Integrate Access and Process Controls in the Latest Releases of SAP BusinessObjects Solutions for GRC

  • by Raj Behera, Manager, Regional Implementation Group (RIG), SAP GRC
  • June 11, 2009
SAP BusinessObjects Access Control’s Risk Analysis and Remediation (RAR) capability generates the rule library for segregation of duties and performs the access risk analysis for the user. SAP BusinessObjects Process Control manages the controls for each business process. Integrating the two applications allows you to control both of these functions from SAP BusinessObjects Process Control.
Key Concept

SAP BusinessObjects Process Control formulates the strategies of automated control monitoring of segregation of duties exceptions. Integrating it with SAP BusinessObjects Access Control involves the Web service of service-oriented architecture of the SAP NetWeaver layer. The Web service is shipped along with SAP BusinessObjects Access Control.

Consider a business process of order-to-cash (OTC) users having violations in segregation of duties (SoD) rules in SAP BusinessObjects Access Control 5.3. There is no control mechanism to monitor these users or user groups for this business process with the automated rule features. You can use the ability to initiate the control rule monitoring from SAP BusinessObjects Process Control without building the SoD rules in two applications. You then can leverage the SoD rule library of SAP BusinessObjects Access Control 5.3 and monitor the SoD violations in SAP BusinessObjects Process Control 2.5.

By introducing SAP BusinessObjects Access Control in the OTC process for the user’s risk analysis, you can monitor controls, the mitigation plan, and SoD exceptions from the SAP BusinessObjects Process Control 2.5 dashboard. This integrated approach reduces costs and provides better visibility of the end-to-end internal controls in your organization.

In my previous article, “Create a Centralized Control Management System by Integrating Access and Process Controls,” I introduced this situation using different versions of the technology. In doing so, I highlighted more about the integration aspects and introduced some example terms, so you should read it first. My previous article applies specifically to the SAP BusinessObjects Access Control 4.0 and SAP BusinessObjects Process Control 2.5 versions.

Raj Behera

Raj Behera is a manager for the Regional Implementation Group (RIG) at SAP GRC. Prior to joining SAP, Raj worked at Virsa Systems as a key developer for the Access Control application. Since moving to the RIG team, he has helped in hundreds of implementations in the SAP BusinessObjects applications such as SAP BusinessObjects Access Control and SAP BusinessObjects Process Control. Raj has 12 years of experience in SAP consulting in the development and technology areas. He has a master’s degree in engineering management from San Jose State University.

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.