Issue - meetings

Oversight of SAP Superuser Access Controls - Update report

Meeting: 13/09/2019 - Audit Committee (Item 19)

19 Oversight of SAP 'Super User' Access Controls - Update report PDF 131 KB

Report by the Chief Finance Officer.

Additional documents:

SAP Application Controls Follow-up - final audit report, item 19 PDF 390 KB

Minutes:

19.1 The Committee considered a report by the Chief Finance Officer which provided an update on the review of SAP “Super User” access raised by the external auditors in the 2018/19 Audit Report.

19.2 The Chief Finance Officer set out that IT & Digital had undertaken a review, and will create a new pathway for users to access the client maintenance functionality (SCC4) which will be subject to a new monitoring regime.

19.3 The Internal Audit team has also undertaken a follow-up review of SAP Application Controls, unusually for an audit that had been assessed as providing Reasonable Assurance. The follow-up provided Substantial Assurance, in that all but one of the six recommendations to management had been implemented. The final recommendation (documentation of change requests) would be in place in October 2019.

19.4 The Committee RESOLVED to note the update report and actions taken to review SAP “Super User” access.