|
Answer» Business Process Owners − - Identify risks and approve risks for monitoring.
- Approve remediation involving user access.
- Design controls to mitigate conflicts.
- Communicate access assignments or role changes.
- Perform proactive continuous compliance.
Senior Officers − - Approve or reject risks bet ween business areas
- Approve mitigation controls for selected risks
Security Administrators − - Assume ownership of GRC tools and security process
- Design and maintain rules to identify risk conditions
- Customize GRC roles to enforce roles and responsibilities
- Analyze and remediate SoD conflicts at role level
Auditors − - Perform risk assessment on a regular basis
- Provide specific requirements for audit purposes
- Perform periodic testing of rules and mitigation controls
- Act as liaison bet ween external auditors
SoD Rule Keeper − - Perform GRC tool configuration and administration
- Maintain controls over rules to ensure integrity
- Act as liaison bet ween basis and GRC support center
|
