Hello. My team is responsible for montoring firefighter ID usage on SAP GRC 5.3_21.7. Currently updates a master log documenting each time a user logs in with a firefighter ID regardless as to whether they execute a transaction code. Is there any risk (from an audit perspective) associated with logging in but not executing a transaction code. I'm fairly new on the job and I want to remove governance processes that may be redundant. We pull detail reports for t-codes that are executed on production for a specified period on weekly basis. I'm just not sure whether requiring management to log firefighter login's when no t-code has been executed in necessary. Open for suggestions.
↧