SAP GRC Interview Questions GRC Risk Ruleset implementation
What are the steps you will follow before running the first risk analysis report?
How do you approach the SAP Role Cleanup project with SAP GRC Risk Report?
How did you add new risks based on the Customers business processes?
Who were the people involved in the Cleanup Process and what their responsibilities were
Did you just clean up the roles or create brand new roles and what was the logic for the decisions
How did you troubleshoot when the role or user was not available in the drop-down list?
What did you do when they got the error message saying risk not maintained when you run an SAP Risk Report
What did you do when you have Same Transaction Conflicting with each other?
How did you monitor sensitive transaction usage report? What was the frequency and what is the process for documenting the evidence?
How did you change the rule for disabling the risk, removing the transaction and removing/adding object values into the SAP GRC Risk Ruleset?
How did you come up with the Mitigation controls and how did you monitor them
Do did you document the changes made to the SAP Risk rule set changes
How do you justify the change to the rule set for example disabling the Risk or removing the transaction?
What is the process did you follow to add the custom transaction to the SAP GRC Ruleset
What is the methodology did you follow to document the SAP GRC Ruleset implemented