您好,欢迎访问三七文档
当前位置:首页 > 商业/管理/HR > 管理学资料 > sap系统审计清单与程序
SAPAuditProgramI.General1.Obtainacompanyorganizationalchart.2.Obtainacopyofallsecuritypoliciesandprocedures.3.ObtainadiagramoftheSAPapplicationarchitecture.4.Obtainacopyof“problemtracking”or“incidentreport”fortheapplicationbeingaudited.5.Obtainacopyofallsystemenhancementsthatarequeuedupforimplementation.6.Obtainacopyoftheapplication’sdocumentation.7.Obtainacopyofthedevelopmentmethodologyusedtocompletethesystem.(BusinessandDesignRequirementsProcesses)8.Obtainacopyofanyservicelevelagreementsestablishedfortheapplication.9.Obtainacopyofthecontingency/backupplanfortheapplication10.ObtainacopyoftheCorporateDisasterPlan11.DeterminewhichreleaseofSAPisinstalled12.Identifythemodulesinstalled.13.Determinetheinterfacestotheproductionsystem14.Determinethenumberofclientsystemsrunning.15.DeterminewhichgeographicallocationsarerunningSAP16.Determinewhatlevelofcustomprogramminginon-goingABAP/4programsDataentryscreens17.EvaluatetheoverallSAPsecurityarchitecture18.Determinetheoperatingsystemsanddatabasemanagementsystemsrunningwithintheenvironment19.ObtainalistingofallSAPclientsTableT000hastheSAPclientsPath:SYSTEM-SERVICES-TABLEMAINTENANCESE16orSE17TableT001hasthecompaniesPath:TOOLS-ABAP/4WORKBENCH-OVERVIEW-DATABROWSER-TABLECONTENTS20.ObtainalistingofallgroupcompaniesListtableT042G21.ObtainalistingofallbusinessareasListtableTGSBandTGSBT22.ObtainalistingofallcreditcontrolareasListtableT014andT014T23.ObtainalistofallchartsofaccountsListtableT004andT004T24.ObtainalistingofallplantsListtablesT001WandTVKWZ25.ObtainalistingofstoragelocationsListtableT001L26.ObtainalistingofallpurchasingorganizationsListtableT024W27.ObtainalistingofallpurchasinggroupsListtableT02428.ObtainalistingofallsalesorganizationsListtableTVKOandTVKOT29.ObtainalistingofdistributionchannelsListtableTVTW,TVTWT,andTVKOV30.ObtainalistingofalldivisionsListtablesTSPA,TSPAT,andTVKOS31.ObtainalistingofsalesareasListtableTVTA32.ObtainalistingofsalesofficesListtablesTVBUR,TVKBT,andTVKBZ33.ObtainalistingofsalesgroupsListtablesTVKGR,TVBVK,andTVGRTII.DesignAndImplementation1.DetermineifproperplanninghasbeenformalizedHasaclearlyestablishedfunctionalorgeographicalapproachbeenestablished?Hasastructuremethodologybeenadopted?Hasatop-downplanbeendevelopedtoaddresssystemintegrationissues?HaveSAPreleasedatesbeentakenintoconsiderationaspartoftheplan?Doestheplanconsiderthetimetoperformapost-implementationreview?2.Determineiftheproperorganizationandstaffingfortheteamhasbeencompleted.HasaSteeringCommitteebeenorganizedtoincludeallfunctionalbusinessareas?Haveenterprise-widestandardsbeenestablished?Areusersassignedtokeyprojectmanagementpositions?Hasanintegrationteambeenestablishedwithmembersfromallfunctionalareas?Hasatechnicalteambeenestablishedseparatefromthefunctionalteamtosharetechnicalresponsibilityandtoensurestandardtechniquesareemployed?Isthestaffsizeappropriateforthescopeoftheimplementation?5-7membersforeachcoremodule.3.Determineifadequatetrainingisconducted.Reviewthetrainingprogramtoensurethatitisadequateandaddressesallfunctionalareas.Ensurethatthetrainingapproachisintegratedintotheprojectmethodology.Ensurethatadequatetimeforalllevelsoftrainingisscheduled.4.Determineiftheprojectisproperlycontrolledthroughbudget,quality,andschedule.Arestandardprojectcontroltoolsanddocumentationformatsusedacrossteamstoensureconsistentcommunicationandminimizeimpactofteamturnover?Areweeklyorevendailycross-teamprogressmeetingsheldalongwithmonthlysteeringcommitteemeetingstocommunicatestatusandresolveissues?Areissueslogsusedtoresolveprojectdelays?Ensurethataconsistentimplementationmethodologyacrossallteamsisbeingemployed.Istheprojectmeasuredbyworkplantasksanddeliverablesratherthanhoursspent?AresupportsystemssuchasLotusNotesore-mailestablishedatthebeginningoftheproject.5.Determinetowhatextentre-engineeringisbeingemployed.Iftheprojectteamisgoingthroughalargere-engineeringeffort,ensurethatitiscompletedpriortothebeginningtheSAPimplementationprocess.Otherwise,thechangescanbeincorporatedduringtheanalysisanddesignphases.Ensurethatallre-engineeringprocessesareformallysigned-off.6.Determineifaadequateglobaldesigniscompleted.HavepracticesandprocessesgloballybeenharmonizedalongwithSAPfunctionality?HaveworldwiderepresentativesontheprojectbeenpresentduringtheprototypingandJoinApplicationDevelop(JAD)sessionstoensurethatsystemdecisionsareproperlyconducted.Arekeysystemcheckpointsmappedtotheglobaldesigntoensurethesystemmeetstheneedsofeachregion?Aretheuseofprototypingandplaybacksusedtovalidatethedesign?Havekeydataitemssuchasmaterialnumber,customernumber,chartofaccounts,andcompanycodesbeenstandardized?7.Determineifproperintegrationhasbeendesignedintothesystem.Determineifanoverallintegrationplanhasbeendevelopedandreviewedbytheintegrationteam?Hastheintegrationteambeeninvolvedthroughouttheproject?Aretheintegrationpointstestedthroughouttheproject?8.DetermineiftheSAPsoftwareisproperlyconfigured.HastheorganizationalhierarchybeenproperlyestablishedwithinSAPasaninitialstep?Havea
本文标题:sap系统审计清单与程序
链接地址:https://www.777doc.com/doc-3971132 .html