Table of Contents
SAP governance, risk, and compliance engage organizations to hasten regulations and compliances and take risks by its key operations. There are changing market situations inappropriate documents spreadsheets are not useful for external auditors and regulators. easy integration of GRC activities managing risk efficiently improving management activities detecting fraud in business analysis and monitoring.
SAP GRC controls software solutions by compliance and policy management. It has dealt with operational risks, strategic risks, compliance risks, and financial risks. It is the tool for documenting artifacts organizations, work papers, creative audit reports, SAP GRC GTS helps organizations to engage business at a high level with a single repository for all compliance master data and content irrespective of the size of organizations. SAP GRC solution has three main capabilities analyze, manage and monitor. Now we going to discuss the top 50 SAP GRC interviews, questions, and answers.
SAP GRC Questions and answers
Q.1 Explain the personalization tab written a role
Ans-Personalization is a way to save data that could be common to users. Anybody can create SAP queries and manage authorization by user groups, that could be stored in the private tab of the role.
Q.2 Is there a table for authorization where I can quickly see the value entered in a group of feels?
Ans-Improperly I am looking to find the values for P origin across the authorization profiles without having to drill down on each profile and authorization.AGR 1251 will give you some reasonable info.
Q.3 How Can I massly erase the roles without erasing the new roles?
Ans-There is an SAP report that removes the system type check and runs. To do a landscape with delete first enter the deleted roles to be deleted in a transport, run the erased program or manually erased and then leave the transport and include it into all kinds of systems. To use it you have to replace the code and check the SAP delivered roles only.
Q. 4 Where does the deleted users eager to find out logged?
Ans-Dubbing or using RSUSR100 to find the Infos. Play the transaction SUIM and down its change documents.
Q.5 How to insert missing authorization?
Ans-SU53 is the based transaction with which we can find the missing authorization. We can resolve to insert the missing authorization through Pfcq.
Q.6 What is the difference between a role and a profile?
Ans-Role and profile go side by side. The role is used as a template where you can add Tcodes reports. The profile gives the authentication when you create a role a profile is automatically created.
Q.7 What profile versions?
Ans-Profile versions are very usable and modified through RZ10 and generate a new profile having a different version and it stored in the database.
Q.8 What is the use of role templates?
Ans-Role templates consist of SAP directed towards transactions, reports, and web addresses.
Q.9 What is the difference between a single role and a composite role?
Ans-It is the collection transaction that generated the associate profile collect several roles.
Q.10 Is it possible to change the role template?
Ans-Yes we can change the user role template. We can use it as they are delivered in SAP. We can create them from scratch.
Q.11 How to create users?
Ans-Execute transaction SU01 and fill in all the fields.The initial password for that user is on the Logon data tab.
Q.12 What is the difference between USobox and Usob+C?
Ans-The table USOBX_C defines which authorization checks are to be performed within a transaction. The profile must maintain the profile generator. The table USOBT_C defines for each transaction for each authentication with default values object should have been in the profile generator and created freely.
Q.13 What is the derived role?
Ans-Derived roles differ which are already been maintained. The codes were assigned to it before. The role passes which can be changed afterward.The organizational role is not passed on. Derived roles are an elegant way of maintaining roles that do not differ in their works. Different characteristics with regard to the organizational level.
Q.14 What is A composite role?
Ans-Composite roles collect different roles. It enhances clarity. Composite roles are also called roles. It does not contain the authorized data. For authorization it retained data. If you add data you can set up the composite to the group. The uses assigned to a composite role are automatically roles during the comparison.
Q.15 What does the user compare?
Ans-It generates the profile is not centered in the user master record until the user master records have been compared. You can play with FGC Time dependency on.
Q.16 What is the difference between C and U?
Ans-Background with profile generator the table USOBX_C defines with the authorization and should be maintained in the PG. It should be developed table or table USOBT_C with four indicators.
An authority check is carried out against this object. The field values are developed for changing. Default values must be sustained.
No default values can be maintained for this authorization.
The authority check against this object is disabled.
No check is indicator set. Always carried against this object. Field values are not emphasized.No default can be maintained for this authorization.
Q.17 Can wild cards are used in authorizations?
Ans-Authentication may contain wild card values. The system avoids everything therefore A*B is the same as A*.
Q.18 What is the Pfcg dependency cleanup?
Ans-The Pfcg time dependency background report erases the profiles. Alternatively, you may use transactions PFUD.
