cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Is there a ruleset comparison tool available in the market?

Former Member

on ‎08-13-2010 8:08 PM

0 Kudos

Dear all,

I wanted to know if there is a SAP GRC ruleset comparison tool available in the market? As a part of our audit requirement, I would need to compare our current rulesets with the ones from last quarter - To identify any changes/enhancements.

I know Bizrights Approva supports a comparison tool called ExamXML where we can perform a comparison of 2 XML files and figure out the differences/ changes.

Please let me know if any of you has used such a tool for GRC ruleset comparison.

Thanks,

Kunal

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

martin_trachsel
Participant
‎08-16-2010 4:19 PM
0 Kudos

Hi,

If you want to see the changes, you have a change history function in RAR. Go to "Rule Architect" - "Change History", "Risk and Functions". There you can report, what was changed in the ruleset incl. authorization objects and values.

You have the possibility to set up a change management process workflowbased, here you need the workflow engine CUP for the approvals. That's a good way to give the evidence to the auditors, when and who was approved the changes.

Maybe it helps.

Cheers,

Martin

Show replies
Show replies
Former Member
‎08-16-2010 11:42 AM
0 Kudos

> 

> As a part of our audit requirement, I would need to compare our current rulesets with the ones from last quarter - To identify any changes/enhancements. > Kunal

If any auditor is comparing sap delivered rule sets with a companies' grc rule sets (without deep investigations) and reporting the differences in his/her audit report (as white spaces) then the auditor is doing it the wrong way.

The auditor should be aware of the following facts:

1. SAP delivered rule sets are mere best practices (only starting point)

2. Most of the customers modify/update the rule sets as per their requirements

3. Organizational rules are created by customers differently

4. Some customers don't even choose sap delivered rule sets and completely create their own.

So the difference between rule sets is obvious, but these findings may or may not be entirely appropriate to reach to a conclusion for audit purposes.

Best Regards,

Amol Bharti

http://amudee.com

Show replies
Show replies
Former Member
‎08-16-2010 2:41 PM
0 Kudos

Amol,

The idea here is not to compare the current rulesets with the SAP standard rulesets. I just need to know the changes/enhancements that have been made to the rulesets between the two quarters (Q1 and Q2) and the reasoning. Its a part of our change manage procedure.

Thanks

Former Member
‎08-18-2010 12:23 PM
0 Kudos

okay, for that purpose the change history (as mentioned by Martin) can be used.

Additionally, you can also review the configuration change history for any given duration for Rule Upload, Risk Analysis, Mitigation Controls etc. Configuration tab > Configuration change history.

BR, Amol

martin_trachsel
Participant
‎08-16-2010 10:32 AM
0 Kudos

Hi,

You have the possibility to compare GRC rulesets (old/new) directly in the RAR. There you have the function under the menu "Rule Architect" -> "Rule sets" - "Compare".

That's mean, that you upload the new ruleset and can compare, which risks, functions or transaction has been changed to your old one. Please be sure, that you load the ruleset not with "Global" or similar name, that you already have in your RAR.

Cheers,

Martin

Show replies
Show replies
Former Member
‎08-16-2010 2:38 PM
0 Kudos

Thanks Martin.

Former Member
‎08-14-2010 11:19 AM
0 Kudos

Hi,

I too would be interested in such a tool. I would see it being of great value to internal auditors!

Kind Regards,

Peter Doyle

Programe Manager - SAP GRC Practice Lead

Wipro Technologies

Show replies
Show replies
Ask a Question