SAP Audits and Controls

PRIMARY CONTACT: Eric M. Wright CPA, CITP

Schneider Downs has the SAP ECC, SAP S/4HANA, and SAP GRC expertise to assist organizations to identify their SAP key controls and to partner with organizations in their on-going control and audit compliance requirements.

Organizations use our services in every part of their SAP maturity journey, including guiding companies with controls requirements during the implementation process, post-implementation and segregation of duties reviews, annual audits and SAP health checks and testing. Our professionals are well versed in the entire SAP environment and multiple SAP versions.

Our services include extracting data from SAP tables for data analysis, ITGC testing including SAP security and SAP transport management, SAP application controls within the IMG, auditing supporting operating systems, SAP GRC solutions, and SAP ancillary/bolt-on applications. We serve clients that range from mid-size to large as well as international companies. For more information please contact us.

SAP services that we offer include:

• Outsourcing and co-sourcing of SAP audits
• Assist in documenting As-Is and To-Be processes for data transformation projects (e.g, SAP S/4HANA, SAP ECC, acquisitions)
• Assist in completing key project deliverables (e.g., process, controls, etc)
• Reviewing key deliverables of SAP projects (e.g., evaluating the project plan, participation in periodic status meetings with the project team, reviewing key controls and security, and other key deliverables, etc)
• Assist in documenting SAP business and IT (ITGC and application) controls
• Assess Security and Controls Strategy
• Develop audit programs and testing instructions for the Security/Controls/Internal Audit Teams
• Conduct SAP audit training
• Evaluate SAP security roles
• Evaluate the design and testing effectiveness of SAP key controls within a controls framework
• Conduct SAP post-implementation review, ITGC, automated control, and business process audits
• Evaluate the Segregation of Duties (SOD) Rule Set, sensitive transactions, emergency request process, and the SAP transport change process
• Assist in customizing the SOD Rule Set and sensitive transactions

Schneider Downs SAP Resources

• SAP Audits and Controls Service Overview
• SAP Services Overview

For each service, Schneider Downs uses a top-down, risk based approach that fits the organization size, culture, and requirements.  We will work collaboratively with management on the scope and testing approach.  Our approach includes periodically communicating status, issues, and providing a report with recommendations to strengthen the SAP controls environment.