Educación

GRC100 – Governance, Risk & Compliance

Notas Curso GRC100

Governance, Risk & Compliance AVIANCA SAP

Este documento recopila información de referencia para responder a consultas presentadas durante el curso GRC100 de AVIANCA.

En ningún caso representa información que defina el alcance del proyecto, pues ese tipo de definiciones los alumnos deben obtenerlas directamente del equipo y responsables del proyecto SAP de AVIANCA.

 

Info en la WEB

 

  • Intro Video (40min)

 

https://www.youtube.com/watch?v=_EJDeIpuL7Y

https://www.youtube.com/watch?v=eEhLtXeaQFY

 

  • SAP HELP – GRC 10.1 – Access Control

 

https://help.sap.com/viewer/product/SAP_ACCESS_CONTROL/10.1.18/en-US

https://help.sap.com/viewer/5cae1bc9a72348389e91183714220e30/10.1.18/en-US

SAP Access Control is an enterprise software application that enables organizations to control access and prevent fraud across the enterprise, while minimizing the time and cost of compliance.

 

  • SAP HELP – GRC 10.1 – Risk Management

 

https://help.sap.com/viewer/product/SAP_RISK_MANAGEMENT/10.1.16/en-US

https://help.sap.com/viewer/51bbedc6646d4ff5b35b9d883be390a6/10.1.16/en-US

SAP Risk Management enables an enterprise-wide risk management process as mandated by certain legal requirements and recommended by best practice management frameworks

 

  • SAP HELP – GRC 10.1 – Process Control

 

https://help.sap.com/viewer/product/SAP_PROCESS_CONTROL/10.1.16/en-US

https://help.sap.com/viewer/211202168a4d41749caba30ee97d6c73/10.1.16/en-US

SAP Process Control is an enterprise software solution for compliance and policy management. The compliance management capabilities enable organizations to manage and monitor their internal control environments.

 

  • SAP HELP – GRC 11.0 – Global Trade Services

 

https://help.sap.com/viewer/product/SAP_GLOBAL_TRADE_SERVICES/11.0.09/en-US

https://help.sap.com/viewer/bdb1d2fb216941a69f6300006343e977/11.0.09/en-US

 

  • SAP HELP- GRC BI Content

 

https://help.sap.com/viewer/7975bb870bda47fe98496560fa11d48c/7.07.24/en-US/9a6b895360b93d58e10000000a174cb4.html

 

  • SAP Audit Management

 

https://help.sap.com/viewer/product/SAP_ASSURANCE_AND_COMPLIANCE_SOFTWARE_-_SAP_AUDIT_MANAGEMENT/1.1.8.0/en-US

https://help.sap.com/saphelp_fra110/helpdata/en/ab/ce1b52bd543c3ae10000000a441470/frameset.htm

 

  • Access Control – 4 Components Summary

 

ARA – Access Risk Analysis

EAM – Emergency Access Management

ARQ – Access Requests

BRM – Business Role Management

 

An access risk is an object that associates two or more conflicting functions or a critical action and critical permission.

 

 

  • SAP GRC False Positive examples

 

1–> https://blogs.sap.com/2014/06/19/organizational-rules-in-grc-access-control/

2–>https://wiki.scn.sap.com/wiki/display/GRC/Access+Control+10.X{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}3A+Org+Rule+concept+with+an+example

 

  • AC Rule Sets explanation

 

https://blogs.sap.com/2014/04/22/business-risks-rule-set/

 

 

  • AC – Types of Access Risk

 

Access Control enables you to specify the following types of access risks:

  • Segregation of Duties – This is defined as one individual having the ability to perform two or more conflicting functions to control a process from beginning to end without the involvement of others. For example, one person might be able to set up a vendor and process payments, or manipulate sales and customer invoices, to conceal kickbacks.
  • Critical Action – Certain functions are so critical in nature that anyone who has access needs to be identified and assessed to ensure the access is appropriate. This is different from segregation of duties risks in that the person only needs to have access to a single function. For example, the ability to configure a production system is considered a critical action regardless of any other access the person might have.
  • Critical Permission – Similar to a critical action, there are certain permissions (authorization objects) that are considered critical on their own. For example, having background job administration permissions might be considered critical by certain organizations.

