picture of Prof. Dr. Nick Gehrke

written by

Prof. Dr. Nick Gehrke

This blog post is about three interesting data indicators, that are analyzing your SAP access protection. Of course, this often involves the authorization system in SAP.

 

Part 4 of the series: "The digital Audit for Cross Process Weaknesses"

1. How the digital audit for cross process weaknesses works
2. Smart strategies to automatically audit master data and payments
3. Quick Guide: Auditing principles of orderly bookkeeping
4. What no one tells you about automatic analytics of SAP access protection
5. 3 top indicators for auditing process plausibility
6. A complete guide to Professional Judgement...

 

Before you proceed reading on the details of the indicators, I would recommend you read the concept of indicators first.

 

Three Top Indicators for SAP access protection

Every indicator is associated with a process, a process area, an audit objective and a risk respectively. In the following, three selected indicators in the area of SAP access protection are presented. 

In total, I have developed and implemented 20 indicators for the area of cross processes. You can download the details about all cross process indicators here.

 

Download pdf

 

Operations done by super users

This indicator aims at identifying restricted access.

There is the risk of fraudulent activities, because one user could perform two critical transactions due to comprehensive access rights.

The criteria for this indicator is:

The document was marked because it was performed by a user possessing standard SAP privileged access rights.

 

A single user did the complete business process

This indicator aims at identifying restricted access.

There is a high fraud risk if the entire sequence is done by one individual.

The criteria for this indicator is:

All documents of a sequence that have been done completely by the same user are marked.

 

Documents without users

This indicator aims at identifying compliance and correctness.

There is the risk that a transaction cannot be traced back to a user.

The criteria for this indicator is:

The document was marked because the user field is empty.

 

Comments