Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:45 AM
Dark Reading
Dark Reading
Products and Releases

New Guide From ISACA Helps Organizations Improve SAP Security Controls

Rolling Meadows, IL, USA (30 July 2015)—To help audit, risk and security professionals evaluate risk and controls in existing ERP implementations, global IT association ISACA has issued a significant update to Security, Audit and Control Features SAP® ERP.

This new edition provides current best practices and identifies future trends in ERP risk and control. It enables audit, assurance, risk and security professionals (IT and non-IT) to evaluate risks and controls in existing ERP implementations and to facilitate the design and building of better practice controls into system upgrades and enhancements.

New features include risk, controls and assessment techniques to audit SAP FI/CO, HCM, BASIS, and SAP Security, an overview of the SAP GRC Suite, updated Sarbanes-Oxley control objectives, and a list of sensitive tables and transaction codes.

“ERP systems automate and integrate much of a company’s business processes to create consistency. ISACA released this important update to bring together information related to SAP ERP-specific risks, controls and testing procedures,” said Ben Fitts of Deloitte Advisory, who worked with ISACA on the fourth edition of the book. “This will be a go-to reference for auditors, not just as a one-time read, but as a book they can dog-ear with sticky notes and return to year after year.”

ERP software integrates all facets of an operation, including product planning, development, manufacturing, sales and marketing. The integration of these functional capabilities into an online and real-time application system designed to support end-to-end business processes helps enterprises to plan and optimize their resources across the enterprise.

In addition, a set of audit programs based on COBIT 5 are available for download free to ISACA members and for US $45 to nonmembers and include:

  1. Revenue Business Cycle Audit/Assurance Program and ICQ
  2. Expenditure Business Cycle Audit/Assurance Program and ICQ
  3. Inventory Business Cycle Audit/Assurance Program and ICQ
  4. Financial Accounting (FI) Audit/Assurance Program and ICQ
  5. Managerial Accounting (CO) Audit/Assurance Program and ICQ
  6. Human Capital Management Cycle Audit/Assurance Program and ICQ
  7. BASIS Administration and Security Audit/Assurance Program and ICQ

Print and digital versions of Security, Audit and Control Features SAP ERP, 4th Edition, are available for US $60 for ISACA members and US $80 (print) and US $75 (digital) for nonmembers. To purchase a copy, visit www.isaca.org/sap-erp-4.


ISACA® (isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT®, a business framework to govern enterprise technology.

Twitter:  https://twitter.com/ISACANews

LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial   

Facebook: www.facebook.com/ISACAHQ

ISACA Knowledge Center: www.isaca.org/knowledge-center


Rachel Acevedo, +1.847.660.5617, [email protected]

Kristen Kessinger, +1.847.660.5512, [email protected]

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
10/20/2015 | 8:29:41 AM
Very Informative
Thank you for sharing the post! It is very informative and useful. This new update is going to be very useful.
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-08-16
The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF.
PUBLISHED: 2019-08-16
The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.
PUBLISHED: 2019-08-16
The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.
PUBLISHED: 2019-08-16
The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.
PUBLISHED: 2019-08-16
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.