View CartView Cart
QuestionsContact Us

Basis Application Infrastructure - Audit Program & Testing Procedures for SAP ECC



This audit program is designed to help audit, risk & security professionals facilitate the review of the Basis Infrastructure component in SAP ERP Central Component known as SAP ECC. It'll help identify any inherent risks related to SAP ERP security, minimize exposure to such risks, ensure that key controls are in place & operate effectively, and ascertain reliability of the Basis Application Infrastructure component in SAP ERP.

The audit program is based on the latest auditing standards. It contains a comprehensive listing of control objectives & suggested controls to meet the objectives. It also contains detailed testing procedures, rather than generic descriptions of the controls & the tests to be performed. You'll get the step-by-step instructions on extracting configurable options & user access reports from the system in support of individual control activities. The purpose of the testing instructions is to enable anyone to execute the tests & evaluate risks/controls in the SAP ERP environment.

*NOTE* See below for more details. Also, use the "preview" icon below to view a part of the audit program to ensure it's right for you.

Audit Programs

Preview Basis Infrastructure Audit Program for SAP ECCTable of Contents:

The audit program contains 63 tests designed to evaluate adequacy of the key configuration settings and assess appropriateness of access to a variety of sensitive basis transactions in the SAP ERP Central Component known as SAP ECC, including:

Auditing batch job and background session processing and administration functions:
  • Batch scheduling and batch processing authorizations in SAP ERP
  • Ability to administer background sessions in SAP ERP
  • Access to the batch input management functionality in SAP ERP
  • Monitoring procedures to identify processing errors and/or issues, etc.
Auditing end-user authorization and administration functions in SAP ERP:
  • Segregation of user authorization and administration functions in SAP ERP
  • Access to maintain roles, authorizations and authorization profiles
  • Access to maintain the assignment of the authorization objects to transactions 
  • Access to transport roles to production or activate roles in production 
  • User master record maintenance in SAP ERP
  • Access to assign roles or profiles to users
  • Controls to ensure access to the SAP ERP system is authorized by management
  • Controls to ensure access to the SAP ERP is disabled for employees who no longer require such access, etc.
Auditing safeguards against unauthorized access to or modifications of programs and data:
  • Access to edit and execute programs online and in the background
  • Access to modify table content in SAP ERP , including critical systems tables or security tables and client-independent tables
  • Access to maintain SAP ERP Data Dictionary 
  • Security of the custom tables, custom programs, and custom transactions, etc.
Auditing implementation and administration of the system configuration & security settings:
  • Access to maintain/configure application server parameters
  • User access to maintain instances
  • CCMS Alert Monitoring
  • Configuration of the SAP ERP password parameters
  • Security of the vendor supplied user IDs
  • Access restriction to the powerful SAP ERP profiles (SAP_ALL, SAP_NEW, S_A.SYSTEM, S_A.ADMIN, S_USER_ALL, etc.)
  • Locking critical and sensitive transaction codes
  • Security of the remote access to/from the system, including interface communications, etc.
Auditing change management and control:
  • System configuration to enforce appropriate change management process to prevent changes made directly in production 
  • Ensuring that SAP ERP system landscape supports separation of production environment from development environment
  • Access policies over transports
  • Security of the SAP Software Change Registration (SSCR) developer keys and more.
Everything has been conveniently pre-documented with fill-in fields for company-specific information (entity name, date, data extracted from the system, etc.) which will allow you to proceed with your assessment immediately.

Please click here to view a part of the audit program to ensure it's right for you.


Price: $60.00 (Instant Download)



Add to Cart
View Cart

© Copyright 2009-2012. All rights reserved.
None of the publications may be reproduced or transmitted in any form or by any means or for any purpose. Materials may be used for private study only, without warranty of any kind.