Upload File

segregation of duties review (sod review) description and workflow configuration

  • Home
  • Documents
  • Segregation of Duties Review (SOD Review) Description and Workflow Configuration
26
Getting Started Newsletters Store Search the Community Welcome, Guest Login Register Products Services & Support About SCN Downloads Industries Training & Education Partnership Developer Center Lines of Business University Alliances Events & Webinars Innovation Added by Shaily Kulshreshtha, last edited by Shaily Kulshreshtha on Nov 28, 2014 Governance, Risk and Compliance / / Access Request (ARQ) Segregation of Duties Review (SOD Review) Description and Workflow Configuration Segregation of Duties Review (SOD Review) Segregation of Duties Review is a process where the system checks periodically for any risk and violations associated with a user or functions. This functionality can be used during the initial cleanup of risk violations as well as a longterm strategy to review and affirm previous Mitigation assignments. When SOD review is performed, it generates requests automatically, based on organization’s internal policy. SOD review provides Workflow Based review and approval process. Purpose This document will explain compete functionality of SOD review. SOD Review Overview Key feature of SOS Review : Decentralized review of Segregation of Duties violation. Workflow request for Access Review and approval Reaffirmation of Mitigation Control assignment Audit trail and Report for Audits

Upload: douglas-cruz

Post on 07-Nov-2015

59 views

Category:

Documents


6 download

Report

DESCRIPTION

SAP GRC Access Control 10.0 - SOD Review process

TRANSCRIPT

  • GettingStarted Newsletters Store

    SearchtheCommunity

    Welcome,Guest Login Register

    Products Services&Support AboutSCN Downloads

    Industries Training&Education Partnership DeveloperCenter

    LinesofBusiness UniversityAlliances Events&Webinars Innovation

    AddedbyShailyKulshreshtha,lasteditedbyShailyKulshreshthaonNov28,2014

    Governance,RiskandCompliance / / AccessRequest(ARQ)

    SegregationofDutiesReview(SODReview)DescriptionandWorkflowConfiguration

    SegregationofDutiesReview(SODReview)SegregationofDutiesReviewisaprocesswherethesystemchecksperiodicallyforanyriskandviolationsassociatedwithauserorfunctions.ThisfunctionalitycanbeusedduringtheinitialcleanupofriskviolationsaswellasalongtermstrategytoreviewandaffirmpreviousMitigationassignments.

    WhenSODreviewisperformed,itgeneratesrequestsautomatically,basedonorganizationsinternalpolicy.SODreviewprovidesWorkflowBasedreviewandapprovalprocess.

    PurposeThisdocumentwillexplaincompetefunctionalityofSODreview.

    SODReviewOverviewKeyfeatureofSOSReview:

    DecentralizedreviewofSegregationofDutiesviolation.WorkflowrequestforAccessReviewandapprovalReaffirmationofMitigationControlassignmentAudittrailandReportforAudits

  • SODReviewProcessThereisabackgroundjobwhichgeneratesSODReviewrequest.ThesystemsendsSODreviewnotificationtoreviewers.Thereviewerreviewtherequestandperformthefollowingoption.

    RejectRequestItemsMitigateRiskbyassigningMitigationControl.RemoveAccessforitemsthatarecreatingviolations.ThereisonemoreoptionalstepwherewecaninvolveAdminforAdminreviewbeforesendingrequesttoreviewers

    SODReviewProcessExplanationAdminReview.

    ThereisanoptionforAdminReviewwhichprovidesadministratortovalidaterequestdataafterrequestaregenerated(bySODreviewjob)butbeforegeneratingWorkflowtask(butpriorSODReviewupdateWorkflowjob).IfanyreviewerinformationismissionorneedtobemodifythenAdmincandosobeforegeneratingworkflow,orcanalsodeleterequestsifrequired

    ReviewStageWecanspecifywhetherReviewerstageisaddressedbyusersManagerorRoleOwner.

    SecurityStage:WecanalsoincludeSecuritystageifrequired.

    WorkflowStageConfigurationsAfterdecidingwhichstagetoincludeintheSODreviewworkflow,weneedtodeterminethespecificbehaviorforeachstagetoreflectthereviewprocess.Like

    EmailNotificationFirstofallweneedtodeterminethecontentoftheemailnotificationtobesendtoapproverofeachstage.Recipientalsoneedstobedetermined.

    ReminderWecanalsosetEmailreminderinthiscase.Wecanspecifytheintervalofremindernotification.

    EscalationYoucanspecifyEscalationoneachstagebasedontimespentinaparticularstage.IfaReviewerdoesnotcompletehisreviewwithinthetimespecifiedinthedateparameterdefinedinconfiguration,thentherequestwillbeescalated.TheAuditlogwillshowthisescalation.Wecanalsospecifywhetherescalationautomaticallyremovestheaccessthatisnotapprovedbyacertaindate.

