To help audit, risk and security professionals evaluate risk and controls in existing ERP implementations, global IT association ISACA has issued a significant update to Security,Audit and Control Features SAP ERP.
This new edition provides current best practices and identifies future trends in ERP risk and control. It enables audit, assurance, risk and security professionals (IT and non-IT) to evaluate risks and controls in existing ERP implementations and to facilitate the design and building of better practice controls into system upgrades and enhancements.
New features include risk, controls and assessment techniques to audit SAP FI/CO, HCM, BASIS, and SAP Security, an overview of the SAP GRC Suite, updated Sarbanes-Oxley control objectives, and a list of sensitive tables and transaction codes.
“ERP systems automate and integrate much of a company’s business processes to create consistency. ISACA released this important update to bring together information related to SAP ERP-specific risks, controls and testing procedures,” said Ben Fitts of Deloitte Advisory, who worked with ISACA on the fourth edition of the book. “This will be a go-to reference for auditors, not just as a one-time read, but as a book they can dog-ear with sticky notes and return to year after year.”
ERP software integrates all facets of an operation, including product planning, development, manufacturing, sales and marketing. The integration of these functional capabilities into an online and real-time application system designed to support end-to-end business processes helps enterprises to plan and optimize their resources across the enterprise.
In addition, a set of audit programs based on COBIT 5 are available for download free to ISACA members and for US $45 to nonmembers and include:Revenue Business Cycle Audit/Assurance Program and ICQ,Expenditure Business Cycle Audit/Assurance Program and ICQ,Inventory Business Cycle Audit/Assurance Program and ICQ,Financial Accounting (FI) Audit/Assurance Program and ICQ,Managerial Accounting (CO) Audit/Assurance Program and ICQ,Human Capital Management Cycle Audit/Assurance Program and ICQ,BASIS Administration and Security Audit/Assurance Program and ICQ.