In this three-day course you will investigate the risks inherent in SAP, and learn how to configure and design the most effective controls. You will master the critical business processes required to ensure that SAP is working as intended and that your processes and monitoring procedures support effective system control. This course will review the risks and general control opportunities provided by SAP and examine the security as well as basis configuration settings necessary to support a strong control environment for the rest of the system.
You will pinpoint the risks related to default IDs, profile parameters, IMG configuration and maintenance and segregation of duties. You will drill down to core business processes, including the financial close cycle supported by FI/CO), the order-to-cash cycle (supported by SD), the purchase-to-pay cycle (supported by MM) and the personnel management and administration cycle (supported by HCM). Within these modules you will assess and examine the critical configuration settings such as field status groups, validation routines, posting and payment tolerances, stochastic blocking, dual control over sensitive fields, minimum pricing conditions, and automatic credit checking. You will also analyse the key risks and controls within inventory, asset management, production planning, and other common areas supported by SAP.
This course will explore SAP’s Governance, Risk, and Compliance (GRC) suite of applications and review the auditing and monitoring changes required. You will learn how to structure your implementation or upgrade to avoid common audit issues “post go-live”. You will also delve into advanced auditing techniques supported by tools within the standard SAP application, including the Audit Information System (AIS) as well as advanced data analysis opportunities that can be provided by ACL, IDEA and, the SAP suite itself. You will leave this high-impact course able to assess your own system and provide recommendations for improving both SAP configuration and usage.
Note: The course materials are structured around SAP ECC 6.0, however the control risk content is generally applicable to all versions of SAP R/3 back to 4.6c.
Course Director: Steve Biskie
Steve Biskie has over 20 years’ experience in IT audit for public accounting (as a former Deloitte manager), private industry, and with specialised risk management consulting firms. He is the co-founder and Managing Director for a company that specialises and in helping organizations running complex ERP systems to optimize their Governance, Risk Management, and Compliance (GRC) processes.
Steve is considered an international expert in SAP audit issues, including Governance, Risk, and Compliance. He has published numerous audit-related topics for the SAP Professional Journal and written articles for SAP GRC Expert.
Steve teaches all levels of SAP auditing courses through the MIS Training Institute (MISTI). He was an expert reviewer for the book Security, Audit, and Control Features: SAP ERP (3rd Edition), and recently published his own book through SAP Press titled Surviving an SAP Audit. Steve is an accomplished public speaker on the topics of audit, risks, and controls, with a focus on technology. He is an IIA All-Star speaker, thought leader and facilitator throughout industry events throughout the world.
Advance Preparation: None
Field of Study: Specialized Knowledge and Application
Delivery Method: Group-Live