SAP R/3 Basis Application Infrastructure - Audit Program and Testing Procedures

This audit program is designed to help audit, risk and security professionals facilitate the review of SAP R/3 Basis Application Infrastructure component. This audit program will help you identify any inherent risks related to SAP security, minimize exposure to such risks, ensure that necessary controls are in place and operate effectively, and ascertain reliability of the SAP R/3 Basis Application Infrastructure component.

The audit program is based on the latest auditing standards. It contains a comprehensive listing of control objectives & suggested controls to meet the objectives. It also contains detailed testing procedures, rather than generic descriptions of the controls & the tests to be performed. You'll get the step-by-step instructions on extracting configurable options & user access reports from the system in support of individual control activities. The purpose of the testing instructions is to enable anyone to execute the tests and evaluate risks and controls in the SAP R/3 environment.

*NOTE* See below for more details. Also, use "preview" icon to take a look inside (view a part of the audit program) to ensure it's right for you.

Audit Programs

Preview SAP Basis Security Audit Program

This Basis Application Infrastructure audit program contains 46 tests designed to evaluate adequacy of the key configuration settings and assess appropriateness of access to a variety of sensitive basis transactions in SAP R/3, including:

Auditing batch job and background session processing and administration functions in SAP R/3:

Batch scheduling and batch processing authorizations in SAP R/3
Ability to delete jobs of other users
Ability to administer background sessions in SAP R/3
Ability to schedule jobs under different user IDs
Access to the batch input management functionality in SAP R/3
Monitoring procedures to identify processing errors and/or issues & much more.

Auditing end-user authorization and administration functions in SAP R/3:

Access to maintain roles, authorizations and authorization profiles
Access to maintain the assignment of the authorization objects to transactions
User master record maintenance in SAP R/3
Access to assign roles or profiles to users
Controls to ensure access to the SAP R/3 system is authorized by management
Controls to ensure access to the SAP R/3 is disabled for employees who no longer require such access, etc.

Auditing safeguards against unauthorized access to or modifications of programs and data:

Access to edit and execute programs online and in the background
Access to modify table content in SAP R/3, including critical systems tables or security tables and client-independent tables
Access to maintain SAP R/3 Data Dictionary
Security of the custom tables, custom programs, and custom transactions, etc.

Auditing implementation and administration of the system configuration & security settings:

Access to maintain/configure application server parameters
User access to maintain instances
Configuration of the SAP R/3 password parameters
Security of the vendor supplied user IDs
Access restriction to the powerful SAP R/3 profiles
Locking critical and sensitive transaction codes
Security of the remote access to/from the system, including interface communications, etc.

Auditing change management and control:

System configuration to enforce appropriate change management process to prevent changes made directly in production
Ensuring that SAP R/3 system landscape supports separation of production environment from development environment
Access policies over transports
Security of the developer keys
Controls to ensure that access to develop programs is not allocated in production and more.

Everything has been conveniently pre-documented with fill-in fields for company-specific information (entity name, date, data extracted from the system, etc.) which will allow you to proceed with your assessment immediately.

Please refer to the "preview" icon above to take a look inside (view a part of the audit program) to ensure it's right for you.

Price: $40.00 (Instant Download)