|
|
|
| SAP Security Consulting |
|
|
 Security controls are one of the more complex areas in SAP. Due to increasing focus on corporate governance and various regulatory requirements like SOX/ J-SOX, SAP security and controls is receiving greater attention than ever before.
A typical SAP implementation involves significant changes in business process & IT infrastructure. This in turn has significant impact on the way security controls are managed and audits/ reviews are carried out within the organizations. From our experience, some of the critical security controls areas in SAP are as follows: |
|
 |
Authorizations & Segregation of Duties (SoD): SAP authorization concept allows users to perform their work while securing transactions and programs from unauthorized access. It is a complex and scalable concept where approximately 2,000 authorization objects controls access to more than 100,000 transactions. The authorization components include user master records, roles (single and composite), profiles, authorizations, authorization objects and field values (activity, organization value, etc) and can be customized to organization’s requirement. |
|
|
| |
MANTRAN provides assistance in quickly and efficiently scanning users’ access rights, identifying problem areas (including SoD), making detailed investigations and attempting to minimize the problem areas in your SAP security design. If required, we also assist in designing or redesigning user authorizations. |
|
Click Here to download SAP Authorizations Review and Design factsheet |
|
SoD ensures that no one individual has complete control over major phase of a process and is typically enforced through a combination of authorizations and mitigating manual controls. |
|
MANTRAN assists our clients throughout the SoD lifecycle – from design to implementation and ‘business as usual’ monitoring. Some of the key solutions in this area are as follows: |
| |
|
SoD framework design (SoDAssist) – including SoD matrix design, gap analysis and SoD remediation |
|
SoD review |
|
SoD tool selection. |
|
| |
Click Here to download Segregation of Duties (SoD) factsheet |
|
|
|
|
|
BASIS Controls: BASIS controls refer to various technical and general controls within SAP. This includes profile parameters (e.g., password controls, session security, auditing, etc), default super users, auditing (e.g., security audit logs, table logs, transaction usage logs, etc), client settings, change & transport system, etc.
MANTRAN provides assistance in implementing and reviewing BASIS controls to determine whether it enforces security controls while supporting your business requirements. |
|
| |
|
Business Process Controls: In SAP environment, several controls are automatically performed during data input – some of these are inherent while others are specifically configured during implementation (and are specific to an organization’s business requirements). For example, tolerance limits for three way match, PO approval hierarchy, field status, etc. Another critical area requiring management’s focus is controlling master data such as material master, vendor master and GL master (e.g., field status to ensure completeness, dual control to prevent unauthorized changes, match codes to prevent duplicate records, etc). This covers all the commonly used modules such as AA, CO, FI, HR, MM, PM, PP, PS and SD. |
| |
MANTRAN assists in conducting business process controls review and design. This may be performed as part of a pre- or post- SAP implementation review. MANTRAN also assists in controls automation to reduce the cost of implementing controls and compliance, and maximize the benefits of a well-controlled controls environment. We also assist our clients in identifying standard SAP exception reports, which can be utilized to improve business controls. |
|
| |
|
Policies & Procedures: SAP security policies and procedures communicate organization’s intent on security controls and provide consistent guidance to SAP support teams and business users and are an important part of any internal controls framework. |
| |
MANTRAN provides assistance in developing and reviewing SAP security policies and procedures. |
|
| |
|
Infrastructure controls: This focuses on security controls across the infrastructure supporting SAP application (i.e., operating system, database and network layers) and includes review and design of security settings (e.g., password controls, user & file permissions, security auditing, default users, firewall settings, use of SAPRouter, etc) for the infrastructure. |
| |
MANTRAN provides assistance in designing and reviewing SAP infrastructure controls. |
|
| |
|
Trainings: MANTRAN provides SAP security and controls training covering various areas mentioned above. Both public as well as corporate trainings are regularly conducted. These trainings include access to live SAP training system to make it more useful for the participants. The trainings are useful for your IT audit team, operational/ financial audit team, BASIS team, functional consultant and other users who have an interest in this area. Our training equips your team with understanding to enforce and review SAP security and controls. The trainings can be customized to suit your requirements. |
| |
Click Here to go to SAP security trainings page |
| |
Click Here to download SAP security & controls trainings factsheet |
| |
Click Here to download SAP business process controls trainings factsheet |
|
|
| In addition to the above areas, we also provide assistance in other areas such as data migration controls design & review, SAP implementation/ upgrade project management, project risk management, etc. We can also assist in assessing the integrity of data during transmission through system interfaces. |
|
| Click Here to download SAP Security Consulting factsheet |
|
|
|
|
|
