Advanced SAP ERP and SAP S/4HANA Audit and Security - ASE441


This course provides students and in-depth understanding of SAP Basis, SAP S/4HANA, and security assessment techniques to perform a detailed technical audit and review of SAP GRC.


Tuition cost


NASBA Certified CPE

24 Credits


Why you should attend

You should attend because auditors at organizations using SAP ERP should know how to conduct in-depth reviews of the application and audit its core and specialized functions.

Who should attend

IT audit and SAP Security personnel, as well as people in compliance or related functions that explore technical SAP risks and controls in detail.

What You'll learn

You will learn about the application’s risks and controls, the core elements of the application, and how to audit the application effectively.


  • Audit and Security of SAP ERP (ASE241), or equivalent experience.


Reviewing the Basics:

  • system parameters
  • authorization concept
  • assessing segregation of duties and critical access
  • most critical basis and security risks

Advanced SAP System Parameters:

  • parameters that can cost you money
  • parameters that mitigate terminated/transferred employee risks
  • single sign-on parameters
  • logging-related parameters

Advanced SAP Basis Security:

  • securing direct access to tables
  • securing access to ABAP programs
  • controlling administrator access
  • controlling transport administration and access
  • protecting security-critical objects and tables

Controlling Non-Dialog User Types:

  • system users
  • communication users
  • service users
  • reference users (and their undocumented risks)

Special Considerations:

  • protecting the most powerful ID in the SAP system
  • global deactivation of authorization objects
  • Remote Function Calls (RFC)
  • virus protection

Netweaver Security:

  • Secure Network Communications (SNC)
  • Security for the SAP Web AS ABAP and Java components
  • Protecting the SAP Gateway
  • SAProuter issues

Advanced Auditing of SAP Customizations:

  • reviewing ABAP code for insecure statements and back doors
  • including custom tables in change document reports
  • securing customized objects

Hacking SAP (aka: Hardening SAP against Hacking):

  • current state of SAP cyber-security
  • breaking SAP passwords
  • taking over SAP user accounts
  • SQL injection and other common exploits
  • secure SAP programming (ABAP & Java)
  • freeware hacking tools (and paid pen-testing tools)

Analyzing SAP Tables:

  • transparent, cluster and structure tables
  • key configuration tables
  • key master data tables
  • using the SQ01 query builder
  • data access with ACL/IDEA

Other Modules (based on class interest):

  • configured control opportunities
  • other process-related controls
  • useful reports and security considerations

New issues with S/4HANA:

  • overview of S/4HANA
  • major security-related changes
  • cloud implication
  • implementation considerations

Schedule your course

Use the table below to select the time and location that works best for you.

Timezone: America/Chicago

August 2021

Aug 2nd, 2021-Aug 4th, 2021

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: