SlideShare una empresa de Scribd logo

Sample Deliverable Report

agc infotech
agc infotech
1 de 5
Descargar para leer sin conexión
Table of Contents I) EXECUTIVE SUMMARY ...................................................................................................................................................................................................................................... 4 A) INTRODUCTION ................................................................................................................................................................................................................................................. 4 B) SCOPE AND COVERAGE .................................................................................................................................................................................................................................... 4 C) APPROACH ....................................................................................................................................................................................................................................................... 4 D) STATUS OF CONTROLS AND RECOMMENDATIONS ............................................................................................................................................................................................... 6 II) ANNEXURE ......................................................................................................................................................................................................................................................... 9 A) CONFIGURABLE CONTROLS .................................................................................................................................................................................................................... 10 i) ABC LTD. CONFIGURABLE CONTROLS ..........................................................................................................................................................................................................................11 a) Record to Report....................................................................................................................................................................................................................................................11 b) Acquire to Retire ....................................................................................................................................................................................................................................................14 c) Procure to Pay .......................................................................................................................................................................................................................................................17 d) Order to Cash ........................................................................................................................................................................................................................................................24 e) Inventory ................................................................................................................................................................................................................................................................27 ii) ADDITIONAL CONFIGURABLE CONTROLS ....................................................................................................................................................................................................................29 a) Record to Report....................................................................................................................................................................................................................................................29 b) Procure to Pay .......................................................................................................................................................................................................................................................29 c) Order to Cash .........................................................................................................................................................................................................................................................31 d) Inventory ................................................................................................................................................................................................................................................................33 iii) ADDITIONAL RECOMMENDATIONS ................................................................................................................................................................................................................................35 B) USER SECURITY ......................................................................................................................................................................................................................................... 38 i) OBSERVATION ....................................................................................................................................................................................................................................................................39 ii) ADDITIONAL RECOMMENDATIONS .................................................................................................................................................................................................................................40 C) SYSTEM SECURITY (BASIS) ...................................................................................................................................................................................................................... 43 i) OBSERVATIONS .................................................................................................................................................................................................................................................................44 ii) ADDITIONAL RECOMMENDATIONS .................................................................................................................................................................................................................................46 D) SYSTEMS DEVELOPMENT LIFE CYCLE (SDLC) AND DATA MIGRATION CUTOVER PROCEDURES .............................................................................................. 48 i) OBSERVATION ....................................................................................................................................................................................................................................................................49 ii) ADDITIONAL RECOMMENDATIONS .................................................................................................................................................................................................................................50
EXECUTIVE SUMMARY • Privileged User Access Review (Recommended as a pre go-live check) I) Executive Summary • Critical Transaction Access Review (Recommended as a pre go-live check) 3) System Security Review (BASIS): A) Introduction ABC Ltd. has embarked on an initiative to transition from legacy IT applications to • Critical Security Parameter Review - Direct changes to Production client, user SAP to align itself to the corporate systems and to gain process efficiencies authentication and table maintenance parameters utilizing SAP. The SAP implementation project name is ABC Ltd. which will be used throughout this report. In order to ensure a secured internal control • Security Table and Log Maintenance - Log enabling of critical security and environment for the new implementation, ABC Ltd. has engaged AGC to perform financial data tables as per leading practices a Pre-Implementation Review encompassing Configurable Controls, System and User Security, and the Systems Development Life Cycle (SDLC). This report • Password Controls - Compliance of SAP password parameters with ABC provides a summary of the scope, approach, findings and recommendations of LTD. password standards this review. • Security Change Management Procedures - Transport Management System (TMS) security and parameter configuration for compliance with SDLC B) Scope and Coverage 4) Systems Development Life Cycle (SDLC) and Data Migration Cutover AGC performed a project assurance review of the ABC Ltd. SAP Implementation Procedures Review: project. This was not an audit and therefore we do not express an overall opinion or conclusion on the reliability or integrity of the system. The review was SDLC Review: Adherence to ABC LTD. IT Project Lifecycle Methodology/ASAP performed “real-time” as the project was in progress therefore recommendations Implementation Methodology; Adherence to Checkpoint Reviews on overall internal control enhancements and risk mitigation were directed to the project team as the system was being implemented. Project Governance Review: 1) Configurable Controls Review: • Program Management Structure - Roles & Responsibilities (RACI matrix) • Evaluation of the existing configurable controls for their applicability, • Scope & Delivery Management - Deliverables tracking, Acceptance criteria existence, completeness and operating effectiveness. (QA/sign-offs), Scope Control, Change Management, Issue Tracking and Resolution • Propose and evaluate additional configurable control opportunities • Project Health Status Measurement, Monitoring & Reporting Procedures - 2) User Security Review: Scope, Deliverables, Schedule, Cost, Risks, Issues • Segregation of Duties Review - Adequacy and Completeness of GRC rule C) Approach sets 1) Configurable Controls Review: • User Role Design - Review of appropriateness of user/role creation procedures; Sample validation of users/roles The existing configurable controls were evaluated for their applicability to ABC Ltd. and all the applicable controls were tested in the Development environment. SAP PRE-IMPLEMENTATION REVIEW REPORT Page 4 of 53 DRAFT FOR DISCUSSION
EXECUTIVE SUMMARY Further, upon understanding the business processes, additional configurable control opportunities were proposed to the ABC Ltd. project team. Upon confirmation of the applicability/ feasibility of these controls, they were tested in the Development environment to confirm they were properly designed and operating effectively. All exceptions were discussed with the ABC Ltd. team for inclusion in the SAP configuration, as applicable. 2) User Security Review: Segregation of Duties Review – The SAP GRC Access Control Rule sets were reviewed for adequacy and completeness. The review included rule sets and underlying transaction codes. User Role Design – ABC’s procedures for designing user roles in SAP were reviewed for their alignment with leading practices and recommendations were provided to strengthen the controls. Privileged User Access Review and Critical Transaction Access Review – Since the user roles and users were not set up completely in the system at the time of this review, these are recommended to be included in the pre go-live check procedures 3) System Security Review (BASIS): We reviewed the SAP Development environment for critical system security (BASIS) parameters, activations for log maintenance for security and financial data tables, password controls in compliance with ABC LTD. standards and leading practices, and system change management procedures. 4) SDLC and Data Migration Cutover Procedures Review: As a part of our review, we walked through the SDLC procedures and their compliance with the ABC LTD. IT Project Lifecycle Methodology / ASAP implementation methodology and project governance aspects related to scope and delivery management, monitoring and reporting procedures for scope, deliverables, schedule, costs, risks and issues. We obtained the necessary documentation for the review from the ABC Ltd. project team and ABC LTD. PMO. Findings and recommendations were shared with the project team for consideration. SAP PRE-IMPLEMENTATION REVIEW REPORT Page 5 of 53 DRAFT FOR DISCUSSION
EXECUTIVE SUMMARY D) Status of Controls and Recommendations i) Configurable Controls Review ABC Ltd. configurable controls: Status of Control as on Report issue date Business Process Total Controls Initial Observations Business To be validated in a Compliant Requirement future assessment Record to Report 10 4 9 0 1 Acquire to Retire 6 4 6 0 0 Procure to Pay 19 14 14 0 5 Order to Cash 10 5 9 1 0 Inventory 3 3 3 0 0 TOTAL 48 30 41 1 6 SAP PRE-IMPLEMENTATION REVIEW REPORT Page 6 of 53 DRAFT FOR DISCUSSION
EXECUTIVE SUMMARY Additional Configurable Controls: Total Status of Control as on Report issue date Control Applicable Control Not Applicable Business Process Recommended for ABC Ltd. for ABC Ltd. Business To be validated in a Controls Compliant Requirement future assessment Record to Report 3 3 0 1 0 2 Procure to Pay 8 5 3 5 0 0 Order to Cash 7 2 5 1 0 1 Inventory 2 1 1 1 0 0 TOTAL 20 11 9 8 0 3 Status Definitions Compliant Controls configured in SAP post recommendation Business Requirement Controls cannot be configured for valid business requirements To be validated in a future assessment Controls to be assessed on a future data after necessary changes made in SAP Additional Recommendations for Configurable Controls • We provided 7 high-level recommendations based on the trends we observed in ABC Ltd. and in alignment with the leading practices for similar scale SAP implementations. SAP PRE-IMPLEMENTATION REVIEW REPORT Page 7 of 53 DRAFT FOR DISCUSSION

