Organisations implement SAP to increase productivity, enhance transparency, reduce inventory and boost profitability. But the level of automation and integration achieved by deploying SAP often scares management and auditors. Since they can no longer fall back on paper-based signatures, they need to have faith in electronic data entry and authorisations. When they are confronted with statements like: “Jan Jansen has access to transaction FB60 and F110 on company 1203 and 2805,” they may well be less prepared to take responsibility for the numbers generated by their SAP system.
Indeed, experience has shown that poor control over an SAP implementation and poor quality of data on suppliers and customers can lead to:
When you consider these typical concerns, you will realise that they lead directly to fundamental questions about your system of internal control, the security of your SAP system and the segregation of duties on which it depends.
In assessing your SAP environment, we combine a number of proven techniques to model the risks and controls implied by the current implementation, including process modelling, transactional analysis, master data analysis, configuration analysis and a thorough segregation of duties analysis. In order to help gain confidence in the data produced by your SAP implementation, we provide:
Deloitte can count on vast experience to allow you to maximally benefit from SAP Management of Internal Controls and SAP/Virsa’s Compliance Calibrator. In addition, Deloitte is an accredited auditor for providing certificates of compliance against regulations on corporate governance, eg. Sarbanes-Oxley 302 and 404 Act, UK’s Combined Code, France’s Loi sur la Securité Financière, the Belgian Code Lippens, or the Dutch Code Tabaksblat.