    RolesinSODReviewThefollowingrolecanappearinSODReviewRequest

  • AdministratorAdministratorsperformSoDReviewspecificadministrativetaskssuchasperforminganAdminReviewbeforegeneratingaworkflowfortherequest

    ReviewerReviewersareapproversattheReviewerstage.AReviewercanbeaUsersManagerortheRiskOwner

    UsersManagerUsersManageristhedirectmanagerofaparticularuser,asdefinedintheUserDetailsDataSource.

    RiskOwnerRiskOwneristheownerspecifiedinyourRiskAnalysisandRemediation(RAR)masterdata.

    CoordinatorCoordinatorsareusersassignedtooneormoreReviewers.CoordinatorsmonitortheSoDReviewprocessandcoordinateactivitiestoensurethattheprocessiscompletedinatimelymanner

    Prerequisites

    ThefollowingjobsshouldbeexecutedinthebelowsequencebeforerunningSODreviewJobs.

    RepositorysyncforUser,Role,Profile(SPRO>GRC>AccessControl>SynchronizationJobs>RepositorySync)BatchRiskAnalysisJob(SPRO>GRC>AccessControl>AccessRiskAnalysis>BatchRiskanalysis>ExecuteBatchRiskAnalysis)ActionUsageReport(SPRO>GRC>AccessControl>SynchronizationJobs>ActionUsageSync)RoleUsageSync(SPRO>GRC>AccessControl>SynchronizationJobs>RoleUsageSync)AlsomakesurethatRiskOwnersaremaintained.

    ConfigurationSettingsThissectionwillexplainsyouSODReviewConfigurationsettings

    IMGConfigurationBeforerunningSODreviewjobtherearesomeIMSsettingsthatneedstobedone

    GotoIMG>GRC>AccessControl.>MaintainConfigurationSettings>

    1. ForPARAMRiskAnalysis:SetParameter1027EnableOfflineRiskAnalysistoYES2. ForPARAMSODReview:SetthebelowParameters

  • a. 2016RequestTypeforSOD:ChooseDefaultRequesttypeforSODb. 2017DefaultPriorityforSOD:ChooseDefaultPriorityforSODc. 2018WhoAreReviewers:ChooseRoleOwner/Managersd. 2019AdminReviewrequiredbeforesendingtasktoReviewer:ChooseYES/Noe. 2020NumberofuniquelineitemsperSODrequest:Maximumvalueofthisparametercanbe9999.Beyond9999,therequestwillgetsplitandallitemswillbemovedtoanewrequest.

    ThisparameterisintroducedinGRC10.0SP17(SAPNote#1994429)f. 2021Isactualremovalofroleallowed:ChooseYes/No

    ManagingCoordinatorsGoToNWBC>AccessManagement>ComplianceCertificationReview>ManageCoordinators

  • Screenwillopen.Nowselectanylineitemtochangeorcreateanewone.

    SpecifyingEscalationsGoToSPRO>GRC>AccessControl>UserProvisioning>MaintainServiceLevelAgreement

  • HereyoucancreateSLAforSODreviewprocess.YoucanspecifythisviatypeFixedbyDateorFixedbynumberofdaysandFormula.

    GeneratingdataforRequest

    ForgeneratingdataforSODreviewyouneedtoscheduleajobfromNWBC>AccessManagement>Scheduling>BackgroundScheduler

  • YoucangiveJobNameandselectGeneratedataforAccessRequestSODReviewandclickonnext.

    AfterclickingonNextscreenyoucangivetheparametersforwhichyouwanttorunthisjob.

  • Now,onclickingNextandthenFinishthejobwillbescheduled

    YoucancheckthisjobunderNWBC>AccessManagement>Scheduling>BackgroundJobs

  • RequestReviewThisstepisonlyrequiredifyouhaveenabledAdminReviewoption.

    TheadministratorreviewstherequeststoensurecompletenessandaccuracyoftherequestinformationpriortosendingtoReviewers.

    GotoAccessManagement>ComplianceCertificationReview>RequestReview

    OntheRequestReviewscreen,searchfortheSoDReviewrequestsbyselectingtheSoDRiskReviewWorkflowandthenreviewthedatatoconfirmtheReviewerandCoordinatorinformationisaccurate.

  • Onthisscreenyoucanenterinformationaboutthereviewertotherequestsifnotavailable.

    AnAdministratorcanalsocanceltherequestifSoDReviewsarenotrequiredorifthereisincorrectdata.

    UpdateWorkflowJobThisstepisonlyrequiredifyouhaveenabledAdminReviewandtheAdminReviewhasbeencompleted.

    ExecutetheSoDReviewUpdateWorkflowJobtopushtheworkflowtaskstotheReviewers.

