View CartView Cart

QuestionsContact Us

 SAP Audit Program - Basis Application Infrastructure (SAP R/3)

This SAP audit program has been designed to help audit, IT risk, compliance and security professionals facilitate the review of the Basis Application Infrastructure component in SAP R/3. A brief overview and description of some of the key features of this audit program for SAP R/3:
  • This SAP audit program contains detailed testing procedures rather than generic description of the controls & the tests to be performed. You'll have step-by-step guidance on extracting configurable options (system parameters), user access listings and other reports from the system and testing SAP R/3 application security controls
  • Audit program contains IT general controls (ITGC) process risks, related control objectives and control activities for the following key ITGC processes: operations, securitychange management
  • Audit program can be used to ascertain compliance with the Section 404 of the Sarbanes-Oxley Act (SOX)
  • Can be used to help identify inherent risks related to SAP ERP security, minimize exposure to such risks, ensure that key controls are in place & operate effectively, and ascertain reliability of the SAP R/3 Basis application infrastructure component.

Refer below for the table of contents. Also, view an excerpt from the audit program to ensure it's right for you. 

Audit Programs

Table of Contents:

This SAP audit program contains 46 tests. The control framework has been specifically designed to help evaluate the adequacy and the effectiveness of the key configuration settings and access restriction mechanisms to a variety of sensitive basis transactions in SAP R/3, including:

SAP audit program and testing procedures to assess batch job and background session processing and administration functions in SAP R/3:
  • Batch scheduling and batch processing authorizations in SAP R/3
  • Ability to delete jobs of other users
  • Ability to administer background sessions in SAP R/3
  • Ability to schedule jobs under different user IDs
  • Access to the batch input management functionality in SAP R/3
  • Monitoring procedures to identify processing errors and/or issues & much more.

SAP audit program and testing procedures for auditing end-user authorization and administration functions in SAP R/3:
  • Access to maintain roles, authorizations and authorization profiles
  • Access to maintain the assignment of the authorization objects to transactions
  • User master record maintenance in SAP R/3
  • Access to assign roles or profiles to users
  • Controls to ensure access to the SAP R/3 system is authorized by management
  • Controls to ensure access to the SAP R/3 is disabled for employees who no longer require such access, etc.

SAP audit program and testing procedures for auditing safeguards against unauthorized access to or modifications of programs and data:
  • Access to edit and execute programs online and in the background
  • Access to modify table content in SAP R/3, including critical systems tables or security tables and client-independent tables
  • Access to maintain SAP R/3 Data Dictionary 
  • Security of the custom tables, custom programs, and custom transactions, etc.

Audit plan and testing procedures for auditing implementation and administration of the system configuration & security settings:
  • Access to maintain/configure application server parameters
  • User access to maintain instances
  • Configuration of the SAP R/3 password parameters
  • Security of the vendor supplied user IDs
  • Access restriction to the powerful SAP R/3 profiles
  • Locking critical and sensitive transaction codes
  • Security of the remote access to/from the system, including interface communications, etc.

Audit plan and testing procedures for auditing change management and control:
  • System configuration to enforce appropriate change management process to prevent changes made directly in production 
  • Ensuring that SAP R/3 system landscape supports separation of production environment from development environment
  • Access policies over transports
  • Security of the developer keys
  • Controls to ensure that access to develop programs is not allocated in production and more.

Everything has been conveniently pre-documented with fill-in fields for company-specific information (entity name, date, data extracted from the system, etc.) which will allow you to proceed with your assessment immediately.

Please view an excerpt from the audit program to ensure it's right for you.

Price: $50.00 (Instant Download)


Add to Cart
View Cart