Question:
Hi Forum
I am one of a rare breed - a Senior IT Auditor with a real IT background - but no SAP experience.
I would like to familiarise myself with the control & security issues of SAP - the showstoppers that may cause the whole security thing to crumble if not set correctly. Can you guys recommend a best source of info for me?
Also, what effect does MySAP have on security that's set in BASIS? Cheers!
Answer:
Answer:
Hi Auditor,
Lots of info here: www.auditnet.org
most of the concepts will be familiar, your GCC stuff is pretty straightforward. IMO the app specific stuff is where it can get a bit hairy!
Cheers,
Al.
p.s. any Q's you can PM me through my profile, I've done plenty of SAP audits
Answer:
Buy this book - Security, Audit and Control Features SAP R/3: A Technical and Risk Management Reference Guide, Second Edition - from www.isaca.org - Book store. Excellent insight for SAP Auditors new to SAParena.
_________________
SAPFAN
Answer:
go on SAP training course ADM 950. it's ace.
here
Answer:
if you are an experienced auditor, ADM950 is pretty poor imo.
The ISACA book is ok as an overview - I woudl agree it's useful for someone with background but no application specific understanding. I have my doubts over it's usefulness in implementation scenarios, however some of the work program material is ok, if lacking in pragmatism
Cheers
Al.