Course Outline
Session 1 (4 hours)
Module 1 – S/4HANA Fundamentals for Auditors (2 hours)
- Core architecture (ABAP, Fiori, catalogs, and roles).
-
Key Differences from ECC:
- Business Partner model.
- Universal Journal (ACDOCA).
- Flexible workflows.
- Locating Application Information Systems (AIS): transactions and their Fiori equivalents.
Module 2 – Access, Roles, and Essential SoD (2 hours)
- Users, PFCG, SUIM, SU53, and SU24 (authorization by transaction code).
- Fiori catalogs and roles (app ID, catalog, space).
- Basic SoD matrix and typical findings (e.g., creation and release within the same role).
Session 2 (4 hours)
Module 3 – Security Logs and Traces (3 hours)
- Security Audit Log (SM19/SM20): activation, filters, and reading techniques.
- STAD/ST03N: usage statistics, sessions, and peak analysis.
- Read Access Logging (RAL): concepts and use cases.
- Best practices for evidence retention and export.
Module 4 – Configuration Changes and Sensitive Data (1 hour)
- SCU3 (change documents) and SCC4 (change policy).
- Critical parameters (RZ10/RZ11): reading and evidence collection.
Session 3 (4 hours)
Module 5 – Process Controls (FI/MM/SD) in S/4 (4 hours)
- FI: Tolerances, OB52 (periods), entry segregation, and journal approval (workflow).
- MM: Release strategies, limits, single supplier processing, and condition changes.
- SD: Credit limits (FSCM Credit Management) and price/condition changes.
- BP: Controls on creation/exchange, and fiscal/banking sensitivity.
- Risk-driven sampling and selection techniques.
Session 4 (4 hours)
Module 6 – Comprehensive Laboratory + Reporting (3 hours)
- Assigning roles and access to a critical user.
- Tracing operations (buy/sell) and obtaining evidence (SM20/SCU3).
- Documenting findings with screenshots and exports.
- Preparing working papers and ensuring traceability.
Module 7 – Closure and Action Plan (1 hour)
- Internal control checklist for S/4.
- Prioritization of findings and recommendations.
Deliverables:
- A checklist of 20+ controls covering FI, MM, SD, and BP.
- A quick guide to SM19/SM20, SUIM, SCU3, and STAD/ST03N.
Requirements
- A foundational understanding of auditing principles.
- Prior experience with SAP systems.
- Familiarity with compliance and control frameworks.
Audience
- Auditors.
- Internal control specialists.
- SAP security consultants.
- Compliance officers.
Custom Corporate Training
Training solutions designed exclusively for businesses.
- Customized Content: We adapt the syllabus and practical exercises to the real goals and needs of your project.
- Flexible Schedule: Dates and times adapted to your team's agenda.
- Format: Online (live), In-company (at your offices), or Hybrid.
Price per private group, online live training, starting from 3900 € + VAT*
Contact us for an exact quote and to hear our latest promotions
Testimonials (2)
It was straight to the point and more practical
Lungelo Ndlela - SNG Grant Thornton
Course - SAP S/4 Hana (S/4Hana)
His calm and collected voice even though at points he was frustrated with the system, but kept his cool…