Recomendados

Sap security-administration
Sap security-administrationSap security-administration
Sap security-administrationnanda nanda
 
Sap basis-training-material
Sap basis-training-materialSap basis-training-material
Sap basis-training-materialRaj p
 
SAP SECURITY GRC
SAP SECURITY GRCSAP SECURITY GRC
SAP SECURITY GRCtechgurusuresh
 
SAP Overview and Architecture
SAP Overview and Architecture SAP Overview and Architecture
SAP Overview and Architecture Ankit Sharma
 
Sap Training proposal for college/institutions
Sap Training proposal for college/institutionsSap Training proposal for college/institutions
Sap Training proposal for college/institutionsRitesh Solanki
 
sap security interview_questions
sap security interview_questionssap security interview_questions
sap security interview_questionssumitmsn2
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshoplarrymcc
 
SAP ABAP OVERVIEW
SAP ABAP OVERVIEWSAP ABAP OVERVIEW
SAP ABAP OVERVIEWAspire Techsoft Academy
 

Recomendados

Sap security-administration
Sap security-administrationSap security-administration
Sap security-administrationnanda nanda
 
Sap basis-training-material
Sap basis-training-materialSap basis-training-material
Sap basis-training-materialRaj p
 
SAP SECURITY GRC
SAP SECURITY GRCSAP SECURITY GRC
SAP SECURITY GRCtechgurusuresh
 
SAP Overview and Architecture
SAP Overview and Architecture SAP Overview and Architecture
SAP Overview and Architecture Ankit Sharma
 
Sap Training proposal for college/institutions
Sap Training proposal for college/institutionsSap Training proposal for college/institutions
Sap Training proposal for college/institutionsRitesh Solanki
 
sap security interview_questions
sap security interview_questionssap security interview_questions
sap security interview_questionssumitmsn2
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshoplarrymcc
 
SAP ABAP OVERVIEW
SAP ABAP OVERVIEWSAP ABAP OVERVIEW
SAP ABAP OVERVIEWAspire Techsoft Academy
 
SAP Security interview questions
SAP Security interview questionsSAP Security interview questions
SAP Security interview questionsSiva Pradeep Bolisetti
 
SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important QuestionsRagu M
 
165373293 sap-security-q
165373293 sap-security-q165373293 sap-security-q
165373293 sap-security-qAnywhere Gondodza SAP.GRC.FI.B.COM.ACC.HONS (MSU)
 
51477813 45498199-sonia-f-sap-fico-project
51477813 45498199-sonia-f-sap-fico-project51477813 45498199-sonia-f-sap-fico-project
51477813 45498199-sonia-f-sap-fico-projectArup Bose, PMP
 
Sap grc-access-control-solution
Sap grc-access-control-solutionSap grc-access-control-solution
Sap grc-access-control-solutionAnywhere Gondodza SAP.GRC.FI.B.COM.ACC.HONS (MSU)
 
SU01 - Background and Instruction
SU01 - Background and InstructionSU01 - Background and Instruction
SU01 - Background and InstructionMart Leepin
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 
sap basis transaction codes
sap basis transaction codessap basis transaction codes
sap basis transaction codesEOH SAP Services
 
SAP BI 7 security concepts
SAP BI 7 security conceptsSAP BI 7 security concepts
SAP BI 7 security conceptsSiva Pradeep Bolisetti
 
What is sap security
What is sap securityWhat is sap security
What is sap securitygrconlinetraining
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 
Sap security course syllabus
Sap security course syllabusSap security course syllabus
Sap security course syllabusHari Sankar
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online traininggrconlinetraining
 
SAP Overview for Managers
SAP Overview for ManagersSAP Overview for Managers
SAP Overview for ManagersAtanu Ghosh
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP SecurityNasir Gondal
 
Exclusive SAP Basis Training Book | www.sapdocs.info
Exclusive SAP Basis Training Book | www.sapdocs.infoExclusive SAP Basis Training Book | www.sapdocs.info
Exclusive SAP Basis Training Book | www.sapdocs.infosapdocs. info
 
SAP HR AND HCM Interview questions
SAP HR AND HCM Interview questionsSAP HR AND HCM Interview questions
SAP HR AND HCM Interview questionsIT LearnMore
 
SAP GRC
SAP GRC SAP GRC
SAP GRC Kellton Tech Solutions Ltd
 
Sap archiving process
Sap archiving processSap archiving process
Sap archiving processTapas Bhattacharya
 
SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC FrameworkHarish Sharma
 
Deliverables
DeliverablesDeliverables
Deliverableskleenhouts
 
Audit findings and the report
Audit findings and the reportAudit findings and the report
Audit findings and the reportDennis Arter
 

Más contenido relacionado

La actualidad más candente

SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important QuestionsRagu M
 
51477813 45498199-sonia-f-sap-fico-project
51477813 45498199-sonia-f-sap-fico-project51477813 45498199-sonia-f-sap-fico-project
51477813 45498199-sonia-f-sap-fico-projectArup Bose, PMP
 
SU01 - Background and Instruction
SU01 - Background and InstructionSU01 - Background and Instruction
SU01 - Background and InstructionMart Leepin
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 
sap basis transaction codes
sap basis transaction codessap basis transaction codes
sap basis transaction codesEOH SAP Services
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 
Sap security course syllabus
Sap security course syllabusSap security course syllabus
Sap security course syllabusHari Sankar
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online traininggrconlinetraining
 
SAP Overview for Managers
SAP Overview for ManagersSAP Overview for Managers
SAP Overview for ManagersAtanu Ghosh
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP SecurityNasir Gondal
 
Exclusive SAP Basis Training Book | www.sapdocs.info
Exclusive SAP Basis Training Book | www.sapdocs.infoExclusive SAP Basis Training Book | www.sapdocs.info
Exclusive SAP Basis Training Book | www.sapdocs.infosapdocs. info
 
SAP HR AND HCM Interview questions
SAP HR AND HCM Interview questionsSAP HR AND HCM Interview questions
SAP HR AND HCM Interview questionsIT LearnMore
 
SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC FrameworkHarish Sharma
 

La actualidad más candente (20)

SAP Security interview questions
SAP Security interview questionsSAP Security interview questions
SAP Security interview questions
 
SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important Questions
 
165373293 sap-security-q
165373293 sap-security-q165373293 sap-security-q
165373293 sap-security-q
 
51477813 45498199-sonia-f-sap-fico-project
51477813 45498199-sonia-f-sap-fico-project51477813 45498199-sonia-f-sap-fico-project
51477813 45498199-sonia-f-sap-fico-project
 
Sap grc-access-control-solution
Sap grc-access-control-solutionSap grc-access-control-solution
Sap grc-access-control-solution
 
SU01 - Background and Instruction
SU01 - Background and InstructionSU01 - Background and Instruction
SU01 - Background and Instruction
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation
 
sap basis transaction codes
sap basis transaction codessap basis transaction codes
sap basis transaction codes
 
SAP BI 7 security concepts
SAP BI 7 security conceptsSAP BI 7 security concepts
SAP BI 7 security concepts
 
What is sap security
What is sap securityWhat is sap security
What is sap security
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc
 
Sap security course syllabus
Sap security course syllabusSap security course syllabus
Sap security course syllabus
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online training
 
SAP Overview for Managers
SAP Overview for ManagersSAP Overview for Managers
SAP Overview for Managers
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP Security
 
Exclusive SAP Basis Training Book | www.sapdocs.info
Exclusive SAP Basis Training Book | www.sapdocs.infoExclusive SAP Basis Training Book | www.sapdocs.info
Exclusive SAP Basis Training Book | www.sapdocs.info
 
SAP HR AND HCM Interview questions
SAP HR AND HCM Interview questionsSAP HR AND HCM Interview questions
SAP HR AND HCM Interview questions
 
SAP GRC
SAP GRC SAP GRC
SAP GRC
 
Sap archiving process
Sap archiving processSap archiving process
Sap archiving process
 
SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC Framework
 

Destacado

Audit findings and the report
Audit findings and the reportAudit findings and the report
Audit findings and the reportDennis Arter
 
Solution Deliverable Process Analysis V1
Solution Deliverable Process Analysis V1Solution Deliverable Process Analysis V1
Solution Deliverable Process Analysis V1Tom Short
 
Dashboard and Scorecard Templates - Deliverable Based Consulting
Dashboard and Scorecard Templates - Deliverable Based ConsultingDashboard and Scorecard Templates - Deliverable Based Consulting
Dashboard and Scorecard Templates - Deliverable Based ConsultingDeliverable Based Consulting
 
Project report-format by vishal
Project report-format by vishalProject report-format by vishal
Project report-format by vishalvishal18900
 

Destacado (6)

Deliverables
DeliverablesDeliverables
Deliverables
 
Audit findings and the report
Audit findings and the reportAudit findings and the report
Audit findings and the report
 
