Expand +



8 Tips to getting the most bang for your buck from SAP BusinessObjects GRC Today

by The Tip Doctor

November 11, 2011

Tip Doctor, Insider Learning Network.

The following excerpt has been taken from James Roeske’s presentation “Minimizing the cost of compliance, audit, security, and risk management in financially challenging times” which took place during the GRC 2011 conference in Amsterdam this past June.

8 Tips for SAP BusinessObjects GRC:

1.    Integration

  • SAP BusinessObjects Access Control 5.3 is a single application rather than four separate independent parts.
    • With this consolidation, additional integration has been created
  • Tip:  Utilize SAP BusinessObjects Access Control application integration to the fullest extent to get the most benefit from you current investment and for setting the foundation for future expansion of your GRC footprint
  • SAP BusinessObjects Access Control integration highlights in 5.3
    • Risk Analysis and Remediation is the central SOD analysis engine and Rule repository for the entire suite
    • Compliant User Provisioning is the Workflow engine for the entire suite
    • This now includes Workflow capabilities for Mitigation and Risk/Rule change controls, Role maintenance approval, and Superuser Privilege provisioning integration
    • SAP BusinessObjects Access Control 5.3 now provides i ntegration and SAP NetWeaver® BW.
      • Risk Analysis and Remediation and Compliant User Provisioning can now integrate, provision, and analyze risk for SAP NetWeaver Portal and UME authorizations
      • With the SAP partnership with Greenlight, increased support for PeopleSoft, Oracle apps, and JDE come standard with the application

2.    Increase automation through good Workflow design in Compliant User Provisioning and leveraging its fullest capabilities, including:

  • SPM Access Requests and Provisioning
  • User Access Reviews
  • SOD Reviews
  • ERM Integration and Approvals

3. Assign responsibility to business approvers instead of requiring Security Team to review and process all requests

4.    Empower your business users to take ownership and leverage the standard reporting in SAP BusinessObjects Access Control on their own

  • Rather then extracting the data in spreadsheets or printing paper reports for them out of your new SAP BusinessObjects Access Control system

5.    Establish good role design with naming conventions and descriptions that end user requests and approvers can understand

  • Roles should be clean of SOD violations
  • With good role design, naming conventions, and solid attribute filtering, end users should be able to find the roles they require and what to request

6.    Establish Business Role Owners and Role Approvers  

  • Allows for proper distribution of accountability and work load
  • Provides cons istency and efficiency in approval processes

7.    Mandate SOD violations are always analyzed and mitigated before they are assigned to the users

  • Always try to remediate SOD violations first
  • Mitigation Controls should be second choice

8.    Utilize Superuser Privilege Management for emergency as well as “extra” access not required for daily or routine jobs

  • Users’ daily jobs should be reviewed and analyzed for SOD remediation/mitigation, be careful not to remediate by moving SOD violations to Superuser IDs
  • Do not allow Basis or IT personnel to use Superuser Privilege access for all of their normal daily activities
    • Not a good control if no one reviews an 8-hour log of transactions

An email has been sent to:

More from SAPinsider


Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!