on 04-19-2009 1:44 PM
Hi experts
We need to know if GRC RAR can detect risks based on conflicting functions in two separate systems. Detail steps are as follows.
Client is using SRM as well as MM for the Procure to Pay (P2P) process.
We need to carry out the SOD Risk Analysis in SAP GRC 5.3 for P2P process.
Creation and Maintenance of Purchasing Documents (PR, PO, Contracts etc) is done in SRM. Goods Receipt and Invoice Processing related activities are carried out in MM and FI-AP. We have identified above functions as conflicting and created 'SOD Risks' for the same.
For the system to consider Cross Application Risks (First function in SRM and Second Function in R/3 (MM)), What settings are required. How does the system recognize the violation for a common user (in MM and SRM) for which authorization maintenance is carried out in respective applications separately. Is it possible on SAP GRC 5.3 ?
Thank you
Hello Shahad,
Yes you are right about the steps.
We select the cross system while doing the analysis i.e. when we do cross system analysis, we get the these cross system risks.
Harleen
SAP GRC RIG
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Alpesh/Harleen,
Earlier I had created a logical system called erp and added ecc6 ( "amd" connector) system to that logical system and generated rules against sap standard global ruleset. Now we have custom risks which is uploaded directly against " amd " connector. Since we have cross system risks, I have created a cross system which has "amd" and "emd" ( SRM system ) and generated rules against this cross system "MMSRM" . But now when we run analysis from informer tab, we are not getting SOD risks for MM as well as critical action results for SRM and viseversa.
I know that cross system and logical systems will not work together as per the notes 1178372, 1229926 . So now what should I do to get correct violations ?.
I tried to delete the logical system, but is not possible as it already linked with rules. So I tried to change the "amd" from the logical system "erp" and generated cross system rules. Will this approach work or what else should be done.
Thanks in advance for help.
Sahad,
This is surely possible in RAR. You need to define these risks as cross-system risks. You will have to make sure that username matches in both the systems. If not then you can map usernames by using master user source.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Alpesh
Excellent !! I never thought this is possible.
>to define these risks as cross-system risks
Can you please tell the step by step process to define a cross-system risks?. I suppose below are the steps. Please correct the steps If I am wrong
1) In the configuration tab, create a cross system and add SRM and ERP.
2) set the conflicting functions as to be a Cross System function ie, select the conflicting functions -> click change ->Analysis scope -> set to cross system.
( How do we select the cross system we have created for SRM and ERP as there is no option to select the cross system)?
Then as per notes 1229926
3)Function needs to have the option Scope of Analysis set to Cross System.
4) Cross System rules must be generated under Configuration > Cross Systems > Generate Rule.
Let me know if this is the way .
Thank you once again for your excellent help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.