- SAP Community
- Products and Technology
- Additional Q&A
- GRC custom rule set
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC custom rule set
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 12-16-2013 10:45 PM
Hi,
I have to create a new rule set using Global as reference.
Could some some let me know the approach and methodology to follow in order to create my custom ruleset.
Could some one give me step by step approach to follow as I will be with business and functional consultant for just 1 day and I have to finish the MM and FI module.
The approach that I would follow is :
1) Tell them to check if any standard risks mentioned are required.
2) Next go through the risks which are relevant and their functions 1 by 1. Add any transactions or deactivate any if possible.
3) Update functions with Z transactions ( as there are 240 transactions in system)
I am worried how will I be able to go through all this in 1 day
Thanks,
Ritesh Soni
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Ritesh,
Maintain Configuration Settings, Create connectors and assign them to connector groups,integration scenarios. After that you need to activate the standard rules by enabling the BC sets provided by SAP as per your requirement. This BC sets activation will show some warnings and you can ignore them.
Once this is done, you can generate all the rules in the global ruleset by executing Tcode GRAC_GENERATE_RULES. If you complete this step, then schedule the synchronization jobs as mentioned in the post installation documents.
Now all the standard rules are available in the system w.r.t business process. You can sit with your compliance team and business team and review the risks for FI and MM module and based on their inputs modify them accordingly. In case if they request for mitigation controls for some risks, you need create them. Also depending on client requirement organizational rules as should be created to avoid False positives.
So, completing all these in one day, I am not sure of the time period, but it all depends on how many functions being used in FI and MM by your client's business and how much time they take to review them.
Regards,
Madhu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Ritesh,
If you have completed all post installation activities and global ruleset along with rules is available, then you can sit with business team along with your functional folks and can decide which rules are required for business and which are not.
Also if you have scenarios where new functions and risks to be defined, you can do it for you Z transactions.
Below document can give you overview about SOD analysis approach.
Regards,
Madhu.
Answers (0)
- How can I Copy Material Master in S/4HANA Public Cloud? in Enterprise Resource Planning Q&A
- Get started with SAP BTP ABAP Environment: Trial Account vs. Free Tier Option in Technology Blogs by SAP
- Customer address in coordinates, not street/postal code/etc in Enterprise Resource Planning Q&A
- Creating a Custom Navigation Side Panel in SAP Analytics Cloud (Optimized Story Experience) in Technology Blogs by SAP
- Show Loading indicator while the Ui5 App loads! in Technology Blogs by Members
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.