SAP Assessments


Evaluating the thousands of complex SAP security and configuration settings through manual research and error-prone queries inherently results in inefficiencies.


Protiviti’s SAP Controls and Security Assessment professionals use proprietary methodologies and automated tools to efficiently assess SAP risks around security and segregation of duties, configurable/automated controls and compliance, and data integrity.


We provide high-value, efficient SAP assessment, audit and testing services that can improve management’s and external audit’s comfort in the integrity of IT General Controls, security, application controls and system data.


Our SAP assessment tools (Assure SuiteTM) combines powerful software tools which our teams utilize to help clients diagnose and mitigate risks associated with SAP relative to security, data integrity, and control configuration. It includes:

  • SAP Assure SecurityTM – Assesses the adequacy of security access within SAP applications. This tool set can assess the SAP security structure, identify users who have access to sensitive and compatible functions and outline improvements. It also supports building the business case to implement continuous security monitoring solutions, such as SAP Access Control.
  • SAP Assure ControlsTM - Improves assurance by assessing SAP internal controls against best practices. It automatically identifies and reports internal control weaknesses in order to create action plans to mitigate those weaknesses.
  • SAP Assure IntegrityTM - Assists in the Segregation of Duties Quantification and identification of SAP data integrity risks and fraud by identifying potentially fraudulent transactions, financial statement disclosure concerns, inappropriate use of privileged user access, duplicate transactions and integrity problems with master data.

Our SAP risk assessment tools enable us to deliver high-value diagnostics, audits, and assessments to help management understand SAP’s risk areas, prioritize remediation efforts and manage compliance risks.

Our SAP assessments include the following areas:

S/4HANA Readiness Assessments

We help companies assess their current state in preparation for the implementation and migration to S/4HANA. Our best practice models and risk assessment methodologies enable us to work with management to anticipate and manage potential project risks to increase the success of your S/4HANA migration.

SAP Security 

Segregation of Duties (SoD), Sensitive access, emergency access, super user access, security architecture, and benchmarking of GRC rulesets.

Financial Audit, Compliance and SAP Configurable and Manual Controls 

Our assessment tools enables us to assess over 400 configurable control points in SAP environments. We can quickly understand and document the health of SAP controls, including automated (configurable) and manual controls, Sarbanes Oxley (SOX) testing and audit documentation.

Transactional Data 

Our pre-configured tests can analyze master and transactional SAP data, quantify segregation of duties risks and perform statistical, trending and predictive analytics.


We help companies understand key cyber risks in SAP environments to develop actionable plan to enhance security