BackgroundIn a cloud environment (Software-as-a-Service), the software is usually not maintained by the customer, but by the software/cloud provider.Control descriptionRemote access to the SAP S/4HANA Cloud system for e.g. incident management or soft...
While the previous contemplation in our blog post series was focused on “How to audit the IT-related processes and controls on application-level”, we will focus on the infrastructure-level in the following. As the responsibility for the processes and...
Data Reliability for ESG-Reporting
Companies are currently confronted with new reporting obligations and the associated compliance requirements based on regulatories as Corporate Sustainability Reporting Directive (CSRD) and EU Taxonomy. To generate...
RiskSystems are not adequately configured or updated to restrict system access to properly authorized and appropriate users.Control DescriptionAccess is authenticated through unique user IDs and passwords or other methods as a mechanism for validatin...
Regardless of whether the ERP system is an onPremise (e.g. SAP S/4HANA onPremise / SAP ECC) or Software-as-a-Service (SaaS) solution, all layers (physical data storage, database, operating system, middleware and application) must be considered by the...
