Process Details tab

Provide the required information on the following tabs :
  • Name: Provide a unique name for easy identification. If a process with the specified name already exists, Certification Manager prompts you to enter a new name. The name cannot be modified after the process is saved.
  • Description : Provide a description for the process.
  • Process Owner : Users assigned the Process Administrator role can be assigned as process owners. By default, the signed-in user who is creating the process is the process owner. To assign a different process owner:
    1. In the Process Owner autosuggest text box, provide the name of the process owner or click the Browse icon to search for the required process owner.
    2. Select the required owner from the Browse Process Owner pop-up window that is displayed and click OK. Multiple process owners can be selected.

      An email notification is sent to the process owners after the completion of the review process only if Notify Process Owner is selected on the Notifications panel of the Configuration page.

  • Sign off Owner : Certification Manager users assigned the Process Auditor role can be assigned as sign off owners.
    Assign a sign off owner as follows:
    1. In the Sign Off Owner autosuggest text box, provide the name of the required user or click the Browse icon to search for the required sign off owner. The Browse SignOff Owner pop-up window that is displayed lists all the Process Auditors in Certification Manager.
    2. Select the required Process Auditor and click OK. The sign off owner receives an email notification in the Inbox when sign-off is required for the process. The sign off owner can sign off a process only when action is taken by the assigned reviewers on all the reviews in that process occurrence.
      A sign-off is required for the process to be marked as complete. After a process is signed off, an email notification is sent to the Security Administrator for deprovisioning action on the review objects. This email notification is not sent if the deprovisioning option selected is No Action.
      Note:  If a sign off owner is assigned, the deprovisioning action can be taken on the reviews only after the process is signed-off. Whereas, if a sign off owner is not assigned, these actions are implemented after completion of all the reviews in the process.
  • Mandatory comments: This field gives you an option to enforce a comment while taking action on a review. Comments can be enforced on these actions : Approve , Deny, or Both. You can choose the options from the drop-down list. The option None is selected, by default.

    When you select an action for enforcing a comment, a comment text box pops up for the appropriate action on the Active Review page and on the Review Details page.

