Introduction of SAP GRC  Risk Management


SAP Risk Management in GRC is used to accomplish risk-adjusted management of enterprise production that permits an association to optimize performance, increase effectiveness,and maximize visibility beyond risk initiatives.
The following are the essential functions of Risk Management:

SAP GRC Cycle1. Risk management features on organizational alignment towards prime risks, associated thresholds, and risk mitigation.
2. Risk analysis describes performing a qualitative and quantitative analysis.
3. Risk management includes Identification of key risks in an association.
4. Risk management also involves resolution/remediation plans for risks.
5. Risk management performs the arrangement of key risk and performance symbols across all market functions allowing earlier risk identification and dynamic risk mitigation.
6. Risk management further includes proactive monitoring into existing business processes and plans.


Phases in Risk Management


Let us now review the various phases in Risk Management covered in SAP GRC Training in Bangalore. The following are the various Phases of risk management:
1. Risk Identification
2. Rule Construction and Validation
3. Analysis
4. Remediation
5. Mitigation
6. Constant Compliance


Risk Identification


In a risk identification process under GRC Risk Management, the following steps can be presented:
1. Identify authorization risks and approve exceptions
2. Simplify and classify risk as high, medium or low
3. Recognize different risks and conditions for monitoring in the future


Rule Building and Validation


Complete the following assignments under Rule Building and Validation:
Reference the best practices rules for environment
1. Verify the rules
2. Customize rules and verify
3. Test against test user and role cases


Analysis


Accomplish the following duties under Review:
1. Run the analytical reports
2. View cleanup exercises
3. Analyze roles and users
4. Revise rules based on analysis
5. Set warnings to discover performed risks


From the administration aspect, you can see the compact representation of risk violations that are grouped by severity and time.
Step 1: Go to Virsa Compliance Calibrator -> Informer tab
Step 2: For SoD violations, you can present a pie chart and a bar chart to describe current and former violations in the system landscape.

The following are the two distinct aspects to these violations:

1. Violations by risk level
2. Violations by process Remediation
Accomplish the following tasks under remediation:
1. Discover choices for eliminating risks
2. Present analysis and select improving actions
3. Record approval of improving actions
4. Revise or design roles or user assignments


Mitigation


Accomplish the following responsibilities under mitigation:
1. Discover alternative controls to mitigate risk
2. Educate management regarding conflict permission and monitoring
3. Document a process to monitor mitigation controls
4. Perform controls


Constant Compliance


Accomplish the following duties under Constant Compliance:
1. State variations in roles and user responsibilities
2. Simulate changes to roles and users
3. Execute alerts to monitor for selected risks and mitigate control testing


Risk Classification


Risks should be classified as per the business policy. The following are the different risk classifications that you can determine as per risk preference and business policy:
1. Critical
Critical classification is done for risks that include company’s critical assets that are very likely to be compromised by fraud or system disorders.
2. High
This involves physical or financial loss or system-wide disorder that involves fraud, waste of any asset or breakdown of a system.
3. Medium
This involves various system disorder like overwriting original data in the system.
4. Low
This involves risk wherever the productivity ends or the system collapses negotiated by fraud or system disruptions and damage is minimum.


SAP GRC — SoD Risk Management


In every organization, it is required to perform Segregation of Duties (SoD) Risk Management— starting from risk identification to rule building validation and several distinct risk management exercises to follow constant compliance.As per different positions, there is a requirement to perform Segregation of Duties in GRC system.SAP GRC defines various roles and responsibilities under SoD Risk Management:


Business Process Owners


Business Process Owners accomplish the following duties:
1. Recognize risks and approve risks for monitoring
2. Allow remediation involving user access
3. Design controls to mitigate conflicts
4. Communicate access responsibilities or role changes
5. Implement proactive constant compliance


Senior Officers


Senior Officers perform the following jobs:
1. Approve or deny risks between business areas
2. Recommend mitigation controls for selected risks


Security Administrators


Security Administrators accomplish the following jobs:
1. Consider ownership of GRC tools and security process
2. Design and sustain rules to recognize risk conditions
3. Customize GRC roles to reinforce roles and responsibilities
4. Examine and remediate SoD conflicts at role level


Auditors


Auditors complete the following duties:
1. Risk assessment on a daily basis
2. Provide specific requirements for audit purposes
3. Periodic testing of rules and mitigation controls
4. Act as relationship between external auditors


SoD Rule Keeper


SoD Rule Keeper completes the following responsibilities:
1. GRC tool configuration and management
2. Maintains controls over rules to ensure integrity
3. Acts as relationship among basis and GRC support center


SAP GRC — Risk Remediation


In SAP GRC 10.0 Risk Management, risk remediation phase defines the approach to reduce risks in roles. The purpose of the remediation phase is to prepare alternatives for eliminating issues under risk management.
The following strategies are suggested to solve issues in roles:
Single Roles
⦁ You can begin with single roles as it is easy and simplest way to begin.
⦁ You can test for any Segregation of Duties SoD violations from being reintroduced.
Composite roles
⦁ You can conduct different analysis to verify the user responsibility on the assignment or replacement of user actions.
⦁ You can use Administration view or Risk Analysis records for analysis as specified in previous topic.
In Risk Remediation, Security Managers should document the method and Business Process Owners should be involved and approve the plan.


SAP GRC—Report Type


You can create several Risk Review reports as per the required analysis:
1. Action Level ─ You can use it to implement SoD analysis at the action level.
2. Permission Level ─ This can be done to implement SoD analysis at action and permission levels.
3. Critical Actions ─ This can be used to analyze the users who have access to one of the critical functions.
4. Critical Permissions ─ This can be used to analyze users having access to one critical function.
5. Critical Roles/Profiles ─ This can be practiced to analyze the users who have the way to critical roles or profiles.

 Governance, Risk, and Compliance are three areas that work collectively to accomplish organizational goals.SAP GRC provides access to the company they need for their daily work. The risk of unauthorized access is identified and automatically removed.This course needs basic Knowledge in Concepts of ABAP and Java based SAP systems.The course contents the Introduction of GRC 10.0 Suite, ARA (Access Risk Analysis), EAM (Emergency Access Management), ARM (Access Request Management), BRM (Business Role Management) and Migration from GRC 5.3 to GRC 10.0.

SAPVITS is the best Institute for online  SAP Training . Today many institutes provides SAP training where SAP Online Training in Bangalore and SAP GRC Training in Chennai is best option.Visit us for SAP GRC Online Training more details. Our other SAP courses are:



Contact us:


Website: http://www.sapvits.com/
IND: +91 880 532 2100
USA: +1 912 342 2100
UK: +44 141 416 8898