Dear Suddu,

SOX is useful for Security, Compliance, or Audit.

Sarbanes-Oxley Act (SOX) in the United States, to Bill 198 in Canada, to Japan‘s Financial Instruments and Exchange Law (the so-called J-SOX), the current regulatory environment worldwide is one that demands that enterprises take

every step to ensure the integrity of their finances, their data, their processes, and their employees. Central to this is the need to control access to corporate information, functions, and processes and to ensure that there is comprehensive segregation of duties (SoD) across the entire enterprise and at all levels of corporate functioning.

Post Sarbanes Oxley, focus for corporations is more on compliance and security. Sarbanes Oxley has had a major impact on the organizations using SAP R/3 as their ERP. Some of the changes seen in the corporate landsacpe include identifying and documenting processes, implementing controls and safeguards, documenting user access approvals etc. In short, there has been a cultural shift in organizations post Sarbanes Oxley. Below, I have listed 7 major pointers which can help organizations towards better SAP security in the Sarbanes Oxley Era.

1. Provide users access on a need to know and need to do basis.

2. Adequately secure programs, transactions and tables.

3. All user accesses to SAP R/3 are properly authorized and approved.

4. Segregation of duties is maintained for all sensitive business transactions

5. All controls and business processes are documented.

6. Anti-fraud preventive controls are in place to prevent & detect fraud before an audit.

7. User profiles and roles in SAP are secured and designed to meet business requirements.

/people/alexander.obe/blog/2007/03/03/j-sox

http://www.sap.com/solutions/business-suite/erp/financials/sox.epx

Regards,

Naveen.