English 中文(简体)
SAP GRC - Enhanced Risk Analysis
  • 时间:2024-11-03

SAP GRC - Enhanced Risk Analysis


Previous Page Next Page  

You can implement enhanced risk analysis using organization rules. In shared service business units, you can use organization rules to achieve procedures for risk analysis and management of user groups.

Consider a case where a user has created a fictitious vendor and invoices have been generated to gain financial benefit.

You can create an organization rule with company code enabled to epminate this scenario.

Following steps should be performed to prevent this situation −

    Enable organization level fields in functions

    Create org rules

    Update org user mapping table

    Configure risk analysis web service

Enable organization level fields in functions

Follow these steps to enable organization level fields in functions −

    Find out functions to be segregated by organization level in shared service environment.

    Maintain permissions for affected transactions.

Create organization rules

Follow these steps to create organization rules −

Step 1 − Create organization rules for every possible value of organization field.

Step 2 − Go to rule architect → Organization level → Create

Organization Rules

Create Organization Level

Step 3 − Enter the organization rule ID field.

Organization Rule Id

Step 4 − Enter the related task.

Step 5 − Define organization level field and combine them with Boolean operators.

Step 6 − Cpck Save button to save the Organization rule.

Benefits of Using Organization Rules

Let us now understand th benefits of using organization rules.

You can use organizational rules for companies to implement following features −

    You can use organization rules to implement shared services. They segregate duties with the help of organizational restrictions.

    Go to Risk Analysis → Org Level

    Perform a risk analysis of analysis type Org Rule against a user

    You will receive the following output −

      The risk analysis will only show a risk if the user has access to the same specific company code in each of the confpcting functions.

Advertisements