  • Make Commit mandatory for this Process: Select this checkbox to make the Commit option mandatory for a Process. When you select this option, the Commit option is displayed on the Active Review page. If you do not select this option, the Commit option is not available. The review is completed directly.
  • Data Sources : Data imported into Certification Manager from the selected data sources is reviewed in this process. Select the required data sources as follows:
    1. In the Data Sources autosuggest text box, provide the name of the required data source or click the Browse icon to search for the required data source. The Browse Data Sources pop-up window is displayed. All the data sources created for the application schema that is associated with the selected review type are displayed in this pop-up window.
    2. Select the required data sources and click OK. The selected data sources are displayed in a grid below.
      Note:  The deprovisioning option, that is, the final action to be taken on the review objects is displayed only after selecting the data sources.
  • Deprovisioning Options : Define the deprovisioning option, that is, the final action to be taken on denied objects. The deprovisioning options available vary according to the review type and the data source selected:
    • User/Role review process for an Infor data source : The following the deprovisioning options are available if an Infor data source is selected.
      • No Action: Select this option if no action is to be taken. The process can be signed-off immediately by the Super User or Process Auditor.
      • Notify Security Administrator: Select this option if the administrator should be notified by email when a review is rejected. Provide the name of the Administrator in the autosuggest text box or click the Browse icon to search for the required Administrator. Certification Manager users with a valid email ID are displayed in the Browse Security Administrator pop-up window. Select the required user and click OK.
    • Role/User review process for an Infor data source : The following the deprovisioning options are available if an Infor data source is selected.
      • No Action: Select this option if no action is to be taken. The process can be signed-off immediately by the Super User or Process Auditor.
      • Notify Security Administrator: Select this option if the administrator should be notified by email when a review is rejected. Provide the name of the Administrator in the autosuggest text box or click the Browse icon to search for the required. Administrator. Certification Manager users with a valid email ID are displayed in the Browse Security Administrator pop-up window. Select the required user and click OK.
    • User/Role review process for a Lawson data source : The following the deprovisioning options are available if a Lawson data source is selected.
      • No Action: Select this option if no action is to be taken. The process can be signed-off immediately by the Super User or Process Auditor.
      • Notify Security Administrator: Select this option if the administrator should be notified by email when a review is rejected. Provide the name of the Administrator in the autosuggest text box or click the Browse icon to search for the required Administrator. Certification Manager users with a valid email ID are displayed in the Browse Security Administrator pop-up window. Select the required user and click OK.
    • Role/User review process for a Lawson data source : The following the deprovisioning options are available if a Lawson data source is selected.
      • No Action: Select this option if no action is to be taken. The process can be signed-off immediately by the Super User or Process Auditor.
      • Notify Security Administrator: Select this option if the administrator should be notified by email when a review is rejected. Provide the name of the Administrator in the autosuggest text box or click the Browse icon to search for the required Administrator. Certification Manager users with a valid email ID are displayed in the Browse Security Administrator pop-up window. Select the required user and click OK.
    • User/Role review process for a IRC SAP, Oracle, PeopleSoft FI or PeopleSoft HR data source : The following the deprovisioning options are available if the data source selected is a IRC SAP, Oracle or PeopleSoft connection.
      • No Action: Select this option if no action is to be taken on rejected objects. The process can be signed-off immediately.
      • Notify Security Administrator: Select this option if the Administrator of the selected ERP should be notified by email when a user, role, or responsibility has been rejected. Provide the name of the Administrator in the autosuggest text box or click the Browse icon to search for the required Administrator. The Browse Security Administrator pop-up window is displayed. Select the required user and click OK.
      • Create Access Manager Request to Revoke Access: Select this option to create a request to revoke ERP access for rejected reviews. This option is available only if IRC Access Manager is installed on your machine. A Role Assignment Management request is automatically created in Access Manager after the entire process is completed. This Role Assignment Management request creates a request to revoke ERP access for rejected objects. In this case, the Super User or the Process Auditor can sign off the process, only after a request is created in Access Manager.
        Note:  When working with Oracle and PeopleSoft, all responsibilities or roles assigned to a user cannot be revoked; at least one responsibility or role must be assigned for the request to be successfully created.
      • Use Access Manager to Directly Revoke Access: This is applicable only for SAP and Oracle. Select this option to effect direct write-back to the ERP system when a review is completed. Write-back takes place only when a role, responsibility or user has been rejected and committed by an assigned stage reviewer. For example, if a user is assigned two roles R1 and R2, of which R1 is rejected, this rejection is written back to the ERP.
    • Role/User review process for a IRC SAP, Oracle, PeopleSoft FI or PeopleSoft HR data source : The following deprovisioning options are available if the application selected is a IRC SAP, Oracle or PeopleSoft connection:
      • No Action: Select this option if no action is to be taken on rejected objects. The process can be signed-off immediately.
      • Notify Security Administrator: Select this option if the Administrator of the selected ERP system should be notified by email when a user, role, or responsibility has been rejected. Provide the name of the Administrator in the autosuggest text box or click the Browse icon to search for the required Administrator. The Browse Security Administrator pop-up window is displayed. Select the required user and click OK.
      • Create Access Manager Request to Revoke Access: Select this option to create a request to revoke access for rejected reviews. This option is available only if Continuous Monitoring Access Manager is installed on your machine. A Role Assignment Management request is automatically created in Access Manager after the entire process is completed. In this case, the Super User or the Process Auditor can sign off the process; only after a request is created in Access Manager.
        Note:  When working with Oracle or PeopleSoft, all responsibilities or roles assigned to a user cannot be revoked; at least one responsibility or role must be assigned for the request to be successfully created.
      • Use Access Manager to Directly Revoke Access: This is applicable only for SAP and Oracle. Select this option to  directly write-back to the ERP system when a review is completed. Write-back takes place only when a role, responsibility or user has been denied and committed by an assigned reviewer. For example, if a user is assigned two roles R1 and R2, of which R1 is rejected, this rejection is written back to the ERP.
    • Infor Risk & Compliance Rule Book/Rule review process : The following deprovisioning options are available:
      • No Action: Select this option if no action is to be taken. The process can be signed-off immediately by the Super User or Process Auditor.
      • Notify Security Administrator: Select this option if the Administrator of the selected ERP system should be notified by email when a rule in the rule book has been denied. Provide the name of the Administrator in the autosuggest text box or click the Browse icon to search for the required Administrator. Certification Manager Administrators with a valid email ID are displayed in the Browse Security Administrator pop-up window. Select the required user and click OK.
    • Control Ownership review process : The following deprovisioning options are available:
      • No Action Select this option if no action is to be taken. The process can be signed-off immediately by the Super User or Process Auditor.
      • Notify Security Administrator Select this option if the Administrator of the selected ERP system should be notified by email when a review is denied. Provide the name of the Administrator in the autosuggest text box or click the Browse icon to search for the required Administrator. Certification Manager Administrators with a valid email ID are displayed in the Browse Security Administrator pop-up window. Select the required user and click OK
    • Custom review process : For custom processes the following deprovisioning options are available:
      • No Action Select this option if no action is to be taken. The process can be signed-off immediately by the Super User or Process Auditor.
      • Notify Security Administrator Select this option if the administrator should be notified by email when a review is rejected. Provide the name of the Administrator in the autosuggest text box or click the Browse icon to search for the required Administrator. Certification Manager users with a valid email ID are displayed in the Browse Security Administrator pop-up window. Select the required user and click OK
      Note: If multiple data sources are selected, define the deprovisioning options for each data source separately.

Click Next to proceed to the Filters tab.