on 12-04-2008 3:13 AM
I am helping a client provide a rock-solid response to an audit concern with regards to mitigating controls. At present, the client is using an older version of Virsa CC (I think 5. something?) and have a few questions.
1 .Can you maintain a global mitigating control by risk ID, or is it only by user, role, profile, and HR object?
2. How can HR object be used? I saw "Job" in this --I assume this would be like "Accountant I", "Accountant II" , etc.? What other options are there?
3. When would you ever use profile? I used to think of times when profiles were assigned to roles, like SAP_ALL (which was of course over used before SoX).
Thanks for your help
Brian
Hello Brian,
1 .Can you maintain a global mitigating control by risk ID, or is it only by user, role, profile, and HR object?
Yes, you can maintain
2. 2. How can HR object be used? I saw "Job" in this --I assume this would be like "Accountant I", "Accountant II" , etc.? What other options are there?
Not completely sure on this but Jobs can be used I guess, which is in most cases.
3. When would you ever use profile? I used to think of times when profiles were assigned to roles, like SAP_ALL (which was of course over used before SoX).
Ideally you should not use profiles. Also, if used they can be assigned directly to Users from SU01
Regards,
Hersh.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.