cancel
Showing results for 
Search instead for 
Did you mean: 

Some transactions aren't in the default ruleset

Former Member
0 Kudos

I realize the default ruleset has to be customized for the customer's requirements prior to using it for bona fide analysis. However I was puzzled by a number of transactions that, per my analysis, aren't even identified in the default ruleset. Here is a snapshot of some of these transactions:


F-65	Preliminary Posting
F.01	ABAP/4 Report: Balance Sheet
F.07	G/L: Balance Carryforward
F.08	G/L: Account Balances
F.09	G/L: Account List
F.0A	G/L: FTR Report on Disk
F.10	G/L: Chart of Accounts
F.15	ABAP/4 Report: List Recurr.Entries
F.16	ABAP/4 Report: G/L Bal.Carryforward
F.17	ABAP/4 Report: Cust.Bal.Confirmation
F.18	ABAP/4 Report: Vend.Bal.Confirmation
F.20	A/R: Account List
F.21	A/R: Open Items
F.22	A/R: Open Item Sorted List
F.23	A/R: Account Balances
F.24	A/R: Interest for Days Overdue
F.25	Bill of Exchange List
F.27	A/R: Periodic Account Statements
F.30	A/R: Evaluate Info System
F.31	Credit Management - Overview
F.32	Credit Management - Missing Data
F.33	Credit Management - Brief Overview
F.35	Credit Master Sheet
F.37	C80 Reporting Minus Sp.G/L Ind.

I went back to check out the files from which I had initially loaded the rules, as delivered by SAP. In my rules folder, I have three directories, all of which were created as a result of unzipping the delivered zip file:

CC_rules_04252008

cc_rules_06302008

CC_Rules_08102008

I had loaded the rules that I found in the CC_Rules_08102008 directory. I loaded all the files in that directory except for the JD Edwards, Peoplesoft and Oracle rules.

Are these transactions supposed to be missing from the ruleset, or have I not loaded something?

Thanks,

Santosh

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Santosh,

These transactions are mostly reports. You can only display, not post or alter data.

F-65 - park documents - A parked document is not a posting.

But F.07 should be added to the rule set according to me.

Regards,

Vit

Former Member
0 Kudos

Hi,

If you feel that these additional transaction codes are important for the businesses SOD requirements, then I would advise you to add them to the functions defined, or make a custom function and business process, allowing you to obviously customize your risks even more.

Also, just out of interest, does any one know if we would ever be seeing a Industry Solution (IS) related rule sets being defined publicly like the ones SAP release for the R/3 modules? There is alot of interest in many companies who implement IS modules such as Utilities and Automotives etc, but it seems if GRC is to be implemented at such companies, there would be alot of work involved in defining a custom ruleset compared to cases of just tweaking and modifying, and time is a big concern on tightly planned implementation projects.

Obviously some of these IS transactions may relate into a similar R/3 tcode, therefore its a case of substitution with the recommended default ruleset, but this is not always the case and it may be hard for general implementors to identify as they are not experts within the specific field.

If anyone knows of any best practices for defining SOD rules within IS modules, would be interested in being pointed the right way.

Regards

Former Member
0 Kudos

Hello Santosh,

SAP never says that these are perfect rule set.

These ruleset are build over years of experience of our consultants with customer. First Excel sheet of object level ruleset was build in 1996, it was based on this file that product Compliance Calibrator was created.

The ruleset file you get after UNCAR is buil with the help of Customers and Auditors.

And it and every organization HAS to modifiy per its requirement.

Hope this help.

Regards,

Surpreet

Former Member
0 Kudos

Surpreet,

Thanks for your response, and I agree with you. I just need to be sure that I didn't miss any file loads etc. before customizing the rules.

Thanks,

Santosh