All SAP customers can create custom transactions, tables, and programs in the SAP System. This makes the internal audit team’s job very difficult, having to track every custom object entered into the SAP system. Without a unified view of all the custom objects, it is next to impossible for the team to figure out which objects are not compliant. To realize the magnitude of the SAP Risk is only possible when all information is seen in one report, like the ones generated by the SAP Audit. Generally, the best practice is to create transactions for all the custom programs and custom tables. Each of the programs should have authority check statements and should be added in SU24 configuration to avoid SAP Risk being introduced through unsecured custom transactions. SAP Audit can handle that!