SAP Compliance Tool for SAP IT Audit
-
Upload
sap-compliance -
Category
Technology
-
view
1.115 -
download
10
description
Transcript of SAP Compliance Tool for SAP IT Audit
Compliance Designed WellAuditBot
AuditBot Overview• AuditBot provides…• expertise in intelligently identifying and responding to risks that impact SAP
System.
• So that…• organizations can automatically identify, manage and prevent Risks that result
in…– … user having excessive Access– … poor SAP security design– … risk due to security vulnerability– … costly audit findings
• We do this by providing…• a SAP Audit software solution that delivers precise, actionable and auditable
intelligence of control breakdowns across systems, processes and transactions
Automate Compliance
Improve Operations
Reduce Risk & Fraud
What can AuditBot do for you
• Automatically monitors key control points across the organization.
• Identifies, monitors, alerts, tracks control breakdowns.
• Pushes ownership & accountability of controls out to the organization.
• Provides independent layer of quality assurance.
• Ensures data integrity and quality SAP Systems.
Custom object analysis
Monitor 100% of transactions
Fully Automated
Security and compliance of SAP® applications
Performance
System stability
Quality standards of internal and external System Usage
Auditbot SAP Compliance Tool– Benefits
Security risks
Business risks
Maintenance efforts
Test and correction efforts
Operating costs
Increase Decrease
Benefits
5
CFO / Finance
Internal Audit
CIO/IT
Compliance/ Risk
When developing a AuditBot business case it is important to understand what metrics will be used in the final evaluation.
• Reduced risk of adverse audit findings & fraud
• Increased business efficiency
• Improved internal auditor utilization
• Reduced testing time for routine controls
• Reduced IT cost of ownership
• Reduced external consulting fees
• Business benefits of compliance investments
• Reduced time and cost for monitoring controls
ROI from different team perspective
6
• “All the audit programs are written in ABAP Program”
• “All the audit logs are gathered and recorded into custom table for unlimited use
ABAP Based
No New Hardware
Quick Implementation
• “Solution can be deployed in SAP System on the exiting hardware.”
• Existing company resource can support the product
• “Solution can be implement Quickly some time even within one day.”
• “Training the internal audit team is quick as the report are one click execution.”
Architecture
SAP Certification
Metropolitan Fire Brigade-Australian Government Agency
"This is a simple but very versatile software suite addressing all SAP GRC features and much more.
It is an ABAP suite fully incorporated with the SAP application." said Upul Prematunga, Manager - Financial Compliance at the Metropolitan Fire
Brigade-Australian Government Agency.
Team• Vel Jaypaul: Technical Architect : Mr. Jaypaul has 14 years Software Development experience (US/CANADA) with 8 years in the Oracle platform and more recently 6 years in SAP R3, BW 3.5, BI 7.0 and Net Weaver 7.0 with 6 full cycle SAP BW/BI implementations including post implementation support and user training
• Selva Kumar ITIL CGAP and CISA: Functional Consultant : 20 Years SAP Experience in Various Fortune 500 Clients performing SAP Security Configuration, SAP Compliance Audit, and developing SAP Tools
Shyam Bathula: Advisor Singapore Operations: Shyam is CISA – Certified information systems auditor specializing in SAP Security/GRC Audit and Consulting. He audits SAP clients in South East Asia and Middle East.
Finance Posting and Alert- Can alert when OB52 is used or Certain Doc type or
Amount
Sensitive Transaction Postings- Exact table posted and number of Entries
Finance Posting happened due to SOD- Any Transaction
Master Data Change- Get Alerted or Review Monthly or Weekly Master Data Changes
Configuration Data Load Screen. Active or Deactivate any Configuration table
Transaction Used and Number of Time. Double clicking Each line will give Details by date-
Transaction Usage Can also be altered
User Activity by Terminal. Double clicking Each line will give details by date- Transaction Usage
Can also be altered
Role Creation / Deletion Report by Month. Drill down for detailed report
User Assignment Report by Month. Drill down for detailed report
High Level Risk Summary Report at User Level- Drill Down for Detailed Report
High Level Risk Summary Report at Role Level- Drill down for Detailed Report
Transactions in Role Vs Actual Usage
AuditBot will strengthen your
controls and provide better
business visibility.
23
”“
CHALLENGES
• As part of SAP Implementation project, company wanted to reduce segregation of duties (SoD) and sensitive access risks access.
• They want to keep track of their SAP Security posture and monitor regularly
• Manual process to monitor transaction and inactive users
• Clearly documented automated SoD, sensitive access controls, logs monitoring and custom object analysis
• Automation of tracking and alerting functional owner about the access
• Report easily run by Internal Auditor without support from IT, enables the IA validate compliance with company policies
RESULTS
Typical SAP System, with 2000 Users
24
• “Now we have all the sensitive transactions tracked and automated the user locking procedure”
• “Custom objects are now tracked and the Security posture intact”
Reduced Risk
Greater Assurance
Improved Productivity
• “There are no more audit surprises anymore. We have had no audit findings related to SOD or sensitive access since we implemented AuditBot.”
• “Now the sensitive access is tracked and user access data can analyzed quickly from one location.”
• “Now the internal audit team can track the security vulnerabilities and prevent any audit violations.”
RESULTS