Prepare for an Audit of Your SAP Systems: What You Need to Ensure a Successful Result

  • by Steve Biskie, Managing Director, High Water Advisors
  • March 26, 2010
Learn the fundamentals about auditors and the audit process. See the primary categories of an SAP audit, and tips on some of the more problematic areas within one of these categories — the general computer controls audit.
Key Concept
General computer controls (GCC) reflect a set of IT management, infrastructure, and process controls you should put in place for system effectiveness. They concern broad issues such as business continuity, troubleshooting, and support.

Everybody hates an audit. An audit of a company’s SAP systems can distract employees from their operational responsibilities, create an environment of conflict, and result in configuration changes, consuming precious time and resources. Worse, some audit findings may require costly rework — with issues becoming increasingly difficult to correct the longer they go undetected. While guidance exists for auditors who review SAP systems, little guidance exists for those being audited. Audit findings are common; unfortunately, many could be avoided if employees were better prepared for the audit itself.

See an overview of how auditors approach an SAP audit, discuss typical audit techniques, describe the common elements required for a well-controlled SAP infrastructure, and set the foundation for ensuring success in any type of SAP audit.

Steve Biskie

Steve Biskie has been working with SAP ERP systems for more than two decades, and is considered an international expert in SAP audit issues, risk management, and GRC. He was an expert reviewer for the book Security, Audit, and Control Features: SAP ERP (3rd Edition), and the author of Surviving an SAP Audit.

Steve will be presenting at the upcoming SAPinsider GRC 2017 conference, June 14-16, 2017, in Amsterdam. For information on the event, click here


See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.