SAP GRC Access Control, SAP GRC Process control, Audit Management, and Fraud management, and the otehr solutions that are part of the SAP Assurance and Compliance Software, are the ones that are mostly ignored during the audits. These have to be considered as the key systems for audit as majority of the Compliance related activities are managed by these software. 

Here is an interesting article that speaks more about the ways one can adapt to audit the SAP GRC system.