SAP Security & Regulatory Compliance

SAP Security Integration, Identity Management, and Compliance

Sapiex offers comprehensive expert services in the design and implementation of SAP Security controls across various environments. 

These services include:

  • External Access Control and Enablement
  • LDAP Integration
  • Hybrid SSO technology
  • Central User Administration
  • WEB and Network Security
  • SAP GRC and Sarbanes-Oxley Auditing Preparation  

Sapiex Sarbanes-Oxley (SOX) Compliance Consulting Services

Sapiex has a practice group specialized in GRC & Sarbanes-Oxley compliance consulting services for mid- and large-sized companies throughout North America and their international locations. 

With years of rich experience in this area, Sapiex can assist your compliance program in a variety of ways:

  • developing the compliance project

  • selecting proper compliance software

  • providing turn-key risk and control procedures

Sapiex GRC consultants will help your organization to best prepare for upcoming Sarbanes-Oxley compliance auditing events.


Three Important Sections in SOX to Focus:

Three sections in Sarbane-Oxley Act —302, 404 and 409— will affect greatly on companies and its way to conduct business.

  • Section 404 requires an Internal Control Report to be included in all annual financial reports. Created by a company's auditor, the document must present management's assertions about the design and operational effectiveness of internal controls at year end. Management must also evaluate the effectiveness of internal controls over financial reporting and disclosure controls on a quarterly basis.

  • With Section 302, the CEO and CFO of a company are responsible for the accuracy, documentation and submission of financial reports and internal control structure to the SEC. Certifications signed by those two principal officers must be included in the annual or quarterly reports.

Information must be accumulated and summarized for timely assessment and disclosure in accordance to the SEC's rules and regulations. When Section 404 compliance is required, companies must be able to disclose on a near real-time basis—up to 48 hours—any changes in their financial condition or operations.


Section 404 – SAP & Information Technology (IT)

Most of Sapiex SOX engagements are related to Section 404 in SAP & IT areas, which is often the tallest mountain to climb, with key areas regarding SAP & IT controls:

  • Change Management

Companies must provide visibility over changes in the IT environment and enable the ability to initiate, authorize, manage and implement all IT changes through a systematic change process.

  • Backup

A process must be deployed to identify critical data and to duplicate, store and recover data as needed.

  • Security

A process must be deployed to ensure the integrity of information and secure applications, databases, operating systems, and internal network access and perimeter network.

  • Documentation

Companies must deliver thorough documentation to cover change management, back up and security policies and processes.

  • Remediation

Companies must have solutions to fill gaps in change management, backup and security.  


Sapiex Customized Sarbanes-Oxley Compliance Consulting Services:  

  • Installation and configuration of SAP NetWeaver GRC suite.

  • Develop project plans, timelines and deliverables.

  • Evaluate, select, and implement software packages for SOX compliance.

  • Assist with identifying significant accounts, required assertions, control objectives, risk assessment and internal controls.

  • Evaluate and assess company’s physical and logical security procedure related to SOX Section 404.

  • Evaluate risk mitigation and internal control adequacy and recommend improvement plans.

  • Implement internal control methodology and software.

  • Provide on-going monitoring of internal control framework and testing.

  • Prepare periodic reports to management & audit committee.

Our Sarbanes-Oxley compliance services consultants work closely with internal and external auditors to coordinate needs and minimize the cost of compliance.