Big4Guy

Confessions, Thoughts, Observations and Musings of a Big4Guy

Big4Guy

Welcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.

Post details: SAP R/3 Security in the Sarbanes OXley Era - 7 Steps for Better SOX Compliance

01/22/06

Permalink 09:34:38 pm, Categories: Sarbanes Oxley, 181 words   English (US)

SAP R/3 Security in the Sarbanes OXley Era - 7 Steps for Better SOX Compliance

Post Sarbanes Oxley, focus for corporations is more on compliance and security. Sarbanes Oxley has had a major impact on the organizations using SAP R/3 as their ERP. Some of the changes seen in the corporate landsacpe include identifying and documenting processes, implementing controls and safeguards, documenting user access approvals etc. In short, there has been a cultural shift in organizations post Sarbanes Oxley. Below, I have listed 7 major pointers which can help organizations towards better SAP security in the Sarbanes Oxley Era.

SAPSarbanesOxleySecurity

1. Provide users access on a need to know and need to do basis.
2. Adequately secure programs, transactions and tables.
3. All user accesses to SAP R/3 are properly authorized and approved.
4. Segregation of duties is maintained for all sensitive business transactions
5. All controls and business processes are documented.
6. Anti-fraud preventive controls are in place to prevent & detect fraud before an audit.
7. User profiles and roles in SAP are secured and designed to meet business requirements.

Related Posts on Sarbanes Oxley >>

Sarbanes Oxley Project Management
Internal Control Report Contents
Criteria for Designing Internal Controls
Entity Level Controls for SOX

Permalink 1 comment

Comments:

Comment from: Robin-Jan de Lange [Visitor]
This is a good high level summary. The devil is in detail though. A tool that can help you with implementing these points on a continuous basis is the product suite from D2C Solutions.
More details at www.d2c.net
Permalink 04/04/06 @ 15:58

Official Websites

Categories


Archives

  • SAP Netweaver BI Business Intelligence Basics
  • SAP GRC Virsa Rule Sets Updates
  • SAP MM Requirements for Setting up Plant
  • Lessons Learned Log for ASAP Implementation
  • SAP Solution Configuration Realization Phase
  • SAP MDM Master Data Import Manager Loading Data into SAP MDM
  • Compliance Calibrator SOD Conflicts Remediation Strategy
  • SAP Workload Analysis Monitor Tools ST03N
  • SAP BW Data Staging Basics Tutorial
  • How to Implement BW Infoobject Level Security
  • SAP BW Admnistrator Authorizations S_RS_ADMWB
  • BIW Reporting Auth Objects S_RS_COMP
  • more...

    • Search

    Google

    Web Big4Guy.com

    January 2009
    Mon Tue Wed Thu Fri Sat Sun
    <<  <   >  >>
          1 2 3 4
    5 6 7 8 9 10 11
    12 13 14 15 16 17 18
    19 20 21 22 23 24 25
    26 27 28 29 30 31  

    Misc

    Syndicate this blog XML

    What is RSS?