SAP GRC AC - frequently asked questions
Our consultants have put together a comprehensive list of common enquiries and responses to SAP security issues to help with basic troubleshooting and simple problem solving. The FAQs also provide useful background data to IT administrators about to start an SAP initiative.
If you have a question which is not listed here, please use the Ask the Experts form to submit a question. Your inquiry will be addressed by one of our consultants as promptly as possible.
Risk Analysis and Remediation (RAR) is the core module of SAP's BusinessObject Access Controls suite. Its primary function is to support the management of Segregation of Duties (SoD) controls and monitor Critical Transactions across an ERP system. RAR holds the rules for what is deemed to be a risk to the business.
Using RAR you can produce analytical SoD reports on selected users, user groups, roles and profiles and can also produce reports on critical actions, critical permissions, critical roles and profiles. This is all based upon the rules defined within the tool.
RAR is designed to allow all key stakeholders to work in a collaborative manner to achieve ongoing SoD and audit compliance. Risk analysis reports provide real-time data and Management reports retain an offline history of SoD status. RAR also has Simulation features to allow you to assess the impact of potential remediation activities on the reported conflicts prior to making the actual change.
