- SAP GRC Tutorial
- SAP GRC - Home
- SAP GRC - Overview
- SAP GRC - Navigation
- SAP GRC - Access Control
- Access Management Work Center
- Access & Authorization Mngmt
- SAP GRC - Authorization
- Access Control Launchpad
- Integration with Access Control
- SAP GRC - Integration with IAM
- SAP GRC - Audit Universe
- Process Control Work Centers
- SAP GRC - SoD Risk Management
- SAP GRC - Risk Management
- SAP GRC - Risk Remediation
- SAP GRC - Mitigation Controls
- SAP GRC - Superuser Privilege
- SAP GRC - Implementing Superuser
- SAP GRC - Enhanced Risk Analysis
- Assigning Mitigation Controls
- SAP GRC - Workflow Integration
- Installation and Configuration
- Data Sources and Business Rules
- SAP GRC - Creating Business Rules
- SAP GRC Useful Resources
- SAP GRC - Questions & Answers
- SAP GRC - Quick Guide
- SAP GRC - Useful Resources
- SAP GRC - Discussion
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
SAP GRC - Enhanced Risk Analysis
You can implement enhanced risk analysis using organization rules. In shared service business units, you can use organization rules to achieve procedures for risk analysis and management of user groups.
Consider a case where a user has created a fictitious vendor and invoices have been generated to gain financial benefit.
You can create an organization rule with company code enabled to eliminate this scenario.
Following steps should be performed to prevent this situation −
- Enable organization level fields in functions
- Create org rules
- Update org user mapping table
- Configure risk analysis web service
Enable organization level fields in functions
Follow these steps to enable organization level fields in functions −
Find out functions to be segregated by organization level in shared service environment.
Maintain permissions for affected transactions.
Create organization rules
Follow these steps to create organization rules −
Step 1 − Create organization rules for every possible value of organization field.
Step 2 − Go to rule architect → Organization level → Create
Step 3 − Enter the organization rule ID field.
Step 4 − Enter the related task.
Step 5 − Define organization level field and combine them with Boolean operators.
Step 6 − Click Save button to save the Organization rule.
Benefits of Using Organization Rules
Let us now understand th benefits of using organization rules.
You can use organizational rules for companies to implement following features −
You can use organization rules to implement shared services. They segregate duties with the help of organizational restrictions.
Go to Risk Analysis → Org Level
Perform a risk analysis of analysis type Org Rule against a user
You will receive the following output −
The risk analysis will only show a risk if the user has access to the same specific company code in each of the conflicting functions.