Emergency access in production happens when there are configuration changes which need to takes place in the system immediately and in response to a crisis. Most of the time it may be true emergencies but some time lot of regular changes are also slipped into the system making them as emergency. The best way to control this misuse is to involve the SAP Functional team and the audit team.
The audit team should be involved in following activities
Approval of the Emergency Change Request: Audit group should be involved in approval of request to perform the emergency change in production. They should analyze if the request is really an emergency.
Monitoring of the activity Logs: SAP GRC tool provides logs of the activities performed during the emergency change process. Audit team should be reviewing the logs and comparing with the intent of the change and the documentation provided for change request.
Defining the Process: Should define the process for requesting the emergency access. The process should list Functional team approval, change management team approval and justification documentation provided before making the change.
Frequently used transactions: Should review the transaction and see if they are used frequently. If they are used frequently the recommendations have to be made for the functional team to add to the transaction to existing or new role
OneAccess-UserManager also helps you manage the complex documenting, testing, process control, and sign-off requirements mandated by Sarbanes-Oxley sections 302, 404, and 409
Selva Kumar
Vice President- SAP Practice
OneAccess-UserManager for SAP
SAP Certified-Powered by Netweaver
http://www.softsquare.biz/oneaccess/
selva@softsquare.biz
Phone: 1 877 717 5487
Automate and Meditate
Add
Add
Comments