Application Security & Control Audit Services
Within SAP, at any time in its lifecycle, we can evaluate the risks, controls and opportunities for improvement in both efficiency and compliance. We have extensive SAP control libraries that we use to benchmark your configurable controls. Assessing IT controls requires highly specialized skills. Although many public companies have an Internal Audit capability, many lack the skills in-house to effectively document and test controls with a SAP environment. Sunera can assist with all aspects of your documentation and on-going testing including: IT General Controls, Application Controls, and Segregation of Duties (SoD) Testing as demonstrated below.
- IT General Controls. Since IT permeates all aspects of an entity’s business, we can assess the controls within the IT process related to change management, security, and IT operations to ensure compliance with Sarbanes-Oxley and/or internal requirements.
- Application Controls. We can determine which system configuration and account mapping controls have been designed based on appropriate business criteria, to secure data against inappropriate processing (by enforcing validity, completeness, accuracy), help ensure data integrity and comply with compliance initiatives. Having implemented SAP in the past makes our team the ideal partner to perform these evaluations within your SAP environment.
- Segregation of Duties Testing. We have developed methodologies to collect all of your configured security permissions though a protected medium and conduct a risk analysis. From this we produce a deliverable that includes a detailed Segregation of Duties (SoD) conflict analysis and remediation recommendations.
SAP® is a registered trademark of SAP AG.
