Compliance Designed WellAuditBot

AuditBot Overview• AuditBot provides…• expertise in intelligently identifying and responding to risks that impact SAP

System. 

• So that…• organizations can automatically identify, manage and prevent Risks that result

in…– … user having excessive Access– … poor SAP security design– … risk due to security vulnerability– … costly audit findings

• We do this by providing…• a SAP Audit software solution that delivers precise, actionable and auditable

intelligence of control breakdowns across systems, processes and transactions

Automate Compliance

Improve Operations

Reduce Risk & Fraud

What can AuditBot do for you

• Automatically monitors key control points across the organization.

• Identifies, monitors, alerts, tracks control breakdowns.

• Pushes ownership & accountability of controls out to the organization.

• Provides independent layer of quality assurance.

• Ensures data integrity and quality SAP Systems.

Custom object analysis

Monitor 100% of transactions

Fully Automated

Security and compliance of SAP® applications

Performance

System stability

Quality standards of internal and external System Usage

Auditbot SAP Compliance Tool– Benefits

Security risks

Business risks

Maintenance efforts

Test and correction efforts

Operating costs

Increase Decrease

Benefits

5

CFO / Finance

Internal Audit

CIO/IT

Compliance/ Risk

When developing a AuditBot business case it is important to understand what metrics will be used in the final evaluation.

• Reduced risk of adverse audit findings & fraud

• Increased business efficiency

• Improved internal auditor utilization

• Reduced testing time for routine controls

• Reduced IT cost of ownership

• Reduced external consulting fees

• Business benefits of compliance investments

• Reduced time and cost for monitoring controls

ROI from different team perspective

6

• “All the audit programs are written in ABAP Program”

• “All the audit logs are gathered and recorded into custom table for unlimited use

ABAP Based

No New Hardware

Quick Implementation

• “Solution can be deployed in SAP System on the exiting hardware.”

• Existing company resource can support the product

• “Solution can be implement Quickly some time even within one day.”

• “Training the internal audit team is quick as the report are one click execution.”

Architecture

SAP Certification

Metropolitan Fire Brigade-Australian Government Agency

"This is a simple but very versatile software suite addressing all SAP GRC features and much more.

It is an ABAP suite fully incorporated with the SAP application." said Upul Prematunga, Manager - Financial Compliance at the Metropolitan Fire

Brigade-Australian Government Agency.

Team• Vel Jaypaul: Technical Architect : Mr. Jaypaul has 14 years Software Development experience (US/CANADA) with 8 years in the Oracle platform and more recently 6 years in SAP R3, BW 3.5, BI 7.0 and Net Weaver 7.0 with 6 full cycle SAP BW/BI implementations including post implementation support and user training

• Selva Kumar ITIL CGAP and CISA: Functional Consultant : 20 Years SAP Experience in Various Fortune 500 Clients performing SAP Security Configuration, SAP Compliance Audit, and developing SAP Tools

Shyam Bathula: Advisor Singapore Operations: Shyam is CISA – Certified information systems auditor specializing in SAP Security/GRC Audit and Consulting. He audits SAP clients in South East Asia and Middle East.

Finance Posting and Alert- Can alert when OB52 is used or Certain Doc type or

Amount

Sensitive Transaction Postings- Exact table posted and number of Entries

Finance Posting happened due to SOD- Any Transaction

Master Data Change- Get Alerted or Review Monthly or Weekly Master Data Changes

Configuration Data Load Screen. Active or Deactivate any Configuration table

Transaction Used and Number of Time. Double clicking Each line will give Details by date-

Transaction Usage Can also be altered

User Activity by Terminal. Double clicking Each line will give details by date- Transaction Usage

Can also be altered

Role Creation / Deletion Report by Month. Drill down for detailed report

User Assignment Report by Month. Drill down for detailed report

High Level Risk Summary Report at User Level- Drill Down for Detailed Report

High Level Risk Summary Report at Role Level- Drill down for Detailed Report

Transactions in Role Vs Actual Usage

AuditBot will strengthen your

controls and provide better

business visibility.

23

”“

CHALLENGES

• As part of SAP Implementation project, company wanted to reduce segregation of duties (SoD) and sensitive access risks access.

• They want to keep track of their SAP Security posture and monitor regularly

• Manual process to monitor transaction and inactive users

• Clearly documented automated SoD, sensitive access controls, logs monitoring and custom object analysis

• Automation of tracking and alerting functional owner about the access

• Report easily run by Internal Auditor without support from IT, enables the IA validate compliance with company policies

RESULTS

Typical SAP System, with 2000 Users

24

• “Now we have all the sensitive transactions tracked and automated the user locking procedure”

• “Custom objects are now tracked and the Security posture intact”

Reduced Risk

Greater Assurance

Improved Productivity

• “There are no more audit surprises anymore. We have had no audit findings related to SOD or sensitive access since we implemented AuditBot.”

• “Now the sensitive access is tracked and user access data can analyzed quickly from one location.”

• “Now the internal audit team can track the security vulnerabilities and prevent any audit violations.”

RESULTS