The document discusses the importance of auditing an ERP system like SAP due to increased financial fraud and regulations like SOX that require controls over financial reporting. It provides an overview of the company's services for auditing SAP systems, which include reviewing business processes, security controls, user access privileges, and segregation of duties to identify risks and ensure key controls are in place. Their approach involves understanding the business, identifying risks, developing control frameworks, conducting assessments and providing solutions to close any gaps.
1. Why Audit your ERP System:
Per the 2009 CSI Computer Crime Survey, Financial frauds around the world have
raised to 20% in 2009 from 12% in 2008.
Recent and past mishaps in the corporate world created a refreshed awareness of
the audit function. A direct by-product of these scandals is regulation such as the
Sarbanes-Oxley (SOX) of US, which gives legal and financial muscle to the assurance
of the integrity, reliability, and accuracy of financial reporting and corporate
disclosures. The process of developing audit awareness and the need for substantial
controls can and should be established as an ERP system is being implemented.
However, necessary check can always be built into the system as it matures in an
organization.
SAP is a key financial system in your organization and a very large investment. It is
vital that you should be aware of the key risk and controls within the SAP system that
may help you build strong governance and obtain return on your investments.
About Us:
We have a team of dedicated and highly qualified SAP professionals who have
worked on ERP and IT Risk Advisory projects around the world. Our team comprises
of Certified SAP professionals, MBA, Engineers with extensive experience in rendering
SAP advisory services with Big4 Audit firms. Our experience extends across industry
verticals. Along with SAP system, our team has worked on tools like SAP GRC Access
Controls and Approva Bizright Access Controls.
Benefits of choosing Us:
Services similar to the Big4 audit firms, but at a price that fits your budget
Team member from Big4 background bringing best practices
High quality deliverables and reports
Committed team available locally for year-round support
Our Service Offerings:
Business Blueprint Review: a review of the business blueprint documents to
identify if key controls have been designed as part of the business process.
This will also benchmark organization’s TO-BE business processes to the
leading control practices.
SAP Pre Go-Live Readiness Assessment: an independent assessment of critical
master data, organizational elements, configurable controls, process
integrations, system and user security from compliance perspective to ensure
smooth Go-live.
SAP Audit Work Program Documentation: assistance in preparation of
detailed work program that will enable the Internal Audit team to conduct
Page 1 of 3
2. rigorous audit of the SAP system. These audit programs are designed as a
step-by-step guide that will allow repeatable audits by even those who are
fairly new to SAP environment.
SAP Audit Training: a comprehensive audit training on SAP for the Internal
audit team for sustainable testing of controls.
SAP Quick Scan Review: as the name states, a quick scan of the SAP system
to identify and fix ‘High Risk’ issues that may potentially lead to financial losses
to the organization.
SAP Business Controls Review: a review of the risk and controls within the key
business processes, having financial implication. This will include a detailed
review of the implement SAP design to identify if key controls are enabled to
restrict financial mis-happenings.
SAP Basis Security Controls Review: a review of the critical system security
parameters within the SAP system such as password, user login, table
maintenance, change management, etc that is vulnerable to security
breaches and could potentially lead to system integrity issues.
SAP User Access Review: a review of the user access to verify that access to
the sensitive financial and business transactions is restricted only to the
identified users / employees based on their roles & responsibilities within the
organization.
SAP Segregation of Duties (SOD) Review: a review of the user access to verify
that access to the sensitive financial and business transactions is restricted
only to the identified users / employees based on their roles & responsibilities
within the organization.
Our Approach:
We adopt a simple to understand and easy to execute approach:
Understand business process > Identify potential risks > Develop control framework >
Document Audit program > Conduct assessment of controls > Report gaps >
Suggest solutions > Train Internal Audit team
Our Credentials:
A sample list of ours clients
Industry Clients
Beverages Diageo Plc, UK; Dr Pepper Snapple Group Inc., USA
Chartis (‘AIG’) UAE, Hong Kong, Malaysia, Indonesia,
Insurance
Thailand, Philippines, Vietnam, Taiwan
VOLT Information Sciences Inc., USA; Covansys Corp. Inc.,
IT Services
USA; Infosys Technologies
Page 2 of 3
3. Energy Centrica Plc, UK; Enercon India Ltd; ONGC Ltd
FMCG ITC Ltd; Philips India Ltd.
Retail Pantaloon Retail India Ltd; Welspun India Ltd
Engineering Larsen & Toubro Ltd; Havell’s India Ltd.; Bharat Bijlee Ltd
Pharmaceutical Duane Reade Inc, USA; Glenmark Pharmaceutical Ltd.
Page 3 of 3