Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

GRC Mitigating Controls

Former Member

on ‎2009 Jul 17 2:37 PM

0 Likes
1,097

Hi,

We are putting together our mitigating controls for the SOD issues in GRC. We are having problems trying to identify the reports that would give us the information to ensure that no user has violated a control. For example: S001Chg credit limit of marginal cust & manage SOs in it's favor - we need to get a list of changes made to the credit limits for each customer by user and compare that to the list of sales orders created / chnaged by the same user for the same customer.

The table that stores te credit limit changes is very big and a query on this each month wold probably time out.

Does anyone have any suggestions or previous experience on setting up mitigating controls and can give a high level view of the approch to take - i.e. should we be looking at standard SAP reports or should we create the reports using ABAPs or are there any other alternatives?

Thanks

Loretta

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
hkaur
Product and Topic Expert
Product and Topic Expert
‎2009 Jul 21 10:32 AM
0 Likes

Hello Loretta,

Have you looked at the Alerts functionality in GRC RAR? I think that should resolve your issue.

You can set up Alerts in RAR for Mitigation Controls also; i.e. email alert if a particular report mentioned while creation of Mitigation controls is not run in a particular frequency of time.

Refer configuration guide for more information and see if it helps.

Harleen

SAP GRC RIG

Show replies
Show replies
Former Member
‎2009 Jul 21 10:49 AM
0 Likes

Harleen,

Many thanks for your reply. The problem we are having is actually defining what reports to run to mitigate the risk. There are no standard R/3 reports that we are aware of that will give us the information that we require. We are looking at interrogating SAP tables and we feel that this is not the most efficient way. We are just wondering what reports other organisations use to mitigate risks in GRC such as risk S001.

Kind regards

Loretta

Ask a Question