    GotoAccessManagement>Scheduling>BackgroundScheduler.ClickBackgroundscheduler.TheScheduleAccessManagementScreenwillappear.ChooseCreatetocreateanewrequestforUpdateWorkflow.TheCreateSchedulescreenwillappear.EnterScheduleName.SelectScheduleActivityfromthedropdownlist.ForSoDRequests,selectUpdateWorkflowforSoDRequest.

  • ChooseFinish.GotoRequestReview,andcheckthestatusoftherequestifithasbeencompleted.Aftercompletingalloftheabovementionedsteps,therequestswillnowcometotheReviewersWorkInboxtoworkonit.

    NowyoucanviewthatrequestintheWorkinbox.Onopeningtherequestitwilllookasbelow.

  • SinceYESwasselectedforActualremovalofRolesduringtheconfigurationprocess,theACTUALREMOVALpushbuttonappearsonthescreen.IfNOwasselected,thenthePROPOSEREMOVALpushbuttonappearsinstead.

    ByselectingRiskandthenchoosingtheActualRemovalpushbutton,youcanremovetheactualroleassociatedwiththisRisk.BychoosingtheProposeRemovalpushbuttonyoucanonlyproposetheremoval,noactualremovalisdoneonanyroles.ChooseSubmittocompletetheReviewprocess.

  • WorkflowConfigurationToprocessSODreview,youneedtosettheworkflowsettingsfromMSMP.

    ProcessID:SAP_GRAC_SOD_RISK_REVIEW

    YoucanmaintainRuleatthe2ndstep.YoucanconfigureFunctionModulerules,BRFplusrules,ABAPclassbasedrules,andBRFplusflatrules.

  • Therulescanbeoneofthefollowingtypes:

    InitiatorRule:TocheckwhichpathyourrequestwilltakeRoutingRule:TodirectyourrequesttotakeadetourAgentRule:Tocheckforagents(Reviewers)fortherequestinaparticularstageNotificationRule:Usedfornotificationpurposesonly

    Atthe3rdstepyoucandefineAgent

    Thepossibleagenttypesare:

    DirectlyMappedUsersAgroupofuserscreatedwithintheworkflowconfigurationPFCGRolesAlluserswhohavespecifiedPFCGroleassignmentsPFCGUserGroupAlluserswhoarepartofthespecifiedPFCGgroupGRCAPIRulesAllusersreturnedbytheconfiguredruleforagents

  • Oncetheagentsaremaintained,choosetheNEXTpushbuttontomaintaintheVARIABLESANDTEMPLATES.

    Inthisscreen,youcanmaintaincustomnotificationtemplatesaswellastheirvariablesandreminders.

  • Nextstepistomaintainpaths

  • SelectapathandchoosetheADDorMODIFYpushbuttonstodefinethepathstages.

    IntheMaintainStagestable,choosetheMODIFYTASKSETTINGSbuttontochangethestagesettings.

    IntheApprovalTypecolumn,selectAllApproversorAnyOneApproverfromthedropdownlist.Thisdeterminesifallapproversoranyoneapproverisrequiredtoapprovethestage.

    IfyouchooseYesforEscalation,specifytheescalationsettingbyenteringtheidletimeinminutes.Idletimeistheamountoftimebywhich,ifthestageisnotapprovedorrejected,thetaskiseithersenttothespecifiedagentortheworkflowmovestothenextstage.

  • ChoosetheNEXTpushbuttontogototheMaintainRouteMapppingscreen.Inthisstepyoucanmaintainroutemappingsbetweentheinitiatorrulesresultandtheactualpathfortheresult.

  • NowGenerateMSMPversion

    CheckingSODReviewRequestsAfterarequestisgenerated,itissenttothereviewersWorkInboxandcanbeaccessedbyperformingthefollowingsteps:

  • YoucanalsosearchthisrequestunderSearchRequest>SelectProcessIDasSODRiskReviewWorkflow

  • ManagingRejectionThelineitemsthatarerejectedbyanapprovercanbeaccessedandreworkedfromtheManagingRejectionsscreen.

    GoToAccessManagement>ComplianceCertificationReviews>ManageRejections.

  • SelecttheProcessTypeandclickonSearch

  • Youcanfindtherejectionsonthisscreen.

    RelatedDocuments

    TherearemanymajorSODreviewfixesafterSP14GRC10.0

    BelowaretheimportantSAPNoteregardingthis.

