on 08-13-2010 8:08 PM
Dear all,
I wanted to know if there is a SAP GRC ruleset comparison tool available in the market? As a part of our audit requirement, I would need to compare our current rulesets with the ones from last quarter - To identify any changes/enhancements.
I know Bizrights Approva supports a comparison tool called ExamXML where we can perform a comparison of 2 XML files and figure out the differences/ changes.
Please let me know if any of you has used such a tool for GRC ruleset comparison.
Thanks,
Kunal
Hi,
If you want to see the changes, you have a change history function in RAR. Go to "Rule Architect" - "Change History", "Risk and Functions". There you can report, what was changed in the ruleset incl. authorization objects and values.
You have the possibility to set up a change management process workflowbased, here you need the workflow engine CUP for the approvals. That's a good way to give the evidence to the auditors, when and who was approved the changes.
Maybe it helps.
Cheers,
Martin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
>
> As a part of our audit requirement, I would need to compare our current rulesets with the ones from last quarter - To identify any changes/enhancements. > Kunal
If any auditor is comparing sap delivered rule sets with a companies' grc rule sets (without deep investigations) and reporting the differences in his/her audit report (as white spaces) then the auditor is doing it the wrong way.
The auditor should be aware of the following facts:
1. SAP delivered rule sets are mere best practices (only starting point)
2. Most of the customers modify/update the rule sets as per their requirements
3. Organizational rules are created by customers differently
4. Some customers don't even choose sap delivered rule sets and completely create their own.
So the difference between rule sets is obvious, but these findings may or may not be entirely appropriate to reach to a conclusion for audit purposes.
Best Regards,
Amol Bharti
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
You have the possibility to compare GRC rulesets (old/new) directly in the RAR. There you have the function under the menu "Rule Architect" -> "Rule sets" - "Compare".
That's mean, that you upload the new ruleset and can compare, which risks, functions or transaction has been changed to your old one. Please be sure, that you load the ruleset not with "Global" or similar name, that you already have in your RAR.
Cheers,
Martin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I too would be interested in such a tool. I would see it being of great value to internal auditors!
Kind Regards,
Peter Doyle
Programe Manager - SAP GRC Practice Lead
Wipro Technologies
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.