Skip to Content

Regd: Risks and Functions in ARA

Hello GRC Mates,

Let's say I have three functions in a Risk namely Fn1, Fn2 and Fn3.

In the Functions, Fn1 and Fn2 has some conflicts and Fn2 and Fn3 has Conflicts, can we build a risk or is it mandatory that there should be conflicts between Fn1 and Fn3 also.

Regards

Deepak M

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Dec 22, 2014 at 06:11 PM

    Hi Deepak,

    there is no mandatory / one recommended approach here. Decision should be based on risk analysis/assessment , as between Fn1 and Fn3 there maybe a risk with lower impact on your client organization. Namely F1&F2&F3 maybe be a high risk, and should never been accepted in user authorization but F1&F3 can be accepted in some user / role cases taking into account there is compensating control in place. So from conflict resolution perspective organization response maybe different in case of F1&F3 and different in F1&F2&F3.

    Therefore I would create a new risk here for F1&F3.

    Filip

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 23, 2014 at 12:44 PM

    Hi Deepak,

    You can check : http://scn.sap.com/docs/DOC-54530

    Regards

    Munish Kumar

    Add comment
    10|10000 characters needed characters exceeded