Global Leader in Information Security and Internal Audit Training
Link North America section Link Europe section Link Asia section
All Events Business Process Auditing Financial Institution Internal Audit Governance, Risk & Compliance Internal Audit - Tools & Techniques Managing and Leading the Internal Audit Department
All events
All events
All Events Audit & Security of Enterprise Applications Audit & Security of Networks and Operating Environments IT Auditing - Tools & Techniques
All events
All events
Upcoming conferences Previous conferences 10th CISO Summit & Roundtable 8th Audit, Risk & Governance Africa Summit 2nd Cloud Security Alliance EMEA Congress 2013 6th Fraud, Corruption and Investigations Summit CISO Latin America Summit 3rd Mobile & BYOD Security Summit 7th Chief Security Officer Summit (CSO) & Roundtable 2013
Internal Audit> Fraud>
IT Audit> Info Security> Corporate Security>
Africa Europe Middle East UK
More Information Past Sponsors
ABOUT MIS CONFERENCES COURSES LOCATIONS IN-HOUSE TRAINING  
Search MIS Training  
     Conferences      Sponsorship      Courses      Locations      In-House Training      Ways to Save      Request Info      Call for Instructors      Course Venues      Past Delegates      Contact MIS      Sitemap
Internal Audit> Fraud>
IT Audit> Info Security> Corporate Security>
Africa Europe Middle East UK
Audit & Security of SAP Training Week - France 
A complete guide to controlling & managing SAP risk
Learning Level: Intermediate/Advanced
CPEs: 37 Fee: £3,303.00
Focus and Features Agenda Enquiry Register
In-house Who Should Attend Download Brochure FAQ
Focus and Features

This training week is suitable for those that want to review the risks and general control opportunities provided by SAP, across both the technical SAP basis system as well as the functional modules. After five days, you will leave with an understanding of the key risks within the SAP environment, the ability to determine whether they exist in your system, and knowledge of ‘tricks’ that can help you identify potential problems quickly

  • Review the risks and general control opportunities provided by SAP
  • Develop an effective SAP technical audit plan and prioritise key steps
  • Discuss techniques for controlling both dialog and non-dialog user security
  • Assess the appropriateness of SAP Basis configuration settings
  • Recommend procedures for controlling customisations
  • Analyze SAP Basis and security-related tables
  • Describe effective research techniques related to advanced SAP technical issues

Part One: Auditing and Securing SAP™ ERP Central Component (ECC) and SAP R/3

Audit's role in the implementation and operation of the SAP ERP total solution and R/3 control sets

Part 1 of this training will give you the broad know-how to assess your own system and provide recommendations for improving both SAP configuration and usage

Over three days you will:

  • Investigate the risks inherent in the SAP application, detailing some of the most effective control opportunities you can configure or design into the application
  • Examine the security and basis configuration settings necessary to support a strong control environment for the rest of the system
  • Pinpoint the risks related to default IDs, profile parameters, IMG configuration and maintenance, and segregation of duties
  • Drill down to core business processes, including the financial close cycle (supported by FI/CO), the order-to-cash cycle (supported by SD), the purchase-to-pay cycle (supported by MM), and the personnel management and administration cycle (supported by HCM) and review critical configuration settings
  • Review common techniques implementers and SAP support personnel may try to use to ‘hide’ poor configuration from auditors, and how to uncover those quickly in your system
  •  Explore where SAP is going with its SAP Business Objects Governance, Risk, and Compliance (GRC) suite of applications
  •  Delve into advanced auditing techniques supported by tools within the standard SAP application, including the Audit Information System (AIS) as well as advanced data analysis opportunities that can be provided by ACL, IDEA and, in some cases, the SAP Business Objects suite itself

Part Two:  Advanced Technical SAP Audit

Audit and control techniques for SAP R/3 & SAP ECC technical auditors

Part two will help you take your SAP technical auditing skills to the next level. You will learn the advanced risks and control opportunities that should be considered in a thorough audit of the SAP basis system and security. You will acquire the knowledge and skills to progress beyond the basic auditing employed by many auditors and become competent at an advanced auditing level.

Over two days you will:

  • Practice techniques discussed on a sandbox SAP system, and get the chance to perform a quick end-to-end security assessment
  • Review the additional security risks posed by the SAP Netweaver components, and the transactions within SAP for understanding key settings
  • Explore the various table types within SAP, and practice some basic data interrogation techniques using SAP Query tools embedded within the application
  •  Learn where to go to get the best security-related advice and perform additional research on other technical basis-related topics
  • Review the ‘system hardening’ guidelines provided by SAP related to common attack scenarios in SAP ABAP as well as the JAVA layer, and how proper system settings and coding techniques can prevent exposure to common attacks (such as SQL injection and man-in-the-middle attacks)
  • Have a first-hand look at some largely-unpublished risks within SAP, including an example where a user may look via standard SAP security reporting as having innocuous access when in reality they have SAP_ALL-type privileges, and learn how to see if these risks affect your installation

Course Director : Steve Biskie, CISA, CITP, CPA

As the author of the only book published by SAP Press related to auditing SAP, and having led more sessions at the SAP GRC series than any other speaker in the history of the event, Steve Biskie is one of the most sought-after trainers in the world when it comes to the topic of an SAP audit

'Good course, clear structure and examples, applicable and valuable for attendees'
Nokia

'A great overview of SAP for the IT auditor. I now feel confident in carrying out an audit of SAP'
 EON

Training type: Group-live
Advance preparation required: none



For questions about your registration, course venues and group discounts, please e-mail mis@mistieurope.com  Alternatively please visit FAQ page. This course is also available In-house. For more information about bringing this or other MIS seminars to your organisation, please e-mail mis@mistieurope.com.

 

 


Related Events