Use of Role Based AIS for Technical System Auditing at DuPont Chris Leeder DuPont Chris Carr SAP Session: 509.

Slides:



Advertisements
Similar presentations
SBS Vendor Management™
Advertisements

“The Honeywell Web-based Corrective Action Solution”
Presentation by Priyanka Sawarkar
Near East Plant Protection Network for Regional Cooperation & Knowledge Sharing Food and Agriculture Organization of the United Nations An Overview on.
Users & Authorization Users must be setup and roles assigned to user master records before you can use the SAP System. A user can only log on to the system.
State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.
0 UMN 2011 ERP Terapan SAP BASIS General Concept Session # 3.
Planning for Certification in Plan your project In this presentation we present the tasks that must be completed in order to achieve certification.
DEPARTMENT OBJECTIVES 1. To Identify and deploy information technology to meet business objective at CKPL. 2.To Provide support to users for systems usage.
Panel Discussion on an APO Implementation Tom Bailey, Wyeth Pharmaceuticals Steve Desirey, DuPont Lori Schock, Dow Corning Anand Sundar, Infinite Strategies.
Copyright © 2003 Americas’ SAP Users’ Group Custom Archiving 101 Session Code 108 Karin Tillotson Sr. Basis Administrator Tuesday, May 20 th, 2003.
Get Detailed with SAP Expense Planning Wayne Kirkendall Session Code 1610 GB Enterprises.
Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.
Copyright © 2003 Americas’ SAP Users’ Group Authorizations in the Finance & Controlling Modules Ranvir Singh, Sherman Wright Business Analysts, LSI LOGIC.
3108: Enterprise Upgrade Lessons Learned
22000 Food Safety Management Systems
#4502 – Streamlining the Physical Inventory Process Using a Custom Solution.
University of Southern California Enterprise Wide Information Systems Instructor: Richard W. Vawter.
Implementation Audit and Control Background Internal Audit Role Go-Live Criteria Audit Approach - Systems Audit Approach - People Summary Agenda.
Copyright © 2003 Americas’ SAP Users’ Group Segregation of Duties (SOD) Strategies, Techniques, and Tools Christopher Lane Manager – PricewaterhouseCoopers.
1 Meeting the Reporting Challenges at International Paper.
 SAP AG 2000 FAQ.ppt / 1 FAQ LSMW Frequently Asked Questions concerning LSMW.
Computer Security: Principles and Practice
Introduction to SAP R/3.
Continuous Auditing Applications for SAP/R3 Vincent Rykes City of Edmonton.
Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.
Agricultural Biotechnology Network for Regional Collaboration and Knowledge Sharing Food and Agriculture Organization of the United Nations An Overview.
SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.
The Internetworked E-Business Enterprise
PMP® Exam Preparation Course
ENVIROTRAC: A Premier Chamber Monitoring and Data Acquisition System Envirotrac A Guided Tour.
AQS Web Quick Reference Guide Changing Raw Data Values Using Maintenance 1. From Main Menu, click Maintenance, Sample Values, Raw Data 2. Enter monitor.
Copyright (c) 2005 Uruhun, Inc. Complete Contact CRM Your Distribution Business NEEDS Complete Contact Management.
1.  Describe an overall framework for project integration management ◦ RelatIion to the other project management knowledge areas and the project life.
Building Quality into Web Applications - Meeting the Challenges of Testing and Usability Paula Duchnowski CQA, CSTE (608)
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
1-1 System Development Process System development process – a set of activities, methods, best practices, deliverables, and automated tools that stakeholders.
Current and Future Applications of the Generic Statistical Business Process Model at Statistics Canada Laurie Reedman and Claude Julien May 5, 2010.
1 Thank you for visiting our site and welcome to the “Introduction to ISO 22000” Presentation that you requested. For more information.
Developing Policy and Procedure Management System إعداد برنامج سياسات وإجراءات العمل 8 Safar February 2007 HERA GENERAL HOSPITAL.
Master Data Management & Microsoft Master Data Services Presented By: Jeff Prom Data Architect MCTS - Business Intelligence (2008), Admin (2008), Developer.
] COREY PEARSON [ ASUG INSTALLATION MEMBER MEMBER SINCE: 2008 CHAVONE JACOBS [ ASUG INSTALLATION MEMBER MEMBER SINCE: 2003 ALLAN FISHER [ ASUG INSTALLATION.
ATUL PATANKAR [ ASUG INSTALLATION MEMBER MEMBER SINCE: 2000 LINDA WILSON [ ASUG INSTALLATION MEMBER MEMBER SINCE: 1999 JUERGEN LINDNER [ SAP POINT OF CONTACT.
Workforce Scheduling Release 5.0 for Windows Implementation Overview OWS Development Team.
Suwatchai Chitphakdeebodin, MScAll Rights Reserved Class 12 Training Concept I.T. Project Implementation Practice.
HRMS Implementation Project HRMS Security Overview Module.
Chapter 5 Managing Multi-user Databases 1. Multi-User Issues Database Administration Concurrency Control Database Security Database Recovery Page 307.
3M Partners and Suppliers Click to edit Master title style USER GUIDE Supplier eInvoicing USER GUIDE The 3M beX environment: Day-to-day use.
SAP R/3 User Administration1. 2 User administration in a productive environment is an ongoing process of creating, deleting, changing, and monitoring.
1  Tata consultancy services Bank and Cash Transactions (Accounts Payable)
SAP GRC(Governance Risk and Compliance)/SECURITY ONLINE TRAINING  Magnific Name : SAP GRC/SECURITY 24*7 Technical support  faculty : Real time Experience.
SAP Security Online Training Online | classroom| Corporate Training | certifications | placements| support CONTACT US: MAGNIFIC TRAINING INDIA
 Andersen Consulting IM01 - Organizational Structure & Master Data in IM November, 2000.
Office 365 Security Assessment Workshop
Chapter 11: Software Configuration Management
SAP GRC(Governance Risk and Compliance)/SECURITY ONLINE TRAINING UK
Auditing Information Technology
ServiceNow Implementation Knowledge Management
Managing Multi-user Databases
Description of Revision
Week Thirteen – Continuous Auditing/CAATs and QA/QC
Week Thirteen – CAATs & Continuous Auditing
HP Quality Center 10 Hottest Features and Project Harmonization
Course: Module: Lesson # & Name Instructional Material 1 of 32 Lesson Delivery Mode: Lesson Duration: Document Name: 1. Professional Diploma in ERP Systems.
Chapter 11: Software Configuration Management
BCS Template Presentation February 22, 2018
{Project Name} Organizational Chart, Roles and Responsibilities
Technology Maintenance
Presentation transcript:

