header background image

Quick Do-It-Yourself Analysis of Single Action Violations in Your SAP System

November 13, 2024

by

Tomislav Limbevski

#

SAPAuthorization

#

SAPCompliance

Introduction

In today's complex business environment, organizations rely heavily on Enterprise Resource Planning (ERP) systems like SAP to manage critical operations. While these systems enhance efficiency and data management, they also introduce significant risks if not properly monitored. One such risk is "single action" violations—activities performed by a single user that can have high-risk implications, such as altering vendor bank details or modifying pricing information without appropriate oversight.

These single action risks pose serious concerns for internal auditors, security consultants, and compliance officers. Unauthorized or unchecked changes can lead to financial fraud, data breaches, and non-compliance with legal requirements like the Sarbanes-Oxley Act (SOX) or the General Data Protection Regulation (GDPR). Every company, regardless of size or industry, faces these challenges due to the universal reliance on digital systems for business processes.

Addressing single action risks isn't just a best practice—it's a legal and ethical necessity. Effective internal controls and vigilant monitoring are essential to prevent fraudulent activities and to comply with regulatory standards. This guide provides a practical approach to analyzing single action violations within your SAP system using SAP QuickViewer (SQVI) and explores alternative methods to enhance your risk management strategies.

Using SQVI for Document-Level Change Analysis

This guide will walk you through creating an SAP QuickViewer Report (SAP standard transaction SQVI) to analyze document-level changes using the tables CDHDR and CDPOS. While SQVI is a powerful tool for quick data analysis, working with CDPOS—a cluster table—presents specific limitations. This guide will explore viable methods and explain why SQVI alone cannot handle this analysis directly.

1. Access SQVI and Create a New Query

  • Navigate to SQVI in SAP. Click Create to start a new query.

2. Enter Query Name and Description

  • Enter a name for the query, like SingleActionQ, and provide a description.

3. Select Table Join as Data Source

  • Choose Table Join as the data source.

4. Adding Table CDPOS

  • On the Table Join Definition screen, Insert table CDPOS

5. Error Encounter with Cluster Table

  • Attempt to define the join between CDHDR and CDPOS
BROCHURE – the benefits of our products!

remQ - Business Inspector for SAP® Software

remQ – Business Inspector for SAP Software offers Business Transaction Monitoring and auditing software with built-in expert know-how.

Tablet showing the cover page of the document

Key Insights and Constraints

After testing SQVI for CDHDR and CDPOS, it's evident that SQVI does not allow direct joins with CDPOS since it’s a cluster table. This limitation requires alternative approaches for analyzing changes documented in both tables.

Below are the main options available to you.

Alternative Options for Document-Level Change Analysis Using CDHDR and CDPOS

1. Custom ABAP Report

Creating a custom ABAP report is the most effective approach for analyzing CDHDR and CDPOS together. This method bypasses the limitations of cluster tables in SQVI, allowing full data retrieval and flexible querying. By directly coding the join logic between CDHDR and CDPOS, an ABAP report can fetch all relevant fields without the restrictions of QuickViewer.

2. SAP Standard Reports (RSSCD100 or RSSCD200)

SAP provides built-in reports to view change documents without requiring a manual join:

  • RSSCD100: Use this report to display specific object changes.
  • RSSCD200: This report lists change documents for various objects.

These reports can be executed via transaction SE38, allowing you to filter based on object class, object key, or change date to view detailed modifications.

Conclusion

Effectively managing single action risks in your SAP system is crucial for safeguarding your organization's assets and ensuring compliance with legal and regulatory requirements. While tools like SAP QuickViewer (SQVI) offer a starting point for analyzing user activities, they come with limitations, especially when dealing with complex cluster tables like CDPOS. Alternative methods such as custom ABAP reports or standard SAP reports (RSSCD100, RSSCD200) provide more in-depth analysis but may require specialized expertise and significant time investment.

For a more streamlined and efficient solution, consider utilizing remQ by VOQUZ Labs. RemQ is an out-of-the-box product designed to automate the monitoring of critical actions within SAP systems. It simplifies the detection of single action violations by providing pre-configured rules and an intuitive interface, reducing the need for complex queries or custom reports. With remQ, you can proactively identify and address potential risks, ensuring robust internal controls and compliance with legal standards.

