New Guide Helps Organizations to Improve SAP Security Controls

SAP improves Security ControlsGlobal cybersecurity association ISACA has issued a significant update to its SAP Enterprise and Resource Planning (ERP) guidelines to help audit, risk and security professionals evaluate risk and controls in existing ERP implementations.

“ERP systems automate and integrate much of a company’s business processes to create consistency. ISACA released this important update to bring together information related to SAP ERP-specific risks, controls and testing procedures,” said Ben Fitts of Deloitte Advisory, who worked with ISACA on the fourth edition of the book. “This will be a go-to reference for auditors, not just as a one-time read, but as a book they can dog-ear with sticky notes and return to year after year.”

ERP software integrates all facets of an operation, including product planning, development, manufacturing, sales and marketing. The integration of these functional capabilities into an online and real-time application system designed to support end-to-end business processes helps enterprises to plan and optimise their resources across the enterprise.

The new edition of Security, Audit and Control Features SAP® ERP provides current best practices and identifies future trends in ERP risk and control. It gives audit, assurance, risk and security professionals (IT and non-IT) the tools needed to not only evaluate risks and controls in existing ERP implementations, but also to facilitate the design and building of better practice controls into system upgrades and enhancements.

New features include:

  • Risk controls and assessment techniques to audit SAP FI/CO, HCM, BASIS, and SAP Security,
  • An overview of the SAP GRC Suite
  • Updated Sarbanes-Oxley control objectives
  • A list of sensitive tables and transaction codes

About ISACA

ISACA® helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT®, a business framework to govern enterprise technology.