SAP GRC - Risk Remediation

In SAP GRC 10.0 Risk Management, risk remediation phase determines the method to eliminate risks in roles. The purpose of the remediation phase is to determine alternatives for eliminating issues under risk management.

The following approaches are recommended to resolve issues in roles −

Single Roles

  • You can start with single roles as it is easy and simplest way to start.

  • You can check for any Segregation of Duties SoD violations from being reintroduced.

Composite roles

  • You can perform various analysis to check the user assignment on the assignment or removal of user actions.

  • You can use Management view or Risk Analysis reports for analysis as mentioned in previous topic.

Risk Violations

Violations Process

In Risk Remediation, Security Administrators should document the plan and Business Process Owners should be involved and approve the plan.

SAP GRC — Report Type

You can generate different Risk Analysis reports as per the required analysis −

  • Action Level − You can use it to perform SoD analysis at action level.

  • Permission Level − This can be used to perform SoD analysis at action and permission levels.

  • Critical Actions − This can be used to analyze the users who have access to one of the critical functions.

  • Critical Permissions − This can be used to analyze users having access to one critical function.

  • Critical Roles/Profiles − This can be used to analyze the users who has access to critical roles or profiles.