Review Audit Security And Control Of Core Modules

What to review the audit, security, and control Of the core modules?

1. Review or document the workflow of the application. 

2. Identify key exposures within the workflow. 

3. Determine if adequate controls exist to mitigate the identified exposures. 

4. Access Control

  • Review all users that have access to the application and ensure that they require this level of access. 
    • Signon Access
    • Menu Level Access
    • File Level Access
  • Review User ID associated with the data file to ensure that only authorized users are allowed access to the data. 
  • Test the invalid attempts for userid and password
  • Obtain a copy of the corporate security standards. Determine if a user can log on directly to NT, Unix, Oracle or DB2 without going through the initial logon process.
  • Review all default users to ensure that proper security and control is maintained.
  • Review the security administration of: 
    • adding users
    • deleting users
    • updating user information
    • password construction
  • Determine who is the system administrator for the application and how many of these administrators are assigned to the application. 

5. Integrity Checking

  • Evaluate sensitive or critical on-line transactions to ensure that they perform according to the established integrity standards. 
  • Evaluate sensitive or critical batch jobs to ensure that they perform according to the established integrity standards. 
6. Evaluate any sensitive or critical derived data to ensure that it is created according to the established integrity standards.
  • Review the final edit process to ensure the integrity of the process
  • Review all system interfaces to determine that data integrity is properly maintained. 
7. Evaluate the outputs of the system to ensure that sensitive or critical output is properly handled. 

8. Evaluate any recent application failures to ensure that an adequate contingency plan exist. 

9. Evaluate several recent application changes to ensure that proper procedures were followed. 

10. Evaluate the level of system documentation to ensure that it is adequate. 

11. Interview the user to ensure that they are satisfied with the current system and that it meets the organizationís business needs. 

12. Review the management reports to see if additional reports are needed: 

13. Determine if any back doors exist in the system 

  • Unix
  • Oracle
  • Informix
  • DB2
  • NT 
  • SAP 


See Also
Establishing Company Security Policy

Get help for your Basis problems
Do you have a SAP Basis Question?

SAP Basis Admin Books
SAP System Administration, Security, Authorization, ALE, Performance Tuning Reference Books

SAP Basis Tips
SAP BC Tips and Basis Components Discussion Forum

Administration In SAP - Sapgui, Unix, SAP ITS, Router, Client Copy and IDES 

Main Index
SAP ERP Modules, Basis, ABAP and Other IMG Stuff

All the site contents are Copyright © and the content authors. All rights reserved.
All product names are trademarks of their respective companies.  The site is in no way affiliated with SAP AG. 
Every effort is made to ensure the content integrity.  Information used on this site is at your own risk. 
 The content on this site may not be reproduced or redistributed without the express written permission of or the content authors.