CONCLUSION
Preventing sprawl with the workload monitor
The change management process in the SAP® environment can be quite complex. Since program changes are usually transported into the production system, which can potentially have an impact on the annual financial statements, the audit of the process is an essential part of the annual financial statement audit. For this reason, it must be ensured that the process documentation is up-to-date and complete. It must also be ensured that appropriate classifications are defined for various types of change. This is because the process may subsequently differ for each classification. For example, the extent of the test and release steps varies depending on the criticality of the change, and they may even be shortened considerably for low-risk changes. However, it is crucial to justify this in a comprehensible manner. In the change management process, a sufficient test and release phase should be set up by the responsible department. This process step must also be documented in a comprehensible manner, even if it is not always easy to obtain the necessary evidence from the departments. In this process in particular, it is crucial that a clear dual control principle is established, which ensures that the developer is not also the person who ultimately carries out the transport into the productive environment. In preparation, the documentation should therefore be checked for completeness and up-to-dateness and, in a further step, whether the process defined in it has also been followed throughout the year.
In order to make a well-founded statement about the complexity and the associated effort, a fundamental system analysis is required in advance. The results obtained from this form an excellent basis for estimating the project scope and implementation timeframe.
Criticality
The topic-related audit structures are created based on area menus. On the one hand, SAP default audit structures are offered, and on the other hand, you have the possibility to create custom audit structures as area menus. The advantage of the audit structures as area menus is that you can use existing area menus or simply create new area menus. The SE43 transaction gives you an overview of the existing area menus; It is also used to maintain and transport area menus.
The four important concepts of SAP security first require a certain amount of effort. They not only have to be coordinated, formulated and made available, but also continuously updated and, above all, actively implemented. Nevertheless, the return on investment is high, because they prepare for all eventualities, provide audit security, and also offer a high level of protection for the SAP system and thus for the company itself.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
This mapping is required, among other things, to control access permissions or constraints.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
Create a new query named ZMYSUIM on the entry screen.