- SAP GRC Tutorial
- SAP GRC - Home
- SAP GRC - Overview
- SAP GRC - Navigation
- SAP GRC - Access Control
- Access Management Work Center
- Access & Authorization Mngmt
- SAP GRC - Authorization
- Access Control Launchpad
- Integration with Access Control
- SAP GRC - Integration with IAM
- SAP GRC - Audit Universe
- Process Control Work Centers
- SAP GRC - SoD Risk Management
- SAP GRC - Risk Management
- SAP GRC - Risk Remediation
- SAP GRC - Mitigation Controls
- SAP GRC - Superuser Privilege
- SAP GRC - Implementing Superuser
- SAP GRC - Enhanced Risk Analysis
- Assigning Mitigation Controls
- SAP GRC - Workflow Integration
- Installation and Configuration
- Data Sources and Business Rules
- SAP GRC - Creating Business Rules
- SAP GRC Useful Resources
- SAP GRC - Questions & Answers
- SAP GRC - Quick Guide
- SAP GRC - Useful Resources
- SAP GRC - Discussion
SAP GRC - SoD Risk Management
In every business, it is required to perform Segregation of Duties (SoD) Risk Management - starting from risk recognition to rule building validation and various other risk management activities to follow continuous compliance.
As per different roles, there is a need to perform Segregation of Duties in GRC system. SAP GRC defines various roles and responsibilities under SoD Risk Management −
Business Process Owners
Business Process Owners perform the following tasks −
- Identify risks and approve risks for monitoring
- Approve remediation involving user access
- Design controls to mitigate conflicts
- Communicate access assignments or role changes
- Perform proactive continuous compliance
Senior Officers
Senior Officers perform the following tasks −
- Approve or reject risks between business areas
- Approve mitigation controls for selected risks
Security Administrators
Security Administrators perform the following tasks −
- Assume ownership of GRC tools and security process
- Design and maintain rules to identify risk conditions
- Customize GRC roles to enforce roles and responsibilities
- Analyze and remediate SoD conflicts at role level
Auditors
Auditors perform the following tasks −
- Risk assessment on a regular basis
- Provide specific requirements for audit purposes
- Periodic testing of rules and mitigation controls
- Act as liaison between external auditors
SoD Rule Keeper
SoD Rule Keeper performs the following tasks −
- GRC tool configuration and administration
- Maintains controls over rules to ensure integrity
- Acts as liaison bet ween basis and GRC support center
Advertisements