- SAP Community
- Products and Technology
- Additional Q&A
- Basis Ruleset - Standard vs Customized
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Basis Ruleset - Standard vs Customized
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 12-15-2010 1:31 PM
Hi Experts,
I have one query regarding rulset ( Only for Basis) -
Earlier there were manual controls in place in our company which were based upon the observations of Basis Critical Tcodes. We used to refer manual rulebook while doing authorizations calls. around 100 + tcodes were identified as Basis Critical Tcodes and listed to check any risk.
At the time of GRC Implementation, we adopted the same rulebook. Now there are queries and concerns from the auditors that GRC SAP Standard rulebook should be used . Our concern is that if we don't use some tcodes at all still we include it in the ruleset, it may increase the number of rules drastically and it may will have performance implications.
Please suggest the best practices regarding Basis Ruleset which other organizations are following.
Thanks & Regards,
Sabita
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Sabita,
I would challenge your auditors. Tell them the history of the development of your company specific rulebook and why you have GRC configured in that manner. The SAP standard ruleset is monsterous and is a guide but all risks defined in the ruleset may not be relevant to your company. Did the auditors sign off on the original rulebook?
Thanks,
Grace Rae
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Answers (2)
Answers (2)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Sabita,
If Sizing was done properly, i don't see any performance issue with increase in rules.
Standard SAP rules are being enchanced since 91 (VIRSA -> SAP).
They are very robust and good. Almost all the risks are covered.
Kindly refer to standard rules.
Regards,
Surpreet
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Sabita,
The auditors would usually agree to a SAP ruleset to be used, but if they don't, I would suggest that you create a whole new ruleset just for BASIS rather than modifying the standard one.
Thanks,
Chinmaya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- IoT - Ultimate Data Cyber Security - with Enterprise Blockchain and SAP BTP 🚀 in Technology Blogs by Members
- How to disable the standard form pdf adding in output management/output history of customer invoices in Enterprise Resource Planning Q&A
- SAP S/4HANA Cloud, public edition, ABAP Environment Case 8: Material Shelf Life Management in Enterprise Resource Planning Blogs by SAP
- Deep linking to SAP SuccessFactors Standard Portlets and Custom MDF portlets in Human Capital Management Blogs by Members
- SAP Enable Now setup in Technology Blogs by Members
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.