GRC Solutions for SAP®


ISPICIO is a software developer and consultancy, specialising in governance, risk, and compliance (GRC) solutions with a focus on SAP® security.

To efficiently manage increasing compliance requirements, growing complexity of modern SAP® environments and cost pressure in organisations, we develop simplified, flexible, and cost-effective software solutions supported by tailored training and consulting services.

Our long-standing audit expertise and close collaboration with the Big4 audit firms allow us to deliver and constantly improve cutting edge SAP® security solutions for our software and consulting clients, ranging from small and medium-sized enterprises to large corporations across all industries.

Founded in Germany, we have launched ISPICO Pty Ltd in Australia, head-officed in Brisbane, to service our Asia-Pacific clients.


SAP® Security Software

Effiiciency focussed
Made in Germany 

SAP® Security Consulting

We bring the experts and the
tools to the job 

More Consulting

Risk & Controls,
Audit Support and more

International Clients

100+ companies have chosen to work with us including 3 of the Big4 audit firms


All of our consultants have a minimum of 10 years of relevant work experience

International Offices

We are based in Frankfurt to serve the European market and in Brisbane to look after Asia-Pacific


Big4 audit firm

“On average we require one business day for a full SAP® security review with ISPICIO_S on an SME engagement, whereby we used to need 4 to 5 days without the tool."

Partner, Risk Assurance


"We have been working with ISPICIO in our Internal Audit practice since mid 2016. ISPICIO have impressed with their subject matter expertise and pro-active support, especially through their audit experience combined with their SAP® Security software solutions. We look forward to working with ISPICIO in the future."

L. Schulze, Head of Internal Audit, Risk Management and Information Security


"ISPICIO have been supporting us through many years in conceptional and operational aspects of our internal controls system. We are looking back on a highly professional and value-adding cooperation which has significantly shaped the role internal controls play in our organisation today."

M. Groß, Internal Controls Manager


SAP® Security made simple

Our goal is to develop tools that cover the most important aspects of SAP® Security in an efficient and cost-effective way. At the forefront of our software products stands ISPICIO_S which has been developed to simplify and accelerate SAP® Security analyses. While other tools require the installation of table extraction ABAPs and deep knowledge of how to analyse and interpret SAP® data, ISPICIO_S provides a simple RFC download function and pre-defined filters that allow the user to benefit from our extensive SAP® knowledge. Pre-formatted PDF reports showing general control settings, access rights, segregation of duties conflicts as well as critical journal entries are all just a few clicks away. Further, the ISPICO_S Server Version, allows for automation of these procedures.


Whether you choose to purchase a software license or to engage us as a consultancy, our solutions will benefit you in many ways.

Save costs

On average ISPICIO customers save over 50% on their usual SAP® Sercurity audit costs.

Save time

ISPICIO_S processes thousands of data sets in minutes rather than hours. The server version even allows for automation.

Improve quality

A SAP® audit tool is only as good as its built-in logic. We’ve incorporated years of audit experience into the ISPICIO_S filters.


The data download from SAP® is secure and simple through read-only RFC technology. No ABAP installation is needed.


Our tools run on Windows, Mac and Linux. If you engage us, we can use your hardware. No byte of SAP® data needs to leave your hardware.

Data ownership

The SAP® data required for the analysis is yours and you remain in control. No uploading or carrying around sensitive files.


ISPICIO_S allows the user to run customised reports with self-designed filters / control activities.


Knowledge of weaknesses in your SAP® system is a requirement on the path to compliance. We turn information into knowledge for you.

Simple to use

Results are presented in Pre-formatted PDF reports. They are easy to assess and share.

White label option

Make it yours. Your logo and company name can appear on all reports.

Continuous updates

New functionalities and additional audit procedures are continuously under development. Updates are free for all active licenses.

Support available

Should you decide to purchase an ISPICIO_S license and require ongoing support, we can bundle it accordingly.


SAP® Security

ISPOCIO_S SAP® Security Health Check
with Satisfaction Guarantee

We offer a reduced version of our "Full SAP® Security Review" which we call “SAP® Security Health Check”. It will give you insights into a selection of the most critical security aspects of your SAP® system. Because we use highly efficient tools, the work of our experts can usually be done remotely and be completed within two business days. In the unlikely event of you not being happy with the results, we will not invoice you - no questions asked. Register your interest obligation-free today and we will tell you all about our satisfaction guarantee.