 

  • ARA for newbies

 

https://blogs.sap.com/2014/08/27/ara-for-the-new-kid-on-the-block/

 

  • Blog Alessandro Bunzer

 

https://people.sap.com/alessandr0

 

  • SAP Risk Management – Useful Documents, Blogs, Resources, etc.

 

https://blogs.sap.com/2014/08/28/sap-risk-management-useful-documents-blogs-resources-etc/

 

  • SAP Process Control – Useful Documents, Blogs, Resources, etc.

 

https://blogs.sap.com/2014/08/28/sap-process-control-useful-documents-blogs-resources-etc/  

 

  • SAP Access Control – Useful Documents, Blogs, Resources, etc.

 

https://blogs.sap.com/2014/08/19/sap-access-control-useful-documents-blogs-resources-etc/

 

  • SAP Fraud Management – Useful Documents, Blogs, Resources, etc.

 

https://blogs.sap.com/2014/08/29/sap-fraud-management-useful-documents-blogs-resources-etc/

 

  • SAP GRC Fraud Management Example Video

 

https://www.youtube.com/watch?v=WiQnab4fL2c

 

  • SAP HANA R Integration

 

https://blogs.sap.com/2018/03/02/machine-learning-in-a-box-week-6-sap-hana-r-integration/

 

  • SAP Audit Management Example Video

 

https://www.youtube.com/watch?v=n5l4Ef1ZUMs

 

  • GRC SAP Analytics blog

 

http://blog-sap.com/analytics/category/grc/

 

  • GAT – CAPA-Related Initiatives

 

https://websmp203.sap-ag.de/~sapidp/012002523100007533692015E/Library/ProcessDiagrams/GAT_PC101_Process_Overview_EN_XX.pdf

 

  • SAP BRF+ Guide and example

 

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=288916902

 

  • SAP GRC CLM Guide

 

https://archive.sap.com/kmuuid2/e0431d8f-2298-2e10-5fb0-87840e285f4c/GRC{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}20Process{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}20Control{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}2010.0{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}3A{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}20Content{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}20Lifecycle{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}20Management

 

  • SAP RM and PS Integration

 

https://archive.sap.com/discussions/thread/1928197

 

  • GRC Indirect Entity-Level Controls

 

https://wiki.scn.sap.com/wiki/display/GRC/Indirect+Entity-Level+Controls

 

  • SAP Global Trade Services product

 

https://www.sap.com/latinamerica/products/global-trade-management.html

 

  • SAP Global Trade Services Roadmap

 

https://www.sap.com/products/roadmaps.html?tag=products:financial-management/sap-global-trade-services#pdf-asset=2e05c55d-c37c-0010-82c7-eda71af511fa&page=1

 

  • SAP GRC/Solman Integration docs

 

https://launchpad.support.sap.com/#/notes/2640279

https://archive.sap.com/documents/docs/DOC-22754

https://archive.sap.com/kmuuid2/c07d32aa-020e-2f10-c2b6-e0a2671d11af/How{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}20to{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}20Deploy{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}20SAP{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}20Solutions{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}20for{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}20Governance{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}2C{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}20Risk{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}2C{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}20and{043d22ade59af420831094f906a9f5c1b407b4b8b98497cceca6576ed0983cd6}20Compliance.pdf

 

  • GRC Entity Level Authorization Concept

 

https://www.stechies.com/concept-entity-level-authorization-grc-100/

 

  • GRC Business Role concept in 10.0

 

https://wiki.scn.sap.com/wiki/display/GRC/Business+Roles+concept+and+usability+in+GRC+AC10

 

  • AC10.0 BRM Business Role Management

 

https://www.sap.com/documents/2011/08/58424cab-557c-0010-82c7-eda71af511fa.html

 

 

  • Timeframe Concepts

 

https://wiki.scn.sap.com/wiki/display/GRC/Timeframe+Concept