cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RAR: SoD Riskk and Critical Actions risks

Former Member

on ‎09-24-2010 4:26 PM

0 Kudos

Hi all,

I would like to get your input regarding different approaches followed in order to load in RAR SoD risk and critical actions risks.

1) Do you load all of them under the same rule set?

2) Do you think is convenient to load them under two different rule sets? One for SoD and the other for critical action?

My decision here since AC modules when calling to RAR are using the default SoD, would be to define everything under the same unique rule set. Agree on that?

Keep in mind the four GRC AC modules are implemented.

Thanks for all. Kind regards,

Imanol

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎09-27-2010 11:48 PM
0 Kudos

Alpesh,

What I meant, is how do you manage to shcedule alerts generation for critical action if you have default value for Rule Set as your SoD rule set.

How do you make your system to work consistent with different rule set?

Thanks for all. Best regards,

Imanol

Show replies
Show replies
Former Member
‎09-28-2010 10:46 PM
0 Kudos

In that case, keep only one ruleset with SoD and Critical action risks. Administration and managment will be much easier this way.

Alpesh

Former Member
‎09-24-2010 8:09 PM
0 Kudos

Many thanks for your valuable responses.

Alpesh, one further question for you: And how do you manage the update for the default rule set since you are having two different ones?

Thanks in advance.

Show replies
Show replies
Former Member
‎09-27-2010 6:11 PM
0 Kudos

Imanol,

The critical action ruleset is our own and SAP doesn't provide any guidelines on critical actions. For the SoD ruleset, we go through the changes and see if we need to implement them in our landscape. SAP always provides the delta when they update the ruleset.

Alpesh

simon_persin4
Contributor
‎09-24-2010 5:35 PM
0 Kudos

Hi there,

I would certainly recommend that you enter both SOD and Critical / sensitive risks into the same ruleset.

The ruleset should be a complete set of rules for the functionality which you want to report on.

Simon

Show replies
Show replies
Former Member
‎09-24-2010 7:59 PM
0 Kudos

Hi Imanol,

It depends on the client requirements. If client wants to see critical risks as well as SoD risks in CUP then same ruleset is the way to go. If client doesn't want to confuse approvers by showing critical risks then separate ruleset is the right way. At my current client, we have separate rulesets for SoD and Critical actions. We ask role owners to reaffirm all the role assignment which contains critical actions quarterly so we are covered from that angle.

Regards,

Alpesh

Ask a Question