I trying to understand and performing a SAP GRC Firefighter review from an IT Audit perspective doing data analytics with the full population. Is any of you that have already done that or can give me some guidance?
Basically, critical aspects from my point of view is being able to:
1. Track usage time from each of the Firefigher sessions
2. Track the approved timing. From my understanding, approvals can be for a period of time ej. 1 month. This means that once a Firefighter has been approved for a month, it can log in in sessions as many times as the user wants (of course with a log recording and revision afterwards by one of the log reviewers). Please let me know if I am wrong 🙂
3. What is the timing between the usage of the firefighter sessions until there is a reviewer that reviews the activity. Is there any table that allows to see the timing of when the revision of the logs from the firefighter activities are performed by the log reviewer?
4. Where could we see which users can request each firefighter accounts?
I would like to do everything (or most of the control testing) with backend SAP tables such as (or others):
I would highly appreciate your help here.