Cross-enterprise Integration With Sap Grc Access Control: Integrating Multiple Systems With Sap Grc Access Control

The primary purpose of the book is to provide implementation team members, technical teams, audit and security teams, and consultants with a roadmap for implementing and configuring AC RAR in a multi-system environment. The focus of the book is helping the target group configure AC RAR to incorporate a central rule repository using that functions across multiple SoD domains. Controlling the level of access employees, contractors, partners and systems have to an organization's financial and functional information, processes, and knowledge base is the most important aspect of a risk management strategy, and one of the most difficult to im-plement properly. Due to the sheer number of "transactions" involving corporate information that take place both inside and outside an organization (many of them automated), myriad complex rules are required to make sure that access to that information is segregated appropriately. Individually-segregated rules need to be defined, for example, for a business analyst opening a reporting spreadsheet, a customer service representative accessing customer data, a receiving clerk accessing trade forms, and an EDI transaction interfacing with an external bank. This so-called Segregation of Duties (SoD) strategy must then be monitored 24/7 to ensure compliance with regulations such as SOX. Much of the success of an organization's risk management and compliance strategy hinges directly on the strength of their access control process. SAP offers customers the Access Control Risk and Remediation component as part of the GRC application. It is considered the state-of-the-art access control solution in the industry, and is considered the crown jewel of SAP's acquisition of Virsa. Formerly known as Compliance Calibrator, AC RAR provides companies with a platform for managing their entire access control strategy, including the ability to create a central rule repository for both SAP ERP and non-SAP legacy infrastructure.