Abstract
M.Comm.
SAP R/3 is a fully integrated system equipped to function in an open server environment. The system consists of different modules that can operate independently. The focus of the literature study is the evaluation of the security features within an open server environment and SAP R/3.
1.1 Definition of the problem
Securing transactions in the Information Technology (IT) environment is the
key issue for the 21st century. Proper security controls are essential for the effective operation of a system, especially given the fact that by the year 2000 an estimated 70% of all transactions will be processed via the Internet. SAP R/3 has features and characteristics which makes it suitable for the processing of all types of transactions on the Internet. It is therefore important to understand the security risks involved, both internal and external. All transactions and information must be secured and controlled.
1.2 Objective
The objective of this dissertation comprises the development of a security audit program to enable the external auditor to evaluate the security controls in the SAP R/3 environment, especially in respect of two modules within SAP R/3, being the basic system and finance system modules.
RESEARCH APPROACH AND METHODOLOGY
The research is aimed at developing a security audit program to assist the external auditor in evaluating logical security controls within a SAP R/3 environment, especially in respect of two specific modules related to two modules of SAP R/3.
2.1 Methodology
The research consists of a detailed literature survey on existing authoritative textbooks and other literature. Other mediums in gathering information include surfing the Internet and discussions with technical SAP R/3 specialists. All findings support the definition of the problem and objectives of the dissertation.
SCOPE AND LIMITATIONS
The study focuses on logical access controls of two SAP R/3 modules important to the external auditor, namely the basis system (BC) and the financial accounting systems modules (FI). Some of the controls are applicable to other modules, but these have been excluded from the discussion in the detailed research conducted.
RESULTS
A security audit program has been developed that will assist the external auditor in the evaluation of security features of the SAP R/3, basis system and financial accounting system modules. The security audit program is a guide for the external auditor, which should be tailored to meet the specific industry requirements and SAP R/3 modules in
use. The study has implications for further research in various other areas.
CONCLUSION
The security features in an open server environment are applicable to the SAP R/3 environment. The SAP R/3 system comprises comprehensive security features, which if correctly implemented, will result in a secure environment that will enable and ensure proper functionality of the system. The security audit program further clearly indicates the impact and implications of the procedures on the audit assertions which will assist the external auditor for focusing his approach on specific areas.