Skip Ribbon Commands
Skip to main content
Sign In
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorTraining and EventsBreadcrumb SeparatorCoursesBreadcrumb SeparatorSAP GRC: Access Control and Process Control
IIARF Icon
Course Description Course Outline Bring Us On Site  

SAP GRC: Access Control and Process Control

Course Description

Print-friendly Course Description and Outline

This course provides an essential knowledgebase, as well as hands-on learning for internal audit professionals, including information technology auditors, working in a SAP GRC environment, as well as those involved in SAP GRC implementation and configuration. Hands-on learning will be conducted with Access Control and Process Control 10.0.

The curriculum for this dynamic seminar includes lectures, group discussions, case studies, and practical exercises, allowing participants to explore the many ways that an SAP GRC implementation impacts internal auditing.

This course is taught by Deloitte & Touche LLP practitioners with real-world SAP GRC implementation and audit experience.​

Course Duration: 4 day(s)
CPE Hours Available: 36
Knowledge Level: Intermediate
Field of Study: Computer Science
Prerequisites: 

​Introduction to Auditing SAP ERP, SAP ERP Technical Audit, or requisite knowledge of SAP.

Advance Preparation: 

None​

Delivery Format: On-site Training (Group-Live); Seminar (Group-Live)

This course will address both SAP GRC Access Control and SAP GRC Process Control.

SAP GRC Access Control

  • Challenges in Auditing SAP ERP
  • Segregation of Duties and Restricted Access
  • GRC Access Control Overview and Navigation
  • GRC Access Control Landscape and System Setup Audit Considerations

SAP GRC Access Control Access Risk Analysis (ARA)

  • Post Installation considerations
  • ARA Overview of Configuration
  • ARA Master Data Upload
  • ARA Rule Set
  • ARA Background Jobs
  • ARA Workflow
  • ARA Risk Terminator
  • ARA Audit Considerations
    • Rule Set Benchmarking
    • ARA Scope
    • Rule Set change management
    • ARA Segregation of Duties
  • ARA Case Study and Exercises

SAP GRC Access Control Emergency Access Management (EAM)

  • EAM Post Installation Considerations
  • EAM Overview of Configuration
  • EAM Workflow
  • EAM Audit Considerations
    • Emergency vs. Privileged Access
    • EAM Segregation of Duties
    • EAM Reporting and Monitoring
    • EAM Audit Evidence
  • EAM Case Study and Exercises

SAP GRC Access Control Access Request Management (ARQ)

  • ARQ Post Installation Considerations
  • ARQ Overview of Configuration
  • Workflow Configuration and Settings
  • HR Triggers
  • Integration with Identity Management
  • User Review
  • SOD Review
  • Administration Tasks
  • ARQ Audit Considerations
    • ARQ Segregation of Duties
    • ARQ Approvers
    • ARQ Reporting and Monitoring
    • ARQ Audit Evidence
  • ARQ Case Study and Exercises

SAP GRC Access Control Business Role Management (BRM)

  • BRM Post Installation Considerations
  • BRM Configuration Overview
  • System Landscape
  • Roles
  • BRM Workflow and SOD
  • BRM Audit Considerations
    • BRM Segregation of Duties
    • BRM Change Management
  • BRM Case Study and Exercises

SAP GRC Process Control

  • Enabling the Risk Intelligent Organization
  • SAP GRC Process Control Functions and Features
  • Compliance Structure Overview
  • Control Assessment Overview
  • Automated Control Monitoring Overview
  • Compliance Framework Details
  • Control Details
  • Master Data Upload Generation Utility
  • Control Evaluation Setup
  • Manual Control Evaluations Overview
  • Automated Control Testing & Monitoring
  • Analysis and Reporting Review of Results
  • Process Control Audit Considerations
  • Case Study and Exercises

Other GRC Audit Considerations

  • Audit Reports
  • Security & Change Management
  • Audit Planning
  • Case Study Presentations

​Most courses can be delivered through on-site training. You might be surprised that the organization leading the profession is just as committed to the delivery of affordable training.

Contact us by calling +1-407-937-1388 or send an e-mail to GetTraining@theiia.org.

LocationsDates
Deloitte & Touche Training Facility - Wacker Dr.
Chicago, IL
Details and pricing
October 6-9,
2014