Security, Audit and Control Features SAP ERP, 3rd Edition

3.75 avg rating
( 4 ratings by Goodreads )
9781604201154: Security, Audit and Control Features SAP ERP, 3rd Edition
View all copies of this ISBN edition:

Security, Audit and Control Features SAP® ERP, 3rd Edition, part of the Technical and Risk Management Reference Series, enables assurance, security and risk professionals to evaluate risks and controls in existing ERP implementations and facilitates the design and building of controls into system upgrades and enhancements.

The publication is based on SAP ERP [also known as SAP ERP Central Component (ECC)], the latest version of which is SAP ECC 6.0.

This in-demand new edition has been updated to reflect:

  • New/modified SAP transaction codes and reports
  • SAP ERP based on a service oriented architecture (SOA). SOA combines SAP ERP with an open technology platform that can integrate SAP and non-SAP systems using the SAP Netweaver platform.
  • SAP GRC suite of tools, including Access Control and Process Control, which offers corporate governance and risk management solutions

"synopsis" may belong to another edition of this title.


Security, Audit and Control Features SAP ERP, 3rd Edition, is a "must have" for any finance, operational or IT auditor or risk management, IT security or compliance professional, especially those beginning their work in an SAP environment. It is also an excellent reference for experienced SAP auditors and other experts and those IT and business managers responsible for SAP control processes. Through study and application of the "how-to" control and audit activities found in the third edition, even the new SAP auditor will have the potential to quickly rise to SAP best practices audit and control standards.

There are five broad topic areas within Security, Audit and Control Features SAP ERP, 3rd Edition:

  • The preparatory section (chapters 1 to 4) includes an introduction to enterprise resource planning (ERP) system fundamentals and SAP's ERP system basics, followed by recommended risk management and audit methods. These chapters provide a necessary foundation for any SAP audit professional.
  • The business cycle section (chapters 5 to 10) consists of a general overview of the SAP revenue, expenditure and inventory business cycle processes, including activity flows and controls. This section also includes audit considerations: risk, controls and detailed testing steps. The business cycle chapters provide the necessary knowledge base for both finance and IT auditors in understanding SAP ERP. The auditing chapters provide substantial information outlining risk, key controls and detailed testing guidance.
  • The IT auditing section (chapters 11 and 12) lays the foundation for system administration (SAP Basis administration), describes in detail the risks and controls central to SAP system administration, and details techniques any auditor could follow when testing control effectiveness. This chapter shows the IT auditor not only how to effectively test Basis controls but also how to identify additional custom-developed objects that may require testing. Although the IT auditing section contains information necessary to perform the SAP production system IT audit, auditing the technical client used to implement system patches, updates and upgrades is not addressed.
  • The last two chapters (13 and 14) describe ERP system control concerns; SAP tools that address governance, risk and compliance; future ERP and SAP directions; and other discussions relevant to auditing SAP. Though audit guidance in these chapters applies specifically to the SAP tool set, the audit considerations could easily be applied to any of the provisioning tools.
  • Finally, Security, Audit and Control Features SAP ERP, 3rd Edition, concludes with appendices including:
      Audit programs with detailed audit task work steps and a COBIT cross-reference
      Internal control questionnaires for the three business cycles and Basis
      Recommended SAP transactions to be locked and tables to be logged and reviewed

In conclusion, the third edition is required reading for any SAP audit, control, risk or security professional. For many, this book will become a well-worn reference, guiding them through their daily SAP ERP tasks. For others, it will remain a one-time or occasional read to enhance their basic understanding of SAP ERP. The third edition surpasses earlier versions in the presentation of SAP ERP control fundamentals and audit best practices. This text is a necessity for the bookshelf of any SAP ERP audit or control department.

--Pam Kammermeier, CISA - ISACA Journal Volume 6, 2009

"About this title" may belong to another edition of this title.

Buy New View Book
List Price: US$ 100.80
US$ 80.79

Convert Currency

Shipping: US$ 1.99
Within U.S.A.

Destination, Rates & Speeds

Add to Basket

Top Search Results from the AbeBooks Marketplace


Deloitte Touche Tohmatsu Research Team a
Published by Isaca (2009)
ISBN 10: 1604201150 ISBN 13: 9781604201154
New Paperback Quantity Available: 1
Murray Media
(North Miami Beach, FL, U.S.A.)

Book Description Isaca, 2009. Paperback. Condition: New. Never used!. Seller Inventory # P111604201150

More information about this seller | Contact this seller

Buy New
US$ 80.79
Convert Currency

Add to Basket

Shipping: US$ 1.99
Within U.S.A.
Destination, Rates & Speeds