Scribd
Upload
626 views3 pages

Sap Itgc Notes

ITGC (Information Technology General Controls) are essential controls that ensure the integrity, confidentiality, and availability of data in SAP systems, focusing on access controls, change management, program development, and computer operations. Key categories include user access controls, program change management, and data backup, with specific SAP tools and T-Codes for each area. Integration with SAP GRC automates monitoring and management of these controls, enhancing compliance and risk management.

Uploaded by

PosaSivaram
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
626 views3 pages

Sap Itgc Notes

ITGC (Information Technology General Controls) are essential controls that ensure the integrity, confidentiality, and availability of data in SAP systems, focusing on access controls, change management, program development, and computer operations. Key categories include user access controls, program change management, and data backup, with specific SAP tools and T-Codes for each area. Integration with SAP GRC automates monitoring and management of these controls, enhancing compliance and risk management.

Uploaded by

PosaSivaram
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

SAP ITGC (Information Technology

General Controls)
✅ What is ITGC?
ITGC (Information Technology General Controls) are foundational controls that support the
reliability of data and operation of application controls in IT systems like SAP. These
controls ensure the integrity, confidentiality, and availability of the data.

In SAP, ITGC focuses on securing configurations, change management, access controls, and
system operations.

📂 Categories of ITGC in SAP

1. Access to Programs and Data (User Access Controls)


Purpose: Prevent unauthorized access to systems, transactions, and data.

Key Controls:
- User ID creation and termination process
- Role-based access control (RBAC)
- Periodic user access reviews
- Segregation of Duties (SoD)
- Sensitive transaction monitoring

SAP Tools and T-Codes:

Function T-Code
User Master Record SU01
Role Maintenance PFCG
User List SUIM
Role Assignment Audit SUIM > Roles by Complex Selection Criteria
Access Logs STAD, SM20

2. Program Change Management


Purpose: Ensure all changes to SAP system/programs are properly authorized, tested, and
implemented.

Key Controls:
- Change request and approval process
- Transport management process
- Emergency change management
- Developer access control

SAP Tools and T-Codes:

Function T-Code
Change Request Management SOLMAN
Transport Organizer SE09 / SE10
Display Transport Logs STMS_IMPORT
Version Comparison SCU3, SE39

3. Program Development and Implementation


Purpose: Ensure new systems and developments follow formal SDLC and are properly
authorized and tested.

Key Controls:
- Documentation of functional/technical specs
- Developer segregation
- Testing (Unit, UAT)
- Approval sign-offs
- Migration control

Note: Most of these are supported by documentation outside SAP and tracked via SAP
Solution Manager.

4. Computer Operations / Data Backup


Purpose: Ensure SAP systems are properly maintained, backed up, and monitored.

Key Controls:
- Daily system monitoring
- Backup & recovery procedures
- Batch job monitoring
- Performance tracking

SAP Tools and T-Codes:

Function T-Code
System Log SM21
Background Jobs Monitoring SM37
Backup Logs Through OS or DB layer
System Status SM51, ST02, ST06
🔍 Examples of ITGC in SAP Audits
Audit Focus Area Example Control
Access Controls Users are deactivated within 24 hours of
termination
SoD Conflicts Users are not allowed both Vendor Master
Change & Payment T-Codes
Transport Control Changes move from DEV to PRD only
through approved requests
Emergency Access Firefighter ID usage is logged and reviewed
(GRC)

🧩 Integration with SAP GRC


SAP Governance Risk & Compliance (GRC) helps automate ITGC monitoring:
- Access Control – User provisioning, SoD, Firefighter
- Process Control – Automate control testing
- Risk Management – Identify & assess IT-related risks
- Audit Management – Plan and track audits

📝 Summary
ITGC Domain Focus Key SAP Tools
Access Controls Who can access what SU01, SUIM, PFCG
Change Management Who can change system SE09, STMS, GRC
Program Development How systems are built SOLMAN, Custom Workflow
Computer Operations Are systems running SM21, SM37, ST02
properly

You might also like