For one of our clients in the utilities industry, we’re looking for a freelance SAP Risk & Control Consultant: Project description:
In 2023 a number of changes are going to impact the client’s SAP area. As a consequence of change in the ownership structure of the client and even stronger emphasis on the Internal Controls, in this respect by updating existing ones and introducing new IC controls into the SAP ecosystem. The goal is to adjust to all these changes.
Planned project duration for the entire project (start/end):
Currently the project is planned for a period mid/end February 2023 until end of March 2024. Due to the complex and dynamic situation of the client, the duration of the project may exceed this plan or further adjustments to the scope (e.g. new IC controls) may be introduced. Such changes would either conform with the scope of this JP or a CR to this JP would be raised.
Task description :
Advisory on extraction of so called “populations” for the needs of external IC Audit (auditor currently is PwC company)
Evaluating and providing action-recommendations in case of “audit findings” to Hiring manager and AC Leader.
Advisory on integration of new controls into the SAP area, meaning process adjustments as well as technical implementations. (The implementation itself is intended to be delivered by an independent external supplier.)
Review of Audit related processes and consultation to SAP Stakeholders (Application managers, Client’s Security team etc.) on the IC relevant aspects of auditing SAP ecosystem.
Monitoring and continuously evaluating accesses to HANA DB, Oracle DB and SAP (ERP, BI, ISU) systems. In case of findings (unauthorised access, access of user bypassing the client’s Auth. change process), forward this to the Leader of Access Control team.
Document and upload all the activities and outcomes above on the client’s AC Sharepoint for approval by the Hiring manager (or delegate).
Provide the above mentioned based on own expertise as well as best practice available on the market / internet / SAP information repository, being it IC / IT Controls, SAP technology and SAP security (authorisation) management.
Project start: ASAP Project duration: ca. 1 year Project location: Remote Project capacity: full time