on 05-29-2015 12:15 AM
Hello
We are thinking of updating the business processes assigned to standard access risks that are segregation of duties type. Before making any changes we wanted to understand if there would be any adverse impacts to changing it? For example, we know that the first letter of the access risk ID is related to the business process (e.g. F = Finance). Changing the assigned business process would disconnect that relationship but does that matter? Or do we need to create a custom access risk ID using the naming convention of the new business process? For example, if you changed F002 from finance to Order to Cash should we create a new access risk called ZS002 and make the old risk inactive?
Any help is appreciated. I wasn't able to find much information about the link between business process and access risk ID.
Hi Stacey,
Risks are made up of functions, and technically will have no impact on calculation of risk.
The 'access rule summary', in Report and Analytics' tab has Risk against Business process. So, this report will be impacted.This report will show risks, but the Business process will have a changed naming convention, in comparison to previous month.
Regards
Plaban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Stacey,
Business process is more to link your risks to different business processed like MM,FI,SD,TRM etc.
You can create your own business process and can link it your risk ID. Unless you have any BRF+ rules which are used to determine approvers for your Risks based on business process, I dont think there will be any impact.
Regards,
Madhu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.