Solution Deliverable Process Analysis V1
Solution Deliverable Process Analysis V1Solution Deliverable Process Analysis V1
Solution Deliverable Process Analysis V1
 
Project Overview
Project OverviewProject Overview
Project Overview
 
Dashboard and Scorecard Templates - Deliverable Based Consulting
Dashboard and Scorecard Templates - Deliverable Based ConsultingDashboard and Scorecard Templates - Deliverable Based Consulting
Dashboard and Scorecard Templates - Deliverable Based Consulting
 
Project report-format by vishal
Project report-format by vishalProject report-format by vishal
Project report-format by vishal
 

Similar a Sample Deliverable Report

Process assessment sample
Process assessment sampleProcess assessment sample
Process assessment sampleDynamic Systems
 
Process assessment sample
Process assessment sampleProcess assessment sample
Process assessment sampleDynamic Systems
 
Process assessment sample
Process assessment sampleProcess assessment sample
Process assessment sampleDynamic Systems
 
Micro turbine iii_pdr
Micro turbine iii_pdrMicro turbine iii_pdr
Micro turbine iii_pdrNitin Kharche
 
Cloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxCloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxAdityaChawan4
 
Continuous Delivery of a Cloud Deployment at a Large Telecommunications Provider
Continuous Delivery of a Cloud Deployment at a Large Telecommunications ProviderContinuous Delivery of a Cloud Deployment at a Large Telecommunications Provider
Continuous Delivery of a Cloud Deployment at a Large Telecommunications ProviderM Kevin McHugh
 
20160221 va interconnect_pub
20160221 va interconnect_pub20160221 va interconnect_pub
20160221 va interconnect_pubCanturk Isci
 
Accenture Case Study Solution by Amit Bhardwaj
Accenture Case Study Solution by Amit BhardwajAccenture Case Study Solution by Amit Bhardwaj
Accenture Case Study Solution by Amit BhardwajAmit Bhardwaj
 
GDPR and EA Commissioning a web site. 1 of 8. Introduction
GDPR and EA Commissioning a web site. 1 of 8. IntroductionGDPR and EA Commissioning a web site. 1 of 8. Introduction
GDPR and EA Commissioning a web site. 1 of 8. IntroductionAllen Woods
 
CA Cloud Service Management: Configuring Change Management
CA Cloud Service Management: Configuring Change ManagementCA Cloud Service Management: Configuring Change Management
CA Cloud Service Management: Configuring Change ManagementCA Technologies
 
A study on six sigma techniques and its application in reduction of seat reje...
A study on six sigma techniques and its application in reduction of seat reje...A study on six sigma techniques and its application in reduction of seat reje...
A study on six sigma techniques and its application in reduction of seat reje...Hitesh Kothari
 
MineDB Mineral Resource Evaluation White Paper
MineDB Mineral Resource Evaluation White PaperMineDB Mineral Resource Evaluation White Paper
MineDB Mineral Resource Evaluation White PaperDerek Diamond
 
Zeroth review presentation - eBay Turmeric / SMC
Zeroth review presentation - eBay Turmeric / SMCZeroth review presentation - eBay Turmeric / SMC
Zeroth review presentation - eBay Turmeric / SMCArvind Krishnaa
 
AWS Certified DevOps Engineer: What it is and how to get certified
AWS Certified DevOps Engineer: What it is and how to get certifiedAWS Certified DevOps Engineer: What it is and how to get certified
AWS Certified DevOps Engineer: What it is and how to get certifiedInfosec
 
Software Engineering (Software Configuration Management)
Software Engineering (Software Configuration Management)Software Engineering (Software Configuration Management)
Software Engineering (Software Configuration Management)ShudipPal
 

Similar a Sample Deliverable Report (20)

Telecom Convergence
Telecom ConvergenceTelecom Convergence
Telecom Convergence
 
Process assessment sample
Process assessment sampleProcess assessment sample
Process assessment sample
 
Process assessment sample
Process assessment sampleProcess assessment sample
Process assessment sample
 
Process assessment sample
Process assessment sampleProcess assessment sample
Process assessment sample
 
Role Based Access Control - Overview
Role Based Access Control - OverviewRole Based Access Control - Overview
Role Based Access Control - Overview
 
Micro turbine iii_pdr
Micro turbine iii_pdrMicro turbine iii_pdr
Micro turbine iii_pdr
 
Cloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxCloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptx
 
Capacity guide
Capacity guideCapacity guide
Capacity guide
 
Strategy
StrategyStrategy
Strategy
 
CG-LIMS CONOP
CG-LIMS CONOPCG-LIMS CONOP
CG-LIMS CONOP
 
Continuous Delivery of a Cloud Deployment at a Large Telecommunications Provider
Continuous Delivery of a Cloud Deployment at a Large Telecommunications ProviderContinuous Delivery of a Cloud Deployment at a Large Telecommunications Provider
Continuous Delivery of a Cloud Deployment at a Large Telecommunications Provider
 
20160221 va interconnect_pub
20160221 va interconnect_pub20160221 va interconnect_pub
20160221 va interconnect_pub
 
Accenture Case Study Solution by Amit Bhardwaj
Accenture Case Study Solution by Amit BhardwajAccenture Case Study Solution by Amit Bhardwaj
Accenture Case Study Solution by Amit Bhardwaj
 
GDPR and EA Commissioning a web site. 1 of 8. Introduction
GDPR and EA Commissioning a web site. 1 of 8. IntroductionGDPR and EA Commissioning a web site. 1 of 8. Introduction
GDPR and EA Commissioning a web site. 1 of 8. Introduction
 
CA Cloud Service Management: Configuring Change Management
CA Cloud Service Management: Configuring Change ManagementCA Cloud Service Management: Configuring Change Management
CA Cloud Service Management: Configuring Change Management
 
A study on six sigma techniques and its application in reduction of seat reje...
A study on six sigma techniques and its application in reduction of seat reje...A study on six sigma techniques and its application in reduction of seat reje...
A study on six sigma techniques and its application in reduction of seat reje...
 
MineDB Mineral Resource Evaluation White Paper
MineDB Mineral Resource Evaluation White PaperMineDB Mineral Resource Evaluation White Paper
MineDB Mineral Resource Evaluation White Paper
 
Zeroth review presentation - eBay Turmeric / SMC
Zeroth review presentation - eBay Turmeric / SMCZeroth review presentation - eBay Turmeric / SMC
Zeroth review presentation - eBay Turmeric / SMC
 
AWS Certified DevOps Engineer: What it is and how to get certified
AWS Certified DevOps Engineer: What it is and how to get certifiedAWS Certified DevOps Engineer: What it is and how to get certified
AWS Certified DevOps Engineer: What it is and how to get certified
 
Software Engineering (Software Configuration Management)
Software Engineering (Software Configuration Management)Software Engineering (Software Configuration Management)
Software Engineering (Software Configuration Management)
 

Más de agc infotech

Sap Risk Advisory Service V1.0
Sap Risk Advisory Service V1.0Sap Risk Advisory Service V1.0
Sap Risk Advisory Service V1.0agc infotech
 
Sample Deliverable Deliverables
Sample Deliverable DeliverablesSample Deliverable Deliverables
Sample Deliverable Deliverablesagc infotech
 
Sample Deliverable Dashboard
Sample Deliverable DashboardSample Deliverable Dashboard
Sample Deliverable Dashboardagc infotech
 
Brochure Auditing Erp System V2
Brochure Auditing Erp System V2Brochure Auditing Erp System V2
Brochure Auditing Erp System V2agc infotech
 
Agc Bpo Company Profile
Agc Bpo Company ProfileAgc Bpo Company Profile
Agc Bpo Company Profileagc infotech
 
Agc Infotech Company Proposal
Agc Infotech Company ProposalAgc Infotech Company Proposal
Agc Infotech Company Proposalagc infotech
 

Más de agc infotech (7)

Proc Flow
Proc FlowProc Flow
Proc Flow
 
Sap Risk Advisory Service V1.0
Sap Risk Advisory Service V1.0Sap Risk Advisory Service V1.0
Sap Risk Advisory Service V1.0
 
Sample Deliverable Deliverables
Sample Deliverable DeliverablesSample Deliverable Deliverables
Sample Deliverable Deliverables
 
Sample Deliverable Dashboard
Sample Deliverable DashboardSample Deliverable Dashboard
Sample Deliverable Dashboard
 
Brochure Auditing Erp System V2
Brochure Auditing Erp System V2Brochure Auditing Erp System V2
Brochure Auditing Erp System V2
 