Q.19 What happens to change documents when they are transported to the production system?
Ans-Change document is not to be viewed in transaction ‘SUIM’ after their delivered to the production system before input method to the transport. That means if changes are made to the USR10. The table is filled with the current values ushers old values to the USH10 table beforehand. Both differences are made for the determined result. It doesn’t work when change documents are displayed in the production system. The USR10 table is authenticated filled with the current values for there is no option.
Q.20 What is the difference between the table buffer and user buffer?
Ans-The table buffers are in the shared memory. Buffering the tables enhances the performance when accessing the data records contained in the table. Table buffers and table entries are ignored during startup. The user buffer is a user of master record loaded with the user logs.
Q.21 What does the profile generator do?
Ans-Profile generator creates roles for suitable user roles not manually enter transaction SU01.
Q.22 How many authorizations fit into a profile?
Ans-Maximum of 150 authorization feet into a profile through the number of authorizations exceeds this marker, the profile generator will automatically innovate more profiles for the role. It consists of 12 characters of which the first10 may be changed when generated.
Q.23 What is the landscape of Grc?
Ans-Grc is two system landscapes.
- SAP GRC DEV
- SAP GRC PRD has no quality system.
Q.24 What is the rule set in GRC?
Ans-Collection of rules is nothing but rule set having Global rule set.
Q.25 If UR using 10 firefighter IDS at a time? How will the log report go to the controller?
Ans-This is assigned to the users with changing roles with high-level comparison.
Q.26 What is a ruleset? And How to update risk ID in the ruleset?
Ans-During indirect roles of users Tcodes to P013 and P010 we have to make a comparison reflected in the SU01 record of the user.
Q.27 What is the procedure for role modifications?
Ans-This task is done PFCG time dependency background job.
Q.28 Who will do the user comparison?
Ans- If changes are to be modified immediately user comparison is prescribed. Contact for more on SAP GRC online training.
Q.29 What is the use of GRC risk management?
Ans-SAP GRC risk management permits you to manage risk management activities. You should plan to identify the risk in business and implement measures to manage risk and allow better decision that improves the performance of the business.
Q.30 What are the different types of risks?
- Ans-Operational risk
- Strategic risk
- Compliance risk
- Financial risk
Q.31 What is the SAP GRC audit management?
Ans-It is to improve the audit management process in an organization by documenting artifacts, organization, work papers, and audit reports. It is to integrate with other governance, risk, and compliance solutions to marginalize audit management policies and business aims.
Q.32 What is SAP GRC fraud management?
Ans-SAP GRC fraud management tool helps to detect and prevent frauds at an early stage reducing and minimizing the business defeat stands can be performed in the huge account of data in more accuracy and fraudulent activities can easily be identified.
Q.33 What are global trade services?
Ans-SAP GRC GTS helps organizations to emphasize cross-border supply into the limits of international trade management. It has some penalties of international trade regulation authorities having of a single repository of compliance master data and irrespective of the size of an institution.
Q.34 Is it possible to lock all the users at the same time in SAP system?
Ans-Yes, using Tcode EWZ5.
Q.35 What is the authorization object and authorization object class?
Ans-It is to object activities SAP system. It is grouped by different functional areas like finance, accounting, etc.
Q.36 How do you perform in the SAP system using GRC access control?
Ans-SAP GRC access control uses UNE roles to control the system and administrator actions which represent the smallest entity of UME role that a user can build access rights.
Q.37 What is UME? How does it work?
Ans-It is a user management engine.IT is to use a certain tab. The tab will not display upon user login. When the user tries to access the logon tab. All available standard UNE has the assigned action of the admin user.
Q.38 What are the CC roles that can be created at implementation?
Ans-CC reporting view–
Description compliance calibrator display and reporting.
CC rule maintenance
Compliance calibrator rule maintenance.
CC mit maintenance
Compliance calibrator mitigation maintenance.
Compliance calibrator administrator and basic configuration.
Q.39 What are risk analysis and remediation under access control?
Ans-The risk analysis and remediation capability to perform security audit and segregation of duties analysis. It is a tool that can be used to identify.It is a tool to analyze and dissolve risk audit issues linked to regulatory compliance.
Q.40 What are the key activities that process control shares with access controlling GRC?
- Ans-In process control solution, controls are activated as mitigation control in access control under SAP GRC 10.0 solution.
- Access control and process control share the same organization.
- Process control and access control are integrated access risks analyses to monitor segregation of duties (SOD).
