Welcome
1 · Choose Platform
2 · Upload Data
3 · Findings
4 · Report
5 · Remediation
6 · Export
✓ Done
Interactive Platform Demo
Welcome to V/ergent
This guided walkthrough shows you exactly how V/ergent works — from selecting your ERP platform through to downloading a board-ready security report. Click through each step at your own pace.
S/4 HANA
B1
Oracle
D365
NetSuite
Intacct
X3
AWS
Azure
Sage 300
🎯
7 steps
Full platform walkthrough from project creation to report download
⚡
~5 minutes
Click at your own pace — revisit any step using the navigation above
🔒
Read-only demo
No real data — all screens show sample Contoso Ltd assessment data
1
Choose Your Platform
Create a new audit project and select the ERP or cloud platform that matches your client's environment.
Each platform has its own tailored check library. V/ergent automatically loads the correct controls, file format expectations, and regulatory mapping for your selection.
V/ergent — New Audit Project
Select Platform
🏭
SAP S/4 HANA
520+ checks · 9 domains + R5 packs
🏢
SAP Business One
150+ checks · 12 domains + R5 packs
☁️
Oracle Fusion ERP
140+ checks · 17 domains + R5 packs
🪟
Microsoft D365
110+ checks · 8 domains + R5 packs
🔷
Oracle NetSuite
110+ checks · 7 domains + R5 packs
🟢
Sage Intacct
105+ checks · 6 domains + R5 packs
🔴
Sage X3
105+ checks · 6 domains + R5 packs
🟠
Amazon AWS
56+ checks · 7 domains + cross-system SoD
🔵
Microsoft Azure
54+ checks · 7 domains + cross-system SoD
👥
Sage 300 People
95+ checks · 6 domains + R5 packs
Audit Name
Contoso Ltd — SAP S/4 HANA Security Assessment Q1 2026
What happens next: V/ergent generates a personalised extraction guide for your team, listing exactly which files to export from the selected ERP and how to get them. The guide can be shared directly with the client's Basis or IT team.
Step 1 of 7
2
Upload Data Files
Drop your exported CSV files — one by one, or drop the entire folder at once using Bulk Upload.
Bulk Upload (recommended): Run the ABAP report (SAP) or PowerShell script (D365/Oracle) and drop the entire output folder. V/ergent automatically matches files by filename — no manual assignment needed.
V/ergent — File Upload · Bulk Upload Tab
📂
Drop your C:\Vergent\Export\ folder here
Or click to select files — all CSVs auto-matched by filename
Match Results — 24 of 25 matched
user_details.csv → User Details & Roles
role_auth_objects.csv → Role & Auth Objects
hana_users.csv → HANA Database Users
payment_runs.csv → Payment Run Log
audit_log_config.csv → Audit Log Configuration
btp_trust_config.csv — not found (BTP optional)
security_console_users.csv → Security Console Users
user_role_assignments.csv → User Role Assignments
idcs_users_mfa.csv → IDCS Users & MFA Status
audit_policies.csv → Audit Policies
sod_violations.csv → SoD Violations
approval_rules.csv — BIP report not configured (optional)
user_accounts.csv → User Accounts
role_assignments.csv → Security Role Assignments
audit_log_entries.csv → Audit Log Entries
journal_entries.csv → Journal Entries
data_loss_prevention.csv → DLP Policies
plugin_assemblies.csv — not found (optional)
iam_credential_report.csv → IAM Credential Report
iam_users.csv → IAM Users & MFA Status
s3_buckets.csv → S3 Bucket Configurations
cloudtrail_trails.csv → CloudTrail Trails
security_groups.csv → EC2 Security Groups
config_rules.csv — AWS Config not enabled (optional)
aad_users.csv → Azure AD Users & MFA
aad_admins.csv → Admin Role Members
conditional_access.csv → Conditional Access Policies
nsg_rules.csv → Network Security Group Rules
storage_accounts.csv → Storage Account Settings
key_vaults.csv — Key Vault not deployed (optional)
ousr.csv → User Accounts
oadm.csv → User Roles & Groups
oinv.csv → Inventory Settings
oafs.csv → Posting Restrictions
ojdt.csv → Journal Entries
oaud.csv → Audit Trail Log
employees.csv → Employee Records
user_roles.csv → User Role Assignments
approval_workflows.csv → Approval Workflows
token_auth.csv → Token-Based Auth Tokens
transactions.csv → Transaction Log
integration_logs.csv — REST integrations not configured (optional)
users.csv → System Users
roles.csv → Role Definitions
entities.csv → Multi-Entity Security
ap_policies.csv → AP Policies
audit_trail.csv → Audit Trail
api_senders.csv — Web services not configured (optional)
autilis.csv → User Accounts
adxfunc.csv → Function Access
gaccentry.csv → GL Entries
paymenth.csv → Payment Headers
adxtrace.csv → Audit Trail
webservices.csv — REST APIs not enabled (optional)
employees.csv → Employee Records
user_security.csv → User Security Settings
salary_records.csv → Salary Data
payroll_access.csv → Payroll Access Controls
audit_log.csv → System Audit Log
compensation_plans.csv — Comp planning not active (optional)
No file required to run: Unmatched files are skipped gracefully — checks that depend on missing files are marked as Skipped rather than failing. You can always re-upload additional files to a completed audit.
