GRC (governance, risk, and compliance) provides several Solutions to boost your business with SAP and lets you quickly adapt to changes in business, technology, and regulations,
Then make better decisions by visualizing the impact of risk on performance, by integrating key GRC activities into your existing business processes, This helps to reduce the complexity and costs while maintaining the company's reputation
The following topics are included in the course:
Access Risk Analysis:
An access risk when available to a single user (or single role, profile, or HR Object), It is possible to create fraud or errors unintended.
It is important to determine access through two axes risks, the first axis: additional control to ensure that your organization is operating appropriately. The second axis: monitor and control these risks to proactively prevent users from exploiting vulnerabilities to commit fraud or post unintentional errors.
Access Control enables you to specify the following types of access risks:
Segregation of Duties:
Mean the possibility of a single individual from performing the function of one or more control of the process from beginning to end without the involvement of others. For example, one person might be able to set up a vendor and process payments, or manipulate sales and customer invoices, to conceal kickbacks.
Certain functions are so critical in nature that anyone who has access needs to be identified and assessed to ensure the access is appropriate. This is different from segregation of duties risks in that the person only needs to have access to a single function. For example, the ability to configure a production system is considered a critical action regardless of any other access the person might have.
Similar to a large extent to a critical action, there are certain permissions (authorization objects) that are considered critical on their own. For example, having background job administration permissions might be considered critical by certain organizations.
After identifying risks, you can use the Access Risk Analysis section to generate reports and presenting different types of information, including reports presenting access risks, conflicts, or the use of critical actions by user, role, profile, or HR object.
When you identify an access risk in a report, you have the option in the solution or risk treatment by either removing it or by applying a mitigating control. You can also use reports in the Access Risk Analysis section to view mitigated risks and risks that have not yet been remediated.
Business role Management (BRM):
Organizations face a big challenge to stay in an environment characterized by rapid changes, but with the use of GRC especially Business role Management (BRM), Business roles can be used to determine how the user access the function or process Leading to better manage the changes in accessible, Once Business roles have been mapped with the appropriate job tasks, organizations easily control compliance or business risk by running their rules against the requests.
Monitoring and controllingÂ role design within business systems is a vital part of maintaining a clean status of your SAP systems. Whilst it is often an IT function to build appropriate authorizations, it is important to encourage business ownership wherever possible.
Copyright ERPTRAINING9.COM 2009 - We are not affiliated to SAP AG