Start Your Segregation of Duties Risk Mitigation Smart — at the Single Role Level

  • by Jayne Gibbon, Director of Customer Care, SAP
  • September 29, 2009
Discover key tools and process steps that assist in the remediation of risks identified at the single role level by SAP BusinessObjects Access Control Risk Analysis and Remediation.
Key Concept

Risk Analysis and Remediation (RAR) is part of SAP BusinessObjects Access Control. This capability helps all key stakeholders work in a collaborative manner to achieve ongoing segregation of duties and audit compliance at all levels. While many companies focus first on the identification of the risk, the actual remediation of the risk is much more important and vital to ensure compliance is maintained.

In today’s environment, we are inundated with data. As more managers realize, it’s what we do with that data that determines the benefit of the information. The Risk Analysis and Remediation (RAR) component of SAP BusinessObjects Access Control identifies segregation of duties (SoD) and critical action risks. However, if management does not actively do anything with the data, the main benefit of purchasing RAR is not realized.

I’ll review the key steps involved in reviewing these reports and remediating the risks identified. I will include specific reports and screens in RAR that assist in this process. It is important to recognize that this is an iterative process that takes time. The recommendations were developed based on more than eight years of work on risk analysis and remediation projects.

The remediation process is most efficient when performed in the following three sections: single role remediation, composite role remediation, and user remediation. In this article, I’ll discuss single role remediation.

Jayne Gibbon

Jayne Gibbon, CPA, has been implementing SAP applications since 1996 and is currently a director in the Chief Customer Office at SAP. Jayne’s focus is making customers successful with their SAP HANA deployments. She has helped more than 100 customers drive business value with SAP HANA. Prior to joining SAP in 2007, Jayne worked for two multinational manufacturing companies based in Wisconsin. While an SAP customer, Jayne led the very first implementation of Virsa’s Compliance Calibrator, which is now part of SAP Access Control. Jayne’s experience includes internal audit; computer security; governance, risk, and compliance; SAP HANA; and SAP analytics.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.