- SAP Community
- Products and Technology
- Additional Q&A
- Detect obsolete mitigating control assignments?
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Detect obsolete mitigating control assignments?
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 03-26-2014 9:49 AM
Hello,
What report/s would you use to detect obsolete mitigating control assignments?
The scenario is: A user has been assigned a mitigating control, let's say during the CUP workflow, to mitigate a certain risk that came with a certain role. Later, that role is removed from the user. Now the user is in the scope of a mitigating control. However, the user is not even subject to the risk in question anymore.
Which way (periodically?) could you detect these cases and clean up the mitigating control assignments?
Thanks and regards
Patrick
Accepted Solutions (0)
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hey,
My experience of cleaning up controls has not been very straight forward.
I have had to perform various risk analysis reports and look up a list of user accounts that have been marked as "Expired" etc.
It can be slightly more difficult if, like many organisations, you decide to assign a control with a infinite validity period (i.e. 12.12.9999).
The Business and Internal Control team need to be very proactive about regularly monitoring the controls and reviewing the assignments. This is one reason why I strongly recommend that controls are only assigned for a set period (i.e. 365 days/1 year), so a compulsory review takes place by the control owners/business on a regular basis. This makes the controls much more affective, robust and fit for purpose.
Happy to hear other's opinions and ideas.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Deep dive into Q4 2023, What’s New in SAP Cloud ALM for Implementation Blog Series in Technology Blogs by SAP
- Managing Recurring Pay Components in SuccessFactors Using Batch Upsert in Technology Blogs by Members
- Reimagine Self-Serving SAP Technical Upgrades in Enterprise Resource Planning Blogs by Members
- Environment, Health and Safety in SAP S/4HANA Cloud Public Edition 2402 in Enterprise Resource Planning Blogs by SAP
- 2024 SAP Cloud Identity Services & IAM Portfolio: What’s New? in Technology Blogs by Members
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.