Presentation is loading. Please wait.

Presentation is loading. Please wait.

Use of Role Based AIS for Technical System Auditing at DuPont Chris Leeder DuPont Chris Carr SAP Session: 509.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Use of Role Based AIS for Technical System Auditing at DuPont Chris Leeder DuPont Chris Carr SAP Session: 509."— Presentation transcript:

1 Use of Role Based AIS for Technical System Auditing at DuPont Chris Leeder DuPont Chris Carr SAP
Session: 509

2 Introduction DuPont Company Overview DSAP Project Overview
DSAP Architecture AIS Background Role Based AIS Benefits and Next Steps

3 The DuPont Company Based in Wilmington, Delaware: operates in more than 70 countries 2002 Sales were $24 Billion Total Assets are $35 Billion 79,000 Employees, about half are outside of the United States 200+ years Consists of 5 business platforms Agriculture & Nutrition Coatings & Color Technology Electronic & Communication Technologies Performance Materials Safety & Protection

4 What is DSAP? The Organization put in place to successfully complete the SAP implementation and eventually support the application run activities.

5 Discovery & Evaluation
DSAP Leverages ASAP Discovery & Evaluation 1 Project Preparation 2 Business Blueprint 3 4 5 Realization Final Preparation Go Live & Support Deliverables: ……… ………… ………………. QC Prepare Execute Next Phase Plan Train Kickoff Monitor progress against deliverables

6 DSAP Architecture

7 KPMG Deutsche Treuhand-Gesellschaft
AIS Background Created by an SAP user group for internal and eternal auditors. Auditing firms provided the initiative for creating audit-supporting tools for the R/3 environment. Arthur Andersen Bansbach Schübel Brösztl & Partner KPMG Deutsche Treuhand-Gesellschaft Price Waterhouse Coopers Ernst & Young Deutsche Allgemeine Treuhand AG SAP User Groups Internal auditors from various companies

8 A I S AIS Overview AIS is the Toolbox for . . . Internal Auditors
External Auditors System Auditors Data Security Officers

9 AIS Overview SAP System Audit Business Audit G/L IS Audit IS
Development Audit IS Customer IS User/Security Vendor IS System Admin Assets IS Security guide SAP Audit guideline User group BC940 AC900 BC680

10 Frequently asked questions
AIS Overview Information retrieval using Existing R/3 programs Checklist for system audit FAQ Frequently asked questions Who is permitted to ...?

11 Why AIS ? To ensure compliance with project standards created by DSAP for: System Administration Design and Configuration Security and Controls Monitor Progress against deliverables

12 Role Based AIS The role based AIS “Audit Information System” consists of several single end user roles. In order to work with the AIS, the auditor needs a user in the SAP System with the relevant single roles assigned to his user master record. Note: The menus do not have authorization values. The authorization roles contain authorization values but no menu.

13 Role Based AIS Until SAP Release 4.6C, AIS was realized using a menu technique (transaction SECR). As of SAP Release 4.6, AIS is part of the SAP Standard System As of SAP Release 4.6C (Support Package SAPKH46C27), the technical implementation of AIS in the program has been changed to a role-based maintenance environment (transaction PFCG). Additional development of AIS will only be carried out in this new environment.

14 Role Based AIS A I S SAP Auditor
To facilitate working with the AIS, the auditor needs a user in the SAP System. This user master record requires a wide range of display authorizations. Several single roles have been defined for the AIS. These single roles are divided into two groups: Transaction roles (SAP_AUDITOR*) Authorization roles (SAP_CA_AUDITOR*) Installation recommendation: SAP Note Auditor SAP

15 Role Based AIS The authorization roles required for these menus are documented in PFCG. (Pull up the menu role and read the info in the description tab)

16 Role Based AIS AIS – Single roles Copy / Modification . . .
SAP_AUDITOR_ADMIN SAP_AUDITOR_BA_ORGA Y_AUDITOR_BA_ORGA SAP_AUDITOR_BA_FI_GL Y_AUDITOR_BA_FI_GL SAP_AUDITOR_BA_FI_AA SAP_AUDITOR_BA_FI_AR Y_AUDITOR_BA_FI_AR SAP_AUDITOR_BA_FI_AP Y_AUDITOR_BA_FI_AP . . . SAP_CA_AUDITOR_APPL_ADMIN SAP_CA_AUDITOR_SYSTEM Y_CA_AUDITOR_SYSTEM SAP_CA_AUDITOR_HR SAP_CA_AUDITOR_APPL

17 Role Based AIS

18 Data Collection Strategy using MS Excel:
Role Based AIS - Data Collection Data Collection Strategy using MS Excel: The transaction roles contain a menu tree, from which the data collection XLS worksheets will be derived. This menu will occupy the leftmost column of the spreadsheet and will be a copy of the AIS menu being executed in the SAP system. Example: Run menu item, report or transaction ,check against inputs column, then record results in the Results/Observations column on the data collection worksheet.

19 Role Based AIS - Data Collection Worksheets

20 The following sources are used for reference:
Role Based AIS- Supporting Documentation Reference(s): The following sources are used for reference: 1-DSAP- Documentation, and Position Papers 2-SAP Security Guide and Checklist 3-AIS System Audit Guide 4-SAP Online Service System (OSS)

21 Role Based AIS- Summary
The auditor will execute the transactions in the SAP provided role based AIS menus, and compare findings with the standards defined in the "inputs" field on the data collection spreadsheet. Additional documents such as the output list of a report or transaction are saved on a network directory or a lotus notes database.

