Start Your Segregation of Duties Risk Mitigation Smart — at the Single Role Level
- by Jayne Gibbon, Director of Customer Care, SAP
- September 29, 2009
Discover key tools and process steps that assist in the remediation of risks identified at the single role level by SAP BusinessObjects Access Control Risk Analysis and Remediation.
Risk Analysis and Remediation (RAR) is part of SAP BusinessObjects Access Control. This capability helps all key stakeholders work in a collaborative manner to achieve ongoing segregation of duties and audit compliance at all levels. While many companies focus first on the identification of the risk, the actual remediation of the risk is much more important and vital to ensure compliance is maintained.
In today’s environment, we are inundated with data. As more managers realize, it’s what we do with that data that determines the benefit of the information. The Risk Analysis and Remediation (RAR) component of SAP BusinessObjects Access Control identifies segregation of duties (SoD) and critical action risks. However, if management does not actively do anything with the data, the main benefit of purchasing RAR is not realized.
I’ll review the key steps involved in reviewing these reports and remediating the risks identified. I will include specific reports and screens in RAR that assist in this process. It is important to recognize that this is an iterative process that takes time. The recommendations were developed based on more than eight years of work on risk analysis and remediation projects.
The remediation process is most efficient when performed in the following three sections: single role remediation, composite role remediation, and user remediation. In this article, I’ll discuss single role remediation.
Would you like to see this full item?