Compliance Designed WellAuditBot

AuditBot Overview• AuditBot provides…• expertise in intelligently identifying and responding to risks that impact SAP

System. 

• So that…• organizations can automatically identify, manage and prevent Risks that result

in…– … user having excessive Access– … poor SAP security design– … risk due to security vulnerability– … costly audit findings

• We do this by providing…• a SAP Audit software solution that delivers precise, actionable and auditable

intelligence of control breakdowns across systems, processes and transactions

Automate Compliance

Improve Operations

Reduce Risk & Fraud

3

CFO / Finance

Internal Audit

CIO/IT

Compliance/ Risk

When developing a AuditBot business case it is important to understand what metrics will be used in the final evaluation.

• Reduced risk of adverse audit findings & fraud

• Increased business efficiency

• Improved internal auditor utilization

• Reduced testing time for routine controls

• Reduced IT cost of ownership

• Reduced external consulting fees

• Business benefits of compliance investments

• Reduced time and cost for monitoring controls

ROI from different team perspective

TeamVel Jaypaul : Technical ArchitectMr. Jaypaul has 14 years Software Development experience (US/CANADA) with 8 years in the Oracle platform and more recently 6 years in SAP R3, BW 3.5, BI 7.0 and Net Weaver 7.0 with 6 full cycle SAP BW/BI implementations including post implementation support and user training.

Selva Kumar CISA CGAP ITIL: Functional ArchitectMr. Kumar has more than 20 years working with Basis and Security Clients: Eli Lilly, IN; DuPont, DE; Rohm and Hass, PA; Unilever, NJ, Cephalon, PA; IPG NY and more.vHe is responsible for actualizing SAP GRC and SOX Compliance Solutions at fortune 500 Companies such as Dupont, Unilever, Rohm and Hass, and J&J as well as the federal government. Shyam Bathula: Product Advisor AuditBot Asia Pacific DivisionShyam is CISA – Certified information systems auditor specializing in SAP Security/GRC Audit and Consulting. He audits SAP clients in South East Asia and Middlle East. Based on his experience in SAP and his prior experience of more than 20+ years in IT, he advises on our product management and business.

5

• “All the audit programs are written in ABAP Program”

• “All the audit logs are gathered and recorded into custom table for unlimited use

ABAP Based

No New Hardware

Quick Implementation

• “Solution can be deployed in SAP System on the exiting hardware.”

• Existing company resource can support the product

• “Solution can be implement Quickly some time even within one day.”

• “Training the internal audit team is quick as the report are one click execution.”

Architecture

SAP Certification

Metropolitan Fire Brigade-Australian Government Agency

"This is a simple but very versatile software suite addressing all SAP GRC features and much more.

It is an ABAP suite fully incorporated with the SAP application." said Upul Prematunga, Manager - Financial Compliance at the Metropolitan Fire

Brigade-Australian Government Agency.

SOD Vendor in Gartner

Clients

SAP License Saver deliverables

• A complete list of SAP License that are not utilized and can be harvested.

• A recommendation (detailed list) of SAP users who can be directed to non-SAP functionality and avoid using an SAP License.

• A detailed list of SAP users and their recommended classification (Professional, LTD. Professional, ESS, etc…) based on actual SAP usage.

• A full SAP License Appendix review with recommendations on modules that are not being utilized or that are over-licensed.

• .

Custom object analysis

Monitor 100% of transactions

Fully Automated

Professional: Create Master Data, Change Configuraton and Update Data

Basis Users: Perform System Related Activities

Development: Create Custom object like ABAP programs and Tables

SAP Does not Provide Clear List of Transactions for Each License Type

Limited Professional: Can Post Invoice and do limited master Data transactions

Employee: Can use approval transactions, requests and display Data

Costly License Types Cheaper License

Named Users Licenses

SAP License Audit Cleanup

• Review your SAP User List using Transaction SUIM Regularly and look for any unwanted User IDs

• Use transaction RSUSR200 to periodically lock users for Inactivity 90 or 120 days based on your company policy

• Assign a license type to every user in the system. All the user without License type assignment is charged at the professional license type level

• Turn on Multiple Logon Parameter so user cannot logon multiple times with the same user id.

• Assign License type at the role level• Assign proper roles to the users. Users with broad access

roles can access powerful transactions.

Third party review executed

by AuditBot ensures risks

and vulnerabilities are

highlighted.

13

”“

CHALLENGES

• Managing a complex software landscape can be a time consuming and costly exercise for any organization.

• Taking control by identifying the actual usage of your SAP landscape

• Ensuring compliance of software contracts and avoiding surprises

• Awareness of your ‘as is’ situation with respect to your SAP licensing management, including identification of related vulnerabilities and risks

• Control of how your SAP landscape is licensed based on actual usage

• Compliancy with your SAP contract.

RESULTS

A common result of SAP audits is “not enough professional License”,

even though the overall SAP License count is

compliant

SAP License Saver

14

Awareness of your ‘as is’ situation with respect to your SAP licensing management, including identification of related vulnerabilities and risks.

Reduced Risk

Greater Assurance

Improved Productivity

• “Control of how your SAP landscape is licensed.

• Knowledge of how SAP licenses its software and provides awareness and understanding to the persons involved in licensing end users..”

We work closely with our clients to understand their SAP landscape, current controls and procedures, and to address their desired objectives for SAP license assignment/usage.”

RESULTS

Data Loading

SAP License Saver Tool Setup

SAP license Saver

Enter the Licenses

Purchased with Cost

Map the Transactions

to License Type

Map Users from Non

SAP Systems

Maintain Activity

Thresholds for License

type

Architecture

Central SAP ECC System In premise or on Cloud

AuditBOT Analyzer

SAP BIAuditBOT

Plugin

SAP CRMAuditBOT

Plugin

SAP SRMAuditBOT

Plugin

SAP XIAuditBOT

PluginSAP RFC Connections

SAP License Recommendation Based on Transaction Execution and Postings

License Type License DescriptionPurchased Licenses Recommended Licenses

CB SAP Application Professional 525 420

CC SAP Application Limited Professional 75 180

CD SAP Application Employee 500 20

CE SAP ESS Application ESS User 100 100

CF SAP Application Business Expert 10 0

CG SAP Application Business Information User 100 0

Total 1310 720

Overview of Your SAP License Cost

SAP License Configuration

SAP License Recommendation

• Free 30 Proof of Concept• Same day installation and Configuration• 365 Day Money Back Guarantee• Basic Configuration Includes• Will Provide Custom Enhancements • When Can We Start

Our Value