13. Components of the SAP GRC Suite GRC Module Description Risk Analysis and Remediation ( RAR ) This tool is the “repository” which contains all SOD rules and mitigation controls defined by the Client. User and role reports can be executed to monitor compliance on a risk level. Enterprise Role Management ( ERM ) This tool uses the RAR repository to ensure that all security role changes do not violate the Client’s Global SOD policy. A business approval workflow can be setup for all role changes. Compliant User Provisioning ( CUP ) This tool uses the RAR repository to ensure that all role assignments made to users do not violate the Client’s Global SOD policy. User role requests are submitted via this tool. A business approval workflow can be setup for all user role assignment changes. Super user Privilege Management ( SPM ) Standalone tool that allows users to ramp up their access. All tcodes executed are recorded and emailed to business and technical leads for monitoring purposes.