Risk Analysis and Mitigation in SAP GRC

SAP GRC Access Control

ThinkSky Property Copy-Reproduction-Print without permission

is illegal and would be prosecuted , Email: sapgrctraining@gmail.com

http://thinkskyacademy.blogspot.in/ Page 1

How to do risk analysis and mitigate user in SAP GRC 5.3

We need to create a Business Process ZTSA

We need to create Functions namely Function 1 as ZTSAFUN1 along with actions XK01 and XK02 and

We need to create Functions namely Function 2 as ZTSAFUN2 along with actions FK01 and FK02 and

Create a Risk ID for the action type along with t he functions which we created earlier and

Now it will prompt us to generate risks click on generate. It will give the available risks like after running

the job in either foreground or back ground. In order to see the risks goto Rule architecht-�rules �

action rules � search by business process. Then you will get the rules

Mitigation

Create an administrator

Goto mitigation� administrator�create as approver

Create an administrator

Goto mitigation� administrator�create as monitor

Create a Business unit

Goto mitigation�business unit TSBU � create along with add approver

And then add monitor in the same screen and

Create a mitigation control for risk id ZTRI

Goto mitigation� mitigation control� create

Select the risk id after filing all the above the columns

And then select the monitor and reports along with frequency.

Submit.

Now create a user and role with the above T-codes and assign it to user in the backend system. When

we run risk analysis in GRC RAR it must give us the risks involved in it.

Now with the risk description we will mitigate the user along with the mitigation control which we

created earlier in RAR.

Click on risk information then it will take you to risk resolution screen as below.

Now we can mitigate the risk so click on mitigate risk it will give a pop up like below

Now with the created mitigation control in RAR for that particular Business process we will mitigate the

risk with all the credentials like mitigation control and monitor control and all with control valid from

and valid upto dates like

After submitting, we will get information as mitigated user is created successfully.

Now if u run risk analysis then it must not populate risks for this particular user like

In the same way we can mitigate users for any business process by creating the monitor and mitigation

controls.

Risk Analysis and Mitigation in SAP GRC

Documents

SAP GRC For Dummies

SAP GRC SOD

Auditing SAP GRC - ISACA - Information Security · PDF fileAuditing SAP GRC - Audit Risk Analysis (ARA) Security ARA is the web front end interface into SAP GRC

Download SAP GRC Tutorial

SAP GRC Access Control(1)

SAP GRC RM_PwC Implementation Approach_v2.0

Implementation of SAP-GRC with the Pictet · PDF fileImplementation of SAP-GRC with the Pictet Group Pictet & Cie | Implementation of SAP-GRC with the Pictet Group Olivier VERDAN,

SAP GRC - UKISUG · PDF fileSAP GRC LATEST DEVELOPMENTS AND FUTURE PLANS. Reporting and Analytics SAP Risk Management SAP Process Control SAP Access Control SAP

Helping enhance the real value of SAP GRC through … enhance the real value of SAP GRC through RouteONE Managed Services | 3 ... This service area uses SAP GRC technology and dashboards

Coke - Auditing Sap Grc

ADM955+ +SAP+GRC+Access+Control+ +Installation

SAP GRC Online Training | SAP GRC tutorials | SAP GRC TRAINING COURSE, USA

GRC Nordic SAP User Management

Sap grc nfe 1

Implementing an integrated GRC approach with SAP GRC · PDF fileImplementing an integrated GRC approach with SAP GRC Sumit Sanyal(PwC) GRC Conference 26. November 2013 in Moscow

SAP GRC access control @ ULg

Riesgos Sap Grc

SAP GRC 99411GRCAC_Installations

SAP GRC Access & Process Control

Revamping and optimizing your SAP GRC strategyviewer.media.bitpipe.com/...sSAP_SO32431_EBook_110310.pdfE-Book Revamping and optimizing your SAP GRC strategy GRC is by now a well-known