• Audit
• Authorizations
• SAP Workflow
• GRC Services
• Identity & Access Management
• Day-to-Day Support
• Trainings
• Webinars

Audit

Auditing / reviewing SAP authorizations: our auditing services range from very detailed audits (including detailed lists of who can do what, detailed and understandable risk descriptions, conceptual and procedural findings, relevant recommendations, Sarbanes-Oxley internal control impact) to quick scans. Our consultants have a leading knowledge about authorizations in the newest SAP® releases (up to mySAP® ERP 2005) based on the SAP® NetWeaver platform and in the mySAP® Business Suite applications (CRM, SRM…) 

Authorization Conceptual Reviews

In case you wish to know very fast which direction you should be going, we can help you within a week by means of our proven Quick Scan. This is performed from an audit perspective and rapidly provides a global insight into the actual state of your authorizations. We developed for that a query set that contains core information (authorization objects and transaction codes) for the 350 SAP processes and that are directly usable for any company using SAP solutions.
 
We especially focus on the conceptual aspects of the authorizations setup, the usage of the SAP profile generator, etc in order to inform you which procedures must be put in place or must be optimized. Based on the quick scan results we can then distil the weakest link in your security roadmap. We will also list you the facts like number of SOD conflicts of user-id and role level to quantify your problem.

Authorizations Audits

In case of more formal reporting, our customers rely on axl & trax's full SAP® authorizations and controls audits which are all supervised by Certified Information Systems Auditors (CISA). When supporting internal audit departments, axl & trax provides the specific audit and SAP® security know-how that may not be available at your internal audit department.

Quality assurance during SAP authorizations implementations and redesigns

In cases where a company decides to perform most of the work themselves or in cases where the company wants an independent view on the work done by another third party, the expertise of axl & trax can be hired to ensure that good implementation practices are applied. 

Auditing the technical infrastructure of SAP®

One security aspect is to ensure that no backdoors can be used to intrude or to interfere with the functioning of a business-critical system like an SAP® enterprise software application. axl & trax performs security audits on the IT infrastructure underneath the SAP® environment. This service can range from a high-level review of the network topology to a detailed inspection where all SAP®-relevant network components (like firewalls, routers and operating system settings) are considered. Reviewing the change management procedures in and around SAP® In order to ensure the continuity and integrity of an SAP® enterprise software application that supports your business processes, adequate change management needs to be in place. axl & trax can audit the change management process in your company by reviewing the organization, procedures and implementation of this process.

GRC Audit Services

In case you have implemented a 24/7 monitoring solution, we can analyze for you the accuracy of the risk definition used. You should at least once a year verify if certain risks are not covered. More technically you should check that your monitoring rule set covers all the critical transactions used. In other words we verify if there are no critical transactions used in your system which are not picked up in your monitoring engine or logging reporting.