Audit,User,Management,Process, computer Audit of User Management Process with SAP Security
----------------------------------------------------------Permission is granted for the below article to forward,reprint, distribute, use for ezine, newsletter, website,offer as free bonus or part of a product for sale as longas no changes a Gone are those times when the companies and the organisations didn't need a hi-tech system to handle them. Owing to the considerable increase in the business sector and thus, an enormous increase in the complexity of the organisational struc
SAP Security AuditOne of the primary building block in SAP Security is granting proper access to user within the SAP software, with rights to perform transaction which will execute specific type of functions in the system. SAP Role provides access for transaction which provides a direct access for the system. Traditionally when a SAP solution is implemented in a company, the company will always ascertain number of employees and will straightaway group their set of tasks into specific jobs. After this their role will be built based on their job functionality.SAP Security Audit for user approval processThe primary objective to perform an audit on an implemented SAP system is to cross check the process of approval, used to add users in the system and also approval for changing accessibility of a particular user. This whole process could be completely automated or manual. However if there is an external audit team they would definitely like to have a visibility on the complete process. They would also confirm user creation process in the system has proper approval or not.SAP Security audit for qualifying the users:This process involves identifying training requirements by the audit team before a particular user granted access to the system. A professional training could be provided in this regard, apart from providing training completely based on prior experience. Auditors may also look at the training completion documentation which will be verified by them ,and this is considered as one of the important aspects.SAP Security Audit for Removing the Users from the system:There will be many users who would be inactive due to attrition or limited access, and their removal or locking would be necessary, the sap security audit oversees this whole process of removal. Most of the companies have a policy in place for inactive users, where it will lock those accounts if it is not used for certain number of days. Typically it is between 60 to 180 days. The auditors examines this threshold and check the level of consistency of following this process. The process might be as simple as completely lock the user or deletion from the system after acquiring proper approvals to effect the change. There might be a different aspect to this as well where either the employee leaves or he might move to a different job role in the same company, but that doesn’t require an access to SAP. The auditors will definitely make a proper identification of inactive users who have been removed completely in the HR records or might be working in a different job role, they will also identify the affected change in the SAP system. Auditors will examine the respective changes and will also check the necessary authorizations for these changes.SAP User Validation Process:In this process auditors will check the validation process of the users, and will also confirm whether those users are still required to access SAP system or not. Also there is a requirement in SAP security process which requires review at regular intervals of user access by a dedicated process owner or a supervisor. They have to confirm the given access is still valid. This review can be done yearly as well as quarterly, however it is entirely based on company’s policies.
Audit,User,Management,Process,