SAP pre-delivers the following roles within Internal Audit Management which enable you to create and maintain audits:
GRC Internal Audit Management — Audit Director (SAP_GRC_IAM_AUD_DIR)
The Audit Director has the following authority:
Creates auditable entities
Initiates the audit risk rating (ARR) and assigns the transaction to the Audit Manager
Creates audit proposals
Creates audit plan proposals
Transfers audit proposals and audit plan proposals
GRC Internal Audit Management — Audit Manager (SAP_GRC_IAM_AUD_MGR)
The Audit Manager has the following authority:
Creates auditable entities
Conducts and updates ARR
Creates audit proposals
Provides updates to audit plan proposals
Transfer audit proposals and audit plan proposals
GRC Internal Audit Management — Audit Lead (SAP_GRC_IAM_AUD_LEAD)
The Audit Lead has the following authority:
Provides audit oversight including audit steps
Assigns risks and controls to subject audit proposals
Reports issues back to the audit director
For more information about role authorization and identification see the SAP Access Control 10.0, Process Control 10.0 and Risk Management 10.0 Security Guide.