Show TOC

Component documentationRisk Analysis and Remediation Locate this document in the navigation structure


The Risk Analysis and Remediation (RAR) capability is a fully automated rules-based security audit and segregation of duties (SoD) analysis tool used to identify, analyze, and resolve risk and audit issues that relate to regulatory compliance.


The Risk Analysis and Remediation capability:

  • Enables all key stakeholders to work in a collaborative manner to build ongoing SoD risk and audit compliance at all levels. This compliance includes User, Role, Profile, and HR Object levels.

  • Empowers security administrators, business process owners and internal auditors to prepare their SAP systems, and all other systems, for an audit.

  • Provides user friendly summary and drill-down reports, making the identification and resolution of Risks and audit issues a painless process.

    • RAR produces Risk Analytical Reports for selected users, user groups, roles, and profiles, allowing user administrators to identify potential risk issues before assigning a new role to a user, group or profile.

    • RAR produces reports on critical actions, critical permissions, critical roles, and profiles.

  • Introduces a configuable reporting data mart that enables customized reporting by integrating your reporting tool of choice (for both RAR and CUP):

    • The data mart extracts the relevant data from the RAR and CUP and converts the data for reporting purposes

    • The data mart is nonhistorical

    • Data mart schema is published, which enables customers to integrate with any reporting tools.

      For more information, see the GRC Access Control Configuration documentation.

  • Includes an expandable starter set of rules, and enables risks to be identified and created in the system so that an administrator can correlate them with functions and associate each function to a business process. And then, the Risk Analysis and Remediation capability generates the rules to offset your identified risks, thus building on your rule set.

  • Provides comprehensive risk management functionality and powerful, easy to use, functionality to document Risk Mitigation Controls.

    • RAR enables you to perform a risk analysis to identify risks associated with a user, role, profile, or HR object. If you cannot eliminate a risk, you can use the capability to define mitigation controls. You also define monitors and approvers, assign them to specific controls, and create business units to help categorize mitigating controls.

  • Uses custom tables to store SoD data. It also ensures there is no interference with existing security processes and procedures.