Security, Audit and Control Features SAP ERP, 4th Edition 

SAP SE is a multinational software corporation that makes enterprise software to manage business operations and customer relations; their primary product is SAP ERP Central Component (known as ECC, but previously named SAP R/3). This technical reference guide on security and audit of SAP ERP covers the introduction to strategic risk management in an ERP environment, and SAP ERP-specific security and auditing techniques that are unique to SAP ERP.

Security, Audit and Control Features SAP® ERP, 4th Edition provides practical guidance for all stakeholders involved in the SAP enterprise resource planning (ERP) audit/assurance process. The objective of the publication is to enable audit, assurance, risk and security professionals (information technology [IT] and non-IT) to evaluate risk and controls in existing ERP implementations and to facilitate the design and building of better practice controls into system upgrades and enhancements. The publication was designed to be a practical how-to guide based on SAP ECC versions 5.0 and 6.0. However, most of the features and testing techniques described are also applicable to the earlier versions of SAP® R/3, namely 4.6c and 4.7.

Updates in this 4th Edition include:

  • New functionality offered in SAP ECC 6.0 and NetWeaver
  • 8 new chapters to cover Financial Accounting (FI), Managerial Accounting (CO), Human Capital Management (HCM) and BASIS Administration and Security. Following each topic is a “How to Audit” chapter
  • 1 new chapter on SAP security functionality
  • Updated to the latest Sarbanes-Oxley control objectives
  • Updated to COBIT 5
  • 8 new internal control questionnaires (ICQs) to prepare audit/assurance plans
  • Easy to follow risk, control objectives and testing techniques for each module