on 11-05-2014 5:23 AM
We have seen as per SAP Note 1600667 - Transactions that conflict with
themselves, that there are transactions in the SAP GRC Standard Rule Set
that conflict with themselves.
Please advise on what could possibly be used as suitable controls -
e.g. reports that can be run or other.
We require suitable mitigation controls or examples that can be adapted
or used for addressing these.
The note indicates that "Permissions are not different, mitigating
control required"
Per conflict reports we have the following of these transactions in our
roles:
FB02
FB08
FBRA
Dear Don,
as most of the community members are technical consultants it might be difficult to get the answer you are looking for.
Let me give you some hints how to define the mitigation. Please also see the following documents which might give you an overview of how mitigating controls should be defined.
With FB02/FB08/FBRA (as far as I know) you have SOD required between accounts payable voucher entry and vendor master data maintenance. Hence a possible mitigation might be defined as follow:
Please be aware that this is only an idea I have and your scenario depends on your business requirement how to define the compensating controls.
Let me know if you need furthers inputs.
Best regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.