Your ERP Is Your Most Critical Business System. It Needs an Auditor Who Understands It.
Most cybersecurity firms don’t understand ERP. Most CA firms don’t understand ERP security. Zorixx is uniquely positioned — combining CA-level governance with deep SAP, Oracle, and ERP technical expertise to deliver controls assurance that the system actually needs.
ERP PLATFORMS WE COVER
SAP ECC
Classic SAP landscape — user access, SoD, audit trail, Basis security, critical transactions.
SAP S/4HANA
Modern SAP — Fiori roles, HANA DB security, migration controls, new authorisation objects.
SAP HANA (Database)
Database-level security — user management, encryption, audit policies, log review.
Oracle EBS
Oracle Forms-based ERP — responsibilities, functions, concurrent programs, SoD.
Microsoft Dynamics 365
Role design, security roles, access review, audit trail, integration security.
Tally ERP
Audit trail compliance (MCA Rule 11g), access controls, data integrity review.
Custom ERP Systems
Framework-based assessment — access controls, audit trail, data integrity, interface security.
Core Banking Systems (Finacle, Temenos, Flexcube)
Access review, transaction monitoring, interface controls, privileged access.
SAP SECURITY & AUDIT SERVICES
SAP User Access & Authorisation Review
- SAP user master data review — active/inactive users, valid-to dates, user types
- SAP profile and role assignment review — composite roles, single roles, manual authorisations
- Critical authorisation objects — S_TCODE, S_DEVELOP, S_ADMI_FCD, F_BKPF_BUK
- SAP_ALL and SAP_NEW identification and remediation
- System access review — RFC connections, background jobs, service users
- Firefighter/Emergency Access review — ID creation, log review, approval
SAP Segregation of Duties (SoD) Analysis
- Comprehensive SoD matrix analysis using SAP GRC Access Control or manual Zorixx methodology
- Cross-module SoD conflicts — FI/CO, MM/FI, SD/FI, HR/FI
- Critical SoD combinations: Vendor master + Payment processing, Journal entry + Approval, PO creation + GR + Invoice processing
- SoD remediation advisory — role redesign, compensating control design
- Mitigating control identification for unavoidable SoD conflicts
SAP Audit Trail Review
- SM20 Security Audit Log — configuration, retention, completeness
- CDHDR/CDPOS Change Document review — master data and configuration changes
- STAD workload monitoring — performance and transaction audit trail
- DB-level logging — HANA audit trail configuration and completeness
- MCA Rule 11(g) compliance for SAP — tamper-evidence, completeness, backup
SAP GRC Assessment
- SAP GRC Access Control — rule set configuration, workflow, risk analysis
- SAP GRC Process Control — automated controls, manual controls, continuous monitoring
- SAP GRC Risk Management — risk library, risk register integration
- SAP GRC upgrade readiness — version assessment and gap analysis
SAP Basis & Infrastructure Security
- SAP system parameters (profile parameters) — security-relevant settings
- RFC connection security — SNC configuration, trusted systems
- Transport management review — SCC4 settings, import procedures
- SAP Gateway security — ICM settings, service activation review
- SAP Solution Manager security — diagnostic agent access, landscape configuration
TECHNOLOGY RISK CONSULTING
IT Architecture Review
Technology landscape mapping, system interdependency analysis, single-point-of-failure identification.
Cloud Governance
Cloud adoption framework review, cloud security posture, cost governance, multi-cloud strategy.
Digital Transformation Risk
Risk assessment for large ERP implementations, system migrations, and digital transformation programs.
Third-Party Technology Risk
IT vendor risk assessment framework, vendor security questionnaires, cloud service provider review.
IT Asset Management
Software licensing review, hardware asset lifecycle, end-of-life risk identification.
IT Strategy & Governance Advisory
CIO advisory, IT steering committee support, IT policy framework development.