SAP

Adopting Automation Elevates SAP Control Testing

Kristine MeyerMegan Laggner
February 21, 2023
4 min read

In this two-part series, we explore how organizations can leverage robotic process automation (RPA) and other automation techniques for IT Sarbanes-Oxley (SOX) testing within SAP environments. In Part 1, we reviewed the business need for RPA. Today, Part 2 covers advancements and future use-cases for RPA-based solutions.

Robotic Process Automation (RPA), when deployed correctly, can significantly expedite what would otherwise be heavily time-consuming tasks. And that is the case at Protiviti where our Business Applications Team (BAS) and Enabling Technology team joined forces to reduce the amount of time to complete SAP Basis testing by 95%. These advanced automations or accelerators can be utilized for IT Sarbanes-Oxley (SOX) testing within SAP S/4HANA and SAP BW HANA environments and expedites the following activities:

  • automatically captures t-code and authorization object screenshots
  • documents completeness and accuracy attributes
  • extracts required files for testing
  • consolidates access points for easy review and testing

This solution not only reduces the time for Protiviti to conduct testing but also increases standardization and quality of work.

Accelerator advancements

Protiviti continues to advance the accelerator’s capabilities, as SAP Sensitive Access is an ever-changing and evolving area that requires consistent analysis in order to stay in line with the current market risks. After successfully piloting the RPA-based solution to assist a machine manufacturing company 3 years ago, this updated accelerator (which is housed on Protiviti’s Technology Accelerator Platform which has over 30 scalable automations that can help execute audits faster) introduces new functionality allowing Protiviti to dynamically input the t-codes and authorization objects required for extraction and automatically creates access validation worksheets to streamline testing from start to finish. Doing this same work manually used to take over 100 hours but now can be completed in less than a day’s worth of hours.

Client spotlight

Protiviti’s pilot client, a $750 million machine manufacturing company, has been running these accelerators two times per year for the past three years. Below is a progression of the automation advancements:

  • During year one, the customer ran it within their SAP S/4HANA and SAP BW HANA systems. This automation freed up additional time to review the results with the client, which provided increased opportunity to remediate inappropriate user access, automatically generate remediation evidence, and avoid a year-end audit exception.
  • In year two, the accelerator was enhanced to align it with our current-state leading practice SAP ITGC Risk and Control Matrix. Additional transaction codes and authorization objects were added and updated to ensure all sensitive access data aligns with current sensitive access requirements including 77 t-codes for SHIPERP within SAP S/4HANA.
  • In year three, the team automated not only the evidence extraction but the audit evidence work papers as well. The full automation now saves 95% of time compared to year one when the process was fully manual.

The continued use of automation led to identifying new areas of improvement and continued advancements year over year.

Delivery model

To create the SAP Extraction Accelerator, Protiviti leveraged a combination of Microsoft’s PowerPlatform and UiPath, a leading provider in the RPA industry. The accelerator is an ‘attended bot,’ as the actions it takes are reflected on the user’s screen, rather than running in the background. Utilizing the pre-built accelerator on Protiviti laptops offers a quick start or the out-of-the-box method where no updates or changes must be made.

Benefits

As organizations look for ways to automate and increase efficiencies in day-to-day activities, low-code automation technologies such as RPA in this SAP ITGC Sensitive Access accelerator enable tremendous opportunities in SAP ITGC and SOX testing. Since test steps are generally repetitive, using automation to automate testing is a great solution. Not only does automation reduce the time it takes to extract the data and generate audit evidence, but also minimizes (or essentially eliminates) manual user mistakes, further reducing review time. Teams can now spend more time focused on activities that will add value to the organization, rather than manually taking screenshots and formatting files for auditors.

Interested in learning more about our SAP consulting solutions? Contact us. For more information about our Technology Accelerator Platform, please reach out to TAP@protiviti.com.

Kristine Meyer

Senior Manager
Business Application Solutions

View all posts

Megan Laggner

Senior Consultant
Business Application Solutions

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
25 Jul

Protiviti’s @KonstantHacker chats with guest @RichardBlech of @XsocCorp about a high-performance symmetric encryption solution that will provide in-depth defense against the threat of fault-tolerant #QuantumComputing. Listen now: https://ow.ly/9oVU50SJklj #ProtivitiTech

Reply on Twitter 1816504643360358712 Retweet on Twitter 1816504643360358712 1 Like on Twitter 1816504643360358712 1 Twitter 1816504643360358712
protivititech Protiviti Technology @protivititech ·
25 Jul

Protiviti’s Joe Corrado will join a #Nintex panel for a July 30 webinar to discuss how document automation boosts #RevOps efficiency and sales. Register today to get access to expert tips and real-world success stories. https://ow.ly/LSsf50SJnaY #ProtivitiTech

Reply on Twitter 1816443898970898615 Retweet on Twitter 1816443898970898615 Like on Twitter 1816443898970898615 Twitter 1816443898970898615
protivititech Protiviti Technology @protivititech ·
24 Jul

The world was dealt a massive wakeup call after a #CrowdStrike software update caused global IT outages. In the aftermath, business leaders should take the opportunity to reboot tech resiliency. Learn more from the latest #VISIONbyProtiviti: In Focus: https://ow.ly/R2vU50SJrAT

Reply on Twitter 1816169832544432319 Retweet on Twitter 1816169832544432319 Like on Twitter 1816169832544432319 Twitter 1816169832544432319
protivititech Protiviti Technology @protivititech ·
24 Jul

#VISIONbyProtiviti: In Focus discusses a U.S. judge’s recent ruling that rejected #SEC oversight of #cybersecurity controls in the case against SolarWinds, the impact of the decision, and why it matters. https://ow.ly/Ph7j50SIbLH #ProtivitiTech

Reply on Twitter 1816111993767547294 Retweet on Twitter 1816111993767547294 Like on Twitter 1816111993767547294 Twitter 1816111993767547294
protivititech Protiviti Technology @protivititech ·
17 Jul

How can organizations tackle internal tech tickets when a team is remote? Protiviti’s Kim Bozzella recommends fully leveraging the features of their #IT service management software. Learn more: https://ow.ly/Yf3J50SEy7u #ProtivitiTech #Forbes

Reply on Twitter 1813635582964183412 Retweet on Twitter 1813635582964183412 Like on Twitter 1813635582964183412 Twitter 1813635582964183412
Load More