Custom Object SAP Risk Analyzer
All SAP customers can create custom transactions, tables and programs in the SAP System. This makes the internal audit team’s job very difficult, having to track every custom object entered into the SAP system. Without a unified view of all the custom objects, it is next to impossible for the team to figure out which objects are not compliant. To realize the magnitude of the SAP Risk is only possible when all information is seen in one report, like the ones generated by SAP Audit. Generally the best practice is to create transactions to all the custom programs and custom tables. Each of the programs should have authority check statements and should be added in SU24 configuration to avoid SAP Risk being introduced through unsecured custom transactions. SAP Audit can handle that!
Minimizing the SAP Risk
Benefits to the company
One easy report lists the custom objects in the system and highlights those which are not in compliance with company policy, saving the audit group time and manual effort so that they can focus on remediation and preventive controls. Custom object non-compliance in an SAP System is one of the big security holes which most SAP users ignore in their internal audits. AuditBot constantly monitors the client’s custom programs and helps reduce the SAP Risk.
SAP Risk Management for Custom Transactions
- One-screen centralized SAP Risk view of all the custom objects
- One-click detailed line-by-line SAP Risk information display
- Non-compliant custom transactions highlighted
- Transactions without SAP Risk indicated
- Checks statement authority and highlights the audit risk from the programs missing the statement
- Checks the SU24 setting and highlights the transactions which do not have object level restrictions in SU24
- Internal Auditor sees and monitors the progress of the SAP Risks reductions as the program fixes the custom transactions