Implementing SAP Governance, Risk, and Compliance

Language

🇺🇸 English

Publisher SAP PRESS

Year / Edition 2014 / 1

Pages 712

Authors Asokkumar Christian, D. Rajen Iyer, Atul Sudhalkar

Implementing SAP Governance, Risk, and Compliance

Navigate the wild waters and changing tides of corporate compliance and governance. With this comprehensive guide to SAP's GRC suite, develop a strategy that is both reactive and adaptive to regulatory pressures, changing corporate policies, and unanticipated risk. Written for GRC consultants, project managers, and analysts, this book will help you configure and implement the necessary dimensions, master data, and rules setup for all three core components of the GRC Module—Access Control, Process Control, and Risk Management.

Effectively implement and configure the entire GRC 10.0 suite
Proactively manage regulatory change, meet business needs, and direct corporate compliance
Quickly identify and manage risk with a single unified view of your entire GRC process

You'll learn about:

Business Process Alignment:
Review the regulations that can impact a business and explore the SAP tools that support compliance.
Streamlined GRC Integration:
Explore the unique implementation and configuration processes for each GRC component and learn how to operate these resources side by side.
Role Management:
Ensure that your users are reducing risk with appropriate role management and monitoring.

Key Highlights:

Access control
Access risk analysis
Business role manager
SAP Global Trade Services
Supply chain compliance
Monitoring and reporting
Continuous control monitoring

