The
main building block in SAP Security is user access to the sap system with the
transactions to execute specific functions within the system. The transaction
access is no inheritable from the SAP Role that provides the access needed
within the system. Typically once a company implements SAP Security they will
attempt to determine the quantity of individuals within the company and cluster
their tasks into Jobs. Then build their role based on their job functions.
SAP
Security check for user approval process:
One of
the first aspects looked into once they audit the SAP system is that the
approval process for adding the users into the system and additionally approval
to alter the user access within the system. This process might be automatic or
manual. But the external audit team can need to walk through the method and
ensure that correct approvals were non inheritable before making the user
within the system.
SAP
Security audit for qualifying the users:
In this
process the audit team can explore for any training needs before users get
access to the system. This SAP Security Online training might be
skilled training because of previous skilled experience. One of the key aspects
they appear for is how that is the SAP Security Online training completion
documented and verified.
SAP
Security check for removing the Users from the system:
Here
the sap security audit method desires to see a process in site for removing or
protection the users from the system because of inactivity, leaving the company
or access not needed. For inactivity the companies can have a policy in site to
lock the user if they're not victimization the system surely variety of days.
This could vary from sixty days to one hundred eighty days. The audit team
wants to see what happens once this threshold is met and if the method is
followed systematically. The process might be simply lock the user or delete
the user utterly from the system and document the approvals for the
modification. The other side of user removal is deed the corporate or moving to
a special job at intervals the corporate that doesn't need the SAP
Access.
SAP
Security User Validation Process:
With
this process the audit team desires to see however usually the users square
measure valid and confirmed that their access remains needed within the SAP
Security system. The SAP Security audit method needs that there wants to
regular intervals wherever the user access is reviewed by a supervisor or
process owner to substantiate the access provisioned is acceptable and still
valid. This review process might vary from quarterly or yearly primarily based
on the corporate policies.