By integrating remQ into your risk management strategy, you not only enhance your ability to detect and prevent fraud but also free up valuable resources to focus on strategic initiatives. Learn more about how remQ can help you mitigate single action risks and strengthen your internal controls by visiting VOQUZ Labs remQ.

The two reports are basically identical, with more details to be search upon in RSSCD200.

3. Two-Step Query in SQVI

Although SQVI does not support joins with cluster tables like CDPOS, you can retrieve the data in a two-step process:

  • Step 1: Create a QuickViewer query on CDHDR to retrieve relevant change document numbers (CHANGENR).
  • Step 2: Use the change document numbers from the CDHDR query to filter a second query on CDPOS for detailed field changes.

4. Table Viewer (SE16N or SE11)

For a more manual approach:

  • First, query CDHDR using your desired filters (object type, date range) to retrieve change document numbers.
  • Next, take the document numbers from CDHDR and use them to query CDPOS for detailed field changes.

4. remQ Single Action Tool

TALK TO US – book a free meeting

WE ARE HERE FOR YOU!

Let’s chat and find the best strategy for yourbusiness! It’s about individual expert advice tailored to your business needs. Tools are only as good as their application. We don’t leave you alone with your solutions, we help you get the most out of them.

Tablet showing the cover page of the document
No items found.

Key Components of the Configuration Screen:

  1. Rule ID: Unique identifier for each rule. Use this to differentiate between multiple single-action rules.
  2. Check ID: the ID used by remQ product.
  3. Object: Represents the object for which the rule applies. This field should contain relevant SAP cluster table.
  4. Object - Label: Descriptive label for the check ID, providing more clarity on the type of action being configured.
  5. Horizon Days: Defines the time horizon in days for monitoring the action. Enter the number of days within which the system should look for potential conflicts.
  6. Table: Specifies the SAP table associated with the rule. This table will be the source of data for monitoring actions related to the rule.
  7. Field: Field within the specified table that is relevant to the rule, allowing for targeted checks.
  8. Username: Field to identify the user who performed the action. Click on the arrow icon to select the relevant field for tracking user activity.
  9. Description: Optional field to provide a more detailed description of the rule.
  10. Status: Defines a custom status of the rule.

In this guide, we've explored how to use SAP QuickViewer (SQVI) to analyze single action violations and document-level changes. While SQVI is a powerful tool for creating quick, custom reports, its limitations with cluster tables like CDPOS necessitate alternative methods for deeper data analysis. We’ve outlined multiple approaches, including custom ABAP reports and standard SAP reports (RSSCD100, RSSCD200), to bypass these constraints. Additionally, we reviewed manual methods to extract and join data from CDHDR and CDPOS, empowering users to perform targeted change tracking within SAP. By leveraging these strategies, you can gain valuable insights into document-level modifications, enabling more precise and effective monitoring of system changes.

ABOUT THE AUTHOR

Tomislav Limbevski

With over 18 years of SAP experience, Tomislav is a seasoned Customer Success Manager at VOQUZ Labs, specializing in the remQ product with SAP functional expertise. Known for his solution-oriented and detail-focused approach, Tomislav is dedicated to driving customer success and innovating solutions within the SAP landscape. With a strong focus on maximizing the value of remQ, he continuously seeks to make a tangible impact and deliver exceptional results to clients. A sparring partner to solve your risk and compliance problems? Then Tomislav :)

SEND US A MESSAGE

Do you have any questions or something to add? Just leave us a message, please! Your message will be delivered by e-mail to us and will not be published.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Illustration of a woman editing documents

Register for our newsletter now!
Keep yourself up to date!

Thank you! Your successfully signed up for our newsletter.
Oops! Something went wrong while submitting the form.

MORE RELEVANT ARTICLES

Thumbnail that links to the post below

Important Updates for remQ: Transition to S/4HANA and New Features

30.10.2024

|

SAPCompliance

Thumbnail that links to the post below

Quick Do-It-Yourself Analysis of SoD Violations in Your SAP System

24.10.2024

|

SAPAuthorization

Thumbnail that links to the post below

Significant decisions regarding your SAP infrastructure lie ahead

4.9.2024

|

RISEwithSAP