Global Leader in Information Security and Internal Audit Training
Link North America section Link Europe section Link Asia section

All programmes Fraud Internal Audit Core Programs
All programmes
All programmes Information Security Core Programs IT Audit Core Programs
All programmes 3rd Annual CISO Asia Summit & Roundtable
Search MIS Training  
     Courses & Events      In-House Training      Ways to Save      Request Info      Call for Instructors      Contact MIS
Internal Audit IT Audit Info Security
Audit and Security of SAP  
Learning Level: Intermediate
CPEs: 24
Focus and Features Agenda Enquiry Register
In-house Who Should Attend Download Brochure FAQ
Focus and Features

In this three-day course you will investigate the risks inherent in SAP, and learn how to configure and design the most effective controls. You will master the critical business processes required to ensure that SAP is working as intended and that your processes and monitoring procedures support effective system control. This course will review the risks and general control opportunities provided by SAP and examine the security as well as basis configuration settings necessary to support a strong control environment for the rest of the system.

You will pinpoint the risks related to default IDs, profile parameters, IMG configuration and maintenance and segregation of duties. You will drill down to core business processes, including the financial close cycle supported by FI/CO), the order-to-cash cycle (supported by SD), the purchase-to-pay cycle (supported by MM) and the personnel management and administration cycle (supported by HCM). Within these modules you will assess and examine the critical configuration settings such as field status groups, validation routines, posting and payment tolerances, stochastic blocking, dual control over sensitive fields, minimum pricing conditions, and automatic credit checking. You will also analyse the key risks and controls within inventory, asset management, production planning, and other common areas supported by SAP.

This course will explore SAP’s Governance, Risk, and Compliance (GRC) suite of applications and review the  auditing and monitoring changes required. You will learn how to structure your implementation or upgrade to avoid common audit issues “post go-live”. You will also delve into advanced auditing techniques supported by tools within the standard SAP application, including the Audit Information System (AIS) as well as advanced data analysis opportunities that can be provided by ACL, IDEA and, the SAP suite itself. You will leave this high-impact course able to assess your own system and provide recommendations for improving both SAP  configuration and usage.

Note: The course materials are structured around SAP ECC 6.0, however the control risk content is generally applicable to all versions of SAP R/3 back to 4.6c.

Course Director: Steve Biskie

Steve Biskie has over 20 years’ experience in IT audit for public accounting (as a former Deloitte manager), private industry, and with specialised risk management consulting firms. He is the co-founder and Managing Director for a company that specialises and in helping organizations running complex ERP systems to optimize their Governance, Risk Management, and Compliance (GRC) processes.

Steve is considered an international expert in SAP audit issues, including Governance, Risk, and Compliance. He has published numerous audit-related topics for the SAP Professional Journal and written articles for SAP GRC Expert.

Steve teaches all levels of SAP auditing courses through the MIS Training Institute (MISTI). He was an expert reviewer for the book Security, Audit, and Control Features: SAP ERP (3rd Edition), and recently published his own book through SAP Press titled Surviving an SAP Audit. Steve is an accomplished public speaker on the topics of audit, risks, and controls, with a focus on technology. He is an IIA All-Star speaker, thought leader and  facilitator throughout industry events throughout the world.

Prerequisite: None
Advance Preparation: None
Field of Study: Specialized Knowledge and Application
Delivery Method: Group-Live

For questions about your registration, association discounts or team discounts, please e-mail

This seminar is available in-house. For more information about bringing this or other MIS seminars to your organisation, please e-mail


Related Events
Information Security Managers' Academy
2nd Annual CISO Asia Pacific Summit
CISO Asia Pre-Summit Workshop: Advanced Information Security and Risk Management  (H5426)
CISO Asia Pre-Summit Workshop: Advanced Information Security Governance and Compliance  (H5427)
Mobile Computing Security  NEW!
3rd Annual CISO Asia Summit & Roundtable