- SAP Community
- Products and Technology
- Additional Q&A
- GRC rules needs to be incorporated within rule set
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC rules needs to be incorporated within rule set
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 02-27-2012 7:23 AM
Hi Experts,
A number of transactions were not included that have SOD conflicts with other transactions. In addition, some additional SOD rules for transactions, that have other conflicts configured in the system, have conflicts with additional transactions. In order for the GRC RAR module to be used for SOD testing as part of organization's annual Sarbanes Oxley (SOX) control testing; these rules need to be incorporated into the overall GRC RAR rule set.
Kindly provide any suugetion to find out the solution as I am new in this field.
Accepted Solutions (0)
Answers (2)
Answers (2)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi,
If you have access to RAR, then you can check accessing the tab Rule Architect. Here all the elements are mentioned and start making use of them for modify the rule set for your needs.
Please let me know if further help is needed.
Regards,
Faisal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi,
Would I be correctly understanding that you have already implemented the SAP delivered ruleset into your GRC system but you wish to modify it to cater for risk definitions specific to your organisation?
If so, this is absoloutly normal. The usual approach is to implement the SAP standard rule set, and then modify that rule set as per your control needs. Involvement of the Internal Audit/Goverenance team would be beneficial in defining the risk rules, as they would have valuable input/considerations from the annual audit reviews to feed into the rule set etc.
Also consider adding custom transactions into the risk definitions, for which you should consider getting support from the busines users who use the programs etc.
I think there are some articles out there, which may be useful for you to understand the basic Risk Analysis and Remediation appraoch. Try the BPX part of the website.
All the best.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Consolidation Extension for SAP Analytics Cloud – Automated Eliminations and Adjustments (part 1) in Technology Blogs by Members
- Harnessing the Power of SAP HANA Cloud Vector Engine for Context-Aware LLM Architecture in Technology Blogs by SAP
- Generate Custom Legal Certificates in SAP DRC in Technology Blogs by SAP
- Digital Twins of an Organization: why worth it and why now in Technology Blogs by SAP
- What is planned for the 2405 release of SAP Variant Configuration and Pricing? in CRM and CX Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.