Custom Object SAP IT Audit Risk reduced with Controls

January 23, 2012 · Posted in Auditing · Comment 

SAP system is helpful in automating the company’s business processes and also improves the productivity of the employees. As part of the SAP system there are multiple tables and programs. These tables and programs are required to manipulate the data in the system. During the process of implementing the SAP system customers have the option of creating their own tables and programs in the system. These tables and programs have to start with Z or Y. These are called as custom development objects.

The custom programs and table can make changes to the system, so it is required that the custom development objects are properly managed and documented. If left unmanaged there will be numerous custom objects in the system without proper documentation. This is like leaving the dog loose in the house and you will be pushed to the corner

The custom programs and table can make changes to the system, so it is required that the custom development objects are properly managed and documented. If left unmanaged there will be numerous custom objects in the system without proper documentation. This is like leaving the dog loose in the house and you will be pushed to the corner

SAP system is helpful in automating the company’s business processes and also improves the productivity of the employees. As part of the SAP system there are multiple tables and programs. These tables and programs are required to manipulate the data in the system. During the process of implementing the SAP system customers have the option of creating their own tables and programs in the system. These tables and programs have to start with Z or Y. These are called as custom development objects.

Getting Control of the SAP IT Audit Risk with SAP objects

Getting Control of the SAP IT Audit Risk with SAP objects

The custom objects created in the system can have sensitive data or just display data. But these objects have to be properly secured. For securing the custom objects following process has to be followed

Assign the custom object to an authorization group which indicates its functional team, sub team and the sensitivity of the data contained in the custom object

Then create a custom transaction to linking the object. This way the user can use the custom transaction for executing the transaction

For custom program also include authority check statement in the program so that the data can also further restricted.

Perform a trace analysis for the newly created transaction to identify the authorization objects required

Now update the SU24 settings in the transactions with authorization object found in your trace

Now update the SU24 settings in the transactions with authorization object found in your trace

Since the custom object are assigned transactions the training and testing can be focused on the transaction

Assigning data browser and program execution transaction to the user will cause performance issues. As the user will be able to execute data with wide open selection criteria

SAP Security errors can be reduced as objects needed for the transaction is automatically populated from the SU24 settings when the administrator creates the role

Tracking the transaction usage will easier

Tracking the transaction usage will easier

AuditBot SAP IT Audit Solutions company specializing in automated audit compliance software solutions for risk mitigation and monitoring controls. AuditBot Audit SAP Risk management Solution helps the audit compliance within the finance, internal audit and IT organizations to from being on Monday morning quarter backing situation to winning the audit compliance game

Looking to find the a solution for SAP Audit, then visit www.AuditBots.com to find the best advice on SAP Risk for you.

The \”Three Day Rule\” and I-9 Compliance

November 17, 2011 · Posted in Business · Comment 

There is a lot to consider for businesses that are getting ready to hire for a position. They must find the right person, run background screening and set up efficient and effective training, all in a timely and productive fashion.

All these hiring decisions can make companies feel that the paperwork involved with the I-9 process is just a hassle. But don\’t forget that dealing with I-9 compliance incorrectly can lead to legal problems and financial damages.

United States Immigration and Customs Enforcement Agency established a country wide clamp down on compliance in 2009. ICE conducted audits of companies HR departments across the states.

These audits-which are still being done-have resulted in more than $7 million in fines, mostly for minor infractions that could have been avoided with consistent hiring policies.

The following is a mistake that is easy to make: Your CEO is anxious about a vacant key position. Finally, you receive a resume from a candidate who seems perfect for the position. You interview and offer them the position on the spot.

You make the prospect a conditional offer and anticipate the go ahead from the boss. While waiting you learn that the prospect was not born in the U.S. and only just moved here.

Is asking the applicant about his/her immigration situation prior to the boss\’s official offer an I-9 compliance violation?

Yes!

This is but a single example of all the potential problems that can arise when dealing with Form I-9 compliance. Hiring an experienced employment attorney and also an employee to be in charge of the I-9 process and training would be the best business practice.

A single mistake can put the business in jeopardy of not being in compliance.

Being informed of the I-9 timeline is an excellent place to start when implementing consistent compliance. The \”Three Day Rule\” is an effective and simple rule to help you take charge of I-9 deadlines.

Ensure that Section 1 of the I-9 Form is completed before the start of the employee\’s first day of work for pay

Ensure that Section 2 is completed within three business days of the employee\’s first day of work for pay.

If you hire a person for less then three business days, completing Sections 1 and 2 before they start their fist day is the best practice.

Keeping up with Form I-9 compliance can seem to be a daunting task. Educate your employees and yourself and be sure to keep the \”Three Day Rule\” in mind and you are on your way, taking the first steps to maintaining I-9 compliance.

I-9Compliance.com asked immigration attorneys what the most common and expensive I-9 mistakes were and compiled the answers into a free guide. With this guide, you\’ll get an inside look at the most common I-9 errors and how to avoid them. It\’s completely free-and could potentially save you millions.