Professional Documents
Culture Documents
Phase A
Phase B
Phase C
Steps 1 7
Risk understanding
Step 8
Role redesign and SOD analysis
Steps 9 11Mitigation Strategy
PHASE A
PREPARATION
Audit
(17)
Business Analyst
Business Systems
Analyst
Audit
Risk Owner
GRC system
Business
Management
HR
IS&T
Business
Management
HR
Business
Management
Audit
procedure is.
b. For each procedure, summarize into bullet points in
process step sequence, with system / person / action
c. Reality Check : make sure the procedure is still in use.
6. Actual users and system usage
IS&T - Security
Business Analyst
Business Systems
Analyst
(Role Owner to an
extent)
c. Identification of any Emergency Access the user has managed in GRC or in any other way.
d. List of roles / composite roles assigned to the users
e. Additional Authorizations used to restrict access by
organizational, functional, or business classification.
This may include authorizations provisioned through
the MIT custom Rules Database
Once a role is created, the Profile Generator requires
values for the Authorization Objects used by the
tcodes in the role.
f.
Audit
IS&T
Audit
Business Analyst
Business System
Analyst
PHASE B
f.
IS&T
Business
Management
Business Analyst
Business Systems
Analyst
Business
Management
f.
IS&T Security
Audit
Business
Management
PHASE C
Audit
Business Analyst
a.
Business Systems
Analyst
Information gathered
above
Audit
Business Analyst
Business Systems
Analyst
Audit
Business
Management
Audit
Business Analyst
Business Analyst
Business Systems
Analyst
IS&T Development
Business Analyst
Business Systems
Analyst
IS&T Development
Workflows
Risk Owner
Page 7 of 9
Page 8 of 9
Page 9 of 9