Table of Contents:

This SAP audit program contains 63 tests. The control framework has been specifically designed to help evaluate the adequacy and the effectiveness of the key configuration settings and access restriction mechanisms to a variety of sensitive basis transactions in SAP ECC, including:

SAP audit plan and testing procedures for auditing batch job and background session processing and administration functions:

• Batch scheduling and batch processing authorizations in SAP ERP
• Ability to administer background sessions in SAP ERP
• Access to the batch input management functionality in SAP ERP
• Monitoring procedures to identify processing errors and/or issues, etc.

SAP audit plan and testing procedures for auditing end-user authorization and administration functions in SAP ERP:

• Segregation of user authorization and administration functions in SAP ERP
• Access to maintain roles, authorizations and authorization profiles
• Access to maintain the assignment of the authorization objects to transactions 
• Access to transport roles to production or activate roles in production 
• User master record maintenance in SAP ERP
• Access to assign roles or profiles to users
• Controls to ensure access to the SAP ERP system is authorized by management
• Controls to ensure access to the SAP ERP is disabled for employees who no longer require such access, etc.

SAP audit program and testing procedures to assess the safeguards against unauthorized access to or modifications of programs and data:

• Access to edit and execute programs online and in the background
• Access to modify table content in SAP ERP , including critical systems tables or security tables and client-independent tables
• Access to maintain SAP ERP Data Dictionary 
• Security of the custom tables, custom programs, and custom transactions, etc.

Audit plan and testing procedures to assess implementation and administration of the system configuration security settings:

• Access to maintain/configure application server parameters
• User access to maintain instances
• CCMS Alert Monitoring
• Configuration of the SAP ERP password parameters
• Security of the vendor supplied user IDs
• Access restriction to the powerful SAP ERP profiles (SAP_ALL, SAP_NEW, S_A.SYSTEM, S_A.ADMIN, S_USER_ALL, etc.)
• Locking critical and sensitive transaction codes
• Security of the remote access to/from the system, including interface communications, etc.

SAP audit program and testing procedures to assess change management and control:

• System configuration to enforce appropriate change management process to prevent changes made directly in production 
• Ensuring that SAP ERP system landscape supports separation of production environment from development environment
• Access policies over transports
• Security of the SAP Software Change Registration (SSCR) developer keys and more.

Everything has been conveniently pre-documented with fill-in fields for company-specific information (entity name, date, data extracted from the system, etc.) which will allow you to proceed with your assessment immediately.

Please view an excerpt from the audit program to ensure it's right for you.

Price: $65.00 (Instant Download)