Roles and Responsibilities Role Owner

Uploaded by

kashifrasheed

0% found this document useful (0 votes)

52 views2 pages

Copyright

Available Formats

DOCX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Roles and Responsibilities Role Owner

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

52 views2 pages

Roles and Responsibilities Role Owner

Uploaded by

kashifrasheed

Roles and Responsibilities Role Owner

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 2

Search inside document

GRC Roles and Responsibilities – Role Owners

GRC Roles & Responsibilities – Role Owners

Role Owners will carry out the following tasks as part of their GRC-related responsibilities:
 Identify potential access changes, aligned to the business area’s functions, organization and
Segregation of Duties requirements.
o New or amended role definition.

o User assignments to new or amended roles

 Assist the SOD Coordinator with the assessment of new risks associated with proposed changes
 Formally request Production access changes (role activation and user/role assignment) when the
GRC risk analysis is completed and documented.
 Manage changes to SAP access from the MIT RolesDatabase , where appropriate. Note: there is
usually no SAP Security Admin involvement in this step for existing provisioning.
 Request assignment of users to Firefighter roles in GRC.
 Advise SAP Security of any Transfer Out / Termination
 Conduct regular reviews of
o Roles for the business area – who has them

o Users per business area – what roles they have

o Users per business area – what Risk/ Mitigation combinations are assigned

o GRC-ARA (SOD) analysis

o Assignment of Business Back-up FireFighter roles to Users

 Monitor access logs for business user "FireFighter" and IS&T Support role usage
Responsibilities Reference

TASKS PROCESS & STEP

1. New or amended roles 1
Initiate proposal for new or amended roles 1.1
Approve role design and initial build 1.5
Approve role transport to Production 1.9
Confirm results to allow RT ticket closure 1.13
2. Mitigation Analysis 2
Contribute advice to Mitigation Analysis and confirm result 2.1.d
Recommend final Mitigation Control to Risk Owner 2.4
Implement any new manual control processes 2.2
Carry out SOD Analysis and other mitigation controls 2.7 and see 5
3. Role Provisioning to Users 2
Request changes to role assignments 3.2
Make any MIT RolesDatabase provisioning 3.3
1
GRC Roles and Responsibilities – Role Owners

TASKS PROCESS & STEP

4. FireFighter 4
If designated as a FireFighter Controller, request VPF BA or 4.6
IS&T BSA to take action, and review FFID logs. 4.8
5. Periodic Compliance review 5
Manage execution and review of Mitigation Controls and 5.M.1, 5.M.3
take any remedial action
Review Access Risk Analysis reports for the business area – 5.Q.2
may need to make some Role or User changes or 5.Q.3
may need to revisit the Mitigation Analysis process 5.Q.4
Review “owned” role assignments to users, and review 5.Q.5
business area users’ role assignments.
If designated as a FireFighter ID Owner , review FFID 5.Q.7
assignments to users
Propose recertification of assignment Mitigation Controls 5.A.2

REPORTS PROCESS
05 SUIM Roles (select by Role name) 3 and “Ad hoc”
 Single Roles assigned to Composite Roles
 Tcodes assigned to roles
06 User to Role Relationship 2 and 5
 Users assigned to a role
07 Role Relationship with User / User Group 1, 2 and 5
 Roles assigned to users or all users in the user group
08 SUIM Users (select by User Id) 3 and “Ad hoc”
 Compare role assignment for two or more users
09 Count Authorization for Users 5
10 Action usage by User, Role and Profile 1 and “Ad hoc”
11 Mitigation Control report (list of Mitigation Controls) Ad hoc and 2
12 User Level Risk Analysis report Run by BA or
 Analyze for SOD per user or user group SOD Controller:
 Analyze assignment of Mitigating Controls to 2 and 5
Risk/User combinations.

FORMS PROCESS & STEP

A: GRC Mitigation Control Change Request 2.4
B: GRC FireFighter Access Change Request 4

