SAP Sarbanes-Oxley 51
-
I am trying to find specifics regarding Sarbanes-Oxley and how it impacts SAP security. How should one go about auditing an SAP security and authorizations to ensure it is S-O compliant. I have read a lot of overviews of the S-O act, but cannot find specifics. Is there any material I can review to assist me?
Thank you in advance…
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
Please refer to this document [isaca.org/Template.cfm?Section=Home-and-Template=/ContentManagement/ContentDisplay.cfm-and-ContentID=12406], called ‘IT control objectives for sarbanes-oxley’. That might be helpful.
-
The question was specific to SAP security - the document linked is too broad top provide anty specific help.
Are there SAP practitioners out there who have specific tips on the security and how to make it compliant for SOX.
-
There is no SPECIFIC answer to this, there is no standard configuration of SAP that results in SOx compliance.
You have to apply judgement in relation to the specifics of your business using an appropriate framework such as CobIT. CobIT tells you the areas you need to address, it is for the business to decide how to do so.
That said. ISACA also have a document about Audit, Control and Security of SAP which may help you address some of those areas.
-
SAP does sell a SOX compliance module / tool. Don’t know much detail about it but it might be worthwhile contacting them. They may even a white paper or something that could give you all the marketting hypw you can handle and maybe even a place to start in your considerations.