Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2003 Americas’ SAP Users’ Group Authorizations in the Finance & Controlling Modules Ranvir Singh, Sherman Wright Business Analysts, LSI LOGIC.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2003 Americas’ SAP Users’ Group Authorizations in the Finance & Controlling Modules Ranvir Singh, Sherman Wright Business Analysts, LSI LOGIC."— Presentation transcript:

1 Copyright © 2003 Americas’ SAP Users’ Group Authorizations in the Finance & Controlling Modules Ranvir Singh, Sherman Wright Business Analysts, LSI LOGIC Corporation Sam Sangha Technical Consultant, VIRSA Systems Corp. May 20, 2003

2 Agenda 1 – Introduction to Finance Authorizations (Basic Concepts) 2 – Important Reports and Transactions (PFCG, SU01, SU53, SUIM, SU24) 3 –Challenges in Finance (Responsibilities and Roles) 4 – Finding Risks in the Finance Environment (Segregation of Duties Matrix, VRAT, etc.) 5 – Tools for Analysis (VIRSA, SAP, etc.)

3 Authorization object class Authorization object Authorization Profile Role User Linkage of various Objects/Fields/Groups etc. Introduction to Finance Authorizations

4 Terminology Authorization Profile/Activity Group/Role: Contains instances (Authorization) for different Authorization Objects grouped by Object Class. Authorization Object class: Logical grouping of auth. Objects, for example All auth. Objects for object class FI (Financial Accounting). Authorization Object: Group of Auth. Fields, these fields are checked simultaneously, F_LFA1_APP (Vendor: Application Authorization). Authorization Field: Smallest unit against which the Check should be run, BUKRS for company code Authorization: An instance of Auth. Obj., that is combination of allowed values for each auth. field of a Auth. Obj.

5 Authorizations Object class : Financial Accounting User name: Joe Smith and N.A. Credit Role / Profile : North America Credit Authorization : Company code= US10 Authorization Objects : Company code Introduction to Finance Authorizations

6 Create Purchase Requisition (ME51) Order Purchase Requisition (ME58) Release Purchase Requisition (ME54) Employees roles functions authorizations Employees have roles with specific functions and need authorizations for these functions Karen Susan John Procurement Employee Service Representative Employee Service Representative Manager Employee Purchaser Authorization to create purchase requisitions Authorization to release purchase requisitions Authorization to create purchase orders Business Scenario Employee can have multiple roles Role is group of activities performed within a Business Scenario Introduction to Finance Authorizations

7 BUKRSUS10,US18 ACTVT01, 02, 03 US18 US42 US10 US18 US42 Authorization A BUKRS ACTVT Create Change Display BUKRSUS10, US18, US42 ACTVT03 Authorization B BUKRS ACTVT Create Change Display US18 US42 US10 US18 US42 1.Authorization A allows the user to perform create, change and display activitites in company codes US10&US18 2.Authorization B allows the user to perform only the display activity in company codes US10,US18, & US42. 3.If the user has authorization A and authorization B, they work together. This means that the user can perform create, change and display activities in company codes US10&US18, can only display activity in company code 3000 Introduction to Finance Authorizations

8 Authorization Objects Work Center 1 Work Center 2 Work Center 3 F-22, F-27 FB02, FB03 F-43, F-41 FB02, FB03 01, 02, 03 1000 01, 02, 03 1000, 2000 01, 02, 03 A, D, S 01, 02, 03 K....... S_TCODE TCD F_BKPF_BUK ACTVT BUKRS F_BKPF_GSP ACTVT GSBER F_BKPF_KOA ACTVT KOART....... 01, 02, 03 2000 Authorization Profile F-22, F-27 FB02, FB03 01, 02, 03 1000 01, 02, 03 2000 01, 02, 03 D....... 03 1000 Introduction to Finance Authorizations

9  Any questions ??  Let’s move to the 2 nd Part of our agenda items

10 1 - PFCG – Profile Generator 2 - SU01 – User Maintenance 3 - SU53 – Display Authorization Data 4 - SUIM – User Information System 5 - SU24 – Authorization Assignment (transactions and authorization objects) 6 - Other important reports. Important Report and Transactions

11 PFCG – Profile Generator (PG) Important Report and Transactions SAP’s automated method for generating user profiles through the use of pick and choose authorization objects and values.

