How to become an ERP auditor
Big-JJ
Member Posts: 53 ■■■□□□□□□□
Hi Everyone,
My name is James and this is my first thread...super excited.
The reason why I am posting this thread is to ask experts like you guys for some career advice.
Right after obtaining a degree in M.I.S, I got a job at a well-known financial institution as a junior information risk analyst/auditor. I consider myself a truely lucky person to get a job like this without any prior experience in IT field. My ultimate goal is to pursue various IT info sec certifications e.g., CISSP, CISM, GSEC, etc.
My father used to work at SAP as a ERP marketing manager 8-10 years ago. Although time has changed I believe that SAP is still a dominant leader when it comes to ERP software considering many big firms use it. (I don't really know that much so please correct if I am not on the right track here...)
He suggested me to become an auditor specialied in ERP. And I don't think it is not a bad idea. Rather than becoming a broad and general-sound information risk analyst (although it can be specialized in someway), it might be better to be specialized in something, especially a software system. Because I have been strongly believing that you gotta be specailized in one thing to survive in this day of age. And I cannot think of anything better than ERP.
So I was wondering....
-Where should I start? I am still confused. SAP do offers courses and exams but I didn't know it was going to be that many. There was not a single "ERP exam".
-If I decided to be an ERP system auditor, would it be just a waste of time and money going after all those info sec certs? (e.g., CISSP, GSEC etc)?
-If not, how do those info sec certs can benefit me? that is, are there any other careers options related to ERP? not just an auditor
I am sorry if my questions are all ove the place.
And thank you so much for invaluable advice.
Cheers,
James
My name is James and this is my first thread...super excited.
The reason why I am posting this thread is to ask experts like you guys for some career advice.
Right after obtaining a degree in M.I.S, I got a job at a well-known financial institution as a junior information risk analyst/auditor. I consider myself a truely lucky person to get a job like this without any prior experience in IT field. My ultimate goal is to pursue various IT info sec certifications e.g., CISSP, CISM, GSEC, etc.
My father used to work at SAP as a ERP marketing manager 8-10 years ago. Although time has changed I believe that SAP is still a dominant leader when it comes to ERP software considering many big firms use it. (I don't really know that much so please correct if I am not on the right track here...)
He suggested me to become an auditor specialied in ERP. And I don't think it is not a bad idea. Rather than becoming a broad and general-sound information risk analyst (although it can be specialized in someway), it might be better to be specialized in something, especially a software system. Because I have been strongly believing that you gotta be specailized in one thing to survive in this day of age. And I cannot think of anything better than ERP.
So I was wondering....
-Where should I start? I am still confused. SAP do offers courses and exams but I didn't know it was going to be that many. There was not a single "ERP exam".
-If I decided to be an ERP system auditor, would it be just a waste of time and money going after all those info sec certs? (e.g., CISSP, GSEC etc)?
-If not, how do those info sec certs can benefit me? that is, are there any other careers options related to ERP? not just an auditor
I am sorry if my questions are all ove the place.
And thank you so much for invaluable advice.
Cheers,
James
MBA, CIA, CRMA, CISA, CISM, CRISC, CISSP, PMP
Comments
-
eMeS Member Posts: 1,875 ■■■■■■■■■□Welcome to TE.
There's perhaps less than 5 people that contribute here who even have any idea what SAP is, so you're not likely to receive many responses to this thread.
I have several customers that are heavy into SAP products. You tend to find it alot in certain industries, but not others.
The people that I know that do heavy SAP consulting typically have years of SAP experience and have worked with various SAP products in different environments. Sometimes, but not always, they hold several SAP certifications.
MS -
newmove Member Posts: 108Based on your information security experience and your desire to go into an SAP/ERP audits, I'll advise you to look into SAP GRC(governance Risk and Compliance).
Moreso, CISA has ERP system review guidelines for Auditors in one of its domains. -
erpadmin Member Posts: 4,165 ■■■■■■■■■■While SAP has the largest market share, they are not the only game in town. If all you're going to want to do is auditing ERP, you don't even need to be that technically familiar with SAP, or any of the major ERP packages as well or the environments in which they are run. Auditors tend to follow the same script for what has to be addresses. For example....
Who are the people who maintain the hardware/software/network aspects of the ERP?
How secure are those systems?
Are these systems compliants with the various regulations that are out there? (e.g. HIPAA, SOX, etc. [depending on the industry they are a part of, of course...].
Then you want to see if you're going to want to be an internal IT auditor or external? The latter will just bring you in for a week and two at various shops and there is a bunch of travel involved.
IMHO, I would find this type of job boring...I'd much rather stay on the technical end of supporting and maintaining a complex system such as that of the ERP than auditing. Auditing is no doubt important, as it makes sure that our data is secure and that we comply with exisiting state/federal laws and regulations. We even have to do our auditing before someone like a big firm comes in.
In short, if you want to get into ERP auditing for either a shop, or a big time firm, don't pigeonhole yourself into SAP. While it is the largest in market share, they are not the only game in town.