Professional Documents
Culture Documents
Remediation tool? There are good reasons to go either route, though we would generally advise on taking the standard rules as the starting point.
Dependent on what the timescales / objectives are limited or for continuous compliance. Always recommended to customise standard Ruleset to your business environment.
Does GRC AC 10.0 integrate with Process Controls and Risk Management?
Absolutely. The architectural shift back to ABAP for the Access Controls system allows the GRC products to co-exist in the same system. You can activate the Access Controls, Process Controls and Risk Management modules in the same system and share common master data elements between them to produce a much more tightly integrated solution. THe user interface is the same as well since the Netweaver Business Client (NWBC) is dynamic basd upon your authorisations. Simply adding the authorisations for the required modules from all of the systems, allows you to access both Process Controls and Access Controls from the same screens.
Who will need to be involved in a SAP GRC project, and what time commitment will it require?
Basis & SAP Security team, Business managers, Internal/ External Audit
Basis team will need to be involved to a limited degree when the actual installations take place, though are not usually required much after this period. Business Process owners will need to devote time regularly throughout the project, attending workshops on Risks and Approval workflows for example. Internal/ External Audit should be involved at regular intervals as well, contributing advice on SOD risks and connected mitigating controls for example. Most businesses find that a small, dedicated GRC team is the best way to proceed, bringing in business owners on an ad hoc basis.
In general the expectation should be for 3 months plus for a complete Compliance Calibrator project. Firefighter and Role Expert projects will take at least 1 month. Access Enforcer projects are more likely to be similar in timescale to Compliance Calibrator. The implementation and configuration is not actually the most time consuming part of these project, generally it is the security remediation and mitigation phases that will consume 60% plus of resources.