Skip to Content

New Risk Creation - GRC

new-risk-creation.png

Dear Team,

What is the difference between each Risk Types ( Screen Shots ) and when and under which circumstances should each of these selections be used ?

How is each different from other ?

New Risk Creation Options : -

Risk Type: -

- Segregation of Duties

- Critical Action

- Critical Permission

- Thanks

Raj

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Feb 02 at 07:58 PM

    Dear Raj,

    looks like you didn't search enough. Check this out: https://blogs.sap.com/2014/04/28/rule-set-rules-rule-types/

    If, after reading this blog, you still have questions, please come back and ask them.

    Cheers, Alessandro

    Add comment
    10|10000 characters needed characters exceeded

  • Feb 03 at 02:11 PM

    Dear Alessandro, One of the prime reasons of what ever foundation knowledge of GRC Access Control I know, is because of your blogs. They are coliseum and helpful. Thank You for that!

    We encountered an precarious instance. Here it is { With Chart Screen Shot } : -

    Activation of SAP provided risks for Business Process: - HR and Payroll for sensitive actions : -

    Option 1: - If HR07 – HR Master data function is the only function which might cause a risk ( because of the actions and permission levels in this function ) then risk HRMD with Critical Action has to be activated.

    Option 2: - If it is between A. Action and permission levels of one function HR03, B. Action and permission levels of another function HR06 & C. Action and permission levels levels of an additional function HR07 then risk types to be selected ( + activated ) will be: -

    • Critical Action risk ID HRMD for function HR07
    • Critical Action risk ID HRCT for function HR06
    • SoD risk ID H001, H007, H008, H014, H015 for function HR03 have to be activated.

    Which option has to be considered for activation. Will it be risk ID of Option 1 or risk id's of Option 2 ?

    Your views on the process to be followed.

    - Thanks

    Add comment
    10|10000 characters needed characters exceeded