SAP GRC - SoD Risk Management

In every business, it is required to perform Segregation of Duties (SoD) Risk Management - starting from risk recognition to rule building vapdation and various other risk management activities to follow continuous comppance.

As per different roles, there is a need to perform Segregation of Duties in GRC system. SAP GRC defines various roles and responsibipties under SoD Risk Management −

Business Process Owners

Business Process Owners perform the following tasks −

Identify risks and approve risks for monitoring

Approve remediation involving user access

Design controls to mitigate confpcts

Communicate access assignments or role changes

Perform proactive continuous comppance

Senior Officers

Senior Officers perform the following tasks −

Approve or reject risks between business areas

Approve mitigation controls for selected risks

Security Administrators

Security Administrators perform the following tasks −

Assume ownership of GRC tools and security process

Design and maintain rules to identify risk conditions

Customize GRC roles to enforce roles and responsibipties

Analyze and remediate SoD confpcts at role level

Auditors

Auditors perform the following tasks −

Risk assessment on a regular basis

Provide specific requirements for audit purposes

Periodic testing of rules and mitigation controls

Act as paison between external auditors

SoD Rule Keeper

SoD Rule Keeper performs the following tasks −

GRC tool configuration and administration

Maintains controls over rules to ensure integrity

Acts as paison bet ween basis and GRC support center