ITGC audit - SAP risk audit

Conduct a risk assessment on the use of SAP.
List the types of risks audited

Audit risques SAP

ITGC audit, methodology and duration:

Framing: Objectives of the ITGC audit - Prerequisites
Data collection with NDA or SWAWE installation and configuration
  • SOD analysis of all your users and roles,
  • Creation of queries:
    • Analysis of extended rights users (SAP_ALL),
    • Analysis of inactive users who have not logged in for a long time,
    • Analysis of SAP security settings...
Analysis with waypoints (progress meeting)
Provision and presentation of the deliverable
Audit ITGC : Méthodologie audit des risques