SAP GRC - SoD Risk Management
In every business, it is required to perform Segregation of Duties (SoD) Risk Management - starting from risk recognition to rule building validation and various other risk management activities to follow continuous compliance.
As per different roles, there is a need to perform Segregation of Duties in GRC system. SAP GRC defines various roles and responsibilities under SoD Risk Management −
Business Process Owners
Business Process Owners perform the following tasks −
- Identify risks and approve risks for monitoring
- Approve remediation involving user access
- Design controls to mitigate conflicts
- Communicate access assignments or role changes
- Perform proactive continuous compliance
Senior Officers
Senior Officers perform the following tasks −
- Approve or reject risks between business areas
- Approve mitigation controls for selected risks
Security Administrators
Security Administrators perform the following tasks −
- Assume ownership of GRC tools and security process
- Design and maintain rules to identify risk conditions
- Customize GRC roles to enforce roles and responsibilities
- Analyze and remediate SoD conflicts at role level
Auditors
Auditors perform the following tasks −
- Risk assessment on a regular basis
- Provide specific requirements for audit purposes
- Periodic testing of rules and mitigation controls
- Act as liaison between external auditors
SoD Rule Keeper
SoD Rule Keeper performs the following tasks −
- GRC tool configuration and administration
- Maintains controls over rules to ensure integrity
- Acts as liaison bet ween basis and GRC support center
