- SAP GRC Tutorial
- SAP GRC - Home
- SAP GRC - Overview
- SAP GRC - Navigation
- SAP GRC - Access Control
- Access Management Work Center
- Access & Authorization Mngmt
- SAP GRC - Authorization
- Access Control Launchpad
- Integration with Access Control
- SAP GRC - Integration with IAM
- SAP GRC - Audit Universe
- Process Control Work Centers
- SAP GRC - SoD Risk Management
- SAP GRC - Risk Management
- SAP GRC - Risk Remediation
- SAP GRC - Mitigation Controls
- SAP GRC - Superuser Privilege
- SAP GRC - Implementing Superuser
- SAP GRC - Enhanced Risk Analysis
- Assigning Mitigation Controls
- SAP GRC - Workflow Integration
- Installation and Configuration
- Data Sources and Business Rules
- SAP GRC - Creating Business Rules
- SAP GRC Useful Resources
- SAP GRC - Questions & Answers
- SAP GRC - Quick Guide
- SAP GRC - Useful Resources
- SAP GRC - Discussion
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
SAP GRC - Audit Universe
Audit Universe contains audit entities which can be classified as business units, lines of business or departments. Audit entities define the audit planning strategy and these can be linked to Process Control and Risk Management to find risks, controls, etc.
Create an Auditable Entity
Let us now understand how to create an auditable enity.
Step 1 − Go to /nwbc option at the top to open Work Centers
Step 2 − In SAP NetWeaver Business Client, go to IAM Work Center.
Step 3 − Navigate to Internal Audit Management → Audit Universe
Step 4 − Click on Create button and go to General tab.
Step 5 − Enter the following details for auditable entity −
- Notes to add any additional information
Step 6 − Go to Audit Plan tab to view audit proposals and audit plan proposals with the transfer date.
Step 7 − Select the attachments and links tab to add any type of files or links.
Step 8 − When you enter the required details, you can select from the following options −
- Select Save to save the entity.
- Select Close to exit without saving.
SAP Process Control — Audit Risk Rating
Audit Risk rating is used to define the criteria for an organization to find risk rating and establish ranking for risk rating. Each auditable entity is rated as per management feedback in ARR. You can use ARR to perform the following functions −
You can find the set of auditable entities and risk factors.
Define and evaluate risk scores for risk factor in each auditable entity.
As per risk score, you can rate the auditable entity.
You can also generate an audit plan from ARR by comparing risk scores for different auditable entities. In addition to this, you can select the high risk score auditable entities and generate audit proposal and audit plan proposal.
Create an Audit Risk Rating
Let us now understand the steps to create an Audit Risk Rating
Step 1 − In SAP NetWeaver Business Client, go to IAM Work Center.
Step 2 − Navigate to Internal Audit Management → Audit Risk Rating → Create
Step 3 − In General tab, enter the following details −
- Valid from
- Valid to
- Responsible person
Step 4 − Go to Auditable Entities and click Add button to choose from auditable entities.
Step 5 − Go to Risk Factor tab, and select ARR risk factor. Select Add to add a risk factor → OK.
Step 6 − Go to Risk Scores tab, select entity and input risk scores on risk factor table. Click Calculate button to view average score. Go to Risk level and risk priority column to enter the details.
Go to Audit Plan Proposal tab, to ensure that you are creating an audit plan proposal. Select export to create an excel spreadsheet to view information in table form for your ARR.
Select Save button to save audit risk rating for auditable entity.