“Fast paced, well communicated audit and security approaches to SAP.”
-Van Jones, Supervisor IT Auditing, Bemis Co.
In this four-day seminar you will investigate the risks inherent in the SAP application, detailing some of the most effective control opportunities you can configure or design into the application. You will cover the critical business processes required to ensure that SAP is working as intended and that your processes and monitoring procedures support effective system control. You will review the risks and general control opportunities provided by SAP, and examine the security and basis configuration settings necessary to support a strong control environment for the rest of the system.
You will pinpoint the risks related to default IDs, profile parameters, IMG configuration and maintenance, and segregation of duties. You will then drill down to core business processes, including the financial close cycle (supported by FI/CO), the order-to-cash cycle (supported by SD), the purchase-to-pay cycle (supported by MM), and the personnel management and administration cycle (supported by HCM). Within these modules you will review such critical configuration settings as field status groups, validation routines, posting and payment tolerances, stochastic blocking, dual control over sensitive fields, minimum pricing conditions, and automatic credit checking. You will also cover the key risks and controls within inventory, asset management, production planning, and other common areas supported by SAP.
In addition, you will explore where SAP is going with its SAP BusinessObjects Governance, Risk, and Compliance (GRC) suite of applications, and review the auditing and monitoring changes required to move down this path. You will learn how to structure your implementation or upgrade to avoid common audit issues “post go-live.” You will delve into advanced auditing techniques supported by tools within the standard SAP application, including the Audit Information System (AIS) as well as advanced data analysis opportunities that can be provided by ACL, IDEA and, in some cases, the SAP BusinessObjects suite itself. You will leave this high-impact seminar with the know-how to assess your own system and provide recommendations for improving both SAP configuration and usage.
Note: The course materials are structured around SAP ECC 6.0, however the control risk content is generally applicable to all versions of SAP R/3 back to 4.6c.
Prerequisite: None Advance Preparation: None
Learning Level: Intermediate Delivery Method: Group-Live
Field: Computer Science