SOD and Risks
I was going through the SOD listed at http://www.*********************/sox_sod/sod_matrix.htm and I was wondering why the following are in conflicts:
Conflicts by business process
1) AP Invoice Verification and AP Payment Runs/ Clearing
2) Customer Master and Sales Order
3) Delivery Goods Issue and Cash Receipts/ AR Credit Memos
4) Delivery Goods Issue and Customer Master
5) Delivery Goods Issue and Sales Order
6) Purchase Order and Vendor
7) Purchase Order and AP Invoice Verification
8) Purchase Order and AP Payment Runs/ Clearing
9) Purchase Order and Receiving
10) Receiving and Inventory Adjustments
11) Sales Order and Cash Receipts/ AR Credit Memos
12) Vendor and AP Invoice Verification
13) Vendor and AP Payment Runs/ Clearing
I would like to understand the risks involve in the above conflicts and what the risk levels are for each one.
Thanks in advance!
Bliss
I think you'd best talk to some functional people about this. I think I can see some danger in the process combinations you mention but the real risk depends on your company's processes and control measures.
For instance:
People who can edit customer masters and sales orders could easily set the customer delivery addres to a fake one (their own for instance), create a sales order and set the address back to the original. If the changes on delivery addresses are monitored/logged this is not such a big risk.
The same goes for a lot of items in your list. Basically you do not want transactional data and customer/vendor masterdata to be maintained by the same person. Just to avoid them changeing masterdata, creating orders, accepting invoices and releasing payment runs after which they can change back the masterdata.
Similar Messages
-
The Issues and Risks page (issuesandrisks.aspx) serves up a list of issues/risks that are assigned to me. Is this a PSI call behind the scenes, or a call to the Reporting DB? Has anyone gone to this level of detail? Any help on how to
get this info programmatically would be awesome. Thanks! - M
Michael Mukalian | Jan 2010 - Dec 2010 MVP SharePoint Services | MCTS: MOSS 2007 Configuration | http://www.mukalian.com/blogIssue and risk comes from reporting DB. Please go through link it may help you to understand
http://pwmather.wordpress.com/2012/07/13/projectserver-active-issues-and-risks-on-pwa-reminders-web-part-ps2010-sp2010-sharepoint/
kirtesh -
Tables for Profit center and Risk Category
Hi,
Can anyone please tell me in which tables the values for profit center and risk category is maintained at.
Thanks
LilanHi Lilan,
Profit Centre's Data element is PRCTR. You can just press Where used button by going into SE11 and see in what scenario you need this field.
Because PRCTR field is maintained for Sales Order, Production Order tables and many other tables.
You need to look into ur requirement that what scenrio u are working in.
Please award points if helpful.
Regards,
Himanshu. -
Relation Between Interest and Risk Categories for Customers
Hi
Can somebody tell me if there is a relationship between interest rates and risk categories. We have not implemented neither treasury nor Hedging.
Would like to link the interest as per the risk categories. As the risk changes, interest should also vary.
Can this be achieved
PrasadHi Prasad,
It is all AR functionality: Dunning/Interest Calculation/Credit Management/Risk Categories; I think it is doable to adjust interest on late payments based on customer risk category; but I doubt you will get detailed answer on this forum. FICO forum may be better.
Manish -
Want to see ALL issues and risks, not just mine. Is this possible?
I'm relatively new to Project Online, but I have four projects in it with associated risks and issues. It looks like I can only see risks and issues that are assigned to me, which is fine for now, but as these projects get further down the line (or
as I add more projects), I'm going to want to assign issues and risks to other people and as head of our nascent PMO, I'm still going to want to see ALL of the issues and risks from Project Online (I am trying to manage the portfolio, after all). Is
there a setting somewhere I missed that would allow this, or am I stuck with just being able to see my own?Hi Cuttyson--
If you do need to consolidate risks and issues among a portfolio then you'd fall into report's creation with odata technology.
Paul's (a fellow MVP) has posted a while ago a tremendous
report pack which can be applied to Project Online with specific reports for risks and issues.
