General SAP GRC Solution Tool information
Reviews what support version and support pack the tool and plug-in are in SAP Landscape as different version may have some feature enabled or disabled
Risk Analysis
In configuration, are critical roles or profiles excluded If yes, needs to review the list of critical roles and profiles to understand why they are excluded from SoD and sensitive access analysis?
What systems are connected and if there are some systems not connect what is the reason for not connected
Need to make sure the right systems are being analyzed.
Default expiration time for mitigating controls (in days).
Controls should be reviewed at least an annual basis to make sure they are still appropriate.
What is the default SoD / sensitive access rule set being used and approvals?
Elevated Access
Review that all logs are generated for a period of time and look at the policy on the internal auditor review of the logs.
Review the batch jobs which generate the logs in the systems and review to make sure the logs are being generated properly.
Review the people who are assigned to elevated access and who are the supervisors for those user who are assigned the elevated access.
User Provisioning
Review all the approvers in the system and the SLA for approvals. Review to make sure there are alternate approvers
Review that SoD checks are required during the provisioning process and what is action step which has to be taken by the approver
How the requests which are not reached their designated systems are handle either due to error or exceptions or risks.
How many request have bypassed proper approval by administrators
httpv://www.youtube.com/watch?v=HfpH-MNaOiI
Common Findings
Processes are not followed in terms of review of elevated access request or approval
SOD violations unmitigated
Lack of updating SoD and Sensitive Access rule sets
Excessive access to elevated access id
Lack of sensitive transactions in the rule set
Improper change control process for changes made to the SoD/sensitive rule set
Mitigation control expiration, mitigation not mitigating the proper risk and proper documentation
Temporary controls with no expiration dates
Mitigation controls not reviewed periodically
[vc_row css=”.vc_custom_1512575306373{margin-top: 50px !important;}”][vc_column width=”1/3″][vc_cta h2=”Free Step by Step SAP License Optimization Guide” shape=”square” add_button=”bottom” btn_title=”click here” btn_style=”flat” btn_color=”default” btn_i_icon_fontawesome=”stm-diamond” btn_css_animation=”left-to-right” css_animation=”left-to-right” btn_add_icon=”true” css=”.vc_custom_1512579904776{padding-top: 50px !important;padding-right: 35px !important;padding-bottom: 50px !important;padding-left: 35px !important;background-color: #3a80f1 !important;}” btn_link=”url:http%3A%2F%2Fexpressgrc.com%2Ffree-sap-license-optimization-guide%2F||” el_class=”c_action”]SAP Customer is liable to pay 70 Million additional SAP licensing fees as a result of what is broadly known as Indirect Access.[/vc_cta][/vc_column][vc_column width=”1/3″][vc_cta h2=”Free SAP GRC 10.0 Step by Step Guide” shape=”square” add_button=”bottom” btn_title=”download here” btn_style=”flat” btn_color=”default” btn_i_icon_fontawesome=”stm-diamond” btn_css_animation=”left-to-right” css_animation=”bottom-to-top” btn_add_icon=”true” css=”.vc_custom_1512579856805{padding-top: 50px !important;padding-right: 35px !important;padding-bottom: 50px !important;padding-left: 35px !important;background-color: #f1b500 !important;}” btn_link=”url:http%3A%2F%2Fexpressgrc.com%2Fsap-grc-10-1-step-step-guide%2F||” el_class=”c_action”]Are you fed up with being not able to get job? Tired of being disappointed in yourself, because you just can’t seem to get started in the career as SAP GRC Consultant?[/vc_cta][/vc_column][vc_column width=”1/3″][vc_cta h2=”Financial Loss due to Fraud Risk” shape=”square” add_button=”bottom” btn_title=”click here” btn_style=”flat” btn_color=”default” btn_i_icon_fontawesome=”stm-diamond” btn_css_animation=”left-to-right” css_animation=”right-to-left” btn_add_icon=”true” css=”.vc_custom_1512579731433{padding-top: 50px !important;padding-right: 35px !important;padding-bottom: 50px !important;padding-left: 35px !important;background-color: #1d9e3f !important;}” btn_link=”url:http%3A%2F%2Fexpressgrc.com%2Ffree-sap-process-control-step-step-guide%2F||” el_class=”c_action”]Using the right kind of SAP Controls in the right way can be trans formative for any SAP System[/vc_cta][/vc_column][/vc_row]