<P> The audit review should include a review of validation of data that is input in certain transactions, the design of ABAP statements and their authority checks matching documents prior to closing . Also, with regard to the master file control there must be an independent review of master file changes and creation of transactional responsibilities to identify any redundant master files . </P> <P> When it comes to data integrity the primary concerns are the integration of data from the legacy systems and then ensuring that data being input into the system for processing has been properly approved and is accompanied by the proper documentation . Through reviewing these aspects of the processing from implementation through to production you can gain reasonable confidence that the controls surrounding the data are sufficient and that the data are likely free of material error . The use of the built in audit functions will greatly assist with this process and the ability to create your own audit programs will allow you to customize the work to the company you are working with . </P> <P> The two major control risks that need to be monitored with SAP are security and data integrity . To ensure that both are sufficient it is important that both be properly outlined and developed during implementation . User profiles must be designed properly and access must be sufficiently segregated to minimize the chance of fraud . Use of the SAP audit functions to cross check the user access with the matrix of allowable accesses is the quickest and easiest way to ensure that duties and access are properly segregated . New and old users must be entered and removed promptly and avoidance and monitoring of any super user access is imperative . Review of the access to upload and pull through changes to production and review of the associated authorization process is important from both a security and data integrity point of view . </P> <P> To further ensure data integrity it is important that proper documentation be reviewed along with confirmation of any external data available either through a legacy system or through a third party . This is important with regard to certain sensitive accounts, such as accounts payable . Review of controls around budgets and management review and also review of authorization for non-routine transactions and physical access will be imperative to ensuring the accuracy of the data input and output from the system . The use of and development of tools within SAP will help accelerate this process and help to ensure that it is accurate . These are the two most vital parts to any SAP audit and successful review of them should allow you to determine the adequacy of control around the SAP system and access to it to determine whether or not there are any material deficiencies with the systems control . </P>

Systems applications and products (sap) certified