The International Leader

in Audit and Information

Security Training

EARN 30 CPE CREDITS

HOW TO AUDIT
SAP R/3 BASIS
High-Risk Areas in the SAP
R/3 Infrastructure and How to
Mitigate Them

13th - 16th November 2007, London

COURSE DIRECTOR
FRANK LYONS

In this four-day programme you

will:

Learn how to audit the SAP R/3

system infrastructure
Develop the necessary skills for
tackling SAP R/3 control
challenges
Gain a thorough understanding of
how to implement and manage an
online and e-commerce based
SAP R/3 environment

WWW.MISTIEUROPE.COM
How to Audit
SAP R/3 Basis SEMINAR FOCUS AND
13th - 16th November 2007, London FEATURES
This intensive, four-day seminar is designed for technical auditors
charged with auditing the infrastructure of the SAP“ R/3“ system
and focuses on the control challenges inherent in implementing and
managing an online and e-commerce SAP“ R/3“ environment
using the Basis Module.

"A very good course which provides the

core knowledge required to audit SAP
R/3 Basis”
HM Revenue & Customs

Prerequisite
You should have first attended SAP“
R/3“ Concepts and Audit Risks, or
have equivalent experienceg

Learning level
Advanced

Who Should Attend

Internal, Financial, Operational, and
COURSE DIRECTOR
Information Technology Auditors;
Security Professionals FRANK LYONS
Fee
GBP £2,099 Frank W. Lyons, CISA, is a consultant specialising in developing,
managing, securing, and auditing large and small networked information
EARN 30 CPEs systems. A recognised leader in the field, he has been involved in data
security and database technology for nearly 21 years. As IS Audit
Manager for Blue Shield and Sun Banks, Mr. Lyons designed a
functional approach to IS auditing that he later used as Manager of
Advanced Technology for the Institute of Internal Auditors. He has been
with Cullinet Database Systems and a partner in the Plagman Group
where he developed database auditing and data security seminars.
© MIS Training 2007
 AGENDA

DAY ONE DAY TWO DAY THREE

SAP™ R/3™ Fundamentals Review SAP™ R/3™ Records SAP™ R/3™ Administration
■ Overall architecture ■ User master ■ System and database administration
■ Direct transaction process ■ Customer ■ Security administration
■ Internet transaction process ■ Vendor ■ Basis administration
■ E-commerce solutions ■ Other key master records
■ MySAP.com ■ Table maintenance controls Internet Transaction Server
■ B2B solutions ■ Definition
■ SAP™ R/3™Terms Auditing Standards ■ E-commerce solution
■ System & technical architecture ■ User access ■ MySAP.com
■ Internet Transaction Server (ITS) ■ Profile changes ■ Transaction controls
■ Audit and security features in the new ■ Activity groups and profile generator ■ BAPIs
releases ■ Authorisation change ■ Programme control
■ User administration changes ■ Database controls
SAP™ R/3™ Basis System ■ Transaction & document trails ■ B2B solutions
■ Definition of the role of the Basis module ■ Log files ■ Data integration between solutions sets
■ Configuration settings for Basis ■ Archiving ■ Risk and control points
■ Programme controls: authentication, ■ SAP™ R/3™ system logs ■ Real-World Solutions to SAP™ R/3™ Audit
defaults, transaction ■ SAP™ R/3™ application logs and Control
■ Standard profiles ■ Operating logs ■ Special rights and access
■ Activity groups ■ Operating system audit capability ■ Configuration and set-up problems and
■ Standard authorisation ■ Operating system audit logs controls
■ SAP™ R/3™ object definitions ■ Database systems ■ System administration and segregation of
■ Data dictionary control and maintenance duties
■ DBMS logs & audit logs
■ ABAP/4 programming controls ■ Development rights
■ Transaction logs
■ Processing types ■ Access building for SAP™ R/3™
■ User logs
■ Object and component programming ■ Business objects
■ Transaction type & activity logs
(RPCs), User Exits, CPIC ■ Interface advisertechnique
■ SP R/3 audit tools and techniques
h
Case Study: Look at how the organisational
Understanding SAP™ R/3™Communications
■ Key objects
■ Key processes
risk register can be used to develop the
annual audit plan DAY FOUR
■ IDOCs
Correction and Transport System Control
■ CPIC
■ Platform separation
■ ITS
■ Configuring CTS
■ ALE
■ Correction process
■ Background processes
■ Transport process
■ Batch processes
■ Version control
■ EDI transaction control
■ Delta control
■ Network controls
■ Audit logs
■ Middleware controls
■ Authorisation process
■ Remote communication controls
■ Table reporting
■ Audit trails
■ Emergency fixes
■ Testing approach
■ Test decking
■ Integrated testing facility

