cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Risk analysis for conflicting functions in different system

Go to solution
Former Member

on ‎04-19-2009 1:44 PM

0 Kudos

Hi experts

We need to know if GRC RAR can detect risks based on conflicting functions in two separate systems. Detail steps are as follows.

Client is using SRM as well as MM for the Procure to Pay (P2P) process.

We need to carry out the SOD Risk Analysis in SAP GRC 5.3 for P2P process.

Creation and Maintenance of Purchasing Documents (PR, PO, Contracts etc) is done in SRM. Goods Receipt and Invoice Processing related activities are carried out in MM and FI-AP. We have identified above functions as conflicting and created 'SOD Risks' for the same.

For the system to consider Cross Application Risks (First function in SRM and Second Function in R/3 (MM)), What settings are required. How does the system recognize the violation for a common user (in MM and SRM) for which authorization maintenance is carried out in respective applications separately. Is it possible on SAP GRC 5.3 ?

Thank you

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

hkaur
Advisor
Advisor
‎04-20-2009 10:21 AM
0 Kudos

Hello Shahad,

Yes you are right about the steps.

We select the cross system while doing the analysis i.e. when we do cross system analysis, we get the these cross system risks.

Harleen

SAP GRC RIG

Show replies
Show replies
Former Member
‎04-20-2009 4:28 PM
0 Kudos

Yes, Sahad. These are the steps you need to follow to configure and do risk analysis against cross-system risks. Please let me know if you face any difficulties.

Regards,

Alpesh

Former Member
‎06-20-2009 10:58 PM
0 Kudos

Hi Alpesh/Harleen,

Earlier I had created a logical system called erp and added ecc6 ( "amd" connector) system to that logical system and generated rules against sap standard global ruleset. Now we have custom risks which is uploaded directly against " amd " connector. Since we have cross system risks, I have created a cross system which has "amd" and "emd" ( SRM system ) and generated rules against this cross system "MMSRM" . But now when we run analysis from informer tab, we are not getting SOD risks for MM as well as critical action results for SRM and viseversa.

I know that cross system and logical systems will not work together as per the notes 1178372, 1229926 . So now what should I do to get correct violations ?.

I tried to delete the logical system, but is not possible as it already linked with rules. So I tried to change the "amd" from the logical system "erp" and generated cross system rules. Will this approach work or what else should be done.

Thanks in advance for help.

Answers (1)

Answers (1)

Former Member
‎04-19-2009 6:33 PM
0 Kudos

Sahad,

This is surely possible in RAR. You need to define these risks as cross-system risks. You will have to make sure that username matches in both the systems. If not then you can map usernames by using master user source.

Regards,

Alpesh

Show replies
Show replies
Former Member
‎04-19-2009 9:25 PM
0 Kudos

Hi Alpesh

Excellent !! I never thought this is possible.

>to define these risks as cross-system risks

Can you please tell the step by step process to define a cross-system risks?. I suppose below are the steps. Please correct the steps If I am wrong

1) In the configuration tab, create a cross system and add SRM and ERP.

2) set the conflicting functions as to be a Cross System function ie, select the conflicting functions -> click change ->Analysis scope -> set to cross system.

( How do we select the cross system we have created for SRM and ERP as there is no option to select the cross system)?

Then as per notes 1229926

3)Function needs to have the option Scope of Analysis set to Cross System.

4) Cross System rules must be generated under Configuration > Cross Systems > Generate Rule.

Let me know if this is the way .

Thank you once again for your excellent help.

Ask a Question