Audit-Ready Your Segregation of Duties Remediation Process with User Remediation in RAR

  • by Jayne Gibbon, Director of Customer Care, SAP
  • October 16, 2009
Discover key tools and process steps to assist in the remediation of risks at the composite role and user level identified by SAP BusinessObjects Access Control Risk Analysis and Remediation.
Key Concept

The end-game of every segregation of duties review is to have a remediated risk environment. This involves remediating any existing composite roles, which are roles that collect a number of single roles into one easier-to-use role, as well as remediation at the user level.

Remediating risks is an important part of your segregation of duties (SoD) process. The remediation process is most efficient when performed in the following three sections: single role remediation, composite role remediation, and user remediation. It is best to start at the single role level and then work your way to composite roles and users. In a previous article, “Start Your Segregation of Duties Risk Mitigation Smart — at the Single Role Level,” I explained how single role remediation worked in the Risk Analysis and Remediation (RAR) component of SAP BusinessObjects Access Control. In this article, I’ll take you through composite role and user remediation. I recommend you read that article first to give you better perspective for this one, as single role remediation takes up the bulk of your time in this process. However, user remediation is the key focus for most companies, as that is the level that is reviewed by internal and external auditors.

Jayne Gibbon

Jayne Gibbon, CPA, has been implementing SAP applications since 1996 and is currently a director in the Chief Customer Office at SAP. Jayne’s focus is making customers successful with their SAP HANA deployments. She has helped more than 100 customers drive business value with SAP HANA. Prior to joining SAP in 2007, Jayne worked for two multinational manufacturing companies based in Wisconsin. While an SAP customer, Jayne led the very first implementation of Virsa’s Compliance Calibrator, which is now part of SAP Access Control. Jayne’s experience includes internal audit; computer security; governance, risk, and compliance; SAP HANA; and SAP analytics.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.