6\VWHP $GPLQLVWUDWLRQ 0DGH (DV\

Chapter 11: Security AdministrationAuditsbe placed on the data in the R/3 System. Your external auditors will evaluate your systemsecurity to determine what audit tests to perform and how much testing they will have todo.If their evaluation results are not good, they may need to increase the scope of their audit.This increased scope also increases the cost of the audit, and the extra work could delay thecompletion of the audit. In a worst case scenario, they could determine that the security is soweak that they cannot issue an opinion on the company’s financial statements. Thissituation is really bad.Because of the effect on the stock price (down) that this inability to issue an opinion willprobably cause, the chief financial officer (CFO), and likely the president, will be quiteupset. Is your resume updated?A security audit is performed specifically to test the security of the R/3 environment. Thisaudit is usually done as a part of the financial audit or to comply with government or otherregulatory agencies. It can also be done by your company’s internal audit group.As a security audit.As a part of the financial audit, the CPA will typically do a security audit of R/3 and theassociated systems. The purpose of the security audit is to determine how much reliance canbe placed on the data in the R/3 System. Your external auditors will evaluate your systemsecurity to determine what audit tests to perform and how much testing they will have todo.The audit is also done to test the security of confidential data, such as: Financial information Customer data Product information Company personnel data (from the HR module)Audit considerations are the things that auditors will look at when they do the financialaudit, or a computer security audit.Some of these considerations are: Physical security Network securitySystem Administration Made Easy11–5