Hero Banner

Management Best Practice in SAP Compliance Security and Audit Essentials (SAP - CSA)

Two-day course in Simple Business/Non-Technical Language


Jargon-free, non-technical course

No prior knowledge of SAP required

Understand the basics of SAP security

Understand control requirements

Management Best Practice in SAP Compliance Security and Audit Essentials (SAP - CSA)

Why Attend?

The SAP threat landscape is always growing, thus putting organisations of all sizes and industries at risk of cyber-attacks. At the Gartner conference, ERP security was listed as one of the “beyond 2016” trends.

  • Understand the complex nature of SAP and its integral role in today’s business processes.
  • Learn the basics of SAP and the related security controls.
  • Be knowledgeable in the various ways you can secure SAP.


SAP is a large and complex ERP (Enterprise Resource Planning) system enabling businesses to run multiple, interrelated business processes (Account Payables, Account Receivables, Record to Report/ Accounting).

Despite this complexity and confusion, the reality is that a SAP system stores key financial information that needs security controls to prevent unauthorised access and changes. With compliance requirements like FCFA, SoX, IIA, ISAE SOC 1 and many others, it is evident senior management and executives within the organisation understand the language of a SAP system, the basics of a SAP audit, SAP security and SAP compliance so that they are seen as informed and contributory stakeholders in front of auditors and SAP risk consultants.

In many cases, middle and senior management within the audit function, compliance function and risk function have a limited understanding of the SAP system.

  • Do you have the knowledge to discuss SAP security and risks in senior management meetings?
  • Can you really understand and appreciate the value from SAP audit reports?
  • Are you able to link SAP security requirements to organisation-wide compliance requirements?
  • Are you confident in coordinating SAP audits?
  • Do you have a basic view of how a SAP system and SAP security works?
  • Do terms like GRC, SAP authorisations and SAP security confuse you?

If the answer to above questions is yes, this course is an ideal fit for you.

Cyber Management Alliance’s two-day course in SAP Compliance Security and Audit Essentials (SAP CSA) is a management-level, workshop-oriented training programme that delivers SAP compliance, security and audit knowledge in layman terms that are non-technical and jargon-free. Our focus is to make training interactive and share live experiences on SAP compliance, security and audit.

This course offers a compelling value proposition to businesses by creating an informed and confident management layer on SAP security understanding, and linked back to the organisation’s compliance and audit function.

Cyber Management Alliance offers attendees the opportunity to learn from experienced professionals with years of experience in SAP security and auditing. Our courses are reviewed regularly and we are able to deliver up-to-date training using innovative methods that make it easy for non-SAP middle and senior management to understand and meet the requirements of the business.


Target Audience

This course has been designed for middle to senior executives from all business units that use/do not use a SAP system, but feel the need to have a basic understanding of SAP compliance, security and audit knowledge.

This course is suitable for staff members from:

  • CFOs, CIOs and IT directors
  • Risk function
  • Internal audit function including IT and financial auditors
  • Audit coordinators
  • General business management (that need SAP compliance knowledge)
  • Heads of business units including sales and procurement
  • SAP teams
  • SAP project managers
  • Security managers
  • Risk managers

The course is non-technical and jargon-free.

Target Competencies

  • Understand the basics of the SAP system.
  • Basic awareness on SAP compliance, security and audit.
  • Learning the art of asking key questions in SAP compliance, security and audit.
  • Be an informed participant to SAP risks' discussion with senior management and SAP consultants.
  • Understanding typical SAP audit findings and approach to risk remediation.
  • Understanding common SAP weaknesses and areas of improvement.
  • Ability to link SAP security to organisation compliance requirements.
  • Ability to link SAP weaknesses to areas of fraud in the business.
  • Ability to link SAP risks to user’s unauthorised access to confidential data.


Course Methodology

This course is highly interactive and includes a LIVE demo of a SAP system. The course has a case study, simulated group exercises on coordinating SAP audits, SAP security projects and a SAP board/senior management meeting. The course also creates SAP risks registers and a remediation plan. CMA’s course completion certificate will be awarded to all participants attending both days of the course.


Course Objectives

By the end of the course, participants will be able to:

  • Understand the basics of SAP security including SAP role and authorisation concept and segregation of duties conflicts.
  • Understand the relevance of SAP security in wider organisation compliance requirements (such as Sarbanes Oxley Act, Internal controls on Financial Reporting, etc.).
  • Understand SAP weakness to accounts payables and general ledgers processes (common areas of fraud).
  • Understand key SAP settings on password management, account lockout management and SAP logging/audit trail features.
  • Understand SAP user access provisioning process weaknesses and audit alarms.
  • Understand SAP landscape to overall change management process requirements.
  • Understand SAP role concept and challenges in SAP authorisation management.
  • Understand SAP risks in integration with other systems.
  • Understand the wider SAP cybersecurity risks. 
  • Understand typical SAP ITGC control requirements.


Course Outline

  New Call-to-action

Day 1

Introduction to SAP system
  • SAP terminologies and concepts
  • SAP system basic navigation
  • Concept of SAP transaction code and SAP report
  • Concept of SAP security tables and financial tables
  • Concept of SAP business process linkage
Introduction to SAP security
  • Meaning of SAP security
  • Context of SAP security in risk management
  • SAP ITGCs (IT General Controls)
  • Organisation roles on SAP security and skills requirement
SAP role and authorisation concept
  • Introduction to SAP role concept
  • SAP role concept challenges and risks
Linkage to Organisation Compliance requirements
  • Your role in SAP audits
  • Business strategy to SAP security and compliance
  • Defining “value” from SAP audits
  • Asking relevant questions of auditors and senior management on SAP compliance, security and audit
Role play/ Case study
  • SAP audit
  • SAP security project

Day 2

SAP security - Segregation of duties conflicts (SoD)
  • Why is a SAP audit so popular these days?
  • Link back to accounts payables and general accounting practices (common  areas of fraud)
  • Key SAP process controls in accounts payable and accounting processes
  • Effective approaches in cleaning SoD conflicts
  • Role of SAP GRC
Deep dive into SAP sensitive access
  • Concept of sensitive access
  • SAP sensitive access examples
  • Concept of fire fighters accounts
Managing risks in SAP offshore environments
  • SAP security in support arrangements
  • Controlling access from support staff on your SAP system
  • Management reporting on SAP risks - strategic and operational
Key SAP configuration security
  • Passwords security
  • Establishing accountability in SAP access management
  • Requirement to SAP landscape and effective change management process
SAP Cyber security
  • Key risks in SAP cyber security
  • Risk mitigation approaches
Role play/ Case study
  • SAP risk register
  • Group discussion on SAP management essentials
  • testimonial_img.png

    This is a must attend for any organisation concerned about SAP security. We really break it down in to simple-to-understand terms. 

    SAP Security Course Tutor

    Abhi G.

Book your Management Best Practice in SAP Compliance, Security and Audit Essentials (SAP - CSA) course. 

This course is available as internal training course delivered on client site or alternatively you can attend one of our public courses. Please fill in the form below and one of our team will get in touch to discuss your requirments. 

  • callOr call us on:
  • +44 (0) 203 189 1422