Created with Sketch.

SAP Audits and Controls


Schneider Downs has the SAP ECC, SAP S/4HANA, and SAP GRC expertise to assist organizations to identify their SAP key controls and to partner with organizations in their on-going control and audit compliance requirements.

Organizations use our services in every part of their SAP maturity journey, including guiding companies with controls requirements during the implementation process, post-implementation and segregation of duties reviews, annual audits and SAP health checks and testing. Our professionals are well versed in the entire SAP environment and multiple SAP versions.

Our services include extracting data from SAP tables for data analysis, ITGC testing including SAP security and SAP transport management, SAP application controls within the IMG, auditing supporting operating systems, SAP GRC solutions, and SAP ancillary/bolt-on applications. We serve clients that range from mid-size to large as well as international companies. For more information please contact us.

SAP services that we offer include:

  • Outsourcing and co-sourcing of SAP audits
  • Assist in documenting As-Is and To-Be processes for data transformation projects (e.g, SAP S/4HANA, SAP ECC, acquisitions)
  • Assist in completing key project deliverables (e.g., process, controls, etc)
  • Reviewing key deliverables of SAP projects (e.g., evaluating the project plan, participation in periodic status meetings with the project team, reviewing key controls and security, and other key deliverables, etc)
  • Assist in documenting SAP business and IT (ITGC and application) controls
  • Assess Security and Controls Strategy
  • Develop audit programs and testing instructions for the Security/Controls/Internal Audit Teams
  • Conduct SAP audit training
  • Evaluate SAP security roles
  • Evaluate the design and testing effectiveness of SAP key controls within a controls framework
  • Conduct SAP post-implementation review, ITGC, automated control, and business process audits
  • Evaluate the Segregation of Duties (SOD) Rule Set, sensitive transactions, emergency request process, and the SAP transport change process
  • Assist in customizing the SOD Rule Set and sensitive transactions

Schneider Downs SAP Resources

For each service, Schneider Downs uses a top-down, risk based approach that fits the organization size, culture, and requirements.  We will work collaboratively with management on the scope and testing approach.  Our approach includes periodically communicating status, issues, and providing a report with recommendations to strengthen the SAP controls environment.

Let our trained SAP professionals navigate the complexities of SAP to provide the assurance you need.


Learn how we’ve Solved Big Problems For our clients

Big Problem: Company Impacted By Ransomware.

Big Thinking: Restore System On-site And Avoid Six-figure Ransom.

Read Case Study

Big Problem: Inefficient Tax Credit Realization.

Big Thinking: Identified A $900,000 Tax Credit, Nearly Twice As Much As Prior Years.

Read Case Study


Every moment counts. For urgent requests, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.