SAP GRC - Enhanced Risk Analysis

You can implement enhanced risk analysis using organization rules. In shared service business units, you can use organization rules to achieve procedures for risk analysis and management of user groups.

Consider a case where a user has created a fictitious vendor and invoices have been generated to gain financial benefit.

You can create an organization rule with company code enabled to epminate this scenario.

Following steps should be performed to prevent this situation −

Enable organization level fields in functions

Create org rules

Update org user mapping table

Configure risk analysis web service

Enable organization level fields in functions

Follow these steps to enable organization level fields in functions −

Find out functions to be segregated by organization level in shared service environment.

Maintain permissions for affected transactions.

Create organization rules

Follow these steps to create organization rules −

Step 1 − Create organization rules for every possible value of organization field.

Step 2 − Go to rule architect → Organization level → Create

Step 3 − Enter the organization rule ID field.

Step 4 − Enter the related task.

Step 5 − Define organization level field and combine them with Boolean operators.

Step 6 − Cpck Save button to save the Organization rule.

Benefits of Using Organization Rules

Let us now understand th benefits of using organization rules.

You can use organizational rules for companies to implement following features −

You can use organization rules to implement shared services. They segregate duties with the help of organizational restrictions.

Go to Risk Analysis → Org Level

Perform a risk analysis of analysis type Org Rule against a user

You will receive the following output −

The risk analysis will only show a risk if the user has access to the same specific company code in each of the confpcting functions.