About SAP GRC
SAP GRC (governance, risk management and compliance) software allows publicly-held companies to integrate and manage IT operations that are subject to regulation. Such software typically combines applications that manage the core functions of GRC into a single integrated package.
GRC software enables an organization to pursue a systematic, organized approach to managing GRC-related strategy and implementation. Instead of keeping data in separate “silos,” administrators can use a single framework to monitor and enforce rules and procedures. Successful installations enable organizations to manage risk, reduce costs incurred by multiple installations and minimize complexity for managers.
GRC software implementation typically involves complex installations that include coordination of data between multiple departments, including business, IT, security, compliance, and auditing. Once in place, however, dashboards and data analytics tools allow administrators to identify an organization’s risk exposure , measure progress towards quarterly goals or quickly pull together an information audit. Good governance, defined as effective, ethical management of a company at the executive level, is treated as an objectively measurable commodity. Data retention and risk management are converted to similarly measurable metrics.
SAP GRC Training Course Curriculum
SAP GRC Access Control Overview and Configuration
Challenges in auditing SAP ERP, Segregation of duties and restricted access, GRC access control overview and navigation
SAP GRC Access Control Risk Analysis and Remediation (RAR) Training
RAR Overview of Configuration, RAR Connectors, RAR Rules set building, RAR Risk, Business process and Functions building, RAR Reporting, RAR Background jobs Overview, RAR Risk Analysis, RAR Risk Remediation, RAR Mitigation Control process and Concept, Continuous Compliance
SAP GRC Access Control Compliant User provisioning Training
CUP Overview of Configurations, Compliant User provisioning Functionality, CUP Request form Customization, CUP Custom field Configuration, CUP Integration with RAR, CUP integration with Central User Administration System., CUP Request Types and Workflows configuration, SMTP server setup in CUP, Detour and Escape routes configuration, Role Approvers Maintenance in CUP
SAP GRC Access Control Super user privilege management Training
SPM Overview of Configurations, Firefighter role creation in SPM, SPM Parameter Maintenance for Firefighter Access, Reason codes creation in SPM, Assignment of Firefighter id’s to Owners and Controllers in SPM, Running Log Reports in SPM
SAP GRC Access Control Enterprise Role Management Training
ERM Overview of Configurations, Enterprise Role Management Workflow Steps, System landscape, Role attributes, ERM Integration with CUP and RAR, ERM Methodology Process and Concept, Approving Role changes.
SAP GRC Overview
Businesses are evolving more rapidly to respond to market changes along with increasing risks. And stakeholders are demanding greater integrity and transparency. Spreadsheets, emails and inadequately managed documents are no longer acceptable for regulators, external auditors and the senior company executives ultimately responsible for any GRC failures.
To get an integrated GRC system we must first look at the individual modules within the SAP GRC solution;
Access Control specifically looks at what access people have in an organization. It may seem basic but with starters, movers and leavers, appropriate access can be a real concern. Employing proper segregation of duties, governing enterprise roles, provisioning users, and granting audited emergency access for super users is key to managing organizational risk.
Process Control acts as a central control hub that automates tasks, monitors activity and reports in real-time. It gives you a continuous insight into the compliance status of the controls in place across your key business processes, aligning them with risk prevention. In conjunction with well-defined controls that eradicate duplication and simplify assurance, SAP GRC Process Control is a powerful capability.
SAP GRC Risk Management helps you integrate and coordinate risk management activities, gain a deeper understanding of risk, and plan timely, reliable responses. It provides insightful information to help you manage risk in a responsible way. And it helps you assess threats and opportunities, so you can make better decisions to positively impact the performance of your business.
SAP GRC Access Control consists of the following modules
- Risk Analysis and Remediation (RAR)
- Compliant User Provisioning (CUP)
- Enterprise Role Management (ERM)
- Superuser Privilege Management (SPM)
Risk Analysis and Remediation (RAR)
Previously known as Compliance Calibrator, RAR is the repository for definitions of segregation of duties rules and critical transactions. As well as using the rules to check if user and role administration activities could introduce risks to your business, RAR reports on the risks within the system – presenting them in a graphical format within a web browser.
Compliant User Provisioning (CUP)
CUP provides the workflow engine to drive compliant user and role maintenance processes within the SAP environment. These processes are auditable and verifiable, with clear, configurable processes for approval, SoD checking and provisioning.
Enterprise Role Management (ERM)
ERM rigorously applies naming conventions and validations to role creation, reducing management effort and the risk of segregation of duties violations. To use ERM you have to define structured working methods.
Superuser Privilege Management (SPM)
Previously known as Firefighter, SPM lets you assign ‘emergency user’ status to normal support users, giving them extended access for exceptional circumstances. A notification is linked to the use of this extended access. And all activities are logged during its use to reduce the risk of unauthorised activities taking place. SPM is one of the simplest Access Control components to deploy.
Common SAP GRC Tcodes
SPRO – Customizing – Edit Project Basis – Customizing Project Management (IMG)
SE38 – ABAP Editor Basis – ABAP Editor
SM59 – RFC Destinations (Display/Maintain) Basis – RFC
SU01 – User Maintenance Basis – User and Authorization Management
SE71 – sapscript form Basis – SAPscript
PB10 – Init.entry of applicant master data Personnel Mgmt – Recruitment
SE11 – ABAP Dictionary Maintenance Basis – Dictionary Maintenance
SE16 – Data Browser Basis – Workbench Utilities
SE37 – ABAP Function Modules Basis – Function Builder
SE80 – Object Navigator Basis – Repository Browser
SWDC – Workflow Definition: Administration Basis – SAP Business Workflow
SICF – HTTP Service Hierarchy Maintenance Basis – Internet Communication Framework
SCOT – sapconnect – Administration Basis – Communication Services: Mail, Fax, SMS, Telephony
SQ01 – sap Query: Maintain queries Basis – SAP Query
SNOTE – Note Assistant Basis – SAP Note Assistant
XSLT – XSLT tester Basis – ABAP XML Processing
RZ10 – Maintain Profile Parameters Basis – Profile Maintenance
SP01 – Output Controller Basis – Print and Output Management
NACE – WFMC: Initial Customizing Screen SD – Output Determination
PFCG – Role Maintenance Basis – ABAP Authorization and Role Management
RSA1 – Modeling – DW Workbench BW – Data Warehousing Workbench
ST22 – ABAP Dump Analysis Basis – Syntax, Compiler, Runtime
SXMB_MONI – Integration Engine – Monitoring Basis – Integration Engine
SM30 – Call View Maintenance Basis – Table Maintenance Tool
OPS – Customizing for Project System Project Systems – Project System
This was a very good and helpful training for beginners like me. The content was well explained and the exercises were well taught and a bit on the easy side.
Good info and simple to implement. I find that the courses are well covered.
I am currently engaged in on-line training through the TEKSLATE. Thanks for good interactive Content. Found them informative and Great. I am pretty pleased with my first time virtual training experien ...
The instructor is really good at explaining things along with examples and analogies to help you understand the concepts better. I would recommend this online training to my friends for sure. After th ...