Creating Dummy Users in SAP 2903



  • I am new to this SOX compliance topic, but I have a quick and simple question regarding creating USERIDs in the SAP environment in particular. If we create dummy USERIDs in our system, does this violate any SOX compliance policies ?



  • SOX 404 standards specifically are silent on system or other non-user accounts. The key aspect is to ensure that ALL accounts are well protected from mis-use or any potential compromises. Certainly, SOX external auditors would want to know the reasons why these accounts exist and if they are truly needed – they should be well documented in advance.



  • You can Create a Dummy Users in SAP.If you want to do this then first you have to create a dummy order type which you use only for business purpose.You can create an order without using material.It will not be cost any for creating an order…



  • Thanks Jack for sharing and welcome to the forums 🙂
    and in all situations like this, it’s important to ‘document for the record’ and ensure controls are in place so that no accidental use occurrs. Documentation will also help define these special situations to auditors



  • As an ex-external auditor and a current internal auditor, Harrywaldron is right. Document the purpose of the dummy account and ensure that access is limited and that it is used for its intended purpose only. Perhaps if you can create some sort of transaction log or whatever to substantiate the use of the dummy account, that could help validate it. Dummy accounts and generic user accounts are hotbeds for fraud and can wreak havoc on internal controls, especially if those accounts have various levels of access over multiple processes that could create segregation of duties issues and such.



  • If you are trying to test something, why take the pain, just get it done in the sandbox or test environment.
    Else, as long as the process(documented) is followed, nothing to be worried about.
    Cheers


Log in to reply