RE:[sap-security] SAP SOD AUDIT REMEDIATION
Posted by
Admin at
Share this post:
|
0 Comments
Posted by Richard Cunnings on Apr 24 at 7:20 PM | Mark as helpful |
Hi Guys
A big thanks to Donn,Alex,Lee, bpoulos,& Chris , i really appreciate excellent input .
This is how the Audit was run by Deloitte they basically had a test user per Composite role, so our report has SOD's for each Composite,unfortunately they can not run it via a combination of Composite roles as this is some thing their tool can not do:-)
What would you guys advise regarding this matter? We need to know the risks via a combination of Composites as we do assign more than 1 Composite to some users.
Once again thanks Guys.
Richard
---------------Original Message---------------
From: Richard Cunnings
Sent: Friday, April 23, 2010 10:38 AM
Subject: SAP SOD AUDIT REMEDIATION
> Hi Guys
>
> We have just been audited by Deloitte via their EQsmart tool, we now have a spreadsheet with all the conflicts down to detailed level & T code, this spreadsheet needs to go out to the business but here are the problems;
>
> 1. Internal Auditors do not have much SAP Knowledge, what should we do?
> 2. How do we make the spreadsheet more comprehensible to the Business what do they just need to see?
> 3. Also the business & Internal Audit will find it difficult to label risks e.g. Low, High,, & Critical, any ideas ?
> 4. How should we record the role changes that wil be made via remediation?
>
> Cheers
> Richard C
__.____._ A big thanks to Donn,Alex,Lee, bpoulos,& Chris , i really appreciate excellent input .
This is how the Audit was run by Deloitte they basically had a test user per Composite role, so our report has SOD's for each Composite,unfortunately they can not run it via a combination of Composite roles as this is some thing their tool can not do:-)
What would you guys advise regarding this matter? We need to know the risks via a combination of Composites as we do assign more than 1 Composite to some users.
Once again thanks Guys.
Richard
---------------Original Message---------------
From: Richard Cunnings
Sent: Friday, April 23, 2010 10:38 AM
Subject: SAP SOD AUDIT REMEDIATION
> Hi Guys
>
> We have just been audited by Deloitte via their EQsmart tool, we now have a spreadsheet with all the conflicts down to detailed level & T code, this spreadsheet needs to go out to the business but here are the problems;
>
> 1. Internal Auditors do not have much SAP Knowledge, what should we do?
> 2. How do we make the spreadsheet more comprehensible to the Business what do they just need to see?
> 3. Also the business & Internal Audit will find it difficult to label risks e.g. Low, High,, & Critical, any ideas ?
> 4. How should we record the role changes that wil be made via remediation?
>
> Cheers
> Richard C
Copyright © 2010 Toolbox.com and message author.
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Related Content
In the Spotlight
_.____.__ White Papers
In the Spotlight
Toolbox.com for iPhone: Ask Questions & Get Answers Anywhere Use the New iPhone App