Yearly Data owner review listing
Auditing, Biometrics, Digital certificates, Features/Functionality, Identity & Access Management, Information risk management, Installation, provisioning, Security, Security management, Security tokens, Single sign-on
Hi,
We are currently on SAP 4.6C
With SOX and other security settings we need to min. yearly prepare a user list per data owner, so that the data owner can review and sign-of on this.
The data owner is determined per role.
Now my question is, does anyone know a way of assigning a data owner to a role in SAP, so that the yearly listings can be made easy ?
Currently it is a huge job, but I am sure there must be an easier way.
If you need any additional information, please let me know.
Best regards,
Sigrconi
Software/Hardware used:
Software/Hardware used:
ASKED:
March 31, 2005 7:49 AM
UPDATED:
April 3, 2005 9:07 PM
Answer Wiki:
For SOX compliance, we assigned data owners based on Financial Business Processes: Order to Despatch, Despatch to Cash, Procure to Receipt, Receipt to Pay, Fixed Assest, Financal Statement, etc
IT Proposed suitable candidates for the business process as Business Process Owners (BPO) for Excom to approve. BPO also owned the data in their business process.
Defined the roles and responsibilities (R&R)for BPO, including reviewing and approving request for changes in the system, owning the data for their BP (DO), review user list every 6 months, raising forms to inform IT to terminate users when they left the company or transfered to another positions, review audit log of master file changes, etc...
Once Excom approved the BPO listinng and the R&R of BPO, IT called a meeting, present the Excom decidion and explain what they have to do as BPO.
IT inform HR to add BPO to their Job Description
Every changes to BPO, BPO's boss would inform IT as well as proposed the replacement canidate for Excom to approve.
Hope this helps.
To see all answers submitted to the Answer Wiki: View Answer History.
For SOX compliance, we assigned data owners based on Financial Business Processes: Order to Despatch, Despatch to Cash, Procure to Receipt, Receipt to Pay, Fixed Assest, Financal Statement, etc
IT Proposed suitable candidates for the business process as Business Process Owners (BPO) for Excom to approve. BPO also owned the data in their business process.
Defined the roles and responsibilities (R&R)for BPO, including reviewing and approving request for changes in the system, owning the data for their BP (DO), review user list every 6 months, raising forms to inform IT to terminate users when they left the company or transfered to another positions, review audit log of master file changes, etc…
Once Excom approved the BPO listinng and the R&R of BPO, IT called a meeting, present the Excom decidion and explain what they have to do as BPO.
IT inform HR to add BPO to their Job Description
Every changes to BPO, BPO’s boss would inform IT as well as proposed the replacement canidate for Excom to approve.
Hope this helps.