This book covers all processes and components of the SAP solutions for Governance, Risk, and Compliance (GRC). With a focus on Process Control, Access Control and Risk Management, the book provides the standard implementation scenarios and information on customizing using a standard case-study example.

You will learn how you can guarantee the compliance of business processes and IT systems with Process Control, how Access Control can be used for company-wide role definition and segregation of duties and how to perform analysis and elimination of risk related to user creation and superuser authorization. You will subsequently explore the relevant phases of risk management in order to supervise financial as well as legal risks.

Moreover, you will receive insight into the SAP solutions for compliance in the foreign trade, SAP GTS, and for compliance with guidelines in the environmental protection and labor safety, SAP EHS.

Highlights

• Access Control
• Process Control
• Risk Management
• SAP Global Trade Services
• SAP Environment. Health. & Safety

About the Author(s)

Sabine Scholer has been responsible for the ramp-up programs of several different SAP products. Including GRC. Before that, she led complex SAP projects and was active in the Solution Management Service area. Olaf Zink has worked for 10 years in the SAP consultancy, primarily as a Business Solution Architect for international SAP projects. He has significant expertise with the Sarbanes-Oxley Act, and successfully introduced Management of Internal Controls as well as SAP GRC Process Control.

Table of Contents

Acknowledgements ... 14

1 ... Overview of SAP Solutions for Governance, Risk, and Compliance ... 15
... 1.1 ... Sample Company ... 15
... 1.2 ... Motivation and Goals of the GRC Project ... 17

2 ... SAP GRC Process Control ... 27
... 2.1 ... Objectives of SAP GRC Process Control ... 28
... 2.2 ... SAP GRC Process Control — Application ... 29
... 2.3 ... SAP GRC Process Control — System Configuration ... 68

3 ... SAP GRC Access Control ... 101
... 3.1 ... Overview of SAP GRC Access Control ... 101
... 3.2 ... Initial Analysis and Cleanup of Authorization Profiles ... 106
... 3.3 ... Defining and Managing Roles ... 117
... 3.4 ... Compliant User Provisioning ... 126
... 3.5 ... Superuser Privilege Management ... 131
... 3.6 ... SAP GRC Access Control — Application and Configuration ... 136

4 ... SAP GRC Risk Management ... 203
... 4.1 ... Goals of SAP GRC Risk Management ... 204
... 4.2 ... Business Processes in Risk Management ... 205
... 4.3 ... User Roles ... 209
... 4.4 ... SAP GRC Risk Management — Application ... 211
... 4.5 ... SAP GRC Risk Management — System Configuration ... 234

5 ... SAP GRC Global Trade Services — An Overview ... 261
... 5.1 ... Goals of SAP GRC Global Trade Services ... 261
... 5.2 ... Legal Control ... 262
... 5.3 ... Customs Management ... 269
... 5.4 ... Using Monetary Benefits and Limiting Monetary Risks ... 273

6 ... SAP Environment, Health & Safety — An Overview ... 281
... 6.1 ... Goals of SAP Environment, Health & Safety ... 281
... 6.2 ... Chemical Safety ... 282
... 6.3 ... Environmental Protection, Health Protection, and Industrial Hygiene and Safety ... 285
... 6.4 ... Adherence to Product-Specific Environmental Protection Regulations ... 289
... 6.5 ... Compliance Management and Emissions Management ... 290

7 ... An Outlook Ahead and a Product Roadmap ... 293
... 7.1 ... Overview of 2008 and 2009 ... 293
... 7.2 ... Strategic Look Ahead After Integration with Business Objects in SAP ... 297