View Full Table of Contents

Preface
- Structure of This Book
- Target Audience
- How to Use This Book
- Conclusion
Acknowledgments
1 SAP Governance, Risk, and Compliance Overview
- 1.1 SAP GRC Suite Overview and Components
  - 1.1.1 Value of the Suite as a Whole
  - 1.1.2 Reasons to Implement SAP GRC
  - 1.1.3 SAP Access Control
  - 1.1.4 SAP Process Control
  - 1.1.5 SAP Risk Management
  - 1.1.6 SAP Global Trade Services and SAP Nota Fiscal Electronica
- 1.2 Shared Master Data
- 1.3 SAP Content Life Cycle Management
- 1.4 SAP GRC 10.0 Architecture and Landscape
  - 1.4.1 Backend System Requirements
  - 1.4.2 Two-Tier versus Three-Tier Landscapes
  - 1.4.3 Frontend Options
- 1.5 Summary
2 Planning SAP GRC Implementations
- 2.1 Regulations and Policies in SAP GRC
  - 2.1.1 Japan’s J-SOX
  - 2.1.2 Australia’s CLERP-9
  - 2.1.3 Canada’s C-11
  - 2.1.4 Basel II
- 2.2 Purpose of SAP GRC Tools
- 2.3 Business Processes and Controls
- 2.4 Organizational Hierarchy and Local Controls
- 2.5 User Interface and Work Center
- 2.6 Rules
- 2.7 Reporting
- 2.8 Summary
3 SAP Access Control Overview
- 3.1 General Assumptions during Implementation
  - 3.1.1 SAP NetWeaver Business Client as SAP Access Control User Interface
  - 3.1.2 SAP NetWeaver Business Client Use Case
- 3.2 SAP Access Control—Post-Installation Technical Settings
  - 3.2.1 Basis Preliminary Check
  - 3.2.2 Activating BC Sets
  - 3.2.3 Activate Common Workflow
  - 3.2.4 Workflow Verification
  - 3.2.5 Troubleshooting for Task-Specific Customization
  - 3.2.6 Shared Configuration of SAP GRC Systems
  - 3.2.7 SAP Crystal Reports Features
  - 3.2.8 Activate Profile of Roles Delivered by SAP
  - 3.2.9 Creating the Initial User in the ABAP System
- 3.3 SAP Access Control Configuration
- 3.4 Summary
4 Emergency Access Management Overview
- 4.1 Using Emergency Access Management
- 4.2 Emergency Access Management Configuration in SAP GRC
  - 4.2.1 Configuration Parameters
  - 4.2.2 General Configuration Steps
  - 4.2.3 Email Configuration
- 4.3 Using a Firefighter ID
- 4.4 Reporting
  - 4.4.1 Consolidated Log Report
  - 4.4.2 Reason Code and Activity Report
  - 4.4.3 Firefighter Log Summary Report
  - 4.4.4 Invalid Emergency Access Report
  - 4.4.5 Transaction Logs and Session Detail
  - 4.4.6 SOD Conflict Report for Firefighter IDs
  - 4.4.7 Reason Code Usage Frequency
- 4.5 Summary
5 Access Risk Analysis Overview
- 5.1 Access Risk Analysis Basic Configuration
  - 5.1.1 Maintaining SAP Access Control Risk Analysis Configuration Parameters
  - 5.1.2 Adding a Connector to the AUTH Scenario
  - 5.1.3 Risk Loading and Activation
  - 5.1.4 Synchronization Jobs
  - 5.1.5 Rule Set Maintenance
  - 5.1.6 Maintain Shared Master Data
  - 5.1.7 Perform Batch Risk Analysis
- 5.2 Access Risk Analysis Reporting
- 5.3 Risk Remediation Process
  - 5.3.1 Role Cleanup Process with Access Risk Analysis
  - 5.3.2 Risk Mitigation as Remediation
- 5.4 Alert Monitoring
- 5.5 Risk Terminator
  - 5.5.1 Configuration Setup in the SAP GRC System
  - 5.5.2 Configuration Setup in the Plug-In System
- 5.6 Access Risk Analysis 10.0: Additional Features
  - 5.6.1 Initial Access Risk Assessment
  - 5.6.2 Additional Reporting Features
- 5.7 Summary
6 Business Role Manager Overview
- 6.1 Business Role Manager Configuration
  - 6.1.1 Activation of BC Sets
  - 6.1.2 Verifying Default Configuration Parameters
  - 6.1.3 Maintain Role Type Settings
  - 6.1.4 Specify Naming Conventions
  - 6.1.5 Standard Role Methodology
  - 6.1.6 MSMP Workflow Configuration
  - 6.1.7 Creating Role Owners
- 6.2 Business Role Manager Use: Creating a New Single Role
  - 6.2.1 Assigning Authorizations to the New Role
  - 6.2.2 Analyzing Access Risks and Remediation
  - 6.2.3 Request Approval
  - 6.2.4 Role Generation
  - 6.2.5 Testing the Role
- 6.3 Role Maintenance and Reporting
- 6.4 Summary
7 User Access Management Overview
- 7.1 Different User Roles in User Access Management
  - 7.1.1 General Users
  - 7.1.2 Requestors
  - 7.1.3 Approvers
  - 7.1.4 Administrators
  - 7.1.5 Auditors
- 7.2 Maintenance of Users
- 7.3 User Access Management Configuration
  - 7.3.1 Basic Requirements
  - 7.3.2 Activation of Business Configuration (BC) Sets
  - 7.3.3 Configuration Parameters
  - 7.3.4 Maintain Connector Settings
  - 7.3.5 Maintain Data Sources Configuration
