Financial Management Blogs by Members
Dive into a treasure trove of SAP financial management wisdom shared by a vibrant community of bloggers. Submit a blog post of your own to share knowledge.
cancel
Showing results for 
Search instead for 
Did you mean: 
alessandr0
Active Contributor


A high amount of time during a SAP GRC project will be spent on defining processes and responsibilities. My suggestion is to think in lifecycles for getting a better understanding of the processes and who is taking over the responsibilty.

 

In this post I would like to clarify the lifecycle of Firefighter IDs. I have grouped them into four steps Create, Change, Delete and Review. Please see for each step expected Tasks and who is involved.

 

I have additionally added the RACI matrix to see who is Responsible, Accountable, Consulted and Informed for each step. Please be aware that this is very much depending on the point of view and can be different in your organization. My considerations are commonsense and pretty much of thinking in smooth processes throughout a global enterprise.



 

Creation of Firefighter ID



Tasks



  • Define the necessary access rights of the FFID

  • Define the responsibilities (Ownership, Controller)

  • Create Firefighter ID


 

Involved functions



  • Firefighter owner

  • SAP authorization team

  • SAP GRC responsible

  • Business role owner




 

Changing of Firefighter ID


 

Tasks



  • Define the necessary changes in access rights

  • Define changes in resonsibilities (Ownership, Controller)

  • Define changes of Firefighter ID (e.g. validity)


 

Involved functions



  • Firefighter owner

  • SAP authorization team

  • SAP GRC responsible

  • Business role owner




 

Deletion of Firefighter ID


 

Tasks



  • Delete the Firefighter ID

  • Document the decision of the deletion

  • Archive belonging firefighter logfiles


 

Involved functions



  • Firefighter owner

  • SAP authorization team

  • SAP GRC responsible




 

Reviewing of Firefighter ID


 

Tasks



  • Review validity

  • Review firefighter ownership and controller

  • Check proper access rights


 

Involved functions



  • Firefighter owner

  • SAP authorization team

  • SAP GRC responsible

  • Business role owner




 

If you want to have further information or contribute in this blog post do not hesitate to contact me or reply to this post directly.

11 Comments