About Us

    AuditSAP  was founded by two very experienced IT Audit Practitioners who vow to focus their efforts to help organizations develop their IT Audit capability, automate audit processes and audit procedures, enable continuous controls monitoring, and enable continuous auditing.  AuditSAP has unique expertise in conducting audits and automating internal controls in the field of SAP. It develops tools and technology that enable audit and compliance teams to review SAP security, SAP SOD conflicts, SAP access controls, and SAP process controls in minutes rather than months.

    We aim to help the audit team achieve a truly automated environment in the workplace with respect to the review of SAP Security, Access Controls and Business Processes and related Controls.  We help audit teams to fulfill their dream of performing continuous auditing and be more valuable to management by way of reporting issues and recommendations at the right time​

    In 2016, the company opened it's very first international operations out of Toronto Canada.  This operation provides the link to international market that requires outsourcing services that are better provided by lower cost consultants found in the Philippines.

    Over the years, we continually evolved as a company.  By 2019, we have developed capabilities in Odoo implementation, automation of audit working papers, etc. As a result, our clientele evolved as well, which now include major companies in the Philippines, the US, Australia, and Asia-Pacific.​


    AuditSAP  now offers automated SAP Security Reviews.  Determine your SAP security vulnerabilities, SAP Access deficiencies, SAP SOD conflict, all done through our cloud SAP Security solutions. After you have identified your vulnerabilities and learned the magnitude of SOD conflicts that you face in your organization, 

#

    we can help you remediate the SAP Access deficiencies and help you perform SAP Role Redesign to mitigate SOD Conflicts and clean up the SAP roles that contribute to incompatible functions. 


Meet our Practice Leaders


Company team

Crisnick Lorenzo

The Principal responsible for Consulting and Training Services with over 35 years of international experience.  Mr Lorenzo assists clients mitigate risks and achieve regulatory compliance using common audit tools (such as ACL, IDEA, IncQueries, CSI, AIS etc), world-class standards and frameworks such as the Auditing Standards set by Institute of Internal Auditors, COBIT by ISACA, ISO standards such as ISO27000 series (security) and ISO31000 (risk management) series, and Red Book v2.0 by OCEG. 

Crisnick also provides SAP Security and Role Redesign Services to local and international organizations.

​​

Company team

Abraham Cortez

The Practice Leader of AuditSAP. He has over 40 years of audit and consulting experience in the US, Europe, and Asia Pacific.  Abe built practices for Big 4 firms and helped clients' internal audit teams to develop technical capability in IT Audit and/or SAP reviews. Abe takes pride in rolling up his sleeves to do client field work if he's the best person that the company can offer to address a client project requirement. During the earlier parts of his career, Abraham was a Partner at PwC, and a Managing Director at Deloitte Consulting. He started his IT Audit career with SGV & Co. / EY.

​​

Company team

Katrina Cortez 

Katrina is a Director of AuditSAP LLC, a company organized and operating out of San Jose California. She is responsible for managing business services outsourced to AuditSAP Philippines.

Katrina provides GRC Access Control and GRC Process Control services. Since 2011, Katrina has provided SAP Audit, IT audit, GRC, and related consulting services. She specializes in SAP GRC Access Control and Process Control products, as well as SAP Security and Authorizations. She has developed and utilized native SAP development tools to create automated audit techniques SAP access and security, SAP business process modules, and risk analysis and remediation. 

Katrina provides SAP Security Services to local and international organizations operating as part of the clients' outsourced SAP security processes.


Company team

Elke Ian Gemzon 

Has over 15 years of experience in the field of Assurance and Advisory Services both local and abroad in managerial level He specializes as Business Consultant for Audit Services – SAP Audit And General Financial Statement Audit - and compliance, with broad knowledge in finance, Auditors, and IT professionals. Business processes and transactions, external auditing, Philippine Generally Accepted Accounting Principles, International Accounting Standards (IAS), and International Financial Reporting Standards (IFRS). Elke has experience in global audit methodologies through Ernst and Young Philippines and Deloitte Touche Tohmatsu Indonesia. In addition, Elke develops and conducts SAP Audit Training for Basis, Finance & Controlling (FICO), Materials Management (MM), Procure to Pay (PTP), and Order to Cash (OTC) modules to He also manages, internal AuditSAP software development – cloud based SAP Audit tool to automate the review of SAP security and SAP process controls within PTP and OTC process.

Company team

Edgar Rivera

​Edgar is the IT Audit Services practice leader of AuditSAP. He has over 40 years of audit, consulting, and IT development and implementation experience in the US, Singapore, Malaysia, Australia, and the Philippines. 

Edgar helped clients' internal audit teams to develop technical capability in audits of SAP environments particularly in the area of SAP security and reviews of SAP functionality. Edgar managed the development of earlier versions of the firm’s automated solutions and lead the development and conduct of SAP training for internal audit of a leading manufacturing company in the Philippines. 

Prior to joining AuditSAP in 2008, Edgar was the head of IT Audit Department for a leading television network and was responsible for crafting the network’s IT audit methodology. 

During the earlier parts of his career, Edgar was a Senior Manager at PwC, and a Senior Manager at Deloitte Consulting. He started his IT Audit career with SGV & Co. / EY.​

 


Company team

Camille Santos

Camille is our practice leader primarily responsible for our data privacy practice and related services. As part of this responsibility, Camille developed an automated tool as part of our methodology to address client data privacy preparation and compliance requirements. 

In 2011, when she started her career with AuditSAP, Camille developed and implemented an audit tool kit to address access control and security issues involving review of critical accesses, segregation of duties (SOD) risks among users and within roles, and review of system configurations. She also led the design and installation of automated working papers for Internal Auditors.
 
In 2014, Camille joined one of the largest conglomerates in the country and became primarily responsible in providing first level and second level support to users/employees using applications like SAP, Oracle Hyperion Financial Management (in coordination with functional teams), and a hotel booking, biometrics, and CCTV system. She has provided support to the external engagement team responsible for enhancing the conglomerate’s financial consolidation system.

Prior to her return as one of the partners in AuditSAP last 2020, Camille was a Manager in the Digital Advisory Risk Consulting Services at KPMG. She has over five years of meaningful experience with the Big Four firm as a Project Manager for data privacy services, robotics process automation, IT audit, governance, risk and compliance, and IT systems implementation. She has served various clients from the energy, consulting, mining, casino, banking, manufacturing, food and beverage, hotel, transport, hoisting, medical care, retail, shared services, logistics, financial services, and shipping industries.