Management Best Practice in SAP Compliance Security and Audit Essentials (SAP - CSA)

Management Best Practice in SAP Compliance Security and Audit Essentials (SAP - CSA)

Why Attend?

The SAP threat landscape is always growing, thus putting organisations of all sizes and industries at risk of cyber-attacks. At the Gartner conference, ERP security was listed as one of the “beyond 2016” trends.

• Understand the complex nature of SAP and its integral role in today’s business processes.
• Learn the basics of SAP and the related security controls.
• Be knowledgeable in the various ways you can secure SAP.

Background

SAP is a large and complex ERP (Enterprise Resource Planning) system enabling businesses to run multiple, interrelated business processes (Account Payables, Account Receivables, Record to Report/ Accounting).

Despite this complexity and confusion, the reality is that a SAP system stores key financial information that needs security controls to prevent unauthorised access and changes. With compliance requirements like FCFA, SoX, IIA, ISAE SOC 1 and many others, it is evident senior management and executives within the organisation understand the language of a SAP system, the basics of a SAP audit, SAP security and SAP compliance so that they are seen as informed and contributory stakeholders in front of auditors and SAP risk consultants.

In many cases, middle and senior management within the audit function, compliance function and risk function have a limited understanding of the SAP system.

• Do you have the knowledge to discuss SAP security and risks in senior management meetings?
• Can you really understand and appreciate the value from SAP audit reports?
• Are you able to link SAP security requirements to organisation-wide compliance requirements?
• Are you confident in coordinating SAP audits?
• Do you have a basic view of how a SAP system and SAP security works?
• Do terms like GRC, SAP authorisations and SAP security confuse you?

If the answer to above questions is yes, this course is an ideal fit for you.

Cyber Management Alliance’s two-day course in SAP Compliance Security and Audit Essentials (SAP CSA) is a management-level, workshop-oriented training programme that delivers SAP compliance, security and audit knowledge in layman terms that are non-technical and jargon-free. Our focus is to make training interactive and share live experiences on SAP compliance, security and audit.

This course offers a compelling value proposition to businesses by creating an informed and confident management layer on SAP security understanding, and linked back to the organisation’s compliance and audit function.

Cyber Management Alliance offers attendees the opportunity to learn from experienced professionals with years of experience in SAP security and auditing. Our courses are reviewed regularly and we are able to deliver up-to-date training using innovative methods that make it easy for non-SAP middle and senior management to understand and meet the requirements of the business.

Target Audience

This course has been designed for middle to senior executives from all business units that use/do not use a SAP system, but feel the need to have a basic understanding of SAP compliance, security and audit knowledge.

This course is suitable for staff members from:

• CFOs, CIOs and IT directors
• Risk function
• Internal audit function including IT and financial auditors
• Audit coordinators
• General business management (that need SAP compliance knowledge)
• Heads of business units including sales and procurement
• SAP teams
• SAP project managers
• Security managers
• Risk managers

The course is non-technical and jargon-free.

Target Competencies

• Understand the basics of the SAP system.
• Basic awareness on SAP compliance, security and audit.
• Learning the art of asking key questions in SAP compliance, security and audit.
• Be an informed participant to SAP risks' discussion with senior management and SAP consultants.
• Understanding typical SAP audit findings and approach to risk remediation.
• Understanding common SAP weaknesses and areas of improvement.
• Ability to link SAP security to organisation compliance requirements.
• Ability to link SAP weaknesses to areas of fraud in the business.
• Ability to link SAP risks to user’s unauthorised access to confidential data.

Course Methodology

This course is highly interactive and includes a LIVE demo of a SAP system. The course has a case study, simulated group exercises on coordinating SAP audits, SAP security projects and a SAP board/senior management meeting. The course also creates SAP risks registers and a remediation plan. CMA’s course completion certificate will be awarded to all participants attending both days of the course.

Course Objectives

By the end of the course, participants will be able to:

• Understand the basics of SAP security including SAP role and authorisation concept and segregation of duties conflicts.
• Understand the relevance of SAP security in wider organisation compliance requirements (such as Sarbanes Oxley Act, Internal controls on Financial Reporting, etc.).
• Understand SAP weakness to accounts payables and general ledgers processes (common areas of fraud).
• Understand key SAP settings on password management, account lockout management and SAP logging/audit trail features.
• Understand SAP user access provisioning process weaknesses and audit alarms.
• Understand SAP landscape to overall change management process requirements.
• Understand SAP role concept and challenges in SAP authorisation management.
  
• Understand SAP risks in integration with other systems.
  
• Understand the wider SAP cybersecurity risks. 
  
• Understand typical SAP ITGC control requirements.

Course Outline