The Benefits of Having an Independent SAP Controls Team on Your SAP S/4HANA Project

Many companies using SAP ERP are in the process of implementing or planning for migration to SAP S/4HANA. SAP S/4HANA is not just a new release of SAP.It is a new product that introduces new features and functionality. SAP made significant changes to their database design, processes and transactions that project teams need to address in their SAP S/4HANA journey. 

SAP describes potential incompatibility changes between SAP ERP and SAP S/4HANA in their Simplification List, which is free to download from SAP. The Simplification List is more than 900 pages, so there are many changes that will need to be evaluated and implemented.

The migration process to move to SAP S/4HANA is most likely a multiple-year effort and organizations need to start planning soon. Several key decisions must be made by management prior to the project commencing. Organizations will need to decide if they want to engage in a new SAP implementation (greenfield) or treat the migration as a system conversion (brownfield). No matter what type of project is selected, the migration to SAP S/4HANA will be a costly investment, with significant financial risk to organizations.

Regardless of the size of the organization using SAP, many changes will need to be made. Larger companies using SAP with multiple domestic and international instances of SAP will also have the opportunity to include in the project’s scope the consolidation of their SAP environments. When combining various entities from legacy systems or multiple SAP instances, companies need to decide if it makes more sense to tackle these projects in phases or to use the “big bang” approach.

These early decisions will make each SAP S/4HANA project unique; however, the risks are largely consistent across these projects. An independent SAP Controls Team can help reduce risks by providing expert SAP controls consulting in real time to assist the organization’s project teams. An independent control’s team can help steer the project in the right direction to avoid costly audit deficiencies that might otherwise not be discovered until after the project is migrated to production.

All projects should include an independent controls team, so that they can keep up with the project and ensure that all relevant and required the security, control, and compliance considerations are built-in during the project. The organization’s culture and the project scope will determine the extent of the involvement of internal control experts. The project complexities include the risk of not being Sarbanes-Oxley (SOX) compliant, including potentially receiving a significant or material weakness. 

To best position themselves for a successful migration, organizations are engaging with external SAP audit and control consultants who understand control and audit compliance requirements and have experience with other SAP S/4HANA projects. These consultants can be active participants of the project instructing the project team on the control requirements, or part-time members evaluating key deliverables, based on scope. 

In today’s compliance heavy environment, migration to SAP S/4HANA that works for end-users is just one part of the project. Organizations will also need to ensure that all compliance requirements and cybersecurity risks are addressed. Part of the success of the project will be how well SAP S/4HANA fares in the next internal audit, external audit, SOX or cybersecurity audit.    

Benefits of Having an Independent SAP Controls Team on Your SAP S/4HANA Project:

• Ensure that security, segregation of duties, controls, and compliance are appropriately addressed for various audit and regulatory requirements
• Address key aspects of your project control requirements
• Assess project stage readiness
• Provide independent and objective value-added feedback and assurance in real time
• Free the project team to primarily focus on implementing the system
• Assist in mapping existing controls to To-Be controls
• Utilize a proven project implementation controls framework
• Provide “in-flight” control reviews and recommendations
• Knowledgeable on management and external auditor SOX requirements
• Organize external audit control requests
• Coordinate with external auditors on requirements and deadlines
• Coordinate SOX narrative and control updates
• Provide project control status updates to management, project team, steering committee, internal audit and external audit

About Schneider Downs SAP Audits and Controls

Schneider Downs can help your organization with your SAP systems control needs. We offer a comprehensive set of SAP IT services, from one-time projects to ongoing co-sourcing and outsourcing engagements, including control design, operating effectiveness testing, training of staff, security, and application controls. Our expert team has experience on many different projects, industries, and SAP systems to assist with assurance of industry best-practice SAP controls.

For more information visit our website at www.schneiderdowns.com/SAP-audit or contact us at [email protected].