How to Use Workflow for Better Data Control and Integrity

  • by Kehinde Eseyin, Security Architect
  • August 9, 2012
Learn how to configure the workflow-driven change request management functionality in SAP GRC 10.0, which is designed to enforce control in the maintenance of master data.
Key Concept

Change Request Management is a control process aimed at ensuring that changes to master data are independently reviewed by appropriate personnel to ensure that the proposed modifications are not malicious and are in line with business needs and best practices. SAP GRC 10.0 provides support for an automated approval process when making changes to specific master data to ensure accountability for a user’s actions and to forestall malicious maintenance of master data objects.

Although the tight integration of the SAP GRC 10.0 solutions provides benefits to organizations, it also poses security and data inconsistency risks and challenges. This issue is especially true because malicious or unauthorized changes to a master data object can affect another master data object and also another application component (e.g., SAP Access Control, SAP Process Control, or SAP Risk Management). The obvious data dependencies and seamless integration among GRC 10.0 application components cause this security concern. Furthermore, uncontrolled maintenance of master data can cause audit issues because auditors are always concerned about the controls defined to safeguard authorized modification to master data.

SAP is aware of this downside and has put in place a framework driven by a workflow process to manage changes to master data. The following master data can be subjected to change request management in SAP BusinessObjects GRC 10.0 application components:

  • Account Group
  • Control Objective
  • Control
  • Central Risk
  • Indirect-Entity Level Control
  • Organization
  • Process
  • Subprocess
  • Central Control
  • Central Indirect Entity-Level Control Group
  • Central Indirect Entity-Level Control
  • Central Process
  • Central Subprocess

The management of master data needs to be properly managed and controlled to avoid master data-related issues in the SAP GRC 10 applications and by extension, dependent systems.

Kehinde Eseyin

Kehinde Eseyin is a security architect. He holds a bachelor’s degree in computer science. He has about 12 years of IT security, governance framework, IS risk, and compliance experience gained by working in numerous global organizations. Over the years, he has demonstrated competencies in security design, information assurance, cyber security, data privacy, threat and vulnerability management, penetration testing, business architecture, project management, IT audit, IS controls framework, and identity and access management.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.