Integrate Access and Process Controls in the Latest Releases of SAP BusinessObjects Solutions for GRC
- by Raj Behera, Manager, Regional Implementation Group (RIG), SAP GRC
- June 11, 2009
SAP BusinessObjects Access Control’s Risk Analysis and Remediation (RAR) capability generates the rule library for segregation of duties and performs the access risk analysis for the user. SAP BusinessObjects Process Control manages the controls for each business process. Integrating the two applications allows you to control both of these functions from SAP BusinessObjects Process Control.
SAP BusinessObjects Process Control formulates the strategies of automated control monitoring of segregation of duties exceptions. Integrating it with SAP BusinessObjects Access Control involves the Web service of service-oriented architecture of the SAP NetWeaver layer. The Web service is shipped along with SAP BusinessObjects Access Control.
Consider a business process of order-to-cash (OTC) users having violations in segregation of duties (SoD) rules in SAP BusinessObjects Access Control 5.3. There is no control mechanism to monitor these users or user groups for this business process with the automated rule features. You can use the ability to initiate the control rule monitoring from SAP BusinessObjects Process Control without building the SoD rules in two applications. You then can leverage the SoD rule library of SAP BusinessObjects Access Control 5.3 and monitor the SoD violations in SAP BusinessObjects Process Control 2.5.
By introducing SAP BusinessObjects Access Control in the OTC process for the user’s risk analysis, you can monitor controls, the mitigation plan, and SoD exceptions from the SAP BusinessObjects Process Control 2.5 dashboard. This integrated approach reduces costs and provides better visibility of the end-to-end internal controls in your organization.
In my previous article, “Create a Centralized Control Management System by Integrating Access and Process Controls,” I introduced this situation using different versions of the technology. In doing so, I highlighted more about the integration aspects and introduced some example terms, so you should read it first. My previous article applies specifically to the SAP BusinessObjects Access Control 4.0 and SAP BusinessObjects Process Control 2.5 versions.
Would you like to see this full item?