RE:[sap-security] SAP Segregation of Duties for Small Companies

Posted by Admin at

Share this post:

0 Comments

Posted by m14545 (Auditor)
on Aug 31 at 4:57 AM

Mark as helpful

I think that what Lee meant by writiing "Sarbanes-Oxley control inventory" is that:
-if you have some SOx controls referring to SoD, then you must implement them into your SoD matrix.
-if you have some mitigating controls (IT dependent) for your controls, then they should be registered as SOx controls (at least most of financial/external auditors require that).
One more remark. If your Calibrator is out-of-the-box, then you should definitely review its configuration against Company's processes (not all default risks, then conflicts will definitely apply) and complete the list of standard transactions with customs ones (Z*). You should also review the custom programs as they sometimes allow users to perform activities critical from the SoD point-of-view.
Regards,
M.

__.____._

Copyright © 2009 CEB Toolbox, Inc. and message author.

Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251

Related Content

White Papers

Governance, Risk and Compliance - Realizing the Value

The Role of Security Management in Achieving "Continuous Compliance"

More White Papers...

In the Spotlight

Share Knowledge About SAP Scripting. Join the New Discussion Group

View this thread online
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion

_.____.__

SAP Library - Find your answers

Grab this WidgetYou can show more than 5 recent posts using this simple blogger widget by Nitesh KOthari at Wolverine Hakcs.

Click on more Feeds rss Most Popular

More ?This is SAP books Best Buy section. Click on the pics below to check more on the best SAP books.

Click on more to know more about such productsSAP Chat Room

More ?These are the Recommended products from SAP OSS Notes Team

Click on more to see more such downloadsRecommended