The queries made by auditors always give us a headache, either because of the difficulty in finding the right answer or because it forces us to dedicate time that we do not have. That is, a headache always! After reviewing the system with their own software tools, they give us their reports to which we […]

September 15, 2023

How to respond to auditors’ requirements?

contenido 8 AU

Risks in SAP: Are all risks identified, and are we working to resolve them? Are there risks that we are unaware of or that are hidden? In strictest rigor, it is likely that we will never have all risks fully controlled. However, it is imperative to know them all and establish a work plan for […]

June 6, 2023

Identifying Visible and Hidden Risks in SAP.

What should I control? What are the critical variables in SAP security that I should monitor? For executives and CISOs, a red alert is a first level to act upon. As we presented in the previous email, CentinelBox provides reports with color identification in cases where action is required… without the need for a deep […]

May 31, 2023

SAP Security: Controlling Critical Variables

The difficulty faced by executives – and many CISOs – is understanding the logic and high level of data disaggregation required by SAP security privilege definitions and how to trust that there will be no leaks of classified information or fraud in system usage. There are no simple answers. Moreover, considering that annual reviews by […]

May 22, 2023

Unlocking SAP Security: Understanding its Complexity, Mitigating Risks, and Empowering Executives

An effective solution to eliminate unused roles and optimize user assignments

It is common that investment and SAP system security project development decisions are based on the seriousness of the observations made by the External Auditors in their reviews. In addition, the executive level generally undervalues the auditors’ observations, so it is likely that the lack of action on security is always the same.   The auditors’ […]

January 3, 2023

Are you comfortable with SAP security reports provided by external auditors?