Use of Role Based AIS for Technical System Auditing at DuPont Chris Leeder DuPont Chris Carr SAP Session: 509

Introduction DuPont Company Overview DSAP Project Overview DSAP Architecture AIS Background Role Based AIS Benefits and Next Steps

The DuPont Company Based in Wilmington, Delaware: operates in more than 70 countries 2002 Sales were $24 Billion Total Assets are $35 Billion 79,000 Employees, about half are outside of the United States 200+ years Consists of 5 business platforms Agriculture & Nutrition Coatings & Color Technology Electronic & Communication Technologies Performance Materials Safety & Protection

What is DSAP? The Organization put in place to successfully complete the SAP implementation and eventually support the application run activities.

Discovery & Evaluation DSAP Leverages ASAP Discovery & Evaluation 1 Project Preparation 2 Business Blueprint 3 4 5 Realization Final Preparation Go Live & Support Deliverables: ……… ………… ………………. QC Prepare Execute Next Phase Plan Train Kickoff Monitor progress against deliverables

DSAP Architecture

KPMG Deutsche Treuhand-Gesellschaft AIS Background Created by an SAP user group for internal and eternal auditors. Auditing firms provided the initiative for creating audit-supporting tools for the R/3 environment. Arthur Andersen Bansbach Schübel Brösztl & Partner KPMG Deutsche Treuhand-Gesellschaft Price Waterhouse Coopers Ernst & Young Deutsche Allgemeine Treuhand AG SAP User Groups Internal auditors from various companies

A I S AIS Overview AIS is the Toolbox for . . . Internal Auditors External Auditors System Auditors Data Security Officers

AIS Overview SAP System Audit Business Audit G/L IS Audit IS Development Audit IS Customer IS User/Security Vendor IS System Admin Assets IS Security guide ----------- SAP Audit guideline ---------- User group BC940 AC900 BC680

Frequently asked questions AIS Overview Information retrieval using Existing R/3 programs Checklist for system audit FAQ Frequently asked questions Who is permitted to ...?

