Authorization Management As The Control of Risk on SAP Software Implementation in Procurement Business Process (case study at PT. Krakatau Steel (Persero) Tbk.)

Abstract

Development at System Application and Product (SAP) software project may help PT. Krakatau Steel to enhance the business process operation. It has sophistication that able to integrate the information system where the information from different directorate or sub-directorate that will located in one system. It will ease the user to access the transaction or some activities based on the function and job description. Nevertheless, this project faces critical problem cause the complexity and security data on the software. It happens because inexistence standard which become the guidance on software operation and there are no rules for user as a border to access critical data. As the consequence from those conditions there will arise uncertainty which can influence emergence of risk. When the risk is existing, it will give impact to running of business activity. To address these challenges, this research tries to identify and assess the risk on SAP software operation. Risk management used to identify some risks that arise toward the SAP operation and has objective to minimize some potential risk with an activity control. Risk management activity involves every aspect that take part on SAP software development project. The research chose to implements Committee of Sponsoring Organizations of the Tredway Commission (COSO) framework which able to solve the risk problem and able to enhance the management performance with efficiency and effectiveness operation. This research addressed the company to enhance security system on SAP software operation with the mitigation activity. Furthermore, the result shows risk profile and activity control to address the challenge. As the activity control, user authorization catalog has been proposed through mapping the transaction code with the job description on each position. It will make the user can access only the transaction code which based on their job description. So, it can limit the user access for every critical data on SAP software and minimize the data leakage that caused by unknown entities access.