Abstract
This article is intended for IS auditors who are unfamiliar with the SAP software product.It provides a general overview of SAP R/3;identifies the IS audit risks that can be involved in its use;describes the SAP R/3 security features that can address those risks;explains the use of the security audit log facility;provides an overview of the use of the Audit Information System (AIS)tool;and mentions sources of additional information about SAP R/3.