12 PFCG – Profile Generator (PG) Important Report and Transactions When a transaction is selected and placed in the “Menu” while creating or changing the activity group, the PG selects the authorization objects that are checked in this transaction and maintained in the PG.

13 SU01 – User Maintenance Important Report and Transactions Type of Users: Dialog Users (Only dialog users are logon to R/3 system interactively) Background Users Batch Data communication users (BDC) Common program interface communication users (CPI-C)

14 SU01 – User Maintenance Important Report and Transactions Main Display of user master data

15 SU53 – Display Authorization Important Report and Transactions Menu Path is : System>Utilities>Display Authorization Check Authorization can be analyzed by Authorization Trace also, transaction ST01 You can analyze an error in your system which just occurred because of missing authorization. Running SU53 after getting authorization error shows following information: 1.Authorization Object that was checked 2.Authorization Object Class that was checked 3.Value of the object user needs to perform the Action. 4.Value of the object user has already in his/her master record.

16 SUIM – User Information System Important Report and Transactions A collection of reports to analyze user access, activity group and profile content, and changes to accounts, etc.

17 SU24 – Authorization Assignment (transactions and authorization objects) Important Report and Transactions Done automatically when the Profile Generator (PFCG) is used, but still useful for modifications and verification.

18 Other Important reports (some in SUIM) Important Report and Transactions RSUSR000: Display Current Active Users RSUSR002: Display user according to complex selection criteria RSUSR005: Display users with critical authorization RSUSR006: Display users that are locked by the system and by the administrator because of the incorrect logons RSUSR010: Transactions executable for the users, with profile or authorization RSUSR070: Display activity group by complex search criteria.

19  Any questions ??  Let’s move to the 3 rd Part of our agenda items Important Report and Transactions

20 Challenges in Finance Responsibilities & Roles 1.What responsibilities need to be provided & need to be “protected”? - Vendor creation, invoice processing, payment processing, billing, collections, GL, P&L, etc. 2.Have roles been created to provide access for specific responsibilities, yet keeping the different ones separated? 3.Do some roles provide too much access? 4.Who defines the roles (Security Admin, Business Process Owners, others)?

21  Any questions ??  Let’s move to the 4 th Part of our agenda items Challenges in Finance

22 Finding Risks in the Finance Environment Segregation of Duties 1.SOD Concept: Segregation of Duties is the primary internal control intended to prevent, or to minimize, the risk of errors or irregularities; identify problems; and ensure corrective action is taken. 2.No single individual should have control over all phases of a transaction. 3.Using roles to keep job activities separate. 4.Using reports to ensure users don’t have too much access.

23 Finding Risks in the Finance Environment Segregation of Duties (continued) 5.Defining Risks At what level can risks be defined? - Transaction level - Authorization object level - Other 6.Translating Risks into a Matrix - Transaction level is easy: just list the combinations of transactions that cause risks. - Object level is more difficult because of the many objects and values that can be involved.

24 Finding Risks in the Finance Environment Segregation of Duties (continued)

25  Any questions ??  Let’s move to the 5 th Part of our agenda items Finding Risks in the Finance Environment

26 Tools for Analysis SAP – what it offers: 1.SUIM: User Information System - Critical Combinations of Authorizations at Transaction Start - Lists of Users with Critical Authorizations - Other reports also 2.AIS: Audit Information System - Several system audit reports - Limited analysis capabilities

27 Why we selected VIRSA 1.Real time SOD Analysis on live data 2.Real time Simulation on live data (ongoing compliance) 3.Responsive to our needs (Supplementary SOD Analysis) 4.User friendly & powerful reporting (precise information) 5.Eliminates false errors 6.Documentation of Mitigating Controls 7.Positive feedback from other customers

28 About VIRSA VIRSA Systems, Inc. 1.SAP Security Company with 100% focus on providing SAP Security & Controls products & solutions. 2.VIRSA’s Products and Solutions: -VIRSA Risk Assessment Tool (VRAT) -VIRSA Role Management Tool (VRMT) -VIRSA Fire Fighting Tool (VFAT) -VIRSA Risk Assessment Service (VRAS) -Complete Security Redesign 3.VIRSA Security and controls training and workshops

