Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorLearning and EventsBreadcrumb SeparatorCoursesBreadcrumb SeparatorSAP ERP Technical Audit
Course Description Course Outline Bring Us On Site  

SAP ERP Technical Audit

Course Description

Print-friendly Course Description and Outline

Today, SAP ERP software is used by a wide range of businesses, from small private enterprises to billion-dollar corporations. This is why IT auditors and IT professionals must have a deep knowledge of the elements and functions of SAP ERP.

The curriculum for this dynamic course, which is a joint effort between The IIA and Deloitte & Touche, includes facilitated discussions and practical exercises allowing participants to gain a deep understanding of SAP ERP security and technical concepts. You will also be introduced to the SAP GRC suite of tools formerly known as Virsa. In addition, gain an introduction to SAP NetWeaver and SAP Solution Manager. Note: Most concepts apply to SAP R/3 environments.

The SAP audit skills you will learn from this course can be applied immediately.

Day 1 – 8:30 a.m.–5:30 p.m.
Day 2 – 8:30 a.m.–5:30 p.m.
Day 3 – 8:30 a.m.–5:30 p.m.
Day 4 – 8:30 a.m.–1:30 p.m.

Course Duration: 3.5 day(s)
CPE Hours Available: 32
Knowledge Level: Intermediate
Field of Study: Auditing


Advance Preparation: 


Delivery Format: On-site Training (Group-Live); Seminar (Group-Live)

​Audit Approach

  • Components of an SAP Audit

Introduction to Security

  • Components of security
  • Introduction to security parameters

Security-Authorization Concept

  • Security authorization concept
  • Security authorization mechanics
  • Authorization checking and the user buffer

Security Administration

  • Security administration
  • Key security authorization objects
  • System security parameters

Authorization Documentation

  • Authorization object documentation
  • Determining access requirements
  • Key security tools, reports, and tables

Transaction Security

  • Reviewing transaction start security
  • Reviewing check object security

Table Security

  • Table data access vs. table structure access
  • Securing direct table data access
  • Reviewing table data security

Program Security

  • Program access paths
  • Reviewing program security

Profile Generator

  • Overview of profile generator
  • Profile Generator risks and considerations

SAP Governance, Risk, and Compliance (GRC)

  • Overview of GRC
  • GRC technical setup
  • Configuration of GRC reports

Interfaces and Conversions

  • SAP Interfaces
  • Data Conversions

Computer Center Management System (CCMS)

  • Computer Center Management System management
  • Key security authorization objects
  • Audit and control considerations

SAP Solution Manager

  • Functionality of SAP Solution Manager
  • Key security authorization objects
  • Audit and control considerations

System Profiles

  • System profile types and usage
  • Audit and control considerations

Job Scheduling

  • Types of background processing
  • Background processing components
  • Audit and control considerations

ABAP Development Workbench

  • Components of the ABAP Development Workbench
  • Key security authorization objects

Transport Management System (TMS)

  • System landscapes
  • Transport Management System concepts
  • Key security authorization objects
  • Audit and control considerations

Database Management

  • SAP Logical database
  • SAP Physical database
  • Key security authorization objects
  • Audit and control considerations

Database Monitoring

  • Database startup and shutdown
  • SAP database monitoring tools

SAP NetWeaver

  • Overview of NetWeaver
  • Audit implications of NetWeaver


  • Network
  • Operating system
  • Database

​Most courses can be delivered through on-site training. You might be surprised that the organization leading the profession is just as committed to the delivery of affordable training.

Contact us by calling +1-407-937-1388 or send an e-mail to