Yearly Data owner review listing

0 pts.
Tags:
Auditing
Biometrics
Digital certificates
Features/Functionality
Identity & Access Management
Information risk management
Installation
provisioning
Security
Security management
Security tokens
Single sign-on
Hi, We are currently on SAP 4.6C With SOX and other security settings we need to min. yearly prepare a user list per data owner, so that the data owner can review and sign-of on this. The data owner is determined per role. Now my question is, does anyone know a way of assigning a data owner to a role in SAP, so that the yearly listings can be made easy ? Currently it is a huge job, but I am sure there must be an easier way. If you need any additional information, please let me know. Best regards, Sigrconi
ASKED: March 31, 2005  7:49 AM
UPDATED: April 3, 2005  9:07 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

For SOX compliance, we assigned data owners based on Financial Business Processes: Order to Despatch, Despatch to Cash, Procure to Receipt, Receipt to Pay, Fixed Assest, Financal Statement, etc

IT Proposed suitable candidates for the business process as Business Process Owners (BPO) for Excom to approve. BPO also owned the data in their business process.

Defined the roles and responsibilities (R&R)for BPO, including reviewing and approving request for changes in the system, owning the data for their BP (DO), review user list every 6 months, raising forms to inform IT to terminate users when they left the company or transfered to another positions, review audit log of master file changes, etc…

Once Excom approved the BPO listinng and the R&R of BPO, IT called a meeting, present the Excom decidion and explain what they have to do as BPO.

IT inform HR to add BPO to their Job Description

Every changes to BPO, BPO’s boss would inform IT as well as proposed the replacement canidate for Excom to approve.

Hope this helps.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Gichuah
    For SOX compliance, we assigned data owners based on Financial Business Processes: Order to Despatch, Despatch to Cash, Procure to Receipt, Receipt to Pay, Fixed Assest, Financal Statement, etc IT Proposed suitable candidates for the business process as Business Process Owners (BPO) for Excom to approve. BPO also owned the data in their business process. Defined the roles and responsibilities (R&R)for BPO, including reviewing and approving request for changes in the system, owning the data for their BP (DO), review user list every 6 months, raising forms to inform IT to terminate users when they left the company or transfered to another positions, review audit log of master file changes, etc... Once Excom approved the BPO listinng and the R&R of BPO, IT called a meeting, present the Excom decidion and explain what they have to do as BPO. IT inform HR to add BPO to their Job Description Every changes to BPO, BPO's boss would inform IT as well as proposed the replacement canidate for Excom to approve. Hope this helps.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following