Abstract
M.Com. (Computer Auditing)
The management and control of modern day computer systems are
becoming more and more trying due to the complexity of systems.
This renders the traditional approach to evaluating controls in
complex computer systems, inadequate and heightens the need for
an alternative audit approach.
The complex SAP R/3 environment will be evaluated in terms of
security and validity of users and processes. This will be achieved
through the use of an alternative audit approach namely, the
application of the Access Path and Path Context Models (Boshoff
1985, 1990).
The research methodology used during this research may indicate
universal application implications for similar complex environments,
although this has not yet been proved.
The research showed that there are many control features available
in the different software c.omponents of the SAP R/3 environment,
that can be applied to control access and validity of users and
processes. The duplication of control features provided by the
software components, requires a global approach to security inthe
defined environment. Only when evaluating the environment as a
whole, will it be able to make the most effective security decisions.
The use of the control matrices developed during this research will
ease the global evaluation of the SAP R/3 environment. Although
further research is required, the above has proven the usefulness of
both the research methodology and the resultant model and
matrices.