  - 7.3.6 Define Request Type
  - 7.3.7 Maintain Number Range Intervals for Provisioning Requests
  - 7.3.8 Define Number Range for Provisioning Requests
  - 7.3.9 Maintain End User Personalization
  - 7.3.10 Maintain Provisioning Settings
  - 7.3.11 Maintain User Defaults
  - 7.3.12 Activate End User Logon
- 7.4 Configure the MSMP Workflow
- 7.5 Process Details: Change/Create Access Request
  - 7.5.1 Role Availability for Provisioning
  - 7.5.2 Access Request Process Steps
- 7.6 Password Self-Service
  - 7.6.1 Maintain Password Self-Service
- 7.7 User Access Management Reporting
- 7.8 Summary
8 SAP Access Control Advanced Topics
- 8.1 Multistage Multipath (MSMP) Workflow
  - 8.1.1 Configure Process and Global Setting
  - 8.1.2 Maintain Rules and Rule Results
  - 8.1.3 Maintain Agents
  - 8.1.4 Variables and Templates
  - 8.1.5 Maintain Paths and Assign Stages to Path
  - 8.1.6 Maintain Stages
  - 8.1.7 Maintain Stage Task Settings
  - 8.1.8 Notification Settings
  - 8.1.9 Maintain Route Mapping
  - 8.1.10 Generate Versions
- 8.2 Debugging MSMP
- 8.3 Business Rule Framework Plus (BRF+)
  - 8.3.1 BRF+ Use Case in SAP Access Control
  - 8.3.2 Chaining Routing Rules Using a Function Module and BRF+
  - 8.3.3 BRF+ Function in Business Role Manager
- 8.4 Workflow Notification Maintenance in MSMP
  - 8.4.1 Available Notification Templates
  - 8.4.2 Notification Variables
- 8.5 Customizing Workflow Processes: Email Notifications
  - 8.5.1 Creation of Custom Document Objects
  - 8.5.2 Associate Custom Document Object with Message Class
- 8.6 Select Notification Templates and Recipients
- 8.7 Setting Up Email Reminders
- 8.8 Periodic Reviews
  - 8.8.1 Configuration for SoD Review
  - 8.8.2 Maintain Reviewers and Coordinators
  - 8.8.3 Generate Data for SoD Review
- 8.9 HR Triggers
- 8.10 Summary
9 SAP Process Control Overview
- 9.1 The Evolution of SAP Process Control
- 9.2 SAP Process Control Features
  - 9.2.1 Date Validity
  - 9.2.2 Views
- 9.3 Architecture
  - 9.3.1 Installation and Setup
- 9.4 Configuration and Basic Settings
  - 9.4.1 General Settings
  - 9.4.2 Shared Master Data Settings
  - 9.4.3 SAP Process Control Reporting
  - 9.4.4 Common Component Settings for SAP Process Control
- 9.5 Implementation Overview of SAP Process Control
  - 9.5.1 Setting Business Goals
  - 9.5.2 Phased Approaches
  - 9.5.3 Master Data Collection
  - 9.5.4 Process Control Users and Roles
- 9.6 Overview of SAP Process Control Usage
  - 9.6.1 Documenting
  - 9.6.2 Scope
  - 9.6.3 Evaluation
  - 9.6.4 Monitoring and Remediation
  - 9.6.5 Reporting
  - 9.6.6 Certification
  - 9.6.7 Policy Management
- 9.7 Summary
10 SAP Process Control Master Data
- 10.1 Organizations
  - 10.1.1 Multiple Hierarchies
  - 10.1.2 Validity Dates and Time Frames in the Organization Structure
- 10.2 Business Process Models
- 10.3 Regulations
- 10.4 Policies
- 10.5 Accounts and Account Groups
- 10.6 Master Data Content Management and Transport
  - 10.6.1 Master Data Upload Generator
  - 10.6.2 Content Lifecycle Management
  - 10.6.3 CLM versus MDUG
- 10.7 Summary
11 Continuous Controls Monitoring
- 11.1 Continuous Monitoring Architecture
- 11.2 Configuring Continuous Control Monitoring
- 11.3 Creating Data Sources
  - 11.3.1 Adding Data Source Information
  - 11.3.2 Defining the Technical Details
  - 11.3.3 Pointing to a Connector
  - 11.3.4 Adding Documentation
- 11.4 Creating Business Rules
  - 11.4.1 Basic Information
  - 11.4.2 Filter Criteria
  - 11.4.3 Deficiency Criteria
  - 11.4.4 Conditions and Calculations
  - 11.4.5 Technical Settings and Monitoring Rule Behavior
  - 11.4.6 Ad Hoc Query
- 11.5 Data Source Types and Related Rules
- 11.6 Assigning Rules to Controls
- 11.7 Scheduling Monitoring Rules
- 11.8 Structured Approach to Continuous Controls Monitoring
  - 11.8.1 The Nature of ERP Controls
  - 11.8.2 The Goal of Monitoring
  - 11.8.3 Effective Monitoring
  - 11.8.4 The Importance of Proper Configurations and Master Data Settings
  - 11.8.5 Transactions
  - 11.8.6 Reports and Analytics
- 11.9 Summary
12 Continuous Controls Monitoring: Data Source Types
- 12.1 Configurable Data Sources and Rules
  - 12.1.1 Configurable Data Sources
  - 12.1.2 Configurable Business Rules
  - 12.1.3 Limitations of Configurable Data Sources and Rules
