The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

New Guide From ISACA Helps Organizations Improve SAP Security Controls

Rolling Meadows, IL, USA (30 July 2015)—To help audit, risk and security professionals evaluate risk and controls in existing ERP implementations, global IT association ISACA has issued a significant update to Security, Audit and Control Features SAP ERP.


This new edition provides current best practices and identifies future trends in ERP risk and control. It enables audit, assurance, risk and security professionals (IT and non-IT) to evaluate risks and controls in existing ERP implementations and to facilitate the design and building of better practice controls into system upgrades and enhancements.


New features include risk, controls and assessment techniques to audit SAP FI/CO, HCM, BASIS, and SAP Security, an overview of the SAP GRC Suite, updated Sarbanes-Oxley control objectives, and a list of sensitive tables and transaction codes.


“ERP systems automate and integrate much of a company’s business processes to create consistency. ISACA released this important update to bring together information related to SAP ERP-specific risks, controls and testing procedures,” said Ben Fitts of Deloitte Advisory, who worked with ISACA on the fourth edition of the book. “This will be a go-to reference for auditors, not just as a one-time read, but as a book they can dog-ear with sticky notes and return to year after year.”


ERP software integrates all facets of an operation, including product planning, development, manufacturing, sales and marketing. The integration of these functional capabilities into an online and real-time application system designed to support end-to-end business processes helps enterprises to plan and optimize their resources across the enterprise.


In addition, a set of audit programs based on COBIT 5 are available for download free to ISACA members and for US $45 to nonmembers and include:

  1. Revenue Business Cycle Audit/Assurance Program and ICQ

  2. Expenditure Business Cycle Audit/Assurance Program and ICQ

  3. Inventory Business Cycle Audit/Assurance Program and ICQ

  4. Financial Accounting (FI) Audit/Assurance Program and ICQ

  5. Managerial Accounting (CO) Audit/Assurance Program and ICQ

  6. Human Capital Management Cycle Audit/Assurance Program and ICQ

  7. BASIS Administration and Security Audit/Assurance Program and ICQ


Print and digital versions of Security, Audit and Control Features SAP ERP, 4th Edition, are available for US $60 for ISACA members and US $80 (print) and US $75 (digital) for nonmembers. To purchase a copy, visit


ISACA ( helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT, a business framework to govern enterprise technology.



LinkedIn: ISACA (Official),


ISACA Knowledge Center: