SAP Controls 523

  • We are using a control objective framework from our auditors to document our IT controls. However our auditors are also insisting that we must also document andtest some additional SAP specific application controls mainly around access. We are arguing that we are not going to that level of detail on any of the other applications which we are documenting therefore we should not need to do so for SAP. Has anyone else gt any experience of this.

Log in to reply