Custom Object SAP IT Audit Risk reduced with Controls

January 23, 2012 · Posted in Auditing 

SAP system is helpful in automating the company’s business processes and also improves the productivity of the employees. As part of the SAP system there are multiple tables and programs. These tables and programs are required to manipulate the data in the system. During the process of implementing the SAP system customers have the option of creating their own tables and programs in the system. These tables and programs have to start with Z or Y. These are called as custom development objects.

The custom programs and table can make changes to the system, so it is required that the custom development objects are properly managed and documented. If left unmanaged there will be numerous custom objects in the system without proper documentation. This is like leaving the dog loose in the house and you will be pushed to the corner

The custom programs and table can make changes to the system, so it is required that the custom development objects are properly managed and documented. If left unmanaged there will be numerous custom objects in the system without proper documentation. This is like leaving the dog loose in the house and you will be pushed to the corner

SAP system is helpful in automating the company’s business processes and also improves the productivity of the employees. As part of the SAP system there are multiple tables and programs. These tables and programs are required to manipulate the data in the system. During the process of implementing the SAP system customers have the option of creating their own tables and programs in the system. These tables and programs have to start with Z or Y. These are called as custom development objects.

Getting Control of the SAP IT Audit Risk with SAP objects

Getting Control of the SAP IT Audit Risk with SAP objects

The custom objects created in the system can have sensitive data or just display data. But these objects have to be properly secured. For securing the custom objects following process has to be followed

Assign the custom object to an authorization group which indicates its functional team, sub team and the sensitivity of the data contained in the custom object

Then create a custom transaction to linking the object. This way the user can use the custom transaction for executing the transaction

For custom program also include authority check statement in the program so that the data can also further restricted.

Perform a trace analysis for the newly created transaction to identify the authorization objects required

Now update the SU24 settings in the transactions with authorization object found in your trace

Now update the SU24 settings in the transactions with authorization object found in your trace

Since the custom object are assigned transactions the training and testing can be focused on the transaction

Assigning data browser and program execution transaction to the user will cause performance issues. As the user will be able to execute data with wide open selection criteria

SAP Security errors can be reduced as objects needed for the transaction is automatically populated from the SU24 settings when the administrator creates the role

Tracking the transaction usage will easier

Tracking the transaction usage will easier

AuditBot SAP IT Audit Solutions company specializing in automated audit compliance software solutions for risk mitigation and monitoring controls. AuditBot Audit SAP Risk management Solution helps the audit compliance within the finance, internal audit and IT organizations to from being on Monday morning quarter backing situation to winning the audit compliance game

Looking to find the a solution for SAP Audit, then visit www.AuditBots.com to find the best advice on SAP Risk for you.

Comments

Leave a Reply

You must be logged in to post a comment.