Hope this helps,
Guillaume Rouyre, MBA, MVP, P-Seller | -
Issues,Documents and Risks in primavera
Can any one explain about Issues,Documents and Risks in Primavera.
what is the Exact use of those.
In which Scenario we have to use those.Hi Soumya,
You can't add via View at Task Level this kind of information, only via Project Center, may you can build some custom WebPart.
Raymundo Chapa, MCTS http://www.inavant.mx/blog http://projectaserverzone.blogspot.com/ -
Creating New Functions and Risks in RAR 5.3
All,
I need to create a set of new functions and risks in RAR 5.3. What is the best way to do this?
I tried to export existing functions and modify what I thought were the relevant tables. Next I tried to import this into Rule Architect > Utilities > Import Rules. I got the confirmation the import uploaded successfully and a rule generation job started. The job took a while and when it comepleted I looked for the functions and they weren't there. What do you all advise?
Thanks,
Grace Raeyes Frank is right. if few functions then better do with Rule Architect
else you must understand interdependency of various table
did you defined which Business Process thsoe function will belong to.......
check table
VIRSA_CC_BUSPRC
VIRSA_CC_BUSPRCT
VIRSA_CC_FUNC
VIRSA_CC_FUNCT
virsa_cc_func*
functions and the object they pulled and actions , all these interrelations should be taken care of.....
better refer to default rule sets send by SAP, that's the way you have to create.....
regards,
Surpreet -
Are GRC Access Control, Process Control and Risk Management separate?
Are these 3 different modules that you have to purchase separately or are they included in one suite?
Hi Anne,
If you are refering to GRC Access Controls 5.3, Process Control 3.0 and Risk Management 3.0 - All 3 are separate.
A new version of GRC 10.0 has been launched which is currently in ramp up. This has all the above 3 in one suite.
Thanks and Best Regards,
Srihari.K -
can any one tell me where i could find relevant and useful material for Treasury and risk managment as i am undergoing training for the same.
savankumar gmail comHi,
Please go through the below link.
http://www.sap.com/services/education/catalog/course.epx?context=%5B%5B%7CFSC010%7C%7C%7C052%7CG%5D%5D%7C
and service.sap.com
Please let me know if you have any concerns,
Hope understood and points if you get through.
Thanks,
Vasu.. -
Hi,
The following configuration steps for Accrual/Deferral, which I am used to, before Ehp5 are no more available.
Menu path - Treasury and Risk Management -> Transaction Manager -> General Settings -> Accounting -> Accrual/Deferral
1. Money market : Define Accrual/deferral
2. Forex :Define Accrual/deferral
3. OTC Derivatives:Define Accrual/deferral
How do we do Accrual/Deferral config in Ehp5?
KalyanHi,
now you can find it in the area for general settings for accounting: TRM -> Transaction Manager -> General settings -> Accounting -> Accrual/Deferral.
BR
Renatas -
Treasury and risk Managament Configuration Guide
Hi Friends,
Can you please provide me the treasury and risk management config guide for the following :-
a. Foreign exchange forward cover
b. MTM Report Config
c. Financial Postings for the foward cover.
d. Swapping of forward cover.
Is treasury part of financial supply chain management, also let me know whether it is a SAP license product or part of normal standard product.
Please forward me the same to [email protected]
Thanks in advance.
DeepakHi deepak,
Check out these links
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/SDBFCM/SDBFCM.pdf
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/FIARCR/FIARCR.pdf
Assign points if useful
Regards
genie -
Fidelity rating and risk rating.
Hi.
what is difference between fidelity rating and risk rating?what is difference between fidelity rating and risk rating?
Signature Fidelity Rating (SFR) - A weight associated with how well a signature might perform in the absence of specific knowledge of the target. The Signature Fidelity Rating is configured per signature and indicates how accurately the signature detects the event or condition it describes.
Signature Fidelity Rating is calculated by the signature author on a per-signature basis. The signature author defines a baseline confidence for the accuracy of the signature in the absence of qualifying intelligence on the target. It represents the confidence that the detected behavior would produce the intended effect on the target platform if the packet under analysis were allowed to be delivered. For example, a signature that is written with very specific rules (specific regular expression) has a higher Signature Fidelity Rating than a signature that is written with generic rules.