  • 1994429UAM:RunningBatchRiskAnalysisismandatoryforSODReviewRequestcreation

    2057848UAM:IncorrectvalueisdisplayedfortheVariableREQUESTER_NAMEintheSODNotifications

    2058766Removalofreviewernotpossiblefromrequestreviewer

    1888260UAM:IssueswithSODReviewrequest

    1973155ProvidingtablesortingoptioninSODReviewrequestandmitigationsnotsavedonsavingSODrequest

    Nolabels

    FollowSCNContactUs SAPHelpPortalPrivacy TermsofUse LegalDisclosure Copyright


Niwana SOD

SOD Protokol

A risk-based approach to segregation of duties › wp-content › uploads › 2018 › ...Segregation of Duties (SoD) is top of mind for many professionals, from compliance managers

Automating PeopleSoft Segregation of Duties: …ww1.prweb.com/prfiles/2015/05/06/12704691/Automating SoD...Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions

The Civil Rights Movement Ch. 18. Segregation Divides America De jure segregation- segregation upheld by law De facto segregation- segregation by unwritten

Deloitte SOD

BIOCIDE SOD 390+ sod 390+ - exeol.fr · PRODUIT SOD 390+ FT EXE2311-2011-02-V2 DETERGENT DESINFECTANT ALIMENTAIRE SOD 390+sod 390+ BIOCIDE Descriptif : DETERGENT DESINFECTANT ALIMENTAIRE

ScienceOfGettingRichNotes SOD

DATABYTEDATABYTE - ISACA · PDF file · 2014-05-03past the reception desk. See map and directions on page 6) ... with a focus on Segregation of Duties (SOD). ... Team Eastern Auditors

On Metal Segregation of Bimetallic Nanocatalysts Prepared ...€¦ · catalysts Review On Metal Segregation of Bimetallic Nanocatalysts Prepared by a One-Pot Method in Microemulsions

Rapidly reduce Segregation of Duty Violations in Oracle ... · PDF fileWe can not use Oracle “seeded” Responsibilities because of inherent SOD conflicts. GL Supper User can Enter

Audit Controls - American Payroll Association · Segregation of Duties Segregation of Duties (SOD) is a basic building block of sustainable risk management and internal controls for

Laporan SOD

Genetics. Segregation of chromosomes during meiosis causes predictable patterns of inheritance. REVIEW: During Meiosis, segregation of maternal and paternal

CITY OF PALO ALTO OFFICE OF THE CITY AUDITORSeparation of Duties (SoD) Separation of duties (SoD), also known as segregation of duties, is an internal control mechanism to reduce the

Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems

Iż-żgħażagħ protagonisti għal għażla fis-sod - Futur fis-Sod

Cybersecurity and Data Security - Elliott Davis · bank has any segregation of duties (SoD) of conflicts. If conflicts exist management should have mitigating controls (business process

SOD , dtic

Counterpoint, Sod

Sakalapoojalu · gather from G. Uma Reddy e$æ6rúobáo KDðáo e)áo Sod od doe$ Sod Sod (SO) Sod Sod Sod Sod 5660 Sod aso ,Úoá60 . gather from G. Uma Reddy Sðáoáîô0 Sooú)õ

pt-palembang.go.idpt-palembang.go.id/images/2020/Pengumuman...Penitipan barang Body Checking Peserta masuk ruang tunggu steril 06.30 sod. 08.00 sod, 08.30 sod, 09.30 sod. 11.00 sod

Paver Segregation Process Review

HCM & PSFIN Segregation of Duties (SOD) · Segregation of Duties (SOD) •When duties cannot be segregated, compensating controls should be considered. •Compensating controls can

Sod Profile

DDB Unlimited, Inc. W A R ANTY SOD SERIES SOD … Unlimited, Inc. SOD SERIES SOD-372420 Why Choose the SOD Series? The SOD series enclosure is the ultimate choice for your outdoor

Copyright © 2003 Americas’ SAP Users’ Group Segregation of Duties (SOD) Strategies, Techniques, and Tools Christopher Lane Manager – PricewaterhouseCoopers

Webinar: Berechtigungskonzept und Segregation of Duty (SoD)

Installing Sod

Segregation of Duties - Temple Fox MIScommunity.mis.temple.edu/mis5121beaver/files/2015/03/Ex-4-SOD... · from the SAP ERP IDES system to illustrate the security configuration

GRC Links Segregation of duties (SoD) for SAP

Northern Segregation ◦ De jure segregation Segregation by law ◦ De facto segregation Segregation by practice and custom Harder to fight Requires

DDB Unlimited, Inc. W A R ANTY SOD SERIES SOD … Unlimited, Inc. SOD SERIES SOD-302420 Why Choose the SOD Series? The SOD series enclosure is the ultimate choice for your outdoor

Segregation of Duties Remediation for Infor-Lawson Software€¦ · SoD reports validate that the correct checks and balances have been implemented within the security model to avoid

HCM Segregation of Duties (SOD) - University System of Georgia€¦ · HCM Segregation of Duties (SOD) Facilitators: Brad Freeman & Stephanie Marshall September 20, 2019. ... •