Quantcast
Channel: Governance, Risk and Compliance (SAP GRC)
Viewing all articles
Browse latest Browse all 205

Risk Lifecycle

$
0
0

A high amount of time during a SAP GRC project will be spent on defining processes and responsibilities. My suggestion is to think in lifecycles for getting a better understanding of the processes and who is taking over the responsibilty.

 

In this post I would like to clarify the lifecycle of Risks. I have grouped them into four steps Create, Change, Delete and Review. Please see for each step expected Tasks and who is involved.

 

 

Creation of Risks

 

Tasks

  • Define the SoD risk on business level (e.g. with internal auditors)
  • Evaluate the necessary transactions to execute the SoD conflict (transaction and authorization)
  • Implement the risk within SAP GRC AC
  • Validate the risk analysis results

 

Involved functions

  • Risk owner
  • Process owner
  • ICS responsible
  • SAP GRC responsible

 

 

Changing of Risks

 

Tasks

  • Define the changes within the SoD risk on business level (e.g. with internal auditors)
  • Evaluate the necessary transactions to execute the SoD conflict (transaction and authorization)
  • Change the risk within SAP GRC AC
  • Validate the risk analysis results

 

Involved functions

  • Risk owner
  • Process owner
  • ICS responsible
  • SAP GRC responsible

 

 

Deletion of Mitigation Controls

 

Tasks

  • Delete risks within SAP GRC AC which are not valid anylonger
  • Document the deletion of the risk and especially the decision to delete the risk

 

Involved functions

  • Risk owner
  • ICS responsible
  • SAP GRC responsible

 

 

Reviewing of Risks

 

Tasks

  • Analyse if maintained risks within SAP GRC are still valid
  • Define actions to take because of:
    • New business processes
    • Changes in the IT system
    • Changes in the Internal Control System

 

Involved functions

  • Risk owner
  • Process owner
  • ICS responsible
  • SAP GRC responsible

 

 

If you want to have further information or contribute in this blog post do not hesitate to contact me directly.


Viewing all articles
Browse latest Browse all 205

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>