Certification Areas:

The following list helps you to identify the topics covered in this test.
Weighting per Topic (not listed for all exams):
+ = <8%
++ = 8-12%
+++ = >12%
Topic & Weighting Way(s) to attain
Primary Alternative Other
Configure common GRC settings ++ GRC100, GRC300
Configure MSMP workflow +++ GRC300
Configure the Integration Framework + GRC100, GRC300
Configure user provisioning +++ GRC300
Define and manage roles ++ GRC300
Set up Access Risk Management +++ GRC300
Set up Business Rules Framework +++ GRC300
Set up Emergency Access Management
++
GRC300













GRC 100

Goals
Introduce SAP Governance, Risk, and Compliance (GRC) 10.0
Identify key governance, risk, and compliance processes supported in the GRC 10.0
solution
Describe key features and business benefits of the integrated solution
Identify applications that integrate with the GRC 10.0 solution
Describe the purpose and location of key user interface components
Discuss harmonized navigation and how authorizations affect what users see
Describe how common functions and relative master data are shared across GRC
solutions
Describe the IMG organization for GRC 10.0
Describe a general implementation process and key steps
Configure report presentation, structure, and content













Content
Introduction to SAP Governance, Risk, and compliance (GRC) 10.0
Solution Introduction
Solution Overview
GRC Convergence
Key Features and Benefits
Integration
Information Architecture, Security, and Authorizations
Information Architecture
Security and Authorizations
The GRC 10.0 User Interface
Work Centers
Harmonized Navigation
Common Functions and Data
User Interface Configuration Framework
Shared Master Data
Implementation and Configuration
Streamlined Configuration
Reporting
Configure reports without programming

GRC 300
Goals:

Describe tasks performed during a day in the life of a typical Access Control user
Discuss Harmonization topics as they relate to Access Control
Explain how GRC helps you to address business challenges
Identify authorization risks in typical business processes
Describe the Segregation of Duties Risk Management Process
Describe and configure functionality and features for SAP BusinessObjects Access
Control 10.0
Use the Access Control 10.0 application to analyze and manage risk, design and
manage roles, and provision and manage users
Describe the Access Control 10.0 architecture and landscape, Access Control
Repository, and Object Level Security
Describe how to upgrade from Access Control 5.3 to Access Control 10.0
Explain the post-installation steps for Access Control 10.0
Describe the Periodic Access Review process
Configure Access Control to support the integration of Identity Management
Plan for and manage emergency access
Discuss the reporting framework
Configure workflows, including multi-stage multi-path (MSMP)workflows and BRF+
Describe how the different components of the GRC application integrate with each
other
Discuss key steps in the Access Control implementation process




Content:
Introduction to SAP BusinessObjects Access Control 10.0
Access Control 10.0 Overview
Key Features and Benefits
Transporting Objects
User Interface Overview
A Day in the Life of an Access Control User
Harmonization and Integrations
Common Technical Platform
Effects of Harmonization in Access Control
Harmonization settings
Integration Points
How Access Control components work together
Identity Management Integration
LDAP Integration
Managing Compliance with Access Control 10.0
Business Challenges and Solutions
Overview of Business Process Flows
Segregation of Duties Risk Management Process
Information Architecture, Security, and Authorizations
Analyze and Manage Risk
Shared Master Data
Configuration and Rule Set Maintenance
Audit Trail Tracking
Risk Analysis Framework
System-Specific Mitigation
Mass Mitigation
Emergency Access Management
Emergency Access Management Overview
Centralized Firefighting
Plan for Emergency Access
Monitor Emergency Access
Design and Manage Roles
Configure Role Management
Configure Role Methodology
Plan for Technical Role Definition
Plan for Business Role Definition
Consolidate Roles through Role Mining
Mass Manage Roles
Provision and Manage Users
Plan for User Access
Plan for Human Resources Integration
Define User Provisioning
Design End User Personalization Forms
Request Approval
Periodic Access Review Process
Plan Periodic Review
Review Access Risk (SoD Review)
Monitor User Access
Monitor Role Access
Business Rule Framework (BRF)
Define workflow related Multi-Stage Multi-Path Workflow Rules
Define business rules using the BRF Workbench
Create BRFplus rules
Reporting
Reporting Framework
Change Existing Reports
Add Custom Fields to Access Requests and Roles
Access Control Implementation Process
Implementation Process Overview
Project Teams
Designing the Access Control Solution
Upgrade and Migration
Configuring Access Control using the IMG
Implementing the Solution
Optimizing and Enhancing the Solution