Answer Posted / gopi
Post Sarbanes Oxley, focus for corporations is more on compliance and security. Sarbanes Oxley has had a major impact on the organizations using SAP R/3 as their ERP. Some of the changes seen in the corporate landsacpe include identifying and documenting processes, implementing controls and safeguards, documenting user access approvals etc. In short, there has been a cultural shift in organizations post Sarbanes Oxley. Below, I have listed 7 major pointers which can help organizations towards better SAP security in the Sarbanes Oxley Era.
1. Provide users access on a need to know and need to do basis.
2. Adequately secure programs, transactions and tables.
3. All user accesses to SAP R/3 are properly authorized and approved.
4. Segregation of duties is maintained for all sensitive business transactions
5. All controls and business processes are documented.
6. Anti-fraud preventive controls are in place to prevent & detect fraud before an audit.
7. User profiles and roles in SAP are secured and designed to meet business requirements.
Is This Answer Correct ? | 12 Yes | 1 No |
Post New Answer View All Answers
Can you explain sap system transactions?
The user wants to create like a time table in BEX but when the open BEX its showing empty screen . in this situation what will u do.. And How will solve u …What r the steps u will take the to solve the solution..
How we schedule and administering background jobs?
how we Restrict the auth groups for table maintain, creating Auth group using SE54 to built new Auth groups to restrict tables via auth object S_TABU_DIS
What is the difference between role and a profile?
what are all the questions covered in "profiles related concepts " please let me know ?
Can you explain snc in sap security?
How do you check background jobs?
Can you explain secure store and forward?
how we Set up Central User Administration (CUA) to manage 4 systems/clients
List the various user types.
What are the different types of sap security tables?
Can you explain protecting public keys?
Which transaction should not be given to BASIS and DEV team in Production?
Which tables will you use for making customizing setting for security administration?