cancel
Showing results for 
Search instead for 
Did you mean: 

Regd: Risks and Functions in ARA

former_member185447
Active Contributor
0 Kudos

Hello GRC Mates,

Let's say I have three functions in a Risk namely Fn1, Fn2 and Fn3.

In the Functions, Fn1 and Fn2 has some conflicts and Fn2 and Fn3 has Conflicts, can we build a risk or is it mandatory that there should be conflicts between Fn1 and Fn3 also.

Regards

Deepak M

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi Deepak,

You can check : http://scn.sap.com/docs/DOC-54530

Regards

Munish Kumar

FilipGRC
Contributor
0 Kudos

Hi Deepak,

there is no mandatory / one recommended approach here. Decision should be based on risk analysis/assessment , as between Fn1 and Fn3 there maybe a risk with lower impact on your client organization. Namely F1&F2&F3 maybe be a high risk, and should never been accepted in user authorization but F1&F3 can be accepted in some user / role cases taking into account there is compensating control in place. So from conflict resolution perspective organization response maybe different in case of F1&F3 and different in F1&F2&F3.

Therefore I would create a new risk here for F1&F3.

Filip