We have certified experts in security and auditing SAP in R / 3, CRM, BW. Our approach allows us to perform in SAP:

  1. SAP Implementation Audits
  2. Functional audit of modules FI, CO, MM, SD, PM, PP, HCM, TM AM
  3. Evaluation of segregation of functions
  4. Audit roles, transactions and critical objects in SAP
  5. Audit of process configuration
  6. Evaluation of application controls
  7. Data validation and interface management
  8. Control of results
  9. Integrity of the system
  10.  Evaluation of the security architecture
  11.  SAP penetration testing
  12. Pre-assessment of SAP licensing audits
  13. Audit of business cycles, developed on SAP
  14. Performance Tests on SAP 

We perform audits on the technological platform that supports SAP, taking into account databases, networks, access architecture, among others.

Methodology

SAP1. Segregation of Functions and access to Information 

  • Verify user management policies, standards and supports in SAP
  • Check clearly defined role arrays, profiles and users
  • Evaluate the documentation of personnel roles of systems for each of the environments (Development, QA and production).
  • Evaluate the documentation and control of the system's high impact accounts

2. Application Controls

  • Validate that there are controls that support company policies
  • Evaluate change management to the application to ensure the integrity and consistency of the information.
  • Verify the definition and Control access to third parties
  • Evaluation of support service levels in SAP
  • Evaluate Service Level Agreements between the Organization and third parties.
  • Evaluate user controls and permissions on application transactions. 

3. Origin, capture and validation of data
Evaluation of sources such as:

  • Control Jobs Bulk uploads
  • Non-blocked transactions
  • Printing Spooling
  • Creating or Modifying Transactions
  • Users with Debug permissions

4. Management of Interfaces

  • Cross-validation with source

5. Processing and updating of data

  • Control of configuration changes
  • Review of management activities
  • Logging of sensitive activities
  • Help Desk (Help Desk)}

6. Outputs, use and control of results

  • Evaluate the control of the information that leaves the system

7. Integrity and security of systems

  • Security assessment of the platform that supports SAP, networks, servers, databases.

8. Terminals and data communication

  • Security on computers that have SAP access 

9. SAP Licensing Use Audit

  • Determine whether purchased licenses are being properly exploited

For more information:

Pablo Benavides G. | Consulting and Systems Manager
E-mail: pablo.benavides@co.gt.com
Tel. Office +57 1 7059000 Ext. 1701; Mobile 310 232 4660

Receive our Alerts and newsletters Subscribe