on 06-18-2017 6:19 AM
Dear Friends, We recently updated our rule-set and we are now trying to re-mediate the SoD's for TCodes conflicting with themselves especially VA02 to start with.
We have roles which are in conflict within themselves ( Risk SO20: Function SD04 - Sales Document Release and Function SD05 – Sales Order Processing )
Or
Technically we have these options: -
Could you please advice your suggested option [ 5,6,7,8 ] which should be considered and selected.
Will it be Option 5 or Option 6 or Option 7 or Option 8.
Thanks
Raj
Raj,
if you have a risk and that risk is validated in your business, you cannot just change the risk definition to falsely "remediate" your violations. In case a violation exist, then you have to either remediate the violations by changing your roles, or to find an alternative to mitigate the violations. In any case, however, you definitely don't want to change the risk definitions without proper approval from your business. Please note that once you must be SOX compliant, all these changes must be approved, tested and validated.
There are a few documents out there that are worth reading:
https://blogs.sap.com/2014/08/21/remediating-access-control-sod-risks/
https://blogs.sap.com/2014/09/01/sod-management-process/
https://blogs.sap.com/2014/07/15/internal-controls-a-step-towards-strong-controls/
Hope this helps.
Regards, Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
6 | |
5 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.