Governance, Risk

& Compliance
(GRC)
- COIS Logistics Team
GRC
•4 Components
•UAM – User Access Management
•User Management
•ESS to R/3
•R/3 to ESS (Will be done by IS)
•ARM – Access Risk Management
•Assess Risk Analysis
•RM - Role Management
•COIS Core team
•EAM - Emergency Access Management
•COIS Core team
UAM – User Access Management
• GRC system will be used to access Roles/Authorizations by
users for SAP system which will replace existing YAUTH Role
based Authorization.
• User Management
• ESS to R/3
• R/3 to ESS (Will be done by IS)
UAM
• Can be accessed through ESS portal

• Available to all Active Users

• No separate Id, Password required
• Business Process based on User’s PSA i.e., Department
• E-Mails Notifications for Request
Creation/Approval/Cancellation/Rejection
• All Approvers are derived from HR data maintained in the SAP.
Home Screen
Requester for BP - MM
Normal Access
Requester for BP - MM
Request Status
Requester for BP - MM
Work Inbox
Help Manual
Help Manuals & Videos kept in GRC help files in ESS help
Approver for BP - MM
Normal Access
i. Only 1 level of approver
ii. Approver will be Location-in-charge in grade ‘G’ or below , if
not found then reporting manager(RM) Grade ‘F’ or above.
Approver for BP - MM
Critical Access - Except Pipelines & BD Div.
i. 2 levels of approver
ii. 1st Level will be same as for Normal Access.
iii. 2nd level approver will be departmental HOD with grade H or
above
• If grade of HOD is less than 'H' then Reporting Manager(RM) of
HOD - grade H and above
• For PSA- 'SIC0', RM of LIC - Grade H and above
Approver for BP - MM
Cross Plant Access - Except Pipelines & BD Div.
i. 2 levels of approver
ii. 1st Level will be same as for Normal Access
iii. 2nd Level Approver will be departmental HOD with grade H and above
same as Functional head for target Plant (Same Company Code)
a. When Plant is for different company code then 1st check grade H and above with
same PSA in target Plant.
b. In case same PSA of H and above is not available then check for senior most grade
available in the Target Plant then search for its parent department till grade H and
above not found.
c. In case same PSA is not available then look for State Head of target Plant for
Marketing Division and Unit head of target plant for Pipeline & Refinery.
Approver for BP - MM
Cross Module Access
i. Roles/Authorizations for another plants/Department/Module
ii. Critical roles not allowed
iii.2 levels of approver
iv. 1st Level will be same as for Normal Access
v. If User’s PSA not mapped to BP FI/SD/MM/HR- their first level approver
will be his/her reporting manager not below grade “F”
vi. 2nd Level Approver for SD & MM will be as per table in the next slide
 Type of Location (Selected Plant) Second Level Approver

Co. Code Functional Head of location In charge

Operating Locations of selected plant. Company Code to be picked

Approver for BP - MM
like Depot, Terminal,
Bottling Plants
Operating Locations like Lube Plants
Operation locations -
from Selected Plant. Function/PSA to be picked
from Location In charge of selected plant
If selected plant is Operating Lubes Plant, then
L2 approver will be Marketing Head Offi ce
(Company Code 0100) Functional HOD (Function
is identified based on PSA of Location I/c of
selected plant)

Cross Module Access

AFS
Operation locations -
QC (user belongs to PSA QC00 and
belongs to Marketing Division)
Regional Aviation Head of selected plant
Regional QC Head of selected plant with
exception if QC
department is for all
North East zone (NEZ)
users (logic- user’s CC =
7200 and user’s PSA =
‘QC00’), there approver
is Zonal Services Digboi
Head

Co. Code Functional HOD of the selected Dept.

Logic given below:

Co. Code to be picked from the selected Plant

Code
Function/PSA to be picked from Selected Dept.
Area Mapping of PSA to Dept. will be maintained in
Offi ce/Divisional the table 'ZGRC_T_PSA'. (A new Column Dept. is
offi ce (AO/DO) to be added & will be a Primary key)
State Offi ce/Regional
offi ce (SO/RO) State Head/Regional Head of selected plant

Co. Code Functional HOD of the selected Dept.

Logic given below:

Co. Code to be picked from the selected Plant

Code
Marketing HO, Function/PSA to be picked from Selected Dept.
Refinery HQ, Pipeline Mapping of PSA to Dept. will be maintained in
HO, R&D, the table 'ZGRC_T_PSA'. (A new Column Dept. is
Corporate Offi ce, to be added & will be a Primary key)
Refineries
Pipeline Regional head of the selected plant's
Pipeline plants other Pipeline HO Co. Code
IF the selected plant belongs to Cryogenics
Division then Approver will be location-in-
charge of PA - 'INC1'
IF the selected plant belongs to Explosives
Explosives / Division then Approver will be location-in-
Cryogenics charge of PA - 'IOE5'
Approver for BP - MM

Non-Employee Access - New Role Naming Convention (Ending with CON)

i. Request can be created by IOCL user only for Non-Employee Access
ii. Only 1 level of approver
iii. Approver will be Location-in-charge in grade “G’’ or below , if not found
then reporting manager Grade ‘F’ or above.
Approver for BP - MM

Self-Approver
i. Requestor with Grade ‘G’ & above
ii. Location-in-charge
iii. Functional HODs
Approver for BP -
MM
Normal Access - BD Division
Location Type Type of User L1 Approver
Sales Offi ce (other than Gas,
Chennai) Any user Zonal Offi ce I/c
Sales Offi ce (only for Gas, Other than Location I/c Location I/c
Chennai) Location I/c Self-approved
Other than Location I/c Location I/c
Zonal Office Location I/c Self-approved
Operating Terminals (other Other than Location I/c Location I/c
than Gas Terminal, Ennore Location I/c Self-approved
For requestor grade upto 'F' --> Rep.
Mgr. G & above
Operating Terminals (only
Gas Terminal, Ennore and For Requestor grade G & above --> "Self
Gas Terminal, Dahej) Any user Approved"
Other than Location I/c Location I/c
R&D and QC Lab Location I/c Self-approved

Other than HOD For requestor grade upto 'F' --> Rep.
Mgr. G & above

For Requestor grade G & above --> "Self

Head Offi ce HOD Approved"

Nodal Offi ce Requestor grade is less than 'G' Reporting Manager Grade 'F' and above
Requestor's grade 'G' & above Self-approved
Approver for BP -
MM

• Critical Access & Cross Plant - Target plant is in BD Division

i. 1st Level will be same as for Normal Access
ii. 2nd level Approver will be Rep. Mgr. H & above
• Cross Module - Target BP is SD or MM
i. Head Office Functional HOD (function to be determined from
department selected under Cross Module)
Approver for BP -
MM

• Critical Access - Pipeline Division

i. 1st Level will be same as for Normal Access
ii. 2nd level Approver will be Rep. Mgr. H & above
• Cross Plant – Target plant in Pipeline Division
• Requestor’s plant = ‘9200’ then Functional Head with grade H & above in the Requestor’s Co. Code
• Else
• Target Plant = ‘9200’ then Functional Head with grade H & above in the target Co. Code
• Else
• If the target plant other than 9200 then Pipeline Regional head of the target Co. Code
Thank You