Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Showing results for 
Search instead for 
Did you mean: 
0 Kudos
Data Reliability for ESG-Reporting

Companies are currently confronted with new reporting obligations and the associated compliance requirements based on regulatories as Corporate Sustainability Reporting Directive (CSRD) and EU Taxonomy. To generate actual value, companies need to implement an ESG-Performance-Mangement including KPI definition, ESG reporting and management approaches for ESG KPIs. Only if a company can successfull include ecomomic, environmental and social performance into strategic decision-making it is possible to gain competitive advantage.

Currently lots of tools are available to support companies to record the required data and prepare a reporting based on the ESG standards (e.g. SAP Sustainability Control Tower). But to rely on the data and reportings prepared in these tools it is particulatly important to ensure the accuracy and reliability of the ESG-related end-to-end processes and data. For this purpose appropriate IT Controls and IT Application Controls need to be implemented and tested for effectiveness.

IT Controls are conducted on application-, operating system- and database-level for

  • Access Management

  • Change Management

  • Security Configuration

  • API-/Job-Monitoring

  • Authorization concepts including test support and implementation

The IT Controls ensure the integrity of programs, data files and computer operations. They are designed to fulfill all requirements in regards to confidentiality, integrity, and availability of data. Without effective IT Controls, the reliance of our ESG IT systems may not be possible!

IT Application Controls (ITAC) refer to transaction processing controls which ensure the complete and accurate processing of data, from input through output.

Control catalog for nonfinancial reporting

  • Related to NFRD, CSRD, EU Taxonomy (etc.)

  • Inclusion of catalog in ICS

Governance, Risk and Compliance Tools  provide a holistic approach to manage an organization's risk and compliance requirements by integrating governance, risk management, and compliance management activities into a single platform.

It is important to cover all relevant (SAP) source systems, from on-premise to SaaS:

Depending on the deployment model, the responsibilities of the customer and the respective service provider(s) vary and therefore the related tasks.

Who we are

Heiko Jacob (Deloitte GmbH WpG) – Partner Risk Advisory

Head of the "IT & Specialized Assurance" Division

Jan Grüne (Deloitte GmbH WpG) – Director Risk Advisory

Head of the "Digital Internal Audit & Data Intelligence" division

Dr. Roland Michalke (Deloitte GmbH WpG) – Director Risk Advisory

Head of the "Application Security - SAP Security" Division

Christina Köhler (Deloitte GmbH WpG) – Senior Managerin Risk Advisory

Member of the "IT & Specialized Assurance" Division





Labels in this area