The integrity of key information systems such as SAP enable your organisation to make informed business decisions whilst striving to meet it’s corporate objectives. Without the appropriate policies and procedures in place, security gaps can go undetected, and the completeness and accuracy of this vital business data can be compromised.


Turnkey Consulting can help you improve your ability to govern the information which is essential to the running of your core business processes. Our SAP Security Quality Assurance Review is designed to help you identify potential issues and areas in need of improvement and give you the insight required to implement best practices in security, controls and information management.

Using in-depth knowledge of the latest SAP auditing techniques, our consultants conduct a complete assessment of your current SAP security environment, determine how well it meets your security governance and compliance obligations, and uncover your greatest risk exposures. Our consultants are dedicated professionals having “Big 4” background with extensive audit, controls and implementation experience.

This review will cover the following key areas:                                                                                                                                                                                                               

  • SAP security settings
  • Application security design
  • Security design for IT support services
  • Segregation of Duties
  • User provisioning and administration processes
  • Authorisation change management processes
  • SAP development lifecycle and change
  • Management processes

Our consultants work side by side with your security resources, IT Managers and business teams to create a mitigating action plan that prioritises your needs, and enables a fast and cost-effective implementation of the most appropriate security model. Continuous engagement ensures key stakeholders receive regular updates throughout the review and can provide input on any issues encountered prior to delivery of a final report.

We don't deliver blanket best practice recommendations as we realise that every organisation is unique with different risks, concerns and desired levels of control. Instead we make recommendations that take into account the industry, size and nature of your organisation, as well as any compensating controls which might serve to mitigate risk.

We understand that organisations need to “buy in” to the concept of security and controls so that the business retain overall ownership, which is essential to ensuring improvements are made and maintained in a control environment. Therefore, we suggest carefully considered recommendations which are both pragmatic and effective in mitigating risk.