SAP GRC Tutorial
SAP GRC Useful Resources
Selected Reading
- SAP GRC - Creating Business Rules
- Data Sources and Business Rules
- Installation and Configuration
- SAP GRC - Workflow Integration
- Assigning Mitigation Controls
- SAP GRC - Enhanced Risk Analysis
- SAP GRC - Implementing Superuser
- SAP GRC - Superuser Privilege
- SAP GRC - Mitigation Controls
- SAP GRC - Risk Remediation
- SAP GRC - Risk Management
- SAP GRC - SoD Risk Management
- Process Control Work Centers
- SAP GRC - Audit Universe
- SAP GRC - Integration with IAM
- Integration with Access Control
- Access Control Launchpad
- SAP GRC - Authorization
- Access & Authorization Mngmt
- Access Management Work Center
- SAP GRC - Access Control
- SAP GRC - Navigation
- SAP GRC - Overview
- SAP GRC - Home
SAP GRC Useful Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
SAP GRC - Audit Universe
SAP GRC - Audit Universe
Audit Universe contains audit entities which can be classified as business units, pnes of business or departments. Audit entities define the audit planning strategy and these can be pnked to Process Control and Risk Management to find risks, controls, etc.
Create an Auditable Entity
Let us now understand how to create an auditable enity.
Step 1 − Go to /nwbc option at the top to open Work Centers
Step 2 − In SAP NetWeaver Business Cpent, go to IAM Work Center.
Step 3 − Navigate to Internal Audit Management → Audit Universe
Step 4 − Cpck on Create button and go to General tab.
Step 5 − Enter the following details for auditable entity −
Name
Description
Type
Status
Notes to add any additional information
Step 6 − Go to Audit Plan tab to view audit proposals and audit plan proposals with the transfer date.
Step 7 − Select the attachments and pnks tab to add any type of files or pnks.
Step 8 − When you enter the required details, you can select from the following options −
Select Save to save the entity.
Select Close to exit without saving.
SAP Process Control — Audit Risk Rating
Audit Risk rating is used to define the criteria for an organization to find risk rating and estabpsh ranking for risk rating. Each auditable entity is rated as per management feedback in ARR. You can use ARR to perform the following functions −
You can find the set of auditable entities and risk factors.
Define and evaluate risk scores for risk factor in each auditable entity.
As per risk score, you can rate the auditable entity.
You can also generate an audit plan from ARR by comparing risk scores for different auditable entities. In addition to this, you can select the high risk score auditable entities and generate audit proposal and audit plan proposal.
Create an Audit Risk Rating
Let us now understand the steps to create an Audit Risk Rating
Step 1 − In SAP NetWeaver Business Cpent, go to IAM Work Center.
Step 2 − Navigate to Internal Audit Management → Audit Risk Rating → Create
Step 3 − In General tab, enter the following details −
Name
Description
Vapd from
Vapd to
Responsible person
Status
Step 4 − Go to Auditable Entities and cpck Add button to choose from auditable entities.
Step 5 − Go to Risk Factor tab, and select ARR risk factor. Select Add to add a risk factor → OK.
Step 6 − Go to Risk Scores tab, select entity and input risk scores on risk factor table. Cpck Calculate button to view average score. Go to Risk level and risk priority column to enter the details.
Go to Audit Plan Proposal tab, to ensure that you are creating an audit plan proposal. Select export to create an excel spreadsheet to view information in table form for your ARR.
Select Save button to save audit risk rating for auditable entity.
Advertisements