Step 2 of 7
3
Review Findings
All checks run automatically. Every finding includes a severity rating, technical detail, and recommended action.
V/ergent — Contoso Ltd · Audit Results
12
Critical
27
High
18
Medium
8
Low
9
Critical
21
High
14
Medium
11
Low
7
Critical
19
High
11
Medium
7
Low
8
Critical
16
High
10
Medium
8
Low
6
Critical
15
High
12
Medium
7
Low
Sample Findings
Critical
SAP* backdoor parameter enabled (login/no_automatic_user_sapstar)
When DDIC is locked, SAP* regains its hardcoded password — any user knowing it logs in with full SAP_ALL privileges.
Domain: System Parameters · Check: BASIS-003 · Set login/no_automatic_user_sapstar = 1
Critical
14 users hold conflicting SoD roles: AP Invoice Entry + Payment Approval
14 active users can both enter vendor invoices and approve the resulting payment run — a critical SOX ITGC violation.
Domain: Segregation of Duties · Check: SOD-001 · Affected: 14 users
High
RFC_READ_TABLE enabled — unauthenticated table extraction possible
Any RFC-authenticated user can extract any SAP table without additional authorisation checks.
Domain: RFC Security · Check: RFC-004 · Restrict via S_RFC auth object
High
3 background payment jobs scheduled as SAP* user
Payment jobs running as SAP* bypass all authorisation checks and cannot be individually audited.
Domain: Background Jobs · Check: JOB-002
Critical
MFA disabled for 31 users with Financial Manager role
IDCS MFA is not enforced for users holding elevated finance roles — a critical authentication gap for SOX-scoped systems.
Domain: Identity & Access · Check: OF-IA-003 · Affected: 31 users
Critical
2 intercompany transactions posted without receiver acknowledgment (>$10,000)
Large intercompany entries posted without cross-entity approval — creates unreconciled balance risk at period end.
Domain: Intercompany Controls · Check: OF-IC-002
High
23 inactive Oracle accounts still hold active security roles
User accounts inactive for 90+ days retain full role assignments — a dormant access risk for privileged functions.
Domain: User Management · Check: OF-UM-003 · Affected: 23 accounts
High
GL periods for Q3 2025 still open — no period-close control enforced
Open prior periods allow retrospective journal postings that can manipulate reported financials without detection.
Domain: Financial Controls · Check: OF-FC-001
Critical
7 journal entries posted without approval workflow (D365-FC-002)
Journal entries bypassing the approval workflow cannot be attributed to an authorised approver — a direct SOX ITGC violation.
Domain: Financial Controls · Check: D365-FC-002
Critical
Unmanaged solutions detected in production environment
Unmanaged solutions bypass change management controls and can be modified directly in production — an audit and stability risk.
Domain: Platform Security · Check: D365-PS-001
High
No DLP policy covers the production environment
Without a Data Loss Prevention policy, any Power Automate flow can connect production D365 data to external services like Gmail or Dropbox.
