Hi Santosh,

Adding on to the Japneet's reply I wolud like to highlight the main features of RAR application which are as following:-

The Risk Analysis and Remediation capability:
• Enables all key stakeholders to work in a collaborative manner to build ongoingSoD risk
and audit compliance at all levels. This compliance includes User, Role,Profile, and HR Object levels.

• Empowers security administrators, business process owners and internal auditorsto prepare their SAP
systems, and all other systems, for an audit.

•Provides user friendly summary and drill-down reports,making the identificationand resolution of Risks and audit issues a painless process.

>> RAR produces Risk Analytical Reports for selected users, user groups,roles, and profiles, allowing user administrators to identify potential risk issues before assigning a new role to a user, group or profile.

>> RAR produces reports on critical actions, critical permissions, criticalroles, and profiles.

• Introduces a configuable reporting data mart that enables customized reporting byintegrating your
reporting tool of choice (for both RAR and CUP):
>> The data mart extracts the relevant data from the RAR and CUP and converts the data for reporting
purposes
>> The data mart is nonhistoricaloData mart schema is published, which enables customers to integrate with any reporting tools.For more information, see the GRC Access Control Configuration documentation.

• Includes an expandable starter set of rules, and enables risks to be identified and created in the system so that an administrator can correlate them with functionsand associate each function to a business process. And then, the Risk Analysisand Remediation capability generates the rules to offset your identified risks, thusbuilding on your rule set.

• Provides comprehensive risk management functionality and powerful, easy to use,functionality to document Risk Mitigation Controls.

>>  RAR enables you to perform a risk analysis to identify risks associated with a user, role, profile, or HR object. If you cannot eliminate a risk, you can use the capability to define mitigation controls. You also define monitors and approvers, assign them to specific controls, and createbusiness units to help categorize mitigating controls.

• Uses custom tables to store SoD data. It also ensures there is no interference withexisting
security processes and procedures.

For more details on RARA application you may download the guide available on Service Market Place for your reference.

I hope this information helps you.

Regards,

Yukti

Hi Santosh,

RAR is a automated security audit and segregation of duties (SoD) analysis application. it  uses custom tables to store SoD data. You use Risk Analysis and Remediation to  identify,analyze, and resolve all SoD and audit issues relating to regulatory compliance.

Risk Analysis and Remediation (RAR) is the core module of SAP's BusinessObject Access Controls suite. Its primary function is to support the management of Segregation of Duties (SoD) controls and monitor Critical Transactions across an ERP system. RAR holds the rules for what is deemed to be a risk to the business.

Using RAR you can produce analytical SoD reports on selected users, user groups, roles and profiles and can also produce reports on critical actions, critical permissions, critical roles and profiles. This is all based upon the rules defined within the tool.

RAR is designed to allow all key stakeholders to work in a collaborative manner to achieve ongoing SoD and audit compliance.  Risk analysis reports provide real-time data and Management reports retain an offline history of SoD status.  RAR also has Simulation features to allow you to assess the impact of potential remediation activities on the reported conflicts prior to making the actual change.

Thanks

Japneet