Skip to Content
0
Former Member
Jun 03, 2009 at 06:45 AM

One GRC connected to multiple R3

220 Views

Hi

Needed you expert opinion

I am implementing GRC for a customer with 10 R3 systems

We have to implement one instance of GRC connected to 10 R3 systems

Each of these R3 belongs to a Business Unit ( 10 different business units in all)

Each of this business Unit is as good as a independent company have their own business and IT processes, roles and user. ( No user would have access in more than one R3 system)

Though many business process and risks would be common amongst the Business units. The risk owner would be different and so would be the mitigation process etc

In the above scenario I have following choices

Choice one - Use Logical system

This would have the least flexibility for the Business unit to manage their risks, actions and permission

Choice Two - Physical systems

Have a choice of common Risk ruleset and connect the 10 R3 systems as physical systems .

In this case the Risks would be common so would have issues related to risk owner, mitigation etc would remain. This would have limited flexibility. Also we may hit the 46000 rules limit

Choice three

Have 10 rulesets (10 sets of risks/functions etc, one each for the business unit)

Each business unit would have their individual risk and thereby greater control

I am inclined towards last choice. My concern is multiple rulesets/risks will lead to an greater number of rules thereby affecting performance

There would be around 6000 users and around 30000 roles in all these 10 systems put together

Can somebody share their experience/expertise on this

Regards