We are on GRC 10 and want to user cross system risk analysis for SRM 7.0. I have few doubts which i would like to clarify on this forum.
We have identified a cross system risk i.e Shopping cart creation and PO approval. This can occur in SRM system or in cross system i.e SRM and ECC an PO approval can be done at both the places i.e SRM and ECC.
Now my doubt is as follows:
1. Regarding connector group: I have created a connector group by name name Cross Prouction and assigned group type CROSS system and LOGICAL group both and assigned all the connectors i.e SRM syetem conector and ECC system connector.
Is that all i need to do from connector point of view and when i need to generate the ruleset i need to generate ruleset for this connecotr group right ?
2. For functions : As we want that both the risk i,.e Risk of Shopping car mainatence and PO approval both in SRM and risk of Shopping cart mainetance in SRM and PO approval in ECC should be captured how we need to define the function?
How i have ddefined it right now is that function that belongs to SHopping cart is only for SRM and set as single system for analysis scope. IS that correct???
For PO approval function i have set analysis scope as Cross system. Is that correct?
By doing this will both the risk i.e with SRM and Cross SRM and ECC will be captureed.
Is there anything else i need to take care?
Thank you in advance for you valuable time and effort.