It is common that investment and SAP system security project development decisions are based on the seriousness of the observations made by the External Auditors in their reviews.
In addition, the executive level generally undervalues the auditors’ observations, so it is likely that the lack of action on security is always the same.
The auditors’ research is performed by junior or trainee professionals, with not much supervision from the senior level. Therefore, when auditors do their job, they don’t often have the real knowledge and experience to detect the risks involved.
Below I mention some serious problems that auditors are unaware of and can hardly identify:
The above problems are complex, requiring solutions to address them. With more than 25 years of experience in the SAP system and its security, CentinelBox can deliver solutions along with the detection of risks mentioned, including 11 processes for the automatic remediation of roles.