29 VIRSA Features 1.VRAT Key Features: Designed for Auditors, Security & Controls Team, Business Process Owners Real Time Online SOD Analysis/Reporting at both Trans. Code and Auth. Object level Automated Simulation & Remote Simulation on live data Intuitive Interface & ALV Drill Down Reports Rule building/upgrading automation (add-on) Supplementary SOD Analysis (e.g. USR05) VRAT Tool Box (Complimentary SOD Reports/Utilities) Monitoring of actual execution of Conflicting Transactions (New Release) HR & BW Specific functionality (Future Release) Custom default settings, can link custom reports to VRAT Tool Box

30 Copyright © 2003 Americas’ SAP Users’ Group Thank you for attending! Please remember to complete and return your evaluation form following this session. Session Code: 1607

Download ppt "Copyright © 2003 Americas’ SAP Users’ Group Authorizations in the Finance & Controlling Modules Ranvir Singh, Sherman Wright Business Analysts, LSI LOGIC."

Similar presentations

Take the ‘dread’ out of your XA Security Audit Belinda Daub, Senior Consultant Technical Services

Take the ‘dread’ out of your XA Security Audit Belinda Daub, Senior Consultant Technical Services
Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services 704-814-0004.

Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services
Fahri BaturOctober 2013 SAP GRC AC ARA Access Risk Analysis Requirements Gathering Workshop.

Fahri BaturOctober 2013 SAP GRC AC ARA Access Risk Analysis Requirements Gathering Workshop.
For Details Visit: Call Us: US: 001-713-900-7669, 001-630-974-1794 India: 091-779-985-5779.

For Details Visit: Call Us: US: , India:
MIS 325 PSCJ. 2  Business processes can be quite complex  Process model: any abstract representation of a process  Process-modeling tools provide a.

MIS 325 PSCJ. 2  Business processes can be quite complex  Process model: any abstract representation of a process  Process-modeling tools provide a.
Copyright © 2003 Americas’ SAP Users’ Group Custom Archiving 101 Session Code 108 Karin Tillotson Sr. Basis Administrator Tuesday, May 20 th, 2003.

Copyright © 2003 Americas’ SAP Users’ Group Custom Archiving 101 Session Code 108 Karin Tillotson Sr. Basis Administrator Tuesday, May 20 th, 2003.
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.

Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.
Automating FI Uploads using GLSU

Automating FI Uploads using GLSU
#4502 – Streamlining the Physical Inventory Process Using a Custom Solution.

#4502 – Streamlining the Physical Inventory Process Using a Custom Solution.
1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.

1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.
Process Management and Control and Physical Inventory SAP Implementation

Process Management and Control and Physical Inventory SAP Implementation
SAP Basics for Auditing Change Management and Security September 8, 2014 Presenter: Linda Yates Consultant, Risk Advisory Services.

SAP Basics for Auditing Change Management and Security September 8, 2014 Presenter: Linda Yates Consultant, Risk Advisory Services.
 SAP AG CSU Chico 102/14/981SAP Security Lecture MINS 298C SAP Configuration & Use: Security Copyright 1996, 1997, 1998- James R. Mensching, Gail Corbitt.

 SAP AG CSU Chico 102/14/981SAP Security Lecture MINS 298C SAP Configuration & Use: Security Copyright 1996, 1997, James R. Mensching, Gail Corbitt.
Implementation Audit and Control Background Internal Audit Role Go-Live Criteria Audit Approach - Systems Audit Approach - People Summary Agenda.

Implementation Audit and Control Background Internal Audit Role Go-Live Criteria Audit Approach - Systems Audit Approach - People Summary Agenda.
Copyright © 2003 Americas’ SAP Users’ Group Segregation of Duties (SOD) Strategies, Techniques, and Tools Christopher Lane Manager – PricewaterhouseCoopers.

Copyright © 2003 Americas’ SAP Users’ Group Segregation of Duties (SOD) Strategies, Techniques, and Tools Christopher Lane Manager – PricewaterhouseCoopers.
Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.

Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Use of Role Based AIS for Technical System Auditing at DuPont Chris Leeder DuPont Chris Carr SAP Session: 509.

Use of Role Based AIS for Technical System Auditing at DuPont Chris Leeder DuPont Chris Carr SAP Session: 509.
Introduction to SAP R/3.

Introduction to SAP R/3.

Similar presentations

Ads by Google