22 Role Based AIS –Benefits
The use of role based AIS has provided benefits in the following areas Standardized audit format Easy to create and maintain security access/privileges for audit team Shorter audit time frames with custom front end Ease of customization Preventative Maintenance Identify gaps across systems via the data collection worksheets

23 Role Based AIS –Benefits , cont

24 Role Based AIS –Next Steps
The repository auditor role will be used to review compliance with DSAP standards for development and maintenance of technical objects. The repository audit will focus on the following areas: Table Authorization Groups Table logging for critical tables Changes Repository Objects Repairs

25 Role Based AIS –Next Steps
The Users and Authorizations auditor role will be used to review compliance with DSAP standards for development and maintenance of SAP users and security objects. The User and Authorization audit will focus on the following areas: Users and Authorizations Role Administration Central User Administration Security Profile Parameters

26 Role Based AIS –Next Steps
Data Collection Worksheets in Lotus Notes: Shared Access to Audit Findings Links to Supporting Documentation Workflow Permanent record of audit results “Real time AIS” Collaboration

27 Role Based AIS - Next Steps
SAP System Audit Business Audit G/L IS Audit IS Development IS Audit IS Customer IS User IS Vendor IS Assets IS Security guide SAP Audit guideline User group BC940 AC900 BC680

28 Thank you for attending!
Please remember to complete and return your evaluation form following this session. Session Code: 509

Download ppt "Use of Role Based AIS for Technical System Auditing at DuPont Chris Leeder DuPont Chris Carr SAP Session: 509."

Similar presentations

SBS Vendor Management™

SBS Vendor Management™
“The Honeywell Web-based Corrective Action Solution”

“The Honeywell Web-based Corrective Action Solution”
Presentation by Priyanka Sawarkar

Presentation by Priyanka Sawarkar
Near East Plant Protection Network for Regional Cooperation & Knowledge Sharing Food and Agriculture Organization of the United Nations An Overview on.

Near East Plant Protection Network for Regional Cooperation & Knowledge Sharing Food and Agriculture Organization of the United Nations An Overview on.
Users & Authorization Users must be setup and roles assigned to user master records before you can use the SAP System. A user can only log on to the system.

Users & Authorization Users must be setup and roles assigned to user master records before you can use the SAP System. A user can only log on to the system.
State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.

State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.
0 UMN 2011 ERP Terapan SAP BASIS General Concept Session # 3.

0 UMN 2011 ERP Terapan SAP BASIS General Concept Session # 3.
Planning for Certification in 2014. Plan your project In this presentation we present the tasks that must be completed in order to achieve certification.

Planning for Certification in Plan your project In this presentation we present the tasks that must be completed in order to achieve certification.
DEPARTMENT OBJECTIVES 1. To Identify and deploy information technology to meet business objective at CKPL. 2.To Provide support to users for systems usage.

DEPARTMENT OBJECTIVES 1. To Identify and deploy information technology to meet business objective at CKPL. 2.To Provide support to users for systems usage.
Panel Discussion on an APO Implementation Tom Bailey, Wyeth Pharmaceuticals Steve Desirey, DuPont Lori Schock, Dow Corning Anand Sundar, Infinite Strategies.

Panel Discussion on an APO Implementation Tom Bailey, Wyeth Pharmaceuticals Steve Desirey, DuPont Lori Schock, Dow Corning Anand Sundar, Infinite Strategies.
Copyright © 2003 Americas’ SAP Users’ Group Custom Archiving 101 Session Code 108 Karin Tillotson Sr. Basis Administrator Tuesday, May 20 th, 2003.

Copyright © 2003 Americas’ SAP Users’ Group Custom Archiving 101 Session Code 108 Karin Tillotson Sr. Basis Administrator Tuesday, May 20 th, 2003.
Get Detailed with SAP Expense Planning Wayne Kirkendall Session Code 1610 GB Enterprises.

Get Detailed with SAP Expense Planning Wayne Kirkendall Session Code 1610 GB Enterprises.
Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.

Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.
Copyright © 2003 Americas’ SAP Users’ Group Authorizations in the Finance & Controlling Modules Ranvir Singh, Sherman Wright Business Analysts, LSI LOGIC.

Copyright © 2003 Americas’ SAP Users’ Group Authorizations in the Finance & Controlling Modules Ranvir Singh, Sherman Wright Business Analysts, LSI LOGIC.
3108: Enterprise Upgrade Lessons Learned

3108: Enterprise Upgrade Lessons Learned
22000 Food Safety Management Systems

22000 Food Safety Management Systems
#4502 – Streamlining the Physical Inventory Process Using a Custom Solution.

#4502 – Streamlining the Physical Inventory Process Using a Custom Solution.
University of Southern California Enterprise Wide Information Systems Instructor: Richard W. Vawter.

University of Southern California Enterprise Wide Information Systems Instructor: Richard W. Vawter.
Implementation Audit and Control Background Internal Audit Role Go-Live Criteria Audit Approach - Systems Audit Approach - People Summary Agenda.

Implementation Audit and Control Background Internal Audit Role Go-Live Criteria Audit Approach - Systems Audit Approach - People Summary Agenda.
Copyright © 2003 Americas’ SAP Users’ Group Segregation of Duties (SOD) Strategies, Techniques, and Tools Christopher Lane Manager – PricewaterhouseCoopers.

Copyright © 2003 Americas’ SAP Users’ Group Segregation of Duties (SOD) Strategies, Techniques, and Tools Christopher Lane Manager – PricewaterhouseCoopers.

Similar presentations

Ads by Google