- Global site
- Africa
- Americas
- Asia Pacific
- Europe
- Middle East
Services
We have certified experts in security and auditing SAP in R / 3, CRM, BW. Our approach allows us to perform in SAP:
- SAP Implementation Audits
- Functional audit of modules FI, CO, MM, SD, PM, PP, HCM, TM AM
- Evaluation of segregation of functions
- Audit roles, transactions and critical objects in SAP
- Audit of process configuration
- Evaluation of application controls
- Data validation and interface management
- Control of results
- Integrity of the system
- Evaluation of the security architecture
- SAP penetration testing
- Pre-assessment of SAP licensing audits
- Audit of business cycles, developed on SAP
- Performance Tests on SAP
We perform audits on the technological platform that supports SAP, taking into account databases, networks, access architecture, among others.
Methodology
1. Segregation of Functions and access to Information
- Verify user management policies, standards and supports in SAP
- Check clearly defined role arrays, profiles and users
- Evaluate the documentation of personnel roles of systems for each of the environments (Development, QA and production).
- Evaluate the documentation and control of the system's high impact accounts
2. Application Controls
- Validate that there are controls that support company policies
- Evaluate change management to the application to ensure the integrity and consistency of the information.
- Verify the definition and Control access to third parties
- Evaluation of support service levels in SAP
- Evaluate Service Level Agreements between the Organization and third parties.
- Evaluate user controls and permissions on application transactions.
3. Origin, capture and validation of data
Evaluation of sources such as:
- Control Jobs Bulk uploads
- Non-blocked transactions
- Printing Spooling
- Creating or Modifying Transactions
- Users with Debug permissions
4. Management of Interfaces
- Cross-validation with source
5. Processing and updating of data
- Control of configuration changes
- Review of management activities
- Logging of sensitive activities
- Help Desk (Help Desk)}
6. Outputs, use and control of results
- Evaluate the control of the information that leaves the system
7. Integrity and security of systems
- Security assessment of the platform that supports SAP, networks, servers, databases.
8. Terminals and data communication
- Security on computers that have SAP access
9. SAP Licensing Use Audit
- Determine whether purchased licenses are being properly exploited