Role Their Responsibilities
Approve key controls and
mitigating controls for high risks
Security administrator and role owners Ownership of SAP solutions for
GRC and security process
Design and maintain rules to
identify risk conditions
Maintain the technical integrity of
the roles’ business purpose
Decision maker for role changes
SAP Application Support and Identify key controls
Compliance Team
Review automated controls for
applicability of deployment
Document processes, controls,
and testing methods
Complete surveys for control
designs
Auditors and regulators Perform risk assessment on a
regular basis
Provide specific requirements
for audit purposes
Perform periodic testing of
processes and key control points
SoD Rule Keeper Maintain controls over rules to
ensure integrity
Shake Down the People Who Know ...........................................................
Have policy building sessions to emphasize commitment and collaboration
between business, technical, and audit personnel. Cover the following topics
and make sure you get the deliverables mentioned in Table 16-2.
Chapter 16: Top Ten GRC Strategies 301