Domain: Platform Security · Check: D365-PS-002
High
18 records shared with >10 users via Principal Object Access
Overshared records indicate ad-hoc sharing bypassing security roles — leads to uncontrolled data access outside role boundaries.
Domain: Data Security · Check: D365-DS-001
Critical
Root account has active access keys (AWS-IA-001)
Active access keys on the root account bypass all IAM policies — immediate unauthorised access risk if credentials are leaked.
Domain: Identity & Access · Check: AWS-IA-001 · Deactivate root access keys immediately
Critical
9 S3 buckets have public access enabled (AWS-DS-001)
Public S3 buckets expose potentially sensitive data to the internet — a leading cause of AWS data breaches.
Domain: Data Security · Check: AWS-DS-001 · Enable S3 Block Public Access at account level
High
CloudTrail logging disabled in 2 regions (AWS-AL-002)
Regions without CloudTrail have no API audit trail — malicious or accidental changes cannot be investigated or attributed.
Domain: Audit & Logging · Check: AWS-AL-002
High
14 IAM users have no MFA enabled (AWS-IA-003)
Console-access users without MFA are vulnerable to credential stuffing and phishing — a CIS Benchmark Level 1 requirement.
Domain: Identity & Access · Check: AWS-IA-003 · Affected: 14 users
Critical
MFA not enforced for 6 Global Administrators (AZ-IA-002)
Global Admins without MFA represent the highest-risk attack surface in any Azure tenancy — a Tier 0 identity control failure.
Domain: Identity & Access · Check: AZ-IA-002 · Enforce via Conditional Access
Critical
No Conditional Access policy requires MFA (AZ-IA-005)
Without a CA policy requiring MFA for all users, legacy authentication protocols can bypass MFA entirely.
Domain: Identity & Access · Check: AZ-IA-005
High
NSG allows SSH from 0.0.0.0/0 on 3 subnets (AZ-NS-001)
Unrestricted SSH access from the internet exposes VMs to brute-force attacks — restrict to known management IPs or use Azure Bastion.
Domain: Network Security · Check: AZ-NS-001 · Affected: 3 NSGs
High
Defender for Cloud on Free tier — no threat protection (AZ-COMP-001)
Free tier provides no runtime threat detection for VMs, SQL, or containers — upgrade to Standard for full CSPM and CWPP coverage.
Domain: Compliance · Check: AZ-COMP-001
11
Critical
24
High
16
Medium
6
Low
Critical
23 super users with unrestricted access (B1-IA-002)
Super users bypass all authorization checks — 23 active super user accounts without proper segregation of duties controls.
Domain: Identity & Access · Check: B1-IA-002 · Affected: 23 users
Critical
8 users with conflicting roles: Purchase + Approval (B1-SOD-001)
8 active users can both create purchase orders and approve them — a direct SOX violation for purchase control workflows.
Domain: Segregation of Duties · Check: B1-SOD-001 · Affected: 8 users
High
Audit trail not configured for production (B1-AC-001)
No audit trail records are being captured for journal entries and critical master data changes.
Domain: Audit & Compliance · Check: B1-AC-001
10
Critical
18
High
14
Medium
3
Low
Critical
6 admins with Full Access role outside finance (NS-IA-001)
System Admin access granted to non-finance users creates uncontrolled change and data modification risks.
Domain: Identity & Access · Check: NS-IA-001 · Affected: 6 admins
Critical
TBA tokens with admin-level permissions (NS-INT-001)
Token-Based Authentication tokens with System Admin rights can perform any action — immediate credential rotation required.
Domain: Integration Security · Check: NS-INT-001
High
Journal entries posted without approval workflow (NS-FC-002)
12 journal entries bypassed the approval workflow, creating audit trail and control violations.
Domain: Financial Controls · Check: NS-FC-002 · Affected: 12 entries
9
Critical
16
High
12
Medium
4
Low
Critical
System Admin role assigned to 4 non-IT users (SI-IA-001)
Non-IT personnel with system admin access can modify security policies, change user roles, and disable audit logging.
Domain: Identity & Access · Check: SI-IA-001 · Affected: 4 users
Critical
AP bill creation + payment approval same user (SI-SOD-001)
7 users can both create vendor bills and approve payments — a critical SOD violation for AP controls.
