Here is an article by David Torres, Inprosec’s consulting partner and our SAP Business Line Department Manager: “SoD Risk Matrix for SAP GRC”.
David explains the steps to be taken to define our own risk matrix for segregation of duties (SoD) in an SAP system and the strategy for designing compensating controls.
https://inprosec.es/wp-content/uploads/2020/06/SoD-Risk-Matrix-by-DTI-2.0-1.pdf