View
17
Download
2
Tags:
Embed Size (px)
Citation preview
Compliance Designed WellAuditBot
AuditBot Overview• AuditBot provides…• expertise in intelligently identifying and responding to risks that impact SAP
System.
• So that…• organizations can automatically identify, manage and prevent Risks that result
in…– … user having excessive Access– … poor SAP security design– … risk due to security vulnerability– … costly audit findings
• We do this by providing…• a SAP Audit software solution that delivers precise, actionable and auditable
intelligence of control breakdowns across systems, processes and transactions
Automate Compliance
Improve Operations
Reduce Risk & Fraud
3
CFO / Finance
Internal Audit
CIO/IT
Compliance/ Risk
When developing a AuditBot business case it is important to understand what metrics will be used in the final evaluation.
• Reduced risk of adverse audit findings & fraud
• Increased business efficiency
• Improved internal auditor utilization
• Reduced testing time for routine controls
• Reduced IT cost of ownership
• Reduced external consulting fees
• Business benefits of compliance investments
• Reduced time and cost for monitoring controls
ROI from different team perspective
TeamVel Jaypaul : Technical ArchitectMr. Jaypaul has 14 years Software Development experience (US/CANADA) with 8 years in the Oracle platform and more recently 6 years in SAP R3, BW 3.5, BI 7.0 and Net Weaver 7.0 with 6 full cycle SAP BW/BI implementations including post implementation support and user training.
Selva Kumar CISA CGAP ITIL: Functional ArchitectMr. Kumar has more than 20 years working with Basis and Security Clients: Eli Lilly, IN; DuPont, DE; Rohm and Hass, PA; Unilever, NJ, Cephalon, PA; IPG NY and more.vHe is responsible for actualizing SAP GRC and SOX Compliance Solutions at fortune 500 Companies such as Dupont, Unilever, Rohm and Hass, and J&J as well as the federal government. Shyam Bathula: Product Advisor AuditBot Asia Pacific DivisionShyam is CISA – Certified information systems auditor specializing in SAP Security/GRC Audit and Consulting. He audits SAP clients in South East Asia and Middlle East. Based on his experience in SAP and his prior experience of more than 20+ years in IT, he advises on our product management and business.
5
• “All the audit programs are written in ABAP Program”
• “All the audit logs are gathered and recorded into custom table for unlimited use
ABAP Based
No New Hardware
Quick Implementation
• “Solution can be deployed in SAP System on the exiting hardware.”
• Existing company resource can support the product
• “Solution can be implement Quickly some time even within one day.”
• “Training the internal audit team is quick as the report are one click execution.”
Architecture
SAP Certification
Metropolitan Fire Brigade-Australian Government Agency
"This is a simple but very versatile software suite addressing all SAP GRC features and much more.
It is an ABAP suite fully incorporated with the SAP application." said Upul Prematunga, Manager - Financial Compliance at the Metropolitan Fire
Brigade-Australian Government Agency.
SOD Vendor in Gartner
Clients
SAP License Saver deliverables
• A complete list of SAP License that are not utilized and can be harvested.
• A recommendation (detailed list) of SAP users who can be directed to non-SAP functionality and avoid using an SAP License.
• A detailed list of SAP users and their recommended classification (Professional, LTD. Professional, ESS, etc…) based on actual SAP usage.
• A full SAP License Appendix review with recommendations on modules that are not being utilized or that are over-licensed.
• .
Custom object analysis
Monitor 100% of transactions
Fully Automated
Professional: Create Master Data, Change Configuraton and Update Data
Basis Users: Perform System Related Activities
Development: Create Custom object like ABAP programs and Tables
SAP Does not Provide Clear List of Transactions for Each License Type
Limited Professional: Can Post Invoice and do limited master Data transactions
Employee: Can use approval transactions, requests and display Data
Costly License Types Cheaper License
Named Users Licenses
SAP License Audit Cleanup
• Review your SAP User List using Transaction SUIM Regularly and look for any unwanted User IDs
• Use transaction RSUSR200 to periodically lock users for Inactivity 90 or 120 days based on your company policy
• Assign a license type to every user in the system. All the user without License type assignment is charged at the professional license type level
• Turn on Multiple Logon Parameter so user cannot logon multiple times with the same user id.
• Assign License type at the role level• Assign proper roles to the users. Users with broad access
roles can access powerful transactions.
Third party review executed
by AuditBot ensures risks
and vulnerabilities are
highlighted.
13
”“
CHALLENGES
• Managing a complex software landscape can be a time consuming and costly exercise for any organization.
• Taking control by identifying the actual usage of your SAP landscape
• Ensuring compliance of software contracts and avoiding surprises
• Awareness of your ‘as is’ situation with respect to your SAP licensing management, including identification of related vulnerabilities and risks
• Control of how your SAP landscape is licensed based on actual usage
• Compliancy with your SAP contract.
RESULTS
A common result of SAP audits is “not enough professional License”,
even though the overall SAP License count is
compliant
SAP License Saver
14
Awareness of your ‘as is’ situation with respect to your SAP licensing management, including identification of related vulnerabilities and risks.
Reduced Risk
Greater Assurance
Improved Productivity
• “Control of how your SAP landscape is licensed.
• Knowledge of how SAP licenses its software and provides awareness and understanding to the persons involved in licensing end users..”
We work closely with our clients to understand their SAP landscape, current controls and procedures, and to address their desired objectives for SAP license assignment/usage.”
RESULTS
Data Loading
SAP License Saver Tool Setup
SAP license Saver
Enter the Licenses
Purchased with Cost
Map the Transactions
to License Type
Map Users from Non
SAP Systems
Maintain Activity
Thresholds for License
type
Architecture
Central SAP ECC System In premise or on Cloud
AuditBOT Analyzer
SAP BIAuditBOT
Plugin
SAP CRMAuditBOT
Plugin
SAP SRMAuditBOT
Plugin
SAP XIAuditBOT
PluginSAP RFC Connections
SAP License Recommendation Based on Transaction Execution and Postings
License Type License DescriptionPurchased Licenses Recommended Licenses
CB SAP Application Professional 525 420
CC SAP Application Limited Professional 75 180
CD SAP Application Employee 500 20
CE SAP ESS Application ESS User 100 100
CF SAP Application Business Expert 10 0
CG SAP Application Business Information User 100 0
Total 1310 720
Overview of Your SAP License Cost
SAP License Configuration
SAP License Recommendation
• Free 30 Proof of Concept• Same day installation and Configuration• 365 Day Money Back Guarantee• Basic Configuration Includes• Will Provide Custom Enhancements • When Can We Start
Our Value