Why AIS ? To ensure compliance with project standards created by DSAP for: System Administration Design and Configuration Security and Controls Monitor Progress against deliverables

Role Based AIS The role based AIS “Audit Information System” consists of several single end user roles.   In order to work with the AIS, the auditor needs a user in the SAP System with the relevant single roles assigned to his user master record. Note: The menus do not have authorization values. The authorization roles contain authorization values but no menu.

Role Based AIS Until SAP Release 4.6C, AIS was realized using a menu technique (transaction SECR). As of SAP Release 4.6, AIS is part of the SAP Standard System As of SAP Release 4.6C (Support Package SAPKH46C27), the technical implementation of AIS in the program has been changed to a role-based maintenance environment (transaction PFCG). Additional development of AIS will only be carried out in this new environment.

Role Based AIS A I S SAP Auditor To facilitate working with the AIS, the auditor needs a user in the SAP System. This user master record requires a wide range of display authorizations. Several single roles have been defined for the AIS. These single roles are divided into two groups: Transaction roles (SAP_AUDITOR*) Authorization roles (SAP_CA_AUDITOR*) Installation recommendation: SAP Note 0 451 960 Auditor SAP

Role Based AIS The authorization roles required for these menus are documented in PFCG. (Pull up the menu role and read the info in the description tab)  

Role Based AIS AIS – Single roles Copy / Modification . . . SAP_AUDITOR_ADMIN SAP_AUDITOR_BA_ORGA Y_AUDITOR_BA_ORGA SAP_AUDITOR_BA_FI_GL Y_AUDITOR_BA_FI_GL SAP_AUDITOR_BA_FI_AA SAP_AUDITOR_BA_FI_AR Y_AUDITOR_BA_FI_AR SAP_AUDITOR_BA_FI_AP Y_AUDITOR_BA_FI_AP . . . SAP_CA_AUDITOR_APPL_ADMIN SAP_CA_AUDITOR_SYSTEM Y_CA_AUDITOR_SYSTEM SAP_CA_AUDITOR_HR SAP_CA_AUDITOR_APPL

Role Based AIS

Data Collection Strategy using MS Excel: Role Based AIS - Data Collection Data Collection Strategy using MS Excel: The transaction roles contain a menu tree, from which the data collection XLS worksheets will be derived. This menu will occupy the leftmost column of the spreadsheet and will be a copy of the AIS menu being executed in the SAP system.   Example: Run menu item, report or transaction ,check against inputs column, then record results in the Results/Observations column on the data collection worksheet.

Role Based AIS - Data Collection Worksheets

The following sources are used for reference: Role Based AIS- Supporting Documentation Reference(s): The following sources are used for reference: 1-DSAP- Documentation, and Position Papers 2-SAP Security Guide and Checklist 3-AIS System Audit Guide 4-SAP Online Service System (OSS)  

Role Based AIS- Summary The auditor will execute the transactions in the SAP provided role based AIS menus, and compare findings with the standards defined in the "inputs" field on the data collection spreadsheet.   Additional documents such as the output list of a report or transaction are saved on a network directory or a lotus notes database.

Role Based AIS –Benefits The use of role based AIS has provided benefits in the following areas Standardized audit format Easy to create and maintain security access/privileges for audit team Shorter audit time frames with custom front end Ease of customization Preventative Maintenance Identify gaps across systems via the data collection worksheets

Role Based AIS –Benefits , cont

Role Based AIS –Next Steps The repository auditor role will be used to review compliance with DSAP standards for development and maintenance of technical objects. The repository audit will focus on the following areas: Table Authorization Groups Table logging for critical tables Changes Repository Objects Repairs

Role Based AIS –Next Steps The Users and Authorizations auditor role will be used to review compliance with DSAP standards for development and maintenance of SAP users and security objects. The User and Authorization audit will focus on the following areas: Users and Authorizations Role Administration Central User Administration Security Profile Parameters

Role Based AIS –Next Steps Data Collection Worksheets in Lotus Notes: Shared Access to Audit Findings Links to Supporting Documentation Workflow Permanent record of audit results “Real time AIS” Collaboration

Role Based AIS - Next Steps SAP System Audit Business Audit G/L IS Audit IS Development IS Audit IS Customer IS User IS Vendor IS Assets IS Security guide ----------- SAP Audit guideline ---------- User group BC940 AC900 BC680

Thank you for attending! Please remember to complete and return your evaluation form following this session. Session Code: 509

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.