Agc Bpo Company Profile
Agc Bpo Company ProfileAgc Bpo Company Profile
Agc Bpo Company Profile
 
Agc Infotech Company Proposal
Agc Infotech Company ProposalAgc Infotech Company Proposal
Agc Infotech Company Proposal
 

Sample Deliverable Report

  • 1. Table of Contents I) EXECUTIVE SUMMARY ...................................................................................................................................................................................................................................... 4 A) INTRODUCTION ................................................................................................................................................................................................................................................. 4 B) SCOPE AND COVERAGE .................................................................................................................................................................................................................................... 4 C) APPROACH ....................................................................................................................................................................................................................................................... 4 D) STATUS OF CONTROLS AND RECOMMENDATIONS ............................................................................................................................................................................................... 6 II) ANNEXURE ......................................................................................................................................................................................................................................................... 9 A) CONFIGURABLE CONTROLS .................................................................................................................................................................................................................... 10 i) ABC LTD. CONFIGURABLE CONTROLS ..........................................................................................................................................................................................................................11 a) Record to Report....................................................................................................................................................................................................................................................11 b) Acquire to Retire ....................................................................................................................................................................................................................................................14 c) Procure to Pay .......................................................................................................................................................................................................................................................17 d) Order to Cash ........................................................................................................................................................................................................................................................24 e) Inventory ................................................................................................................................................................................................................................................................27 ii) ADDITIONAL CONFIGURABLE CONTROLS ....................................................................................................................................................................................................................29 a) Record to Report....................................................................................................................................................................................................................................................29 b) Procure to Pay .......................................................................................................................................................................................................................................................29 c) Order to Cash .........................................................................................................................................................................................................................................................31 d) Inventory ................................................................................................................................................................................................................................................................33 iii) ADDITIONAL RECOMMENDATIONS ................................................................................................................................................................................................................................35 B) USER SECURITY ......................................................................................................................................................................................................................................... 38 i) OBSERVATION ....................................................................................................................................................................................................................................................................39 ii) ADDITIONAL RECOMMENDATIONS .................................................................................................................................................................................................................................40 C) SYSTEM SECURITY (BASIS) ...................................................................................................................................................................................................................... 43 i) OBSERVATIONS .................................................................................................................................................................................................................................................................44 ii) ADDITIONAL RECOMMENDATIONS .................................................................................................................................................................................................................................46 D) SYSTEMS DEVELOPMENT LIFE CYCLE (SDLC) AND DATA MIGRATION CUTOVER PROCEDURES .............................................................................................. 48 i) OBSERVATION ....................................................................................................................................................................................................................................................................49 ii) ADDITIONAL RECOMMENDATIONS .................................................................................................................................................................................................................................50
