SAP Controls 523
JLC last edited by
We are using a control objective framework from our auditors to document our IT controls. However our auditors are also insisting that we must also document andtest some additional SAP specific application controls mainly around access. We are arguing that we are not going to that level of detail on any of the other applications which we are documenting therefore we should not need to do so for SAP. Has anyone else gt any experience of this.