Purpose
The purpose of this page is to clarify the understanding of the system logic and requirements in relation to Master Data Tab.
Overview
The Master Data work center holds information related to the objects that exist in the system. In order to create the Master Data, the user can upload information to the system using either MDUG (Master Data Upload Generator) or CLM (Content Lifecycle Management). The option to enter all Master Data manually is also possible, but not very used due to the amount of work necessary to do so. MDUG is only able to upload Process Control master data. For more information on the MDUG Upload process, please refer to the MDUG page.
Master Data Topics:
Under the Master Data work center, the following activities can be found:
Indirect Entity-Level Controls
Forecasting Horizon Maintenance
Leading Forecasting Horizon for Risk Categories
Consolidated Balances
Organization Balances
Consistency Checks
Risk and Control Matrix
Risk Coverage
Financial Assertions Coverage
Organization and Process Structure
Indirect Entity-Level Control Structure
Test Plan by Control
Test Step Details
Change Analysis
Audit Log
Risk-based Compliance Management
Policies by Regulation
Policy Versions
Risks Associated with Policies
Processes and Controls with Policies
Regulation/Requirement-Control Coverage
Control-Regulation/Requirement Coverage
Master Data Work Center:
The normal flow for Master Data configuration is:
1. Create the Organizational Hierarchy;
2. Assign Corporate and Organization Roles;
3. Create the Account Group Hierarchy;
4. Create the Control Objectives and Risks;
5. Create the Central Process Hierarchy (Business Processes);
6. Assign Subprocesses to the Organizations;
7. Assign roles to local Subprocesses and Controls;
All of these steps can be done under the Organizations link, except for:
Step 3 - Creating the Account Group Hierarchy, which is performed on Accounts.
Step 4 - Creating the Control Objectives and Risks which is done on Objects and on Risks and Responses activities.
Step 5 - Creating the Central Process Hierarchy which is done under Business Processes.
Regulations:
The regulations are assigned to Subprocesses and Controls under Business Processes. Indirect Entity-Level Controls and Policies. The organizations inherit the regulations when those objects are assigned to them.
Timeframes:
It is also important to note that all Master Data within Process Control is time dependedant. The objects have a validity period, which is tied to specific Timeframes. If an organization is created and its Valid-From date is 01.01.2000 and the Valid-To date is 31.12.9999, this means that the organization can be seen on Timeframe Year when selecting year 2000 and above. It can also be seen on Timeframe Second Quarter for year 2000 or above. If the Organization was created with Valid-From as 01.10.2000, it would also appear on those 2 timeframes, but not on First Half timeframe for year 2000, since it only considers this organization as available from November 1st on year 2000, which is not part of the First Half of the year. For more information on the Timeframe concept, please refer to the GRC Timeframes Wiki.
Central and Local Objects:
The objects can also be of two types: Central Master Data and Local Master Data.
Central Objects are those that are part of the core and apply to all of the company. Organization Hierarchy, Business Processes, Control Objectives, Regulations and Policies are some example of Central Objects.
A list of Master Data Object types and their description is available below:
A | Work Center |
AC | Rule |
AG | Role |
BA | Appraisal |
BG | Criteria group |
BK | Criterion |
BP | Business partner |
BS | Appraisal model |
C | Job |
CP | Central person |
FA | Application Component |
H | External person |
JF | Job Family |
LB | Career |
O | Organizational unit |
O0 | Risk Category |
O1 | Central Risk |
O4 | KRI Implementation |
O5 | KRI Instance |
O6 | Activity Group |
O7 | Activity Category |
O8 | Regulation / Policy Group |
O9 | Regulation / Policy |
OA | KRI Template |
OB | Regulation / Policy Req. |
OE | Activity |
OF | Risk |
OG | Objective |
OK | KRI Business Rules |
OL | Opportunity |
OM | Opportunity Category |
OR | Legal entity |
OS | Central Opportunity |
OT | Enterprise Object |
P | Person |
P0 | Local Process |
P1 | Local Subprocess |
P2 | Local Control |
P3 | Referenced Control |
P4 | Business rule |
P5 | Central Control |
P6 | Account Group |
P7 | Entity-Level Control |
P8 | Local Account Group |
P9 | Local Entity-Level Ctrl. |
PK | Central Process |
PL | Central Subprocess |
PM | Control Objective |
PN | Risk |
PQ | Test Plan |
Q | Qualification |
QB | Qualification Block |
QK | Qualification group |
RE | Report (with variant) |
RY | Responsibility |
S | Position |
SO | SAP Organizational object |
T | Task |
TG | Task Group |
TR | Transaction |
TS | Standard task |
U | Company |
UG | User group |
US | User |
VA | Appraisal Template |
VB | Criteria Group |
VC | Criterion |
VH | Process Item |
WE | Workflow Event |
WF | Workflow Task |
WI | Work Item |
WM | Workflow object method |
WO | Workflow Object |
WS | Workflow Template |
WT | Workflow Object Type |
XC | ALE Filter Object Combin. |
XF | ALE Split Function |
XG | Expert Group |
XO | ALE Filter Object |
XP | Expert |
XS | ALE Logical System |