- 12.2 Change Log Check Rules
  - 12.2.1 Change Tracking: Logs versus Polling
  - 12.2.2 Defining Change Log Rules
- 12.3 Other Data Source Types and Rules
  - 12.3.1 ABAP Reports
  - 12.3.2 Segregation of Duty Integration
  - 12.3.3 SAP NetWeaver BW Query
  - 12.3.4 Event-Driven Data Sources
  - 12.3.5 SAP NetWeaver Process Integration
  - 12.3.6 External Partner Data Sources
  - 12.3.7 ABAP Program Data Sources
- 12.4 Performance Considerations with Change Logging
- 12.5 Summary
13 Continuous Controls Monitoring: Advanced Topics
- 13.1 Operational Data Provider (ODP) Rules
- 13.2 SAP HANA
- 13.3 Using SAP NetWeaver BRF+ to Build Advanced Rules
  - 13.3.1 Using BRF+ Rules in SAP Process Control Business Rules
  - 13.3.2 Additional Features of BRF+ and SAP Process Control
- 13.4 Advanced Rule Logic: Grouping, Aggregation, and Currency Conversion
- 13.5 Using the BRF+ Workbench
- 13.6 Continuous Control Monitoring: Content Export/Import
- 13.7 Summary
14 Continuous Controls Monitoring: Miscellaneous Topics
- 14.1 Efficiently Managing Continuous Controls Monitoring Content
  - 14.1.1 Data Sources
  - 14.1.2 Business Rules
  - 14.1.3 Organization-Level System Parameters (OLSP)
  - 14.1.4 OLSP and Business Rule Filter Conditions Combine
  - 14.1.5 Runtime Binding of Date Ranges
  - 14.1.6 Decoupling Test Schedule from Test Period
- 14.2 CCM Data Security
  - 14.2.1 Guiding Principles
  - 14.2.2 Analysis
  - 14.2.3 The Goal
  - 14.2.4 The Solution
  - 14.2.5 CCM Data Security Model
- 14.3 Summary
15 SAP Risk Management Implementation
- 15.1 Enterprise Risk Management Overview
- 15.2 Enterprise Risk Management Scenario
  - 15.2.1 Business Blueprint
  - 15.2.2 Solution Configuration
  - 15.2.3 Data Conversion and Master Data Setup
  - 15.2.4 Authorization Concept and Roles
  - 15.2.5 Workflows
  - 15.2.6 Reporting
- 15.3 Operational Risk Management Overview
- 15.4 Operational Risk Management Scenario
  - 15.4.1 Business Blueprint
  - 15.4.2 Solution Configuration
  - 15.4.3 Master Data Setup
  - 15.4.4 Loss Event Management Workflow and Upload
  - 15.4.5 Reporting
- 15.5 Summary
16 Trade Compliance and Financial Risk
- 16.1 Global Trade Key Functions
  - 16.1.1 SAP Compliance Management
  - 16.1.2 SAP Customs Management
  - 16.1.3 SAP Risk Management
- 16.2 SAP ERP Setup for Trade Preference Processing
  - 16.2.1 Set Up Communication from SAP ERP to SAP GTS
  - 16.2.2 Set Up Document Transfer in SAP ERP
  - 16.2.3 Maintain BOM Transfer Settings
  - 16.2.4 Define a Worklist for Vendor-Based Long-Term Vendor Declarations
- 16.3 SAP Global Trade Services Setup
  - 16.3.1 Define Basic Settings in SAP GTS
  - 16.3.2 Set Up System Communication in SAP GTS
  - 16.3.3 Number Range Configuration within SAP GTS
  - 16.3.4 Define and Assign Organizational Parameters
  - 16.3.5 Define the Country Group
  - 16.3.6 Define and Activate a Legal Regulation
- 16.4 SAP Risk Management General Settings
  - 16.4.1 Activate the Document Type and Item Category
  - 16.4.2 Define an Organizational Structure
  - 16.4.3 Activate the Preference Agreement
  - 16.4.4 Define and Assign the Rule Set
  - 16.4.5 Set Control Settings for the Data Scope in Vendor Declarations
- 16.5 SAP GTS Benefits
- 16.6 Summary
17 Compliance with Environment, Health, and Safety Management
- 17.1 Integration of SAP EHS Management and SAP Global Trade Services
  - 17.1.1 SAP EHS Management Configuration
  - 17.1.2 SAP Global Trade Services Configuration
- 17.2 Visualization Features with SAP GTS 10
  - 17.2.1 Accessing the New User Interface
  - 17.2.2 SAP NetWeaver Business Client (NWBC)
- 17.3 Sanctioned Party List Screening Configuration
- 17.4 SAP Global Trade Services Deployment and Reporting
  - 17.4.1 Deployment Options
  - 17.4.2 Reporting
- 17.5 Summary
18 Supply Chain Compliance
- 18.1 Import Filing to Reduce Compliance Costs
- 18.2 Import Processes within SAP ERP
- 18.3 SAP Global Trade Services Declarations
  - 18.3.1 Customs Document Review
- 18.4 Customs Import Process Configuration with SAP ERP
- 18.5 SAP Global Trade Services Configuration
- 18.6 Configuration Settings for SAP Customs Management
- 18.7 Summary
19 Conclusion
- 19.1 Chapter Review
- 19.2 Business Benefits of the GRC Suite
- 19.3 GRC Suite and their Value
- 19.4 SAP GRC Future Outlook
The Authors
Index