WORKFLOW OR EMAIL-TRIGGERED ACTIONS PROCESS & STEP

Email for FireFighter usage – if designated as a FFID Controller 4

MDM of Product Data Solutions Second Edition
From Everand
MDM of Product Data Solutions Second Edition
Gerardus Blokdyk
No ratings yet
Data Migration Security Standard Requirements
From Everand
Data Migration Security Standard Requirements
Gerardus Blokdyk
No ratings yet
Reading Sample Sappress 1481 Sap System Security Guide
Document39 pages
Reading Sample Sappress 1481 Sap System Security Guide
Vitlen
No ratings yet
SAP GRC Process Control Training Content Schedule
Document5 pages
SAP GRC Process Control Training Content Schedule
lawal
No ratings yet
SAP GRC Access Control 5.2 Implementation Guide For Enterprise Role Management
Document11 pages
SAP GRC Access Control 5.2 Implementation Guide For Enterprise Role Management
penguinfoot
No ratings yet
Data Governance Analyst
Document4 pages
Data Governance Analyst
api-79070493
No ratings yet
GRC Components - Work Module of GRC: Compliant User Provisioning
Document4 pages
GRC Components - Work Module of GRC: Compliant User Provisioning
Karthik Eg
No ratings yet
Yogesh Kumar
Document2 pages
Yogesh Kumar
Sneha More Pandey
100% (1)
Sap GRC
Document15 pages
Sap GRC
Er. Alla Jithendra Prasad
No ratings yet
mySAP HR e-Recruiting Components Portals Collaboration
Document11 pages
mySAP HR e-Recruiting Components Portals Collaboration
ramanmallela
No ratings yet
Master Data Management - Wikipedia, The Free Encyclopedia
Document4 pages
Master Data Management - Wikipedia, The Free Encyclopedia
arjun.lnmiit
No ratings yet
Webinar Auditing SAP
Document43 pages
Webinar Auditing SAP
mbanti20008801
No ratings yet
SAP Baseline Security Audit: Essential Technical Controls
Document5 pages
SAP Baseline Security Audit: Essential Technical Controls
Ranjeet Singh
No ratings yet
Rakesh Kumar Padhi: Summary
Document5 pages
Rakesh Kumar Padhi: Summary
Vivek Paul
No ratings yet
Nishigandha Gosavi: Overview
Document3 pages
Nishigandha Gosavi: Overview
Jain M
No ratings yet
GRC 10.0 Access Risk Management - ARA
Document71 pages
GRC 10.0 Access Risk Management - ARA
Aiyappan Subrahmanyam
No ratings yet
Operations Consulting and Reengineering: ©the Mcgraw-Hill Companies, Inc., 2004
Document29 pages
Operations Consulting and Reengineering: ©the Mcgraw-Hill Companies, Inc., 2004
gudun
No ratings yet
Sri Ramchandra Bhargav K-2
Document3 pages
Sri Ramchandra Bhargav K-2
Bhargav Sriram
No ratings yet
PBS CBW NLS Administrator Guide
Document215 pages
PBS CBW NLS Administrator Guide
sharadcsingh
0% (1)
Project: Establishing A Value-Driven BPM-Discipline
Document20 pages
Project: Establishing A Value-Driven BPM-Discipline
Muhammad Naveed
No ratings yet
BCA - ICAI GRC Approach SAP PDF
Document33 pages
BCA - ICAI GRC Approach SAP PDF
sarvjeet_kaushal
No ratings yet
GRC Training for Risk Owners Agenda
Document35 pages
GRC Training for Risk Owners Agenda
hossainmz
No ratings yet
Sappress Sap Governance Risk and Compliance PDF
Document33 pages
Sappress Sap Governance Risk and Compliance PDF
Prince McGershon
No ratings yet
SAP Fraud Management Anti-Corruption Content Rel11 SP01
Document52 pages
SAP Fraud Management Anti-Corruption Content Rel11 SP01
Sreedhar.Dondapati
No ratings yet
Expert for Business Intelligence Technical Specifications
Document6 pages
Expert for Business Intelligence Technical Specifications
Ujjaval Bhalala
No ratings yet
Change Request Management-chaRM
Document50 pages
Change Request Management-chaRM
srkrna4u
No ratings yet
Enterprise SAP GRC Compliance and Security Training
Document128 pages
Enterprise SAP GRC Compliance and Security Training
T. Ly
No ratings yet
Functional Specification - Document Overview: Document Required Information Comments
Document15 pages
Functional Specification - Document Overview: Document Required Information Comments
Noelsundeep Murary
No ratings yet
Data Migration
Document1 page
Data Migration
BetiJhansi
No ratings yet
SNP Carve-Out or Shutdown of Business Units in SAP
Document4 pages
SNP Carve-Out or Shutdown of Business Units in SAP
