cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Risk S024. Description is not clear.

Go to solution
Former Member

on ‎05-22-2013 11:56 AM

0 Kudos

Hello,

In standard SAP GRC matrix there is risk with ID - S024, with following description:

Risk IDRisk LevelDescription of Risk TcFunction 1 TcFunction 2 TcFunction 3
S024HighMaintain a customer master record and post a fraudulent payment against it SD01Maintain Customer Master Data AR03Clear Customer Balance

I´m not sure that I understand where is the risk exactly.

Could you, please, suggest if it's really possible to post fraudulent payment using AR03 function. And if "yes" - how to do that?

For me it seems that it's possible only to clear the balance.

AR03 contains 5 transactions:

F-32
F-39
FB1D
FBA3
FOAPPROC02

Thank you in advance!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-24-2013 12:07 PM
0 Kudos

I suggest you simulate this scenario on the ECC system and see if it is possible in any way. check the Permission level definitions of the risk also. I know there are cases of some transactions being able to call the change function from display due to the underlying permissions, but most good role designs would negate this issue.

As with most risks defined in the SAP delivered BC sets / text files, not all the risks are applicable to all businesses. If the risk makes no sense and is not going to be realised within the business, I would suggest turning it  off with a justification comment added to the risk description field in the GRC system.

Sorry for not being of precise help, but just providing my common sense answer.

Show replies
Show replies
Former Member
‎05-24-2013 2:50 PM
0 Kudos

Thank you for your suggestion.

We will try to do that.

Answers (0)

Ask a Question