ℹ️ How to purchase this book?

This product has a special price upon request. You can start your order or clarify any doubts using the Contact for Price button on the page.

We have also prepared a step-by-step guide to explain how to easily request your quote.

Read the guide here →

Disclaimer

SAP, other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. Our Company is not affiliated to SAP SE or any of its affiliated companies including but not limited to: Sybase, Business Objects, Hybris, Ariba and SuccessFactors. All other names, brands, logos, etc. are registered trade or service marks of their respective owners.

Home > SAP Books > English Books > Implementing SAP Governance, Risk, and Compliance

Implementing SAP Governance, Risk, and Compliance

Name: Implementing SAP Governance, Risk, and Compliance
Brand: SAP
SKU: BOOK-SAPPRESS-EBOOK-2014-9781592298822

Warranty

Receive the product you were expecting or we will refund your money

Would you like to see a sample of the course or book?

If you need a sample of the course or book, request it in the chat below and we will be happy to provide it to you.

1 installment of $0.00 USD without interest		Total $0.00 USD
2 installments of $0.00 USD without interest		Total $0.00 USD
3 installments of $0.00 USD without interest		Total $0.00 USD
4 installments of $0.00 USD without interest		Total $0.00 USD
5 installments of $0.00 USD without interest		Total $0.00 USD
6 installments of $0.00 USD without interest		Total $0.00 USD

Implementing SAP Governance, Risk, and Compliance

You'll learn about:

Key Highlights:

ℹ️ How to purchase this book?

Disclaimer

Implementing SAP Governance, Risk, and Compliance

Related products