The purpose of this page is to clarify the understanding of the system logic and requirements in relation to Master Data Tab.
The Master Data work center holds information related to the objects that exist in the system. In order to create the Master Data, the user can upload information to the system using either MDUG (Master Data Upload Generator) or CLM (Content Lifecycle Management). The option to enter all Master Data manually is also possible, but not very used due to the amount of work necessary to do so. MDUG is only able to upload Process Control master data. For more information on the MDUG Upload process, please refer to the MDUG page.
Master Data Topics:
Under the Master Data work center, the following activities can be found:
Indirect Entity-Level Controls
Forecasting Horizon Maintenance
Leading Forecasting Horizon for Risk Categories
Risk and Control Matrix
Financial Assertions Coverage
Organization and Process Structure
Indirect Entity-Level Control Structure
Test Plan by Control
Test Step Details
Risk-based Compliance Management
Policies by Regulation
Risks Associated with Policies
Processes and Controls with Policies
Master Data Work Center:
The normal flow for Master Data configuration is:
1. Create the Organizational Hierarchy;
2. Assign Corporate and Organization Roles;
3. Create the Account Group Hierarchy;
4. Create the Control Objectives and Risks;
5. Create the Central Process Hierarchy (Business Processes);
6. Assign Subprocesses to the Organizations;
7. Assign roles to local Subprocesses and Controls;
All of these steps can be done under the Organizations link, except for:
Step 3 - Creating the Account Group Hierarchy, which is performed on Accounts.
Step 4 - Creating the Control Objectives and Risks which is done on Objects and on Risks and Responses activities.
Step 5 - Creating the Central Process Hierarchy which is done under Business Processes.
The regulations are assigned to Subprocesses and Controls under Business Processes. Indirect Entity-Level Controls and Policies. The organizations inherit the regulations when those objects are assigned to them.
It is also important to note that all Master Data within Process Control is time dependedant. The objects have a validity period, which is tied to specific Timeframes. If an organization is created and its Valid-From date is 01.01.2000 and the Valid-To date is 31.12.9999, this means that the organization can be seen on Timeframe Year when selecting year 2000 and above. It can also be seen on Timeframe Second Quarter for year 2000 or above. If the Organization was created with Valid-From as 01.10.2000, it would also appear on those 2 timeframes, but not on First Half timeframe for year 2000, since it only considers this organization as available from November 1st on year 2000, which is not part of the First Half of the year. For more information on the Timeframe concept, please refer to the GRC Timeframes Wiki.
Central and Local Objects:
The objects can also be of two types: Central Master Data and Local Master Data.
Central Objects are those that are part of the core and apply to all of the company. Organization Hierarchy, Business Processes, Control Objectives, Regulations and Policies are some example of Central Objects.
A list of Master Data Object types and their description is available below:
Regulation / Policy Group
Regulation / Policy
Regulation / Policy Req.
KRI Business Rules
Local Account Group
Local Entity-Level Ctrl.
Report (with variant)
SAP Organizational object
Workflow object method
Workflow Object Type
ALE Filter Object Combin.
ALE Split Function
ALE Filter Object
ALE Logical System