Comwave
No ratings yet
Peoplesoft Financials Implementation
Document11 pages
Peoplesoft Financials Implementation
Kesava Sumanth A
No ratings yet
SAP BW Rapid Deployment Solution For APO - v1 6
Document39 pages
SAP BW Rapid Deployment Solution For APO - v1 6
Rahul Mahajan
No ratings yet
Configure Segregation of Duties (SOD) Reviews
Document17 pages
Configure Segregation of Duties (SOD) Reviews
PabitraKumar
No ratings yet
Activiti Installation and Configuration
Document5 pages
Activiti Installation and Configuration
Raghavendra Muniramaiah
No ratings yet
Winshuttle Transaction Brochure
Document2 pages
Winshuttle Transaction Brochure
odayict
No ratings yet
ERP
Document56 pages
ERP
Aiswarya Suresh
No ratings yet
Winshuttle RPA SAPPHIRE 2019 Presentation en
Document16 pages
Winshuttle RPA SAPPHIRE 2019 Presentation en
Rodrigo Alvarez
No ratings yet
GRC Architecture
Document8 pages
GRC Architecture
edvigisa
No ratings yet
Sap Basis: Client Server Architecture
Document11 pages
Sap Basis: Client Server Architecture
Kirti Pradhan
No ratings yet
SAP GRC10 and Security Video Contents
Document4 pages
SAP GRC10 and Security Video Contents
jaganctec
No ratings yet
Customer Presentation - GRC Access Control (August '08)
Document40 pages
Customer Presentation - GRC Access Control (August '08)
cathavoc956
No ratings yet
The Role of Continuous Monitoring and Auditing in GRC by BWise PDF
Document11 pages
The Role of Continuous Monitoring and Auditing in GRC by BWise PDF
gong688665
No ratings yet
SAP Security Consultant Resume Troy MI
Document13 pages
SAP Security Consultant Resume Troy MI
genfin
No ratings yet
Harikrishna Nakirekanti: Mobile: +91-9963401274
Document3 pages
Harikrishna Nakirekanti: Mobile: +91-9963401274
Vaishnav Menon
No ratings yet
Venkat MM WM Ariba Resume
Document3 pages
Venkat MM WM Ariba Resume
Gopi Krishnan
No ratings yet
Practical Guide For Sap Security
Document277 pages
Practical Guide For Sap Security
Sreekar
100% (1)
ISACA 2009 Mar 26 - Presentation v8 - From Rajeev Dasgupta 24.3.2009
Document33 pages
ISACA 2009 Mar 26 - Presentation v8 - From Rajeev Dasgupta 24.3.2009
jiten76
No ratings yet
MM Course Overview Covers Enterprise Structure, Master Data, Transactions
Document3 pages
MM Course Overview Covers Enterprise Structure, Master Data, Transactions
honey
No ratings yet
Basic Understanding of Roles and Authorization
Document7 pages
Basic Understanding of Roles and Authorization
ShahanazShaik
No ratings yet
Sap Security Roles, Qualifications Etc
Document6 pages
Sap Security Roles, Qualifications Etc
laarigao
No ratings yet
SAP Change Management Roadmap for Implementing New Contract Management Process
Document1 page
SAP Change Management Roadmap for Implementing New Contract Management Process
Pranav Vyavahare
No ratings yet
Shiva Shankar: Mobile: +91 7396352089
Document4 pages
Shiva Shankar: Mobile: +91 7396352089
ashok varma
No ratings yet
Top Four Enterprise-Architecture Methodologies PDF
Document19 pages
Top Four Enterprise-Architecture Methodologies PDF
swapnil_bankar
No ratings yet
(BPM) Lecture 3&4 - Business Process Modelling PDF
Document63 pages
(BPM) Lecture 3&4 - Business Process Modelling PDF
Ana Florea
No ratings yet
Business Process Improvement Customer Service Management in Tampa FL Resume Kathleen H Shelton
Document2 pages
Business Process Improvement Customer Service Management in Tampa FL Resume Kathleen H Shelton
KathleenHShelton
No ratings yet
Audit Management
Document66 pages
Audit Management
Mohamed Ashraf
No ratings yet
Accenture Microsoft SAP Innovate PDF
Document3 pages
Accenture Microsoft SAP Innovate PDF
rajesh2kakkassery
No ratings yet
User onboarding Complete Self-Assessment Guide
From Everand
User onboarding Complete Self-Assessment Guide
Gerardus Blokdyk
No ratings yet
Data Migration and Consolidation A Complete Guide
From Everand
Data Migration and Consolidation A Complete Guide
Gerardus Blokdyk
No ratings yet
GRC Training RiskO
Document151 pages
GRC Training RiskO
hossainmz
No ratings yet
Income Tax Basics
Document48 pages
