SAP is a very large and complex ERP system, forming the platform for multiple inter-related business processes. It is comprised of thousands of configurable tables making it highly flexible, and has a complex integrated security function. In summary, SAP is a challenging environment to audit.

An External Auditor's role is to express an opinion on whether the information presented in an organisation’s financial statements are a true and fair reflection of their financial position at a given date. For organisations using SAP, it tends to be the major financial system within their landscape in which those “material” transactions are processed.

When adopting a controls-based approach to your audits it is vitally important that you fully understand the significant risks and expected controls within an SAP system. In addition, having a systematic approach to accurately identify the level of assurance which can be placed on the internal control environment is crucial to understand the extent to which any further substantive testing is required.

Depending upon how many SAP clients you have in your portfolio, you may only have contact with these ERP systems 2 or 3 months per year. This makes it very difficult to acquire and develop the specific skills, understanding and experience to effectively audit an SAP system.

In addition, the cost to train and develop specialist resources for such engagements may not be beneficial for the amount of time they employ those skills during the year. Even if there is perceived value it takes years of hands-on experience and know-how with SAP to ensure all internal control deficiencies significant to an external audit are uncovered.


Turnkey Consulting provide the necessary support for your SAP audit related activities to ensure a trusted, reliable and experienced organisation perform the detailed reviews required. This ensures you get an accurate picture of the internal controls employed by your clients and can assess for any impact on your financial audit approach.

Our consultants have “Big 4” background with extensive audit, controls and implementation experience. We apply the latest proven audit methodologies to identify the key risk areas in your client’s SAP control environment. We quickly identify the current levels of security in their SAP system and assess how that compares to both internal policies and security good practice. In addition, we also have the in-house knowledge to evaluate the controls embedded into those business processes supported by your SAP system.

We do not issue blanket best practice recommendations as we recognise that every client is unique with different risks, concerns and desired levels of control. Instead we make recommendations that take into account the industry, size and nature of your client, as well as any compensating controls which might serve to mitigate risk.

We understand that clients need to “buy in” to the concept of internal controls so that the business retain overall ownership, which is essential to ensuring improvements are made and maintained in a control environment. Therefore, we suggest carefully considered recommendations which are both pragmatic and effective in mitigating risk.

Although we will manage the end-to-end process, a continuous engagement model ensures key stakeholders (both you, the External Auditor, and relevant client contacts) receive regular updates throughout the review and are able to provide input on any issues encountered, prior to delivery of a final report. We are also comfortable participating in any up-front planning and mobilisation meetings to ensure we are fully integrated into the overall audit approach.