Briefly explain the common roles and key duties of GRC based on SoD.


Posted On: Mar 06, 2024


These are the following common roles and their key duties based on SoD:

Business Process Owner:

  • Identifying and approving risks for monitoring.
  • Approving remediation that involves user access.
  • Designing controls to mitigate conflicts.
  • Communicating about role changes or access assignments.
  • Performing proactive continuous compliance.

Senior officers:

  • Approving or rejecting risks between business areas.
  • Approving mitigation risks for selected areas.

Security Administrator:

  • Assuming the ownership of GRC tools and security processes.
  • Designing and maintaining rules to identify the risk conditions
  • Customizing GRC roles to enforce roles and responsibilities.
  • Analysing and remediating SoD conflicts at the role level.


  • Performing risk assessment on a regular basis.
  • Providing specific requirements for audit purpose.
  • Performing periodic testing of rules and mitigation controls
  • They act as a liaison between external auditors.

SoD Rule Keeper:

  • Performing GRC tool configuration and administration.
  • Maintaining controls over rules to ensure integrity.
  • They act as a liaison between basis and GRC support center.


    Related Questions

    Please Login or Register to leave a response.

    Related Questions

    GRC Interview Questions

    What is the SAP GRC?

    SAP GRC abbreviated as System, Applications, and Products (SAP), Governance, Risk and Compliance (GRC) which is an integrated body combining of various activities which unite help the organizations to...

    GRC Interview Questions

    What is UME and how it works?

    UME stands for the user management system. When A user tries to access a tab whose access is not with them, the tab will not display when the user tries to access that tab. A user can only access a fu...

    GRC Interview Questions

    What are the key activities that Process control shares with Access control in GRC?

    Risk control needs to be performed as a part of compliance and regulation practice, it is required to mitigate risk in an organization. A critical part of managing risk in an organization is to defin...