Income Tax Basics
Azad Singh Bajaria
No ratings yet
Wartsila Tribo Pack
Document7 pages
Wartsila Tribo Pack
super_seeker
100% (1)
SKF Frecuently Questions With Answers
Document16 pages
SKF Frecuently Questions With Answers
Carlos Alcantara
No ratings yet
Hyperfunctional Voice Disorders
Document11 pages
Hyperfunctional Voice Disorders
Jam P
No ratings yet
Proper Care and Use of Personal Dosimeters: Handling
Document1 page
Proper Care and Use of Personal Dosimeters: Handling
Ashley Jackson
No ratings yet
Chapter 5 Integumentary Study Guide
Document3 pages
Chapter 5 Integumentary Study Guide
Superjunior8
No ratings yet
Nitrogen Blanketing
Document21 pages
Nitrogen Blanketing
rvkumar61
No ratings yet
Measuring Instruments Temperature Guide
Document52 pages
Measuring Instruments Temperature Guide
mohammedhanafy
No ratings yet
Continuous Renal Replacement Therapy
Document9 pages
Continuous Renal Replacement Therapy
doc_next_door
No ratings yet
Working Length Determination in RCT
Document38 pages
Working Length Determination in RCT
Didar Sadiq Kwekha
100% (1)
Quality Assurance in The Manufacture of Light Unmanned Aircraft System
Document4 pages
Quality Assurance in The Manufacture of Light Unmanned Aircraft System
Ahmad Zubair Rasuly
No ratings yet
Volcanic Eruption Types and Process
Document18 pages
Volcanic Eruption Types and Process
Rosemarie Joy Tanio
No ratings yet
Drug study on Tegretol
Document2 pages
Drug study on Tegretol
Sophia Kaye Aguinaldo
No ratings yet
ZinkPower Batam - Company Brochure
Document6 pages
ZinkPower Batam - Company Brochure
ansarALLAAH
No ratings yet
VR-ForM-F06.10 (Hot Work Permit Request Form)
Document1 page
VR-ForM-F06.10 (Hot Work Permit Request Form)
imtz2013
No ratings yet
Fertilization to Implantation Stages
Document18 pages
Fertilization to Implantation Stages
NurulAqilahZulkifli
No ratings yet
Dyna Lift Flyer 500 FL 000010 en
Document20 pages
Dyna Lift Flyer 500 FL 000010 en
Erdinc Senman
No ratings yet
Method of Statement For Pipeline Work
Document15 pages
Method of Statement For Pipeline Work
Halil Güney
100% (3)
Recommended Abma & Asme Boiler Water Limits Drum Operating Pressure (Psig) Steam
Document9 pages
Recommended Abma & Asme Boiler Water Limits Drum Operating Pressure (Psig) Steam
maoc4vn
No ratings yet
NFPA 97 - 2003 Standard Glossary of Terms Relating To Chimneys, Vents, and Heat-Producing Appliances
Document34 pages
NFPA 97 - 2003 Standard Glossary of Terms Relating To Chimneys, Vents, and Heat-Producing Appliances
onepunchman yao
No ratings yet
NASA Water Filtration System Guide
Document54 pages
NASA Water Filtration System Guide
Boey Soo Yin
100% (1)
ICICI Pru IProtect Smart Illustrated Brochure
Document56 pages
ICICI Pru IProtect Smart Illustrated Brochure
soubhadra nag
No ratings yet
Smart medical system monitors dementia patients' medication
Document9 pages
Smart medical system monitors dementia patients' medication
Kresna
No ratings yet
Supra 644, 744, 844 Beginning With Serial# Hfy90593608 - Sunbelt ...
Document68 pages
Supra 644, 744, 844 Beginning With Serial# Hfy90593608 - Sunbelt ...
Glacial
100% (1)
MEH B1 Video Book Answer Key
Document6 pages
MEH B1 Video Book Answer Key
Tru Calling
No ratings yet
Aftercooler - Test: Shutdown SIS Previous Screen
Document7 pages
Aftercooler - Test: Shutdown SIS Previous Screen
Keron Trotz
100% (1)
Diane Derzis Motion To Dismiss Complaint by The Alabama State Board of Health To Stop Her From Operating An Abortion Clinic Closed by The State.
Document8 pages
Diane Derzis Motion To Dismiss Complaint by The Alabama State Board of Health To Stop Her From Operating An Abortion Clinic Closed by The State.
Tom Ciesielka
No ratings yet
Life Wealth Mastery English
Document12 pages
Life Wealth Mastery English
D.j. Ralmm
100% (1)
2009 IECC Residential Code Requirements Apr 14 Draft Inspectors
Document4 pages
2009 IECC Residential Code Requirements Apr 14 Draft Inspectors
bcap-ocean
No ratings yet
Online Pharmacy: Customer Profiling
Document6 pages
Online Pharmacy: Customer Profiling
George Sebastian
No ratings yet