Define Risks and Functions with Risk Analysis and Remediation Rule Architect

  • by Jayne Gibbon, Director of Customer Care, SAP
  • April 14, 2009
Discover the makeup and functionality of Rule Architect within SAP BusinessObjects Access Control Risk Analysis and Remediation.
Key Concept

Risk Analysis and Remediation (RAR) is part of SAP BusinessObjects Access Control. This capability helps all key stakeholders work in a collaborative manner to achieve ongoing segregation of duties (SoD) and audit compliance at all levels. Understanding Rule Architect functionality within RAR is vital to your company’s identification, mitigation, and prevention of SoD issues in your environment.

For many versions of Risk Analysis and Remediation (RAR) — from the most recent SAP BusinessObjects Access Control 5.3 back to Compliance Calibrator 4.0 — Rule Architect is the lifeblood of the application. This tool assists companies in defining what constitutes a risk at both the business and technical levels. I will describe how Rule Architect works and key concepts to understanding functionality within Rule Architect.

Specifically, I’ll explain the building blocks of rules, including how to create functions and risks. Functions are definitions of a certain business process, such as the creation of vendors. Risks are a combination of functions that could result in physical loss or fraud, such as someone having the ability to both create vendors and process payments to vendors.

I’ll start with an overview of Rule Architect before moving on to the initial setup of Rule Architect along with its functions and risks.

Jayne Gibbon

Jayne Gibbon, CPA, has been implementing SAP applications since 1996 and is currently a director in the Chief Customer Office at SAP. Jayne’s focus is making customers successful with their SAP HANA deployments. She has helped more than 100 customers drive business value with SAP HANA. Prior to joining SAP in 2007, Jayne worked for two multinational manufacturing companies based in Wisconsin. While an SAP customer, Jayne led the very first implementation of Virsa’s Compliance Calibrator, which is now part of SAP Access Control. Jayne’s experience includes internal audit; computer security; governance, risk, and compliance; SAP HANA; and SAP analytics.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.