Winterhawk Consulting
Winterhawk Consulting
  • Home
  • Services
    • Security and Role Design
    • GRC Services
    • Audit Services
    • Identity Management
  • Our Team
    • About Us
    • Leadership Team Americas
    • Careers
  • Clients
  • Partnerships
  • Media
    • News
    • Events
  • More
    • Home
    • Services
      • Security and Role Design
      • GRC Services
      • Audit Services
      • Identity Management
    • Our Team
      • About Us
      • Leadership Team Americas
      • Careers
    • Clients
    • Partnerships
    • Media
      • News
      • Events
  • Home
  • Services
    • Security and Role Design
    • GRC Services
    • Audit Services
    • Identity Management
  • Our Team
    • About Us
    • Leadership Team Americas
    • Careers
  • Clients
  • Partnerships
  • Media
    • News
    • Events

General Computer Controls Summary

Critical to any organization’s control environment are General Computer Controls and ensuring that they are properly designed, tested, and monitored. Our Audit resources are experienced in not only performing the generic activities related to GCC, but also have the skills and knowledge related to the specific complexities associated with General Computer Controls. If an organization’s GCC’s are not operating effectively auditors may determine they cannot rely on your application and other key controls. Our General Computer Controls services are designed to ensure this does not happen to your organization. Our review and testing services are targeted at:

  • Verifying the adequacy of key policies and procedures,
  • Verifying the adequacy of back-up policies and procedures,
  • Verifying the adequacy of operating system and database security,
  • Ensuring controls associated with the Basis layer are properly configured, and
  • Verifying the appropriateness of activities occurring in the SAP environment that impact GCC

Approach

We use a three phase approach to ensure that the General Computer Controls are properly designed, tested, and monitored. Click on each tab for details: 

Design Review

Control Testing

Control Testing

Our SAP Audit resources leverage our methodologies to perform comprehensive SAP GCC design reviews and deliver a comprehensive report to management documenting the adequacy of the overall design, highlighting deficiencies, and providing actionable remediation recommendations. 

Control Testing

Control Testing

Control Testing

To test the GCC controls and the appropriateness of key data changes we leverage our scripting tool to ensure that key parameters and settings are correctly defined, sensitive administrative access is granted correctly, and data changes are appropriate. Some of the issues our scripting tool identifies are:

  • unauthorized/untested changes in 

To test the GCC controls and the appropriateness of key data changes we leverage our scripting tool to ensure that key parameters and settings are correctly defined, sensitive administrative access is granted correctly, and data changes are appropriate. Some of the issues our scripting tool identifies are:

  • unauthorized/untested changes in SAP production systems,
  • inappropriate profile parameter settings,
  • inappropriate table logging settings,
  • incorrect implementation of administration/ownership policies,
  • inappropriate changes to system and client settings,
  • inappropriate access to high risk Basis transactions and authorization objects, and
  • improperly secured system ids.

Monitoring

Control Testing

Monitoring

 In order to assist organizations with monitoring their GCCs, we can deploy our GCC scripting tool or assist an organization with implementing the functionality within GRC that focuses on monitoring general computing controls. 

Back to Audit Services

Powered by PCB APPS

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept