Home / Blog Overview / Why companies are failing SAP access audits – and how to fix the issues

Why companies are failing SAP access audits – and how to fix the issues

07, December 2016

Last month we ran our most well-attended webinar yet, “Top 5 Reasons Companies Fail SAP Access Audits,” with over 200 companies represented. With year-end and audit reviews in full swing, we wanted to provide a helpful resource for internal audit and SAP security professionals to learn what NOT to do as well as what exactly causes those dreaded deficiencies. Judging by the response and subsequent survey feedback, it seems safe to say that it was a much-needed resource indeed!

The state of SAP access issues – how bad is it?

In the webinar, now available as a recording, our CEO Jody Paterson discusses the biggest and most common mistakes companies running SAP make when it comes to access audits. Throughout the presentation, we polled our attendees in order to find out just how prevalent SAP access issues are in organizations. We got great feedback from our attendees on where they were on topics like segregation of duties, super user access, audits, and deficiencies. One hot topic for sure was area of role design – of attendees who responded, 78% believe their role design structure in SAP is not effective for managing risk in SAP. Additional poll results highlighted that 75% don’t have an effective provisioning process and 58% lack effective controls for super user access.

Moving forward – how to fix the issues

As we see with the attendees who experienced challenges – and have seen before with countless clients – access audit findings are often the symptoms of a larger, more persistent problem of access to programs and data in SAP. That is why in order to fix an audit deficiency, you must understand and fix its root cause. The focus of “Top 5 Reasons Companies Fail SAP Access Audits” was to discuss “what” those root causes are, however our follow-up webinar on Thursday, December 8th, answers the question “whatnow?” and dives into the “how” to fix these issues.

If you’re still experiencing issues with access controls in SAP, be sure to join us tomorrow (or register and we will send a link to the recording) as Jody continues the discussion into just how to fix audit deficiencies, and how to fix them in a timely way even if you have year-end compliance deadlines. We’ll review real-world examples of how other companies solved these same issues. This promises to be another popular, helpful resource, so don’t miss it! You can register here.