Management Best Practice in SAP Compliance Security and Audit Essentials (SAP - CSA)

2-day course in Simple Business/ Non Technical Language


Jargon Free Non-technical Course

No Prior knowledge of SAP required

Understand the Basics of SAP Security

Understand control requirments

Management Best Practice in SAP Compliance Security and Audit Essentials (SAP - CSA

Why Attend

The SAP threat landscape is always growing thus putting organizations of all sizes and industries at risk of cyberattacks. At the Gartner conference, ERP security was listed as one of the “beyond 2016” trends.

  • Understand the complex nature of SAP and its integral role in today’s business processes.
  • Learn the basics of SAP and the related security controls
  • Be knowledgeable in the various ways you can secure SAP.


SAP is a large and complex ERP (Enterprise Resource Planning) system, enabling businesses to run multiple interrelated business processes (Account payables, Account receivables, Record to report/ accounting).

Despite this complexity and confusion, the reality is that SAP system stored key financial information, that needs security controls to prevent unauthorised access and changes. With compliance requirements like FCFA, SoX, IIA, ISAE SOC 1 and many others, it is evident senior management and executives within organisation understand the language of SAP system, basics of SAP audit, SAP security and SAP compliance so that they are seen as  as informed and contributory stakeholders in front of auditors and SAP risk consultants.

In many cases, middle and senior management within Audit function, Compliance function and Risk function have limited understanding of SAP system.

  • Do you have knowledge to discuss SAP security & risks in senior management meetings?
  • Can you really understand and appreciate the value from SAP audit reports?
  • Are you able to link SAP security requirements to organisation wide compliance requirements?
  • Are you confident in coordinating SAP audits?
  • Do you have a basic view of how SAP system and SAP security works?
  • Does terms like GRC, SAP authorizations, SAP security confuse you?

If the answer to above questions is yes, this course is an fit for you.

Cyber Management Alliance’s 2-day Management Course in SAP Compliance Security and Audit Essentials (SAP CSA) is a management level workshop oriented training program that delivers SAP compliance, security and audit knowledge in layman terms that is non- technical and jargon free. Our focus is to make training interactive and share live experiences on SAP Compliance, Security and Audit.

This course offers a compelling value proposition to businesses by creating an informed and confident management layer on SAP security understanding and link back to Organisation’s Compliance and Audit function.

Cyber Management Alliance offer attendees the opportunity to learn from experienced professionals with years of experience in SAP security and auditing. Our courses are reviewed regularly and we are able to deliver up to date training using innovative methods that makes it easy for non SAP middle and senior management to understand and meet the requirements of the business.


Target Audience

This course has been designed for middle to senior executives from all business units that use / do not SAP system but feel the need to have a basic understanding of SAP Compliance Security and Audit knowledge.

This course is suitable for staff members from

  • CFO, CIOs, IT Directors
  • Risk function
  • Internal Audit function including IT and Financial auditors
  • Audit coordinators
  • General business management (that need SAP compliance knowledge)
  • Heads of business units including sales and procurement
  • SAP Teams
  • SAP Project Managers
  • Security Managers
  • Risk Managers

The course is non-technical and jargon free.

Target Competencies

  • Understand the basics of SAP system
  • Basic awareness on SAP Compliance Security and Audit
  • Learning the art of asking key questions in SAP Compliance Security and Audit
  • Be an informed participant to SAP risks discussion with senior management and SAP consultants
  • Understanding typical SAP audit findings and approach to risk remediation
  • Understanding common SAP weaknesses and areas of improvement
  • Ability to link to SAP security to organisation compliance requirements
  • Ability to link SAP weaknesses to areas of fraud in business
  • Ability to link SAP risks to user’s unauthorised access to confidential data


Course Methodology

This course is highly interactive and includes a LIVE demo of SAP system. The course has a case study, simulated group exercises on coordinating SAP audits, SAP security projects and SAP board/ senior management meeting. This course also creates SAP risks registers and remediation plan. CMA’s course completion certificate will be awarded to all participants attending both days on the course.


Course Objectives

By the end of the course, participants will be able to:

  • Understand the basics of SAP security including SAP role and authorisation concept and Segregation of duties conflicts
  • Understand the relevance of SAP security in wider organisation compliance requirement (like Sarbanes Oxley Act, Internal controls on Financial Reporting etc.)
  • Understand SAP weakness to accounts payables and general ledgers processes (common areas of fraud)
  • Understand key SAP settings on password management, account lockout management and SAP logging/ audit trail features
  • Understand SAP user access provisioning process weaknesses and audit alarms
  • Understand SAP landscape to overall change management process requirements
  • Understand SAP Role concept and challenges in SAP authorisation management
  • Understand SAP risks in integration to other systems
  • Understand wider SAP cyber security risks
  • Understand typical SAP ITGC Control requirements


Course Outline

  New Call-to-action

Day  1

Introduction to SAP system
  • SAP terminologies and concepts
  • SAP system basic navigation
  • Concept of SAP transaction code and SAP report
  • Concept of SAP security tables and financial tables
  • Concept of SAP business process linkage
Introduction to SAP security
  • Meaning of SAP security
  • Context of SAP security in risk management
  • SAP ITGCs (IT General Controls)
  • Organisation roles on SAP security and skills requirement
SAP Role and authorisation concept
  • Introduction to SAP Role concept
  • SAP Role concept challenges and risks
Linkage to Organisation Compliance requirements
  • Your role in SAP audits
  • Business strategy to SAP security and compliance
  • Defining “value” from SAP audits
  • Asking relevant questions to auditors and senior management on SAP Compliance, Security and Audit
Role play/ Case study
  • SAP Audit
  • SAP Security project

Day 2

SAP security - Segregation of duties conflicts (SoD)
  • Why so popular in SAP audit these days
  • Link back to accounts payables and general accounting practices (common  areas of fraud)
  • Key SAP process controls in accounts payable and accounting processes
  • Effective approaches in cleaning SoD conflicts
  • Role of SAP GRC
Deep dive into SAP sensitive access
  • Concept of sensitive access
  • SAP sensitive access examples
  • Concept of fire fighters accounts
Managing risks in SAP offshore environments
  • SAP security in support arrangements
  • Controlling access from support staff on your SAP system
  • Management reporting on SAP risks - Strategic and Operational
Key SAP configuration security
  • Passwords security
  • Establishing accountability in SAP access management
  • Requirement to SAP landscape and effective change management process
SAP Cyber security
  • Key risks in SAP Cyber Security
  • Risk mitigation approaches
Role play/ Case study
  • SAP risk register
  • Group discussion on SAP Management Essentials
  • testimonial_img.png

    This is a must attend for any organisation concerned about SAP Security. We really break it down in to simple to understand terms. 

    SAP Security Course Tutor

    Abhi G.

Book your Management Best Practice in SAP Compliance Security and Audit Essentials (SAP - CSA) course. 

This course is available as internal training course delivered on client site or alternatively you can attend one of our public courses. Please fill in the form below and one of our team will get in touch to discuss your requirments. 

  • callOr call us on:
  • +44 (0) 203 189 1422