SAP Security Audit

The majority of company assets, such as financial data, human capital and know-how, are stored in SAP systems. An extensive system audit will reveal security issues and allow you to increase the system’s security and protect these assets efficiently.

 SAP security audit

Our consultants carry out a security check of your SAP systems and highlight potential flaws in your SAP security concept, according to best practice recommendations for security settings. The analysis is performed using the Xiting Authorizations Management Suite (XAMS) and examines the following key areas:

  • System configuration (parameters, logging transport management)
  • Documents (comparison of the concept’s target state and actual state)
  • Roles (technical compliance, functional compliance, according to guidelines)
  • Authorizations (administration of jobs, users, transports, systems)
  • Users (profile allocation, user types, critical authorizations, login activities)

The results of the analysis are recorded and saved in a report. This comprehensive evaluation of system security is followed by a final customer presentation with management summary.

Benefits at a glance 

  • Analysis of your system security and concepts as preparation for internal/external audits
  • Comparison of your system settings with best practice recommendations
  • Outline and risk evaluation of potential flaws
  • Recommendations for further measures to eliminate shortcomings

Our services

Audit of the SAP system

  • Scanning of the SAP systems with the help of the Xiting Authorizations Management Suite (XAMS)
  • Audit of authorizations in respect of quality and ICS
  • Audit of the productive system’s technical safeguards
  • Audit of the SAP authorization concept’s actual state and correctness


  • Detailed assessments and documentation of the analysis
  • Management summary regarding the entire assessment of the analysis results
  • Demonstration of shortcomings and risks
  • Catalog of measures with recommendations for elimination of shortcomings
  • Comparison of the existing authorization concept with the actual state of the SAP system


  • Predefinition of system scope with modules, sub-areas, processes, and documents to be audited
  • Implementation of XAMS via transport
  • Coordination of dates for on-site visits and report preparation
  • Completion of analysis on-site or remotely with the help of XAMS
  • Creation and approval of report
  • Final presentation
  • Optional: Description of a methodology detailing how shortcomings which are revealed by XAMS can be efficiently and quickly eliminated