Course Outline
Session 1 (4 Hours)
Module 1 – S/4HANA Fundamentals for Auditors (2 Hours)
- Overview of the basic architecture, including ABAP, Fiori, and catalogs/roles.
-
Key differences from ECC:
- Business Partner.
- Universal Journal (ACDOCA).
- Flexible workflows.
- Current location of AIS transactions and their equivalents in Fiori.
Module 2 – Access, Roles, and Essential Segregation of Duties (SoD) (2 Hours)
- User management, PFCG, SUIM, SU53, and SU24 (authorizations by transaction code).
- Fiori catalogs and roles, including app-id, catalog, and space.
- Basic SoD matrix and typical findings, such as the creation and release in the same role.
Session 2 (4 Hours)
Module 3 – Security Logs and Traces (3 Hours)
- Security Audit Log (SM19/SM20): activation, filters, and reading.
- STAD/ST03N: usage statistics, sessions, and peak times.
- Read Access Logging (RAL): concept and appropriate use cases.
- Best practices for evidence retention and export.
Module 4 – Configuration Changes and Sensitive Data (1 Hour)
- SCU3 (change documents) and SCC4 (change policy).
- Critical parameters (RZ10/RZ11): reading and evidence collection.
Session 3 (4 Hours)
Module 5 – Process Controls in S/4HANA for Financial Accounting, Materials Management, Sales and Distribution, and Business Partner (4 Hours)
- Financial Accounting (FI): tolerances, OB52 (periods), segregation in entries, and journal approval workflows.
- Materials Management (MM): release strategies, limits, single supplier management, and changes in conditions.
- Sales and Distribution (SD): credit limits using FSCM Credit Management, price/condition changes.
- Business Partner (BP): controls on creation/exchange, fiscal/banking sensitivity.
- Risk-driven sampling and selection techniques for audit purposes.
Session 4 (4 Hours)
Module 6 – Comprehensive Laboratory + Reporting (3 Hours)
- Elevate roles and access for a critical user.
- Trace operations (buy/sell) and gather evidence using SM20/SCU3.
- Document findings, including catches and exports.
- Prepare working papers and ensure traceability for government audits.
Module 7 – Closure and Action Plan (1 Hour)
- Internal control checklist specific to S/4HANA.
- Prioritization of findings and recommendations for government operations.
Deliverables:
- Checklist of 20+ controls (FI/MM/SD/BP) for government use.
- Quick guide to SM19/SM20, SUIM, SCU3, STAD/ST03N for efficient auditing and compliance in government environments.
Requirements
- An understanding of fundamental auditing principles for government
- Experience with SAP systems
- Familiarity with compliance and control frameworks
Audience
- Auditors
- Internal control specialists
- SAP security consultants
- Compliance officers
Testimonials (4)
Teacher knolage
Collin Sampson
Course - SAP S/4HANA Overview (S4H00)
I liked the fact that the trainer was very flexible and offered information about subjects that were not included in the initial material. I liked his experience in other projects and the tips and tricks resulted from this experience. The training was interactive and even though the exercises were predefined, we could take the exercise in another direction than previously defined.
Maria-Cristina Socol - NTT DATA Romania S.A.
Course - SAP S/4 Hana (S/4Hana)
We have learnt so many things that we didn't know before.
Lebogang Kgosiesele - Lucara Botswana
Course - SAP S/4 HANA PP (Production Planning)
Ayman was a very good trainer. He explained our doubts and was very easy to understand. He gave satisfactory answer to all questions we raised.