Full SAP® Security Review with ISPICIO_S

Qualified personnel are scarce and daily business often prevents organisations from getting SAP® Security under control. Hence, we offer a comprehensive package that will take the burden off you. One of our experts manages all necessary tasks and analyses your SAP® system with our tool ISPICIO_S. The work is usually done on-site and can be performed on one of your computers. No critical ABAP installation is required. No byte of data has to leave your organisation. The results can usually be presented within a few business days depending on the amount of customisation your organisation requires.

Customisation and Automation of SAP®
Security Reviews with ISPICIO_S

ISPCIO_S comes with a large number of audit rules which we call filters. We’ve incorporated years of audit experience into these filters and we constantly develop them further. However, we have built ISPICIO_S to be flexible and we offer to customize the filters to your specific needs. We can either modify existing filters (e.g. to reflex customised authorisation objects) or add new filters (e.g. to perform user re-certifications for a specific organisational unit). We can also implement ISPICIO_S as a server version that allows for automation of real-time SAP data extraction and execution of your customised filters. The time needed to implement your customised ISPICIO_S solution depends on your specific requirements. We are happy to talk you through the details.


The ISPICIO_S Master training and certification program is designed for internal and external IT auditors and SAP®-security personnel. The training is customisable according to the trainees' needs. The standard course covers data extraction from SAP®, customisation of audit procedures (filters), data analysis, simulating data modifications, reporting functions and presenting results. Trainees will practically use ISPICIO_S on real SAP® data and are then certified at the end of the 4-hour course.


IT Risk Assessments

We can help you choose and implement a suitable IT risk assessment methodology including aspects such as system characterisation, threat identification, vulnerability identification, control analysis, likelihood determination, impact analysis, risk determination, control recommendation and risk documentation. We are also there for the risk assessment's execution over the years to come.

IT General Controls

Our expertise extends beyond SAP®. We perform IT General Control (ITGC) reviews and help our clients to optimise their control environment following best-practice frameworks such as COBIT.

Processes and Internal Controls

As SAP® experts we understand business processes. Hence, we offer business process and internal control system (ICS) reviews and optimisations for example to comply with S-OX 404 requirements.

Audit Support

We provide staff for internal audit departments and professional firms when support is needed at short notice, or for a specific project or task.

Sustainability Services

We offer sustainability services including sustainability reporting, carbon footprinting, carbon reduction strategy development and carbon offsetting through our partner atmosfair®. Our experts are certified sustainability consultants (N-Kompass® certfied) and auditors (EarthCheck® certified).


Leave us a message

Australian Office

1 / 15 Hardiman Street
Woody Point, QLD 4019

German Office

Poststraße 2-4
60329 Frankfurt a.M. 

Terms of Use & Privacy Policy

Liability for content
ISPICIO Pty Ltd makes every effort to keep the information on this web site current, but accepts no liability whatsoever for the content provided. The law limits our responsibility as a service provider to our own content on these web pages. We are not obligated to monitor third party information provided or stored on our web site. However, we shall promptly remove any content upon becoming aware that it violates the law. Our liability in such an instance shall commence at the time we become aware of the respective violation.

Data protection
Please be aware that there are inherent security risks in transmitting data, such as e-mails, via the Internet, because it is impossible to safeguard completely against unauthorised access by third parties. Nevertheless, we shall safeguard your data, subject to this limitation. In particular, personal information will be transmitted via the Internet only if it does not infringe upon third-party rights, unless the respective party has given its prior consent in view of such security risks. Accordingly, as the web site provider, we shall not be held liable for any damages incurred as a consequence of such security risks or for any related acts of omission on our part. We oppose the use of any available contact information by a third party for sending unsolicited advertisements. As the web site provider, we reserve the express right to take legal action against unsolicited mailing or e-mailing of spam and other similar advertising materials.

Liability for links
Our web site contains links to third-party web sites. We have no influence whatsoever on the information on these web sites and accept no guaranty for its correctness. The content of such third-party sites is the responsibility of the respective owners/providers. At the time third-party web sites were linked to ours, we found no grounds whatsoever of any likely contravention of the law. We shall promptly delete a link upon becoming aware that it violates the law.

The content and works provided on these web pages are governed by the copyright laws. Duplication, processing, distribution, or any form of commercialisation of such material beyond the scope of the copyright law shall require the prior written consent of its respective author or creator.