Create a Centralized Control Management System by Integrating Access and Process Controls

  • by Raj Behera, Manager, Regional Implementation Group (RIG), SAP GRC
  • May 4, 2009
See how to integrate SAP BusinessObjects Access Control and SAP BusinessObjects Process Control. You can optimize reporting practices, consolidate segregation of duties issues, and troubleshoot any potential problems using these two applications.
Key Concept

Centralized control management enables the automation of your internal control and access control methodology. SAP BusinessObjects Access Control and SAP BusinessObjects Process Control formulate the strategies of automated control monitoring of the segregation of duties exceptions and noncompliance events (e.g., role status or operation work) to gain better visibility of key business processes. Automated rule monitoring integrates with SAP BusinessObjects Access Control for effective monitoring and access management in a single solution.

Consider a scenario in which your organization uses SAP BusinessObjects Access Control and SAP BusinessObjects Process Control, with control owners monitoring the automated control setup in SAP BusinessObjects Process Control. This control can be of any type, such as master data control for vendor master system changes or validation of the authorization for new contractors who have joined in the organization. As all employees are assigned certain roles in SAP ERP Central Component (SAP ECC) to perform their jobs, it is challenging to automate such controls in SAP BusinessObjects Process Control.

You need to seek the help of SAP BusinessObjects Access Control for generating segregation of duties (SoD) violations. Once you are satisfied with the authorization assignment for the new contractors, you need to review the report periodically. Control owners need to manage the reporting of the test effectiveness in both the applications. You need to manually perform the test by survey assessment or manual test control and again review the SoD report in SAP BusinessObjects Process Control.

After integrating the two applications, you can automatically view the information you need in one dashboard from one application. By adopting this approach, you can manage the SoD report as well as authorization limitation for contractors and many other areas such as control mechanisms for the use of firefighter or custom role check status. This integrated approach reduces costs and provides better visibility of the end-to-end internal controls in your organization.

Raj Behera

Raj Behera is a manager for the Regional Implementation Group (RIG) at SAP GRC. Prior to joining SAP, Raj worked at Virsa Systems as a key developer for the Access Control application. Since moving to the RIG team, he has helped in hundreds of implementations in the SAP BusinessObjects applications such as SAP BusinessObjects Access Control and SAP BusinessObjects Process Control. Raj has 12 years of experience in SAP consulting in the development and technology areas. He has a master’s degree in engineering management from San Jose State University.

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.