Answer Posted / gopi
Post Sarbanes Oxley, focus for corporations is more on compliance and security. Sarbanes Oxley has had a major impact on the organizations using SAP R/3 as their ERP. Some of the changes seen in the corporate landsacpe include identifying and documenting processes, implementing controls and safeguards, documenting user access approvals etc. In short, there has been a cultural shift in organizations post Sarbanes Oxley. Below, I have listed 7 major pointers which can help organizations towards better SAP security in the Sarbanes Oxley Era.
1. Provide users access on a need to know and need to do basis.
2. Adequately secure programs, transactions and tables.
3. All user accesses to SAP R/3 are properly authorized and approved.
4. Segregation of duties is maintained for all sensitive business transactions
5. All controls and business processes are documented.
6. Anti-fraud preventive controls are in place to prevent & detect fraud before an audit.
7. User profiles and roles in SAP are secured and designed to meet business requirements.
Is This Answer Correct ? | 12 Yes | 1 No |
Post New Answer View All Answers
what is the difference between usobt_c and usobx_c?
Giving fire call access and extending fire call access by using VIRSA’s VFAT tool? can u brief give the explanation
What is the difference between authorization object and authorization object class?
What is the use of su56?
How to find ECC system, GRC system and BI system ?
What does the account assessment category specify in a purchasing order in SAP Materials Management?
Giving fire call access and extending fire call access by using VIRSA’s VFAT tool.can any one brief this
what is use of copy data in derived role and when we use this one ???
How can sap security be improved?
Which tables will you use for making customizing setting for security administration?
User is not there in User master record. Then how to trace the user?
What is a composite role?
Please also send me details about CRM 5 and CRM 7 security issues and scenarios.
What are se09 t-codes used for?
Differentiate between derived role and composite role