Domain: Segregation of Duties · Check: SI-SOD-001 · Affected: 7 users
High
Web services credentials shared across users (SI-IA-003)
3 API senders share the same credentials, making it impossible to audit which user performed which integration action.
Domain: Identity & Access · Check: SI-IA-003 · Affected: 3 senders
9
Critical
15
High
11
Medium
5
Low
Critical
Default ADMIN/ADMIN credentials not changed (SX3-IA-001)
ADMIN account with default password allows unrestricted system access — a critical security control failure.
Domain: Identity & Access · Check: SX3-IA-001
Critical
ADXTRACE audit table disabled (SX3-AC-001)
Audit logging is disabled in production — all system changes and user actions are untracked.
Domain: Audit & Compliance · Check: SX3-AC-001
High
Purchase entry + payment approval same user (SX3-SOD-001)
5 users can both enter purchases and approve payment runs — bypasses dual control requirement.
Domain: Segregation of Duties · Check: SX3-SOD-001 · Affected: 5 users
8
Critical
12
High
9
Medium
3
Low
Critical
Payroll administrators without security clearance (S300-IA-001)
4 users have Payroll Admin role but lack formal security approval or background screening documents.
Domain: Identity & Access · Check: S300-IA-001 · Affected: 4 users
Critical
Compensation data accessible to HR staff outside Finance (S300-DS-001)
26 non-finance HR staff have visibility to salary and compensation details — violates data privacy controls.
Domain: Data Security · Check: S300-DS-001 · Affected: 26 users
High
Payroll approval workflow not enforced (S300-FC-001)
3 payroll batches posted without manager approval — creates risk of unauthorized compensation changes.
Domain: Compensation Controls · Check: S300-FC-001 · Affected: 3 batches
Step 3 of 7
4
Download Your Report
A professional, board-ready report with executive summary, domain breakdown, and detailed findings — in DOCX and PDF.
Reports are branded for V/ergent and include: Executive Summary, Risk Heat Map, Domain Scores, Full Findings Table with remediation steps, Regulatory Mapping (NIST, ISO 27001, SOX), and an Appendix of evidence.
V/ergent — Report Preview
SAP S/4 HANA Security Assessment — Contoso Ltd
Assessment Date: May 2026 · Conducted by V/ergent · 520 checks run across 9 domains + R5 programme packs · 66 files analysed
Domain Risk Summary
Step 4 of 7
5
Remediation Tracker
Track the status of every finding across all audits — assign owners, set due dates, and monitor progress to closure.
The Remediation Tracker pulls findings from all your audits — SAP, Oracle, and D365 — into one cross-platform view. Filter by platform, severity, status, or domain. Export to Excel for sharing with the remediation owner.
V/ergent — Remediation Tracker
28
Open
14
In Progress
9
Resolved
51
Total
All Findings
Critical
SAP
SOD-001: AP Invoice + Payment Approval conflict (14 users)
In Progress
Due: Apr 30
Critical
SAP
BASIS-003: SAP* backdoor parameter enabled
Open
Due: Apr 15
High
Oracle
UM-003: 23 inactive Oracle accounts with active roles
Resolved
Closed: Apr 3
High
D365
D365-FC-002: 7 journal entries posted without approval
Open
Due: May 1
Step 5 of 7
6
Excel Export & Sharing
Export the full remediation register as a 5-sheet Excel workbook — ready to share with the CFO, CIO, or internal audit committee.
V/ergent — Export Remediation Workbook
📊
Master Remediations
All 51 findings, all platforms
📁
By Audit
Grouped by project
🔴
Open Items
28 items requiring action
✅
Closed Items
9 resolved findings
📈
Dashboard
Status & severity charts
13 columns per finding: Audit Name · Date · Finding ID · Control Area · Remediation Detail · Severity · Risk Rating · Recommended Action · Assigned To · Due Date · Status · Completion Notes · Evidence Link
Step 6 of 7
🎉
Demo Complete
You've seen the full V/ergent workflow — platform selection, bulk upload, automated checks, findings review, remediation tracking, and Excel export. Ready to run your first real assessment?
Complete ✓
Dashboard