|
|
|
Home > Solutions > SAP GRC Cross-Platform > Multi Application Query Tool |
Multi-Application Query Tool (MQT)
by Greenlight
Overview
Integration with PC 2.5
Control testing and monitoring based on queries
Overview
Multi-Application Query Tool (MQT) is a query repository to create custom ad-hoc queries in a heterogeneous applications environment. The majority of organizations leverage different ERPs (Oracle, PeopleSoft), legacy applications etc. To have an effective process control, organizations need to monitor controls within all the different applications that are in use.
During an audit engagement the auditors need to analyze data for accessing the effectiveness of a control. For this purpose, auditors or control testers often create their own queries, extract data and analyze the results. Also, the business process owners may have to create query based control testing and monitoring to support their business. These queries could check configurations or analyze transaction data like "sales orders processed within the limits of customer credit limits". This MQT query feature provides the ability to add new control testing and monitoring that are not covered by the pre-delivered automated scripts.
MQT acts as a broker and invokes the query in the target application and sends the results to PC2.5 application. The following types of application codes are supported by MQT:
- PL/SQL procedures defined in an Oracle database
- SQL scripts
- People code that are developed for PeopleSoft applications
The tool may use any of the following methods to connect to the database or application:
- JDBC
- ODBC
- HTTP
- Web Service
- Custom device drivers
There are two possible ways queries can be invoked from PC 2.5. First is through the ad-hoc query option and second through the scheduler. Query execution is synchronous when invoked from the ad-hoc query option in PC 2.5 and asynchronous, when invoked through a scheduler.
The MQT tool is capable of handling reasonable amounts of results data. The tool provides the ability to restrict the number of rows returned, which is determined by the tester.
Integration with PC 2.5
The queries defined in MQT are seamlessly integrated with PC 2.5. The user experience for a query based on Oracle, PeopleSoft or any legacy application is similar to a query based on SAP.
General Flow
The following diagram shows the general flow of information.
Control Testing and Monitoring Based on Queries
The query is used for control testing and monitoring. This is achieved by creating a script based on the query.
The query is developed and stored in the target application. Users can use a tool of their choice to build the query.
Once the query is developed and tested it needs to be registered in the MQT query tool. During the registrations all the metadata related to the query are captured such as, schema, table, column and other information necessary to execute the query in a secured way. All these steps happen outside of the PC 2.5 application.
Rule Script
The user creates a rule script based on a query defined in MQT. The rule script will be of type "Query". The user can search for all the queries in the MQT by selecting the appropriate Connector. When a rule script is created, the entire "where" conditions that are part of the query are created as rule criteria automatically. If a rule script is already defined then the rule criteria need not be duplicated, but is automatically associated to the rule script. The rule criteria are displayed in the Rule Criteria tab.
Rule
Once a rule script is created the user creates a rule based on the rule script. The rule creation for the script based on MQT is identical to a rule created based on an SAP query. The user experience remains the same. The user can search on scripts based on MQT during the rule creation. User can also define a Connector.
Control Rule Assignment
The rule parameters will have the rule criteria values for the query execution. Once a rule is created the user can associate the rule to a control. The flow for testing and monitoring will be similar to that of any other automated control.
Scheduler
Once the rules are assigned to a control, the user can schedule the rule execution part of the scheduler. The scheduling for execution happens within PC 2.5. The scheduler will invoke a service in MQT. This is asynchronous and the results are returned to PC 2.5 in an XML format. The results are then stored in DMS.
|
|
|