The reality is that a SAP system stores key financial information that needs security controls to prevent unauthorised access and changes. With compliance requirements like FCFA, SoX, IIA, ISAE SOC 1 and many others, it is evident the organisation understand the language of a SAP system, the basics of a SAP audit, SAP security and SAP compliance so that they are seen as informed and contributory stakeholders in front of auditors and SAP risk consultants.
- Understand the basics of the SAP system.
- Basic awareness on SAP compliance, security and audit.
- Understand the key concepts in SAP compliance, security and audit.
- Be an informed participant to SAP risks discussion with senior management and SAP consultants.
- Understanding typical SAP audit findings and approach to risk remediation.
- Understanding common SAP weaknesses and areas of improvement.
- Ability to link SAP security to organisation compliance requirements.
- Ability to link SAP weaknesses to areas of fraud in the business.
- Ability to link SAP risks to user’s unauthorised access to confidential data.
- Understand the basics of SAP security including SAP role and authorisation concept and segregation of duties conflicts.
- Understand the relevance of SAP security in wider organisation compliance requirements (such as Sarbanes Oxley Act, Internal controls on Financial Reporting, etc.).
- Understand SAP weakness to accounts payables and general ledgers processes (common areas of fraud).
- Understand key SAP settings on password management, account lockout management and SAP logging/audit trail features.
- Understand SAP user access provisioning process weaknesses and audit alarms.
- Understand SAP landscape to overall change management process requirements.
- Understand SAP role concept and challenges in SAP authorisation management.
- Understand SAP risks in integration with other systems.
- Understand the wider SAP cyber security risks.
- Understand typical SAP ITGC control requirements.