Академический Документы
Профессиональный Документы
Культура Документы
SAP GRC Process Control automates the most time-consuming tasks related to
Sarbanes-Oxley compliance: controls assessment. It continuously monitors and reports
the activities in enterprise applications, and provides drill-down capabilities to facilitate
analysis, pinpoint the cause of control violations, and perform remediation, all in real
time.
Process Control can integrate with Risk Analysis and Remediation (formerly known as
Compliance Calibrator). Risk Analysis and Remediation for SAP software provides
real-time compliance monitoring and controls, integrated within your SAP deployment.
Risk Analysis and Remediation uses its built-in analysis engine to identify risks
associated with Segregation of Duty (SoD), critical actions, and critical permissions.
Once identified, you use Risk Analysis and Remediation controls to mitigate or eliminate
compliance risks. For more information on Risk Analysis and Remediation, see the SAP
GRC Access Control page.
You can find installation files in the SAP Software Distribution Center under Downloads
-> SAP Installations and Upgrades -> Entry by Application Group -> SAP Solutions for
Governance, Risk, and Compliance -> SAP GRC Process Control.
The process covered by GRC Risk Management includes the following steps:
Risk Planning: determine the approach to risk management in each business
area or project. This would include defining risk thresholds and setting up the
risk management organization.
Risk Identification and Analysis: identify the risks in order to analyze and
prioritize them along different attributes, such as probability of occurrence
and potential total loss associated to the risk.
Risk Response: decide on actions to actually respond to a risk. An action
could be to actively mitigate the risk to reduce probability of occurrence
and/or potential impact.
Risk Monitoring: includes the regular update of risk information as well as
risk reporting to monitor progress along the risk management process.