- SAP Community
- Products and Technology
- Additional Q&A
- False Positives with GRC AC 5.2
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
False Positives with GRC AC 5.2
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 06-18-2009 8:16 PM
Hi,
I actually have been working with GRC AC 5.2 (Compliance Calibrator) and we encountered several problems with false positives, working in the risk analysis.
¿do anyone knows how to solve this problem? ¿do you have documents or links to help?
Thanks,
Ricardo.
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Sorry, Ricardo. This is not giving me any information. The only thing which produces false positives is due to org level. If your company is org level structure then it is better to use org level analysis. Here is the link for more detail:
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Thank you Alpesh for response.
In fact, i have several problem with false positives, but with transactional level. For example, i have a user with pfcg and su01 transaction. The configutation of profiles in SAP r/3 system do not allow to user involved in this, to execute both transactions in end-to-end process, i mean, the user have a transaction vía s_tcode object, have some other objects related with pfcg and su01 transactions, but he doesn´t have the values that allow to a transactions work properly. Then the Compliance Calibrator informs risks that it doesn´t exists.
It seems that is a ruleset configuration problem in the CC, then my question is, ¿the standard ruleset detects properly these problems?
Let my explain the reason that causes the problem.
We have been working with personalized ruleset, for customer-request. For that reason we look the usobt_c table and we form the ruleset-->functions in CC so that this functions were equal to usobt_c table. We did that because the standard ruleset shows false positives, such as first example of this post.
Thank you very much,
RCL.
Edited by: Ricardo Carrasco on Jun 18, 2009 11:58 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Ricardo,
You are right and that is why SAP says that this is not a "one size fits all" ruleset. As per SAP, this is a best practices rule set but it needs to be tweaked depending upon nature of the business, client business process and client requirements. If you are working with your own ruleset and if you receive false positive then there has to be some bug in the system.
Regards,
Alpesh
Answers (0)
- In ECC SD on the sales Document on the conditions tab the net amount is always a positive number. in Enterprise Resource Planning Q&A
- SAP Datasphere インテリジェントルックアップ : 名寄せ機能のご紹介 in Technology Blogs by SAP
- Home page approvals tile showing job title and not position title in Human Capital Management Q&A
- Improvements to manage treasury position in SAP Treasury and Risk Management in Enterprise Resource Planning Blogs by SAP
- Position Org Chart More Information in Human Capital Management Q&A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.