20 Important SAP GRC Interview Questions and Answers Updated 2022

1. What is the rule set in GRC?

The collection of rules is nothing but a ruleset. There is a default rule set in GRC called Global Rule Set.

2. What is the landscape of GRC?

GRC Landscape is 2 system landscape,


SAP GRC PRD in GRC there is no Quality system.

3. What is offline risk analysis?

Offline Mode Risk Analysis process is performed with the help of the Risk Identification and Remediation module in SAP GRC Access Control Suite. Offline mode Analysis helps in identifying SOD Violations in an ERP System remotely. The data from the system is exported to flat files and then it can be imported into the CC instance with the help of a data extractor utility. It can also be used to remotely analyze an ERP system that may be present in a different ERP Landscape.

4. What are the different types of Risk?

The different types of Risks are

  • Operational Risk
  • Strategic Risk
  • Compliance Risk
  • Financial Risk

5. What is SAP GRC Audit management?

This is used to improve the audit management process in an organization by documenting artifacts, organizing work papers, and creating audit reports. You can easily integrate with other governance, risk, and compliance solution and enable organizations to align audit management policies with business goals.

6. What is SAP GRC Fraud Management?

SAP GRC Fraud management tool helps organizations to detect and prevent frauds at an early stage hence reducing minimizing the business loss. Scans can be performed on a huge amount of data in real-time with more accuracy and fraudulent activities can be easily identified.

7. What are the different phases in GRC Risk Management?

There are various phases in the risk management process −

  • Risk Recognition
  • Rule Building and Validation
  • Analysis
  • Remediation
  • Mitigation
  • Continuous Compliance

8. What is the main difference between single role and a derived role?

The main difference is we can add/delete the codes for the single roles but we can’t do it for the derived roles.

9. Explain derived role?

Derived roles are to restrict user access based on organizational level values.

The derived role will be inherited by the master role and inherit all the properties except org level values.

10. What does the Profile Generator do?

We can create roles, transport, copy, download, modifications, all these things done from pfcg t-code.

11. What is the use of RSECADMIN?


Reporting Users – Analysis Authorization using transaction RSECADMIN, to maintain authorizations for reporting users.

RSECADMIN – To maintain analysis authorization and role assignment to a user.

12. How do we test security systems? What is the use of SU56?

Through Tcode SU56, We will check the user’s buffer.

13. How do we Schedule and administer Background jobs?

Scheduling and administrating background jobs can be done by using tcodes sm36 and sm37

14. How do we Check if the PFCG_TIME_DEPENDENCY is running for user master reconciliations?

Execute SM37 and search for PFCG_TIME_DEPENDENCY

15. What is the ruleset? and how to update risk id in the ruleset?

Also during the indirect assignment of roles to users using t codes Po13 and po10, we must do user comparison, so that the roles get reflected in the SU01 record of the user.

16. What is the difference between PFCG, PFCG TIME DEPENDENCY & PFUD?

PFCG is used to create maintain and modify the roles.

PFCG_TIME_DEPENDENCY is a background job of PFUD.

PFUD is used for mass user comparison but the difference is if you set the background job daily basis it will do mass user comparison automatically

17. What does the user compare do?

If you are also using the role to generate authorization profiles, then you should note that the generated profile is not entered in the user master record until the user master records have been compared. You can automate this by scheduling report FCG_TIME_DEPENDENCY on.

18. What profile versions?

Profile versions are nothing but when u modify a profile parameter through a RZ10 and generate a new profile is created with a different version and it is stored in the database.

19. What is the use of role templates?

User role templates are predefined activity groups in SAP consisting of transactions, reports, and web addresses.

20. What is the difference between a role and a profile?

Role and profile go hand in hand. The profile is bought in by a role. The role is used as a template, where you can add T-codes, reports. A profile is one that gives the user authorization. When you create a role, a profile is automatically created.