Q.41 What is IAM? (Internal Audit management)
Ans-Internal audit management permits you to the information from risk management and process control to using audit planning. Audit proposals can be changed to audit management for processing when required and audit items can be used to generate issues for reporting. It is to define the audit universe and create and view audit reports.
Q.42 What are the different activities that can be performed under IAM?
- The audit universe contains audit entities
- Audit risk rating
- Audit planning to define the procedure for audit compliance.
- Audit issues for audit actions.
- Audit reports seeing what risks are there on auditable entities?
Q.43 What is audit risk rating ARR?
Ans- Audit risk rating is used to define the criteria for an organization to find risk rating and ranking to risk rating.
- You can find a set of auditable entities and risk factors.
- As per risk core, you can rate the auditable entities.
Q.44 What is the report and analytics work center in GRC?
Ans-Report and analytics report center are shared by process control and analytics work center consists of compliance section in GRC applications.
Q.45 What are the different reports under process control?
Ans-Evaluation status dashboard, survey result datasheet.
Q.46 What is SOD risk management?
Ans-In every business it is required to perform segregation of duties risk management. Starting from risk recognition to rule-building validation and continuous compliance.
Q.47 What are the different phases in GRC risk management?
- Risk recognition
- Rule building and validation
- Continuous compliance
Q.48 What is rule building under risk management?
- Reference the best practice rules for the environment.
- Validation of rules
- Customize rules and tests
- Verify against test user and role cases
Q.49 What is the difference between preventive mitigation controls and detective mitigation controls?
- User exit
- Define workflow
- Custom object
Detective mitigation controls come under-
- Activity report
- Comparison vs actual review
- Budget review
Q.50 What are the critical Tcodes and authorization objects R/3?
Ans-User master records are critical one SU01,PFCG,RZ10,RZ11,SU21,Su03 and many more.
Since the end of world war II socio-economic scenario has been changed rapidly. New and newer technologies come in the sphere of economy and commerce. After the introduction of the global economy, important changes were seen in our country also. Old grocery shops were replaced by shopping malls. Multiplexes come in place of traditional cinema halls and digital marketing becomes popular. Cyber revolution and cashless transactions, even cell phones in the pocket of common people are the pictures of the present era. Social media and electronic media take a vital role rather than print media in the field of journalism. We become familiar with many modern software in business and modern management. SAP GRC is one of these. So it is important to know about SAP GRC and questions regarding this.
- 10 Best SAP Training Institutes in India
- Top 15 SAP FICO Courses in Hyderabad with SAP Jobs for Freshers
- Top 35 SAP FICO Interview Questions and Answers
- 15 Best SAP HR Courses In India
- Best 10 SAP Training Institutes in Delhi
Q.1.Mention any two high paying SAP jobs?
Ans- SAP S/4,HANA and SAP ECC FI
Q.2. Why should one choose a carrier in SAP?
Ans-SAP is the top business software company globally and top of the global ERP market.
Q.3. What is SAP use for?
It helps to meet the legal requirements of accounting and used widespread different in different countries.
Q.4. Which are the popular modules in SAP?
Ans- Financial accounting. general ledger accounting, controlling, business warehousing, quality management, Sales and distribution.
Q.5. Mention the different SAP modules.
SAP FICO Course Training
SAP FICO Course: Ranked Amongst Top 3 Courses | Recognized by Govt of India | Award Winning Institute | ISO 29990:2010 Certified | Live Online Instructor-led Certified SAP FICO Training & Certification
SAP FICO S/4 HANA Course Training
SAP FICO Course: Ranked Amongst Top 3 Courses | Recognized by Govt of India | Award Winning Institute | ISO 29990:2010 Certified | Live Online Instructor-led Certified SAP FICO Training & Certification | Qualify for SAP FICO Certification and Develop a Promising Career in the Field of SAP FICO | 100% Practical Training Method | Training on S/4 HANA Software.
SAP HR ECC Training Course
Recognized by Govt. of India | Award Winning Institute | ISO 29990:2010 Certified | One of the most Fundamental Modules of SAP ERP System | Develop a Promising career in the field of SAP HR | SAP HR application module supports the procurement and inventory functions
SAP Security Training Course
Leading ERP in the Industry in the most important aspects of current business | Get Introduced to SAP R/3 Architecture, User Administration and SAP Authorization objects | Gain extensive knowledge of SAP Authorization, User Master Records, Profile generation using PFCGExplore Popular Category