS in the follwoing contexts) interaction.
Existing Risk in GRC-RM:
There has been a risk created at an earlier occasion in GRC-RM. In the Business Suite processes it is necessary to update this risk with a new assessment, a new/changed response etc. The Business Suite application must know the risk_ID of the GRC-Risk, then the WD-application containing the Bow-Tie Buider can be called via an URL link with Risk_id as an URL-parameter. All actions inside GRC-RM can be done, data is persisted in GRC-RM only. No notification is sent back to Business Suite.
The list of existing risks (in case Business Suite application has not stored the context) can be retrieved using a PIC-enabled Webservice.
Creation of a new risk with Template from Business Suite interaction:
In a process flow in Business Suite it is necessary to create a new risk in GRC-RM using a pre-configured risk template (basically a risk skeleton with preconfigured, drivers, impacts, KRI templates and response templates for typical actions). The risk template has to be build using GRC-RM's native WD-ABAP based shared risk catalogue or can be uploaded via CLM.
The list of available risk templates can be retrieved via a PIC-enabled Webservice, same as the list of available GRC Orgunits.
The critical point is the context mapping between Business Suite objcets (can be any from ERP, EH&S etc.) with the risk and the GRC Orgunit. The GRC Orgunit must be given by the suite as an input parameter to GRC-RM, same as the ID of the risk template. It is assumed that a customer has a running scenario of how to distribute OU's across his company, e.g. ALE.
To later find the created risk again in the context of Busines Suite application the following scenario will be used:
Busines Suite application gives while calling risk creation an Identifier as a URL-Parameter that describes the Business Suite context (e.g. encoded workplace, company code, plant etc.).
GRC-RM will create a table that holds the combination of Suite Identifier and the ID of the new created risk when saving that risk. An RFC will be made available to expose this relationship to Business Suite in a subsequent call. In case Business Suite will call later that new created risk to proceed with analysis or response creation, it simply asks for a gibven context GRC to give list of all risk-IDs for that context, then the bow-tie builder can be called in mode 1 (see above) for further processing.