HomeBlogUncategorizedSAP Auditing & Security Compliance

SAP Auditing & Security Compliance

The reality is that a SAP system stores key financial information that needs security controls to prevent unauthorised access and changes. With compliance requirements like FCFA, SoX, IIA, ISAE SOC 1 and many others, it is evident  the organisation understand the language of a SAP system, the basics of a SAP audit, SAP security and SAP compliance so that they are seen as informed and contributory stakeholders in front of auditors and SAP risk consultants.

  • Understand the basics of the SAP system.
  • Basic awareness on SAP compliance, security and audit.
  • Understand the key concepts in SAP compliance, security and audit.
  • Be an informed participant to SAP risks discussion with senior management and SAP consultants.
  • Understanding typical SAP audit findings and approach to risk remediation.
  • Understanding common SAP weaknesses and areas of improvement.
  • Ability to link SAP security to organisation compliance requirements.
  • Ability to link SAP weaknesses to areas of fraud in the business.
  • Ability to link SAP risks to user’s unauthorised access to confidential data.
  • Understand the basics of SAP security including SAP role and authorisation concept and segregation of duties conflicts.
  • Understand the relevance of SAP security in wider organisation compliance requirements (such as Sarbanes Oxley Act, Internal controls on Financial Reporting, etc.).
  • Understand SAP weakness to accounts payables and general ledgers processes (common areas of fraud).
  • Understand key SAP settings on password management, account lockout management and SAP logging/audit trail features.
  • Understand SAP user access provisioning process weaknesses and audit alarms.
  • Understand SAP landscape to overall change management process requirements.
  • Understand SAP role concept and challenges in SAP authorisation management.
  • Understand SAP risks in integration with other systems.
  • Understand the wider SAP cyber security risks.
  • Understand typical SAP ITGC control requirements.

This is a staging environment