IN SAP segregation of duties is the process of
1. Defining the roles of the users based on their work areas.
2. Identifying the access requirement for these roles like the transactions to which the users need access and the level of authorizations the users need.
3. Identify risks (conflicting actions) i.e identifying the combination of actions which any user should not be able to perform. Determine ways to limit these risks.
A scenario is if access is not managed correctly A Payroll admin who maintains master data (basic pay and other salary details) can change his own salary details to his own advantage.
4. Not all risks can be removed from the system. So put controls in place to make sure that usage of all the critical actions/transactions are closely monitored / only assigned to users for a limited period based on requirement. Usage logs of these critical transactions should be maintained to make sure they can be audited as and when needed
SAP GRC Access control provides tools to accomplish these tasks in a systematic manner.
1. Defining the roles of the users based on their work areas.
2. Identifying the access requirement for these roles like the transactions to which the users need access and the level of authorizations the users need.
3. Identify risks (conflicting actions) i.e identifying the combination of actions which any user should not be able to perform. Determine ways to limit these risks.
A scenario is if access is not managed correctly A Payroll admin who maintains master data (basic pay and other salary details) can change his own salary details to his own advantage.
4. Not all risks can be removed from the system. So put controls in place to make sure that usage of all the critical actions/transactions are closely monitored / only assigned to users for a limited period based on requirement. Usage logs of these critical transactions should be maintained to make sure they can be audited as and when needed
SAP GRC Access control provides tools to accomplish these tasks in a systematic manner.
No comments:
Post a Comment