Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
48Activity

Table Of Contents

0 of .
Results for:
No results containing your search query
P. 1
SAP Audit Guidelines

SAP Audit Guidelines

Ratings: (0)|Views: 1,058 |Likes:
Published by knowism
SAP Audit Guidelines
SAP Audit Guidelines

More info:

Published by: knowism on Jan 15, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/16/2012

pdf

text

original

 
SAP- Audit Guidelines R/3
Release 3.0DCurrent: February 20, 1997Order no. 5001 4633 Fax no. 06227/7-41497http://www.sap.com/germany/contact/user.htm ® 
SAP(R) AG- Neurottstrasse 16- 69190 Walldorf, GermanyInformation in this document is subject to change without notice.
 
ReleaseCurrentAuthor`Page
SAP Audit Guidelines R/33.0D2/20/97AK REV 2 
SAP R/3 AUDIT GUIDELINES
INTRODUCTION.............................................................................................................81SYSTEM OVERVIEW.............................................................................................11
1.1 Objective................................................................................................................................................11
1.1.1Technical and organizational overview of the system......................................................................111.1.2Clarity of the system for the auditor/auditing task ...........................................................................121.1.3Defining the scope of the audit........................................................................................................12
1.2 Requirements.........................................................................................................................................131.3 Risks.......................................................................................................................................................131.4 Audits.....................................................................................................................................................14
1.4.1Responsibilities...............................................................................................................................141.4.2Systems in use (testing, ..., live)......................................................................................................141.4.3Authorization and user menu for the auditor...................................................................................141.4.4Recording the business structure.....................................................................................................161.4.5Release versions..............................................................................................................................161.4.6Components/functionality...............................................................................................................161.4.7Modifications..................................................................................................................................171.4.8Update termination.........................................................................................................................191.4.9Data flow plan................................................................................................................................19
1.5 Proposed auditor authorizations............................................................................................................201.6 Complete overview of customer name ranges.......................................................................................21
2SECURITY AND ACCESS PROTECTION.............................................................23
2.1 Objective................................................................................................................................................232.2 Requirements.........................................................................................................................................242.3 SAP facts................................................................................................................................................25
2.3.1Basics of the authorization model...................................................................................................252.3.2Authorization structures.................................................................................................................272.3.3Separating maintenance and activation...........................................................................................272.3.4User master....................................................................................................................................272.3.5Password protection and logon........................................................................................................282.3.6Customer-specific authorization checks..........................................................................................282.3.7Upstream security systems..............................................................................................................282.3.8TABLE TSTC – "SAP Transaction Codes".....................................................................................282.3.9Customizing...................................................................................................................................28
2.4 Risks.......................................................................................................................................................29
 
ReleaseCurrentAuthor`Page
SAP Audit Guidelines R/33.0D2/20/97AK REV 3 
2.5 Audits.....................................................................................................................................................30
2.5.1User management...........................................................................................................................302.5.2Security and access protection.........................................................................................................322.5.3Important individual authorizations................................................................................................34
3WORKBENCH ORGANIZER AND TRANSPORT SYSTEM..................................38
3.1 Objective................................................................................................................................................38
3.1.1Functional Integrity........................................................................................................................383.1.2Traceability....................................................................................................................................38
3.2 Requirements.........................................................................................................................................39
3.2.1Job submission................................................................................................................................393.2.2Implementation of a change............................................................................................................393.2.3Acceptance and production transfer................................................................................................39
3.3 SAP facts................................................................................................................................................40
3.3.1Purpose and structure......................................................................................................................403.3.2SAP systems...................................................................................................................................413.3.3Correction and repair......................................................................................................................423.3.4WBOT settings...............................................................................................................................433.3.5Conducting transports.....................................................................................................................44
3.4 Risks.......................................................................................................................................................45
3.4.1Validity of ODEs............................................................................................................................453.4.2Incorrect CTS settings....................................................................................................................453.4.3Access to operating system level.....................................................................................................453.4.4Instability.......................................................................................................................................463.4.5Manipulation..................................................................................................................................46
3.5 Audits.....................................................................................................................................................47
3.5.1Recording the existing procedure....................................................................................................473.5.2Review of the model.......................................................................................................................473.5.3Compliance with the model............................................................................................................473.5.4Concrete auditing steps...................................................................................................................47
4ACCESSING AND LOGGING TABLES.................................................................49
4.1 Objective................................................................................................................................................494.2 Requirements.........................................................................................................................................50
4.2.1Logging..........................................................................................................................................504.2.2Customer-specific tables.................................................................................................................504.2.3Access protection............................................................................................................................504.2.4Work and organization instructions................................................................................................514.2.5Safeguarding the information flow..................................................................................................51
4.3 SAP facts................................................................................................................................................52
4.3.1Purpose and structure of tables........................................................................................................524.3.2Table access and logging................................................................................................................534.3.3Validity range and customer tables.................................................................................................544.3.4ABAP reports.................................................................................................................................544.3.5Examples of important tables..........................................................................................................55

Activity (48)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Bala Krishnan liked this
charleschew liked this
panarayana69 liked this
swayam liked this
tqm420 liked this
Dawn Applegate liked this
jojokalathil liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->