Skip to Content

Monthly GRC Ruleset Review & Completeness - Audit Review Guideance Request

Dear Friends, We are in the process of building a process to review changes done with GRC rule set ( as per below audit request ).

Topic: Custom T-Codes: - Validation of custom T-Codes being included in the Ruleset: -

When Business Owners determine an SOD conflict does exist for a new custom t-code they are to add it to the ruleset.
Build a review for ruleset and to validate custom t-codes causing SOD conflicts are included and tracked in the ruleset.

Current process: -

A. How do we perform changes to your rule set?
Ans: - Currently it is manually done in D, Q and P.

B. Do you change in dev/quality and transport to prod?
Ans: - It's not done via transport but manually it's updated.

I would request your insights for: -

* What should be reviewed \ captured to find the changes done with GRC ruleset for a specific month year.

* What are the aspects which need to be included \ captured in monthly GRC ruleset completeness and accuracy documentation.

Or

* Please reference any SAP help documentation which would help in building process for this monthly review.

Thanks
Raj

PS: -

GRC 12.0 SP05 is current version of GRC

Add a comment
10|10000 characters needed characters exceeded

  • Hi Rajashekar,

    Here are my thoughts on the ask:

    1)What should be reviewed \ captured to find the changes done with GRC ruleset for a specific month year.

    Answer:-Change logs can be reviewed. Refer to thread https://answers.sap.com/questions/12717209/sap-grc-access-control-ruleset-change-log.html where change log report information is mentioned (extract from the thread :You can access using Change Log report. Also you can get the details from change document tables CDHDR and CDPOS with following ObjectClass names:

    • GRAC_FCTLOG
    • GRAC_RSKLOG
    • GRAC_RULESETLOG

    )

    2)What are the aspects which need to be included \ captured in monthly GRC ruleset completeness and accuracy documentation.

    Answer:-Screenshot showing change log from previous month and change log from current month. In case there was any change done, approval or likely should be included in the documentation which can show that change was approved and legitimate .

    I hope this is helpful.

    Thanks

    Anika

Related questions

0 Answers

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.