- SAP Segregation of duties controls have been implemented over all functional transactions in the SAP ECC System. This should also include Custom transaction which are similar to the SAP Transaction and can perform the same functions as the SAP Transactions
- SAP Information security standards and policies have been implemented to direct the proper granting of SAP ECC System access privileges with Roles. This is a document which has document all your application like password parameters, policy for locking and unlocking users and provisioning SAP Users
- Processes for granting of SAP System access privileges include controls to ensure that segregation of duties is evaluated before the change is made. This will be pertaining to SAP User and SAP role change management policy which will have the process of changing a user or role
- Periodic reviews of SAP user access should be conducted to discover and resolve existing SAP segregation of duties conflicts on a timely basis. As SAP system processes, data elements, and the number of system users increase, the effort required to establish, control, and evaluate segregation of duties becomes increasingly complex
- Processes should be in place to manage change control process over SAP security roles segregation of duties documentation, supporting data when there is a exception, and tools used to analyze the risk
- When determining whether management’s documentation provides reasonable support for its assessment, auditors will evaluate whether documentation demonstrates controls are designed or detect fraud, including who performs the controls and the related segregation of duties.
- Appropriate SAP Segregation of Duties should be considered across applications, across platforms. This is will be critical when you have multiple systems in your landscape. For example Master Data is maintain in one SAP system , the transaction data is conducted in SAP ECC System and interface is handled by entirely different system. Companies should have the ability to find the Sensitive and SOD Risk across multiple SAP systems
[vc_row css=”.vc_custom_1512575306373{margin-top: 50px !important;}”][vc_column width=”1/3″][vc_cta h2=”Free Step by Step SAP License Optimization Guide” shape=”square” add_button=”bottom” btn_title=”click here” btn_style=”flat” btn_color=”default” btn_i_icon_fontawesome=”stm-diamond” btn_css_animation=”left-to-right” css_animation=”left-to-right” btn_add_icon=”true” css=”.vc_custom_1512579904776{padding-top: 50px !important;padding-right: 35px !important;padding-bottom: 50px !important;padding-left: 35px !important;background-color: #3a80f1 !important;}” btn_link=”url:http%3A%2F%2Fexpressgrc.com%2Ffree-sap-license-optimization-guide%2F||” el_class=”c_action”]SAP Customer is liable to pay 70 Million additional SAP licensing fees as a result of what is broadly known as Indirect Access.[/vc_cta][/vc_column][vc_column width=”1/3″][vc_cta h2=”Free SAP GRC 10.0 Step by Step Guide” shape=”square” add_button=”bottom” btn_title=”download here” btn_style=”flat” btn_color=”default” btn_i_icon_fontawesome=”stm-diamond” btn_css_animation=”left-to-right” css_animation=”bottom-to-top” btn_add_icon=”true” css=”.vc_custom_1512579856805{padding-top: 50px !important;padding-right: 35px !important;padding-bottom: 50px !important;padding-left: 35px !important;background-color: #f1b500 !important;}” btn_link=”url:http%3A%2F%2Fexpressgrc.com%2Fsap-grc-10-1-step-step-guide%2F||” el_class=”c_action”]Are you fed up with being not able to get job? Tired of being disappointed in yourself, because you just can’t seem to get started in the career as SAP GRC Consultant?[/vc_cta][/vc_column][vc_column width=”1/3″][vc_cta h2=”Financial Loss due to Fraud Risk” shape=”square” add_button=”bottom” btn_title=”click here” btn_style=”flat” btn_color=”default” btn_i_icon_fontawesome=”stm-diamond” btn_css_animation=”left-to-right” css_animation=”right-to-left” btn_add_icon=”true” css=”.vc_custom_1512579731433{padding-top: 50px !important;padding-right: 35px !important;padding-bottom: 50px !important;padding-left: 35px !important;background-color: #1d9e3f !important;}” btn_link=”url:http%3A%2F%2Fexpressgrc.com%2Ffree-sap-process-control-step-step-guide%2F||” el_class=”c_action”]Using the right kind of SAP Controls in the right way can be trans formative for any SAP System[/vc_cta][/vc_column][/vc_row]