cancel
Showing results for 
Search instead for 
Did you mean: 

QAS Approval Process

Former Member
0 Kudos

I want to understand, whether SOD (segregation of duties) is practiced in quality approval process. whether the person, who created a change request can approve the change request in QAS system?

what are the various role & responsibilities implemented in SAP change management process? what extent SOD (segregation of duties) is implemented in the same process?

Your answer will help me implement, some internal controls in our organization. We are one of the fortune 500 company (just to understand the size of the company)

Thanks in advance,

Krishna

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Depending on the organisation, different approaches are used.

The transport system can be authorized depending on Activity and Request Type.

To handle this, there is one authorization object called S_TRANSPRT.

In this object, you can set the values of two fields.

- Activity (ACTVT), which can have one or more of the following

01 Create or generate

02 Change

03 Display

05 Lock

06 Delete

23 Maintain

43 Release

50 Move

60 Import

65 Reorganize

75 Remove

78 Assign

90 Copy

- Request Type (TTYPE), which can have one or more of the following

CLCP Client Transports

CUST Customizing requests

DTRA Workbench requests

MOVE Relocation transports

PATC Preliminiary corrections and deliveries

PIEC Object list

TASK Tasks

TRAN Transport of copies

Based on this, you can create different roles.

Some Examples:

- Role for creating Workbench Request

- Role for creating Task

- Role for Release of Task

- Role for Release of Workbench Request

- Role for Import Request

Is this what you ment ?

Former Member
0 Kudos

Thanks a ton, it was very informative.

But still, I wanted to understand whether the practice of approval by the same person, who created the request/owner of the request is acceptable or not? whether it is by design should be avoided as a segregation of duties in the quality approval process? In the current scenario, the same person can create, release, develop or change and approve it in quality. In some cases the same person can also import into the QAS or Production. I would like to know whether this practice is acceptable and what is the industry practice in general and as a best practice?

Regards,

Krishna

Former Member
0 Kudos

If we are talking about SOX,

The creating and approval should be performed by different users.

In smaller companies we solved this by having two different user-names depending on what "role" the user have when he/she works.

E g

1 - login as "sam_smart_worker" and create request

2 - login as "sam_smart_boss" and approve request (release)

3 - transport manager (another person/user) imports the approved requests.

Former Member
0 Kudos

Hi Thanks for the reply, It was very much helpful.

I have another doubt in the change management process. Do we create a new reversal change request for the change requests, rejected at the quality system? Is it recommended that one should create a reversal change request to nullify the impact of the original change request on the quality system objects?

Regards,

Krishna

Former Member
0 Kudos

Hi,

Sorry for the delay...

If a test failes, you have (in my opinion) three choises:

- Create an reversal request and transport to test system and reject afterwards (e g not transported to production).

- Correct the problem import the reqeust to the test system. If this is OK, then both request must be approved and also imported in the correct order.

- Correct the problem, include the entries from the rejected request and import to the test system. If this is OK, the only this request is approved and transported to production.

Edited by: Tomas Gustafsson on Jun 8, 2008 2:17 PM

Answers (0)