Risks in SAP: Are all risks identified, and are we working to resolve them? Are there risks that we are unaware of or that are hidden?
In strictest rigor, it is likely that we will never have all risks fully controlled. However, it is imperative to know them all and establish a work plan for analysis and prioritized implementation of improvements.
CentinelBox, through its Auditor, Risk Analysis, and Security Status modules, offers over 100 reports, analyses, and dashboards that help make all risks visible. We present some interesting ones that detect risks resulting from administrators’ lack of knowledge or poor practices:
Inactive user accounts with assigned roles
Risk: Temporary activation of accounts and misuse of their authorizations
First report: Inactive user accounts with assigned roles.
Second report: Inactive accounts with system access.
Parent and derived roles with discrepancies
Risk: In the event it occurs, the difference in authorization object values could allow unauthorized operations to be performed.
Transactions used without being assigned
Risk: Misuse of unauthorized assignments
Detection of transactions used without being assigned by the ABAP account
Roles assigned to the ABAP account
Role Z_ALL contains generic type transactions
Identified role cross-assignment to the ABAP account
Like these, CentinelBox provides reports to achieve a truly secured system
Schedule a personalised demo directly with me so you can see how our platform enables assertive and successful internal control.