Dear Friends, We are in the process of building a process to review changes done with GRC rule set ( as per below audit request ).
Topic: Custom T-Codes: - Validation of custom T-Codes being included in the Ruleset: -
When Business Owners determine an SOD conflict does exist for a new custom t-code they are to add it to the ruleset.
Build a review for ruleset and to validate custom t-codes causing SOD conflicts are included and tracked in the ruleset.
Current process: -
A. How do we perform changes to your rule set?
Ans: - Currently it is manually done in D, Q and P.
B. Do you change in dev/quality and transport to prod?
Ans: - It's not done via transport but manually it's updated.
I would request your insights for: -
* What should be reviewed \ captured to find the changes done with GRC ruleset for a specific month year.
* What are the aspects which need to be included \ captured in monthly GRC ruleset completeness and accuracy documentation.
* Please reference any SAP help documentation which would help in building process for this monthly review.
GRC 12.0 SP05 is current version of GRC