on 09-09-2009 9:28 AM
Hi experts,
I have question Dangerous APO and Transaction codes
Background :
We are in the process of implementing SOX controls for the new APO and BI Systems
Questions :
What are the Dangerous APO Transaction codes which should not be assigned to any one in Production system
What are the Dangerous BI Transaction codes which should not be assigned to any one in Production system
Additional Notes
System which we are having
APO
Version : SCM 5.0
BI
Version : BI 7.0
Praveen,
I am a puzzled that you would ask such a question.
Authorizations ALWAYS derive from requirements. In this case, Sarbanes-Oxley speaks of control mechanisms. Your SOX auditors should tell you what they consider to be critical, and they should advise the client company as to which transactions should be controlled, and how best to control them.
There is no transaction that should be disallowed to everyone. That would eventually make the system unusable. The question is, "how many people should have these critical transactions, and how should the execution of these transactions be monitored and controlled".
Generally, the APO portion of SCM should require less SOX controls than ERP, since APO is mostly a planning system, and not an execution system (there are some exceptions here though). Likewise, the BI portion of SCM usually contains no financial reports, and therefore should have relaxed controls over, say, the main BI instance used by your company.
Don't make the mistake of strangling yourself to satisfy your perception of what you think an auditor may require. Make them tell you the minimum requirements for compliance. Anything beyond minimum compliance with SOX is costly. This question is then a matter of your company's policies. I usually vote for 'no additional restrictions' (but my poor vote doesn't usually count for much).
Rgds,
DB49
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Praveen,
Your question is too subjective & descriptive to answer.
You can derive the role based transactions based on
the following aspects:-
1) Administration related transactions
(Includes BASIS, Security, Roles, authorisations, controlling, etc.,)
2) Integration related transactions
(Model creation, activation, deletion)
3) Job scheduling transactions
4) Master Data maintenance transactions
5) Deletion of Master Data & transactional data transactions
6) Livecache related transactions (like cons checks, database etc.,)
Regards
R. Senthil Mareeswaran.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
8 | |
4 | |
3 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.