Business Process Control Review

 There are 4 main categories of internal controls:

1. Entity Level Controls – involves senior management developing the required level of culture within the organisation regarding internal controls, also known as ‘tone at the top’
2. IT General Controls – providing general control over the IT environment (e.g. change management, user and access management etc)
3. IT Application Controls – providing automated system-based controls over business transaction processing (e.g. system configuration settings)
4. Manual Controls – providing further control over business transaction processing (e.g. IT Dependent Controls – review of system reports for exceptions requiring further investigation; Non-IT Dependent Controls – peer reviews/manager approvals etc).

Both IT Application Controls and Manual Controls reside under the umbrella term ‘Business Process Controls’, as they directly support your business processes and the transactions that flow through them. Failure to ensure these controls are designed and operating effectively means you will not have assurance over the integrity of your business data. This can impact the quality of business decisions and the achievement of business objectives, as well as presenting risks to financial reporting.

The Turnkey Consulting Solution

Our SAP Business Process Controls Review is designed to help you identify issues with the controls directly supporting your business processes, as well as areas in need of improvement, before risks are realised and become a problem for the integrity of your data. We also assist in highlighting control weaknesses before they turn up on your audit report.

Using in-depth knowledge of the latest SAP auditing techniques, our experienced consultants will conduct a risk-based assessment of your current SAP Business Process Controls environment. Our consultants are dedicated professionals having a “Big 4” background with extensive audit, business process and controls experience. This review includes one or more of your key business process cycles, such as:

• Order to Cash
• Procure to Pay
• General Ledger
• Fixed Assets
• Inventory

Our review can also cover business processes specific to your organisation and/or industry, as our expertise extends to applying risk and control principles to niche business processes and regulatory requirements. Our consultants apply the latestproven audit methodologies to identify key risk areas in your SAP control environment. We will quickly identify the current levels of control in your SAP system and assess how that compares to both internal/external policies and regulations, as well as good practice SAP Business Process Controls.

We do not issue blanket best practice recommendations as we recognise that every organisation is unique with different risks, concerns and desired levels of control. Instead we make recommendations that take into account the industry, size and nature of your organisation, as well as any compensating controls which might serve to mitigate risk.

We also understand that organisations need to “buy in” to the concept of internal controls so that the business retains overall ownership, an essential element in ensuring continual improvements are made and maintained in a control environment.

A managed service for GRC can give you a strong platform from which to solve these challenges and close your capability gap quickly, without a large upfront investment.