"Frank knows what he is talking about An Audit Approach

and has the ability to convey it and ■ Auditing the system tiers
repeat it in a comprehensive and funny ■ Auditing the infrastructure
way” ■ Evaluating audit trails
■ Auditing the Basis Module
IT Service Trainer, Airbus Deutschland ■ Conversion controls
■ System implementation
■ Audit approach
 IN-HOUSE
REGISTRATION FORM TRAINING
Save up to 50% on
training
Tailored Training for your team and Save up
to 50% If you have to comply with
Sarbanes-Oxley, just installed a new ERP
system, recruited new staff - or maybe you
are keen to secure your network, take
preventative measures to counteract fraud
or comply with the latest legislation. Either
way if you have 5 or more people who
require training on the same topic, MIS can
tailor training courses to meet your exact
needs and budget, saving you up to 50%.
We charge per day and NOT per participant
so the cost remains the same regardless of
how many people you have in your team.
When registering please quote reference WEB
With In-House Training You
I would like to receive information about running this course in-house 
Will:
How to Audit Save money over public seminar fees in
SAP R/3 Basis 5 easy ways to register addition to savings on travel and
accommodation costs.
(please photocopy form for additional Tel: +44 (0)20 7779 8944 Save time on travel as the instructor will
delegates) (MT2204) travel to you. Furthermore, the training can
Fax completed form to: be held at the most convenient time for you.
 13th - 16th November 2007, London +44 (0)20 7779 8293 Ensure the relevance of the seminar for
GBP £2,099 £ your organisation and industry. You may
Email: mis@mistieurope.com wish to tailor the structure and
10% discount* £ methodology of your seminar or customise
Web: www.mistieurope.com the seminar to meet the expertise levels of
+ VAT @ 17.5% £ your attending employees.
Post completed form to:
Grand Total £ Carlos Doughty,
*Discounts: Government, 10% off regular MIS Training, Nestor House, Please send me information on:
fees. Groups of 3 or more, 10% off Playhouse Yard,  In House Training
regular fees. Discounts can not be used London
EC4V 5EX UK
 Security & Audit of TCP/IP
in conjunction with each other. Networks & Web Technology,
Fees must be paid in advance of the event. 3rd - 5th December 2007,
London
Customer Information  Advanced Audit Techniques for
Windows 2003 & Actie Directory,
Title First name Surname 23rd - 25th October 2007,
Title/Position Organisation
London
E-Mail Address (Required) Registration Information
(fees must be paid in advance of the event)
Address
Accommodation: MIS Training has negotiated
Country Postcode special accommodation rates at Radisson
Edwardian hotels. For further information
Telephone Fax please visit www.radissonedwardian.com/mis
or email mistraining@radisson.com.
VAT Number [If you have one]
The information you provide will be safeguarded by the Euromoney Institutional Investor PLC group Cancellation Policy: Should a delegate be unable
whose subsidiaries may use it to keep you informed of relevant products and services. We to attend, a substitute may attend in his or her
occasionally allow reputable companies outside the Euromoney Institutional Investor PLC group to place. Cancellations received within 21 working
contact you with details of products that may be of interest to you. As an international group we may days of the event are liable for the full seminar
transfer your data on a global basis for the purposes indicated above. If you object to contact by fee. If full payment has been received you are
telephone , fax , or email  please tick the relevant box. If you do not want us to share your eligible for a 75% reduction on the next run of
information with other reputable companies please tick this box . the seminar. This discount will be valid for one
year only. MIS reserves the right to change or
cancel programmes due to unforeseen
Payment Information circumstances.
You can now pay online at www.mistieurope.com
 Cheque enclosed (payable to MIS Training)  Please invoice my company PO# VAT: All delegates attending are liable to pay VAT.
After the event organisations registered for VAT in
Please debit my credit card  AMEX  VISA  MasterCard the UK may reclaim the tax. Delegates from
outside the UK but within the European
Card Number Expiry Community may also be able to reclaim the VAT.
Organisations outside the UK should check with
Cardholders name Verification Code their excise authority as to which domestic fiscal
regulations apply. High Yield/No-Risk
Please include billing address if different from address given
Guarantee: Attend these workshops and receive
tools and techniques that will help you do your
Please note that in completing this booking you undertake to adhere to the job better. If you do not, simply tell us why on
your company letterhead and we will give you a
cancellation and payment terms listed below full credit toward another programme.
Signature Date If you have any other queries please visit
www.mistieurope.com/FAQs
Approving Manager Position