  • 2. EXECUTIVE SUMMARY • Privileged User Access Review (Recommended as a pre go-live check) I) Executive Summary • Critical Transaction Access Review (Recommended as a pre go-live check) 3) System Security Review (BASIS): A) Introduction ABC Ltd. has embarked on an initiative to transition from legacy IT applications to • Critical Security Parameter Review - Direct changes to Production client, user SAP to align itself to the corporate systems and to gain process efficiencies authentication and table maintenance parameters utilizing SAP. The SAP implementation project name is ABC Ltd. which will be used throughout this report. In order to ensure a secured internal control • Security Table and Log Maintenance - Log enabling of critical security and environment for the new implementation, ABC Ltd. has engaged AGC to perform financial data tables as per leading practices a Pre-Implementation Review encompassing Configurable Controls, System and User Security, and the Systems Development Life Cycle (SDLC). This report • Password Controls - Compliance of SAP password parameters with ABC provides a summary of the scope, approach, findings and recommendations of LTD. password standards this review. • Security Change Management Procedures - Transport Management System (TMS) security and parameter configuration for compliance with SDLC B) Scope and Coverage 4) Systems Development Life Cycle (SDLC) and Data Migration Cutover AGC performed a project assurance review of the ABC Ltd. SAP Implementation Procedures Review: project. This was not an audit and therefore we do not express an overall opinion or conclusion on the reliability or integrity of the system. The review was SDLC Review: Adherence to ABC LTD. IT Project Lifecycle Methodology/ASAP performed “real-time” as the project was in progress therefore recommendations Implementation Methodology; Adherence to Checkpoint Reviews on overall internal control enhancements and risk mitigation were directed to the project team as the system was being implemented. Project Governance Review: 1) Configurable Controls Review: • Program Management Structure - Roles & Responsibilities (RACI matrix) • Evaluation of the existing configurable controls for their applicability, • Scope & Delivery Management - Deliverables tracking, Acceptance criteria existence, completeness and operating effectiveness. (QA/sign-offs), Scope Control, Change Management, Issue Tracking and Resolution • Propose and evaluate additional configurable control opportunities • Project Health Status Measurement, Monitoring & Reporting Procedures - 2) User Security Review: Scope, Deliverables, Schedule, Cost, Risks, Issues • Segregation of Duties Review - Adequacy and Completeness of GRC rule C) Approach sets 1) Configurable Controls Review: • User Role Design - Review of appropriateness of user/role creation procedures; Sample validation of users/roles The existing configurable controls were evaluated for their applicability to ABC Ltd. and all the applicable controls were tested in the Development environment. SAP PRE-IMPLEMENTATION REVIEW REPORT Page 4 of 53 DRAFT FOR DISCUSSION
  • 3. EXECUTIVE SUMMARY Further, upon understanding the business processes, additional configurable control opportunities were proposed to the ABC Ltd. project team. Upon confirmation of the applicability/ feasibility of these controls, they were tested in the Development environment to confirm they were properly designed and operating effectively. All exceptions were discussed with the ABC Ltd. team for inclusion in the SAP configuration, as applicable. 2) User Security Review: Segregation of Duties Review – The SAP GRC Access Control Rule sets were reviewed for adequacy and completeness. The review included rule sets and underlying transaction codes. User Role Design – ABC’s procedures for designing user roles in SAP were reviewed for their alignment with leading practices and recommendations were provided to strengthen the controls. Privileged User Access Review and Critical Transaction Access Review – Since the user roles and users were not set up completely in the system at the time of this review, these are recommended to be included in the pre go-live check procedures 3) System Security Review (BASIS): We reviewed the SAP Development environment for critical system security (BASIS) parameters, activations for log maintenance for security and financial data tables, password controls in compliance with ABC LTD. standards and leading practices, and system change management procedures. 4) SDLC and Data Migration Cutover Procedures Review: As a part of our review, we walked through the SDLC procedures and their compliance with the ABC LTD. IT Project Lifecycle Methodology / ASAP implementation methodology and project governance aspects related to scope and delivery management, monitoring and reporting procedures for scope, deliverables, schedule, costs, risks and issues. We obtained the necessary documentation for the review from the ABC Ltd. project team and ABC LTD. PMO. Findings and recommendations were shared with the project team for consideration. SAP PRE-IMPLEMENTATION REVIEW REPORT Page 5 of 53 DRAFT FOR DISCUSSION
  • 4. EXECUTIVE SUMMARY D) Status of Controls and Recommendations i) Configurable Controls Review ABC Ltd. configurable controls: Status of Control as on Report issue date Business Process Total Controls Initial Observations Business To be validated in a Compliant Requirement future assessment Record to Report 10 4 9 0 1 Acquire to Retire 6 4 6 0 0 Procure to Pay 19 14 14 0 5 Order to Cash 10 5 9 1 0 Inventory 3 3 3 0 0 TOTAL 48 30 41 1 6 SAP PRE-IMPLEMENTATION REVIEW REPORT Page 6 of 53 DRAFT FOR DISCUSSION
  • 5. EXECUTIVE SUMMARY Additional Configurable Controls: Total Status of Control as on Report issue date Control Applicable Control Not Applicable Business Process Recommended for ABC Ltd. for ABC Ltd. Business To be validated in a Controls Compliant Requirement future assessment Record to Report 3 3 0 1 0 2 Procure to Pay 8 5 3 5 0 0 Order to Cash 7 2 5 1 0 1 Inventory 2 1 1 1 0 0 TOTAL 20 11 9 8 0 3 Status Definitions Compliant Controls configured in SAP post recommendation Business Requirement Controls cannot be configured for valid business requirements To be validated in a future assessment Controls to be assessed on a future data after necessary changes made in SAP Additional Recommendations for Configurable Controls • We provided 7 high-level recommendations based on the trends we observed in ABC Ltd. and in alignment with the leading practices for similar scale SAP implementations. SAP PRE-IMPLEMENTATION REVIEW REPORT Page 7 of 53 DRAFT FOR DISCUSSION