Audit-Ready Your Segregation of Duties Remediation Process with User Remediation in RAR
- by Jayne Gibbon, Director of Customer Care, SAP
- October 16, 2009
Discover key tools and process steps to assist in the remediation of risks at the composite role and user level identified by SAP BusinessObjects Access Control Risk Analysis and Remediation.
The end-game of every segregation of duties review is to have a remediated risk environment. This involves remediating any existing composite roles, which are roles that collect a number of single roles into one easier-to-use role, as well as remediation at the user level.
Remediating risks is an important part of your segregation of duties (SoD) process. The remediation process is most efficient when performed in the following three sections: single role remediation, composite role remediation, and user remediation. It is best to start at the single role level and then work your way to composite roles and users. In a previous article, “Start Your Segregation of Duties Risk Mitigation Smart — at the Single Role Level,”
I explained how single role remediation worked in the Risk Analysis and Remediation (RAR) component of SAP BusinessObjects Access Control. In this article, I’ll take you through composite role and user remediation. I recommend you read that article first to give you better perspective for this one, as single role remediation takes up the bulk of your time in this process. However, user remediation is the key focus for most companies, as that is the level that is reviewed by internal and external auditors.
Would you like to see this full item?