Calculated Risk Rating (RR) - A value between 0 and 100 that represents a numerical quantification of the risk associated with a particular event on the network. Risk Ratings let you prioritize alerts that need your attention.
The Risk Rating is calculated from several components, some of which are configured, some collected, and some derived. The Risk Rating factors take into consideration the severity of the attack if it succeeds, the fidelity of the signature, the reputation score of the attacker from the global correlation data, and the overall value of the target host to you. The full formula used for calculating Risk Rating can be found in Figure 7-2 (Risk Rating Formula) of the Configuration Guide, and the values used are described in more detail in the section above that figure. -
Users unable to see Issues and Risk assigned to them in PWA 2013
User unable to see Issues and Risk assigned to them in PWA 2013 site
Hi,
I think this a duplicate of you other thread
Paul -
Difference between credit management and risk management
Hi friends,
can any one please explain about difference between creditmanagement and risk management.
Thanks®ardsHi Madhusudhan,
The payment guarantee for the value to be billed plays a central role within Sales. Credit management effectively allows you to minimise the credit risk.
Risk management for receivables is another useful tool for setting a payment guarantee to cover the credit risk.
Hope this Clairifies your Doubt and Please Reward If Really helpful.
Thanks and Regards,
Sateesh.Kandula -
Regarding Rules, Functions and Risks
Hello,
1. Does SAP provide a standard ruleset for SoD? Does it come with the AC 5.3 .SCA?
2. What is the relation between Rules, Risks, Functions and Business Process?
Thanks.Hi Gautam,
Just to make it more explanatory, lets take few examples for each entity:
1. Business Process (BP):
It can be a department, group or an independent functional unit in an organization. E.g Finance or HR or Material Management.
2. Function:
It can be a set of activites or say set of simlilar activities in a BP. E.g in SAP Security - SU01 and PFCG combination can be termed as a function - "User and role maintenence" .
3. Risk:
It can be a combination of 2 or more functions which when given to a single user, can be harmful to the organization.
4. Rule:
It is generated from Risks automatically. E.g if A and B are 2 funtions in a risk R, such that:
A has transactions X and Y and
B has transactions M and N
so there can be multiple rules generated here for Risk R , with the combinations like X and M rule, X and N rule, Y and M rule, Y and N rule etc.
5. Ruleset:
As the name suggest, is a set of Rules, generated from Risks. Two Rulesets may contain same, similar or dissimilar risks, based on the lanscape for which you want to use the ruleset. E.g you might have ruleset R1 having Risks 1 to N in your development system and you might have ruleset R 2 having Risks 1 to M in your Production system.
Hope this makes it a bit clearer to you know. For more dependencies within these entities and how they behave with eah other, I would suggest if you create each of them and then observe their linkages. The config guide from SAP would be more than enough for this purpose.
Regards,
Hersh.
http://www.linkedin.com/in/hersh13
Maybe you are looking for
-
Is it safe to enable "write changes into XMP"?
I am evaluating the LR4 beta using my existing tree of master photos. (Have to put the thing under a realistic load, or there is no test.) If I make a change to a photo with XMP writing enabled in the catalog settings, will LR3 be able to cope with t
-
How to pass a dynamic value to jrxml file???
Hi all, let me know a thing,How to pass a dynamic id value to the query in jrxml file. <queryString> <![CDATA[select currency_id from currency]]> </queryString> Because for every user,we have to generate a jasper report based on their loginId.So we h
-
BAPI_REQUISITION_CHANGE. where is the customer's data fields
hi all, i need to use BAPI_REQUISITION_CHANGE to change PR's customer's tab fields but in the tables i didnt see the extended fields, how can i add these fields..
-
FRM 92091 unexpected fatalerror in client-side Java code
Hi to all .. I have a Forms/Reports Application in a form I have a Java Bean that get the username of the client PC In the Oracle AS 10g all work fine in a Weblogic I get the error FRM 92091 unexpected fatalerror in client-side Java code and in the d
-
HT4790 What are the cons of turning on File Vault 2?
With whole disk encryption, are side effects such as system slow-downs resolved?