Continuous Monitoring for Enterprise Applications: Real Needs, Real Solutions. November 22, 2002 5 th Continuous Assurance and Auditing Symposium Newark,

Slides:



Advertisements
Similar presentations
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Advertisements

Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.
Leverage InformationTechnology: Turn Risk into Reward ™ Copyright ©. Fulcrum Information Technology, Inc. Top Five Reasons for Automating Application Controls.
«Knowledge is power». DO YOU KNOW WHAT’S GOING ON IN YOUR COMPANY? LanAgent «Knowledge is power»
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
OAUG SOX Panel Krista Ladd Oracle Applications Manager Silicon Image, Inc.
1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.
Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.
Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.
Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.
SAP An Introduction October 2012.
Change Management Chris Colomb Trish Fullmer Jordan Bloodworth Veronica Beichner.
Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
IDENTITY MANAGEMENT: PROTECTING FROM THE INSIDE OUT MICHAEL FORNAL, SECURITY ANALYST PROVIDENCE HEALTH & SERVICES SOURCE SEATTLE CONFERENCE
Integrated Security Solutions © 2006 TK Consulting, LP realtime Confidential March 11, 2007 APM Demo.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
NASC Presentation – March 2014 An Overview of Pennsylvania’s Internal Controls By: Anna Maria Kiehl, CPA State Comptroller/Chief Accounting Officer Governor’s.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Identifying Segregation of Duties Issues in a PeopleSoft Environment
Segregation of