Security, Audit and Control Features: SAP ERP, 4th Edition

SAP SE is a multinational software corporation that makes enterprise software to manage business operations and customer relations; their primary product is SAP ERP Central Component (known as ECC, but previously named SAP R/3). This technical reference guide on security and audit of SAP ERP covers the introduction to strategic risk management in an ERP environment, and SAP ERP-specific security and auditing techniques that are unique to SAP ERP.

Security, Audit and Control Features SAP ERP, 4th Edition provides practical guidance for all stakeholders involved in the SAP enterprise resource planning (ERP) audit/assurance process. The objective of the publication is to enable audit, assurance, risk and security professionals (information technology [IT] and non-IT) to evaluate risk and controls in existing ERP implementations and to facilitate the design and building of better practice controls into system upgrades and enhancements. The publication was designed to be a practical how-to guide based on SAP ECC versions 5.0 and 6.0. However, most of the features and testing techniques described are also applicable to the earlier versions of SAP® R/3, namely 4.6c and 4.7.

Updates in this 4th Edition include:

• New functionality offered in SAP ECC 6.0 and NetWeaver
• 8 new chapters to cover Financial Accounting (FI), Managerial Accounting (CO), Human Capital Management (HCM) and BASIS Administration and Security. Following each topic is a "How to Audit" chapter
• 1 new chapter on SAP security functionality
• Updated to the latest Sarbanes-Oxley control objectives
• Updated to COBIT 5
• 8 new internal control questionnaires (ICQs) to prepare audit/assurance plans
• Easy to follow risk, control objectives and testing techniques for each module