Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Session 1 (4h)
Module 1 – R/3 Fundamentals for Auditors (2h)
- Basic architecture (ABAP stack, SAP GUI, client concept).
- Key differences from legacy systems (modular design: FI, MM, SD).
- Classic transactions and navigation for audit purposes.
Module 2 – Access, Roles, and Essential SoD (2h)
- User management and authorizations with PFCG, SU01, SUIM, SU53, SU24.
- Role design and common audit-relevant functions.
- Basic SoD matrix and typical findings (e.g., invoice creation and approval in the same role).
Session 2 (4h)
Module 3 – Security Logs and Traces (3h)
- Security Audit Log (SM19/SM20): activation, filters, and reporting.
- STAD and ST03N: usage statistics, sessions, and workload analysis.
- Good practices for evidence retention and export.
Module 4 – Configuration Changes and Sensitive Data (1h)
- SCU3 (change documents) and SCC4 (client settings).
- Critical system parameters (RZ10/RZ11): identification and monitoring.
Session 3 (4h)
Module 5 – Process Controls (FI/MM/SD) in R/3 (4h)
- FI: tolerances, OB52 (posting periods), journal entry approvals.
- MM: release strategies, purchase order limits, single supplier controls.
- SD: credit limits, pricing changes, conditions monitoring.
- Audit sampling techniques for process testing.
Session 4 (4h)
Module 6 – Comprehensive Laboratory + Reporting (3h)
- Review roles and authorizations for a critical user.
- Trace operations (purchase/sale) and obtain audit evidence (SM20/SCU3).
- Document findings with screenshots and exports.
- Preparation of working papers and traceability.
Module 7 – Closure and Action Plan (1h)
- Internal control checklist in R/3.
- Prioritization of findings and recommendations.
Deliverables:
- Checklist of 20+ controls (FI/MM/SD).
- Quick guide to SM19/SM20, SUIM, SCU3, STAD/ST03N.
Summary and Next Steps
Requirements
- An understanding of basic auditing principles
- Experience with SAP systems
- Familiarity with compliance and control frameworks
Audience
- Auditors
- Internal control specialists
- SAP security consultants
- Compliance officers
16 Hours
Delivery Options
Private Group Training
Our identity is rooted in delivering exactly what our clients need.
- Pre-course call with your trainer
- Customisation of the learning experience to achieve your goals -
- Bespoke outlines
- Practical hands-on exercises containing data / scenarios recognisable to the learners
- Training scheduled on a date of your choice
- Delivered online, onsite/classroom or hybrid by experts sharing real world experience
Private Group Prices RRP from €6840 online delivery, based on a group of 2 delegates, €2160 per additional delegate (excludes any certification / exam costs). We recommend a maximum group size of 12 for most learning events.
Contact us for an exact quote and to hear our latest promotions
Public Training
Please see our public courses
Testimonials (3)
Teacher knolage
Collin Sampson
Course - SAP S/4HANA Overview (S4H00)
I liked the fact that the trainer was very flexible and offered information about subjects that were not included in the initial material. I liked his experience in other projects and the tips and tricks resulted from this experience. The training was interactive and even though the exercises were predefined, we could take the exercise in another direction than previously defined.
Maria-Cristina Socol - NTT DATA Romania S.A.
Course - SAP S/4 Hana (S/4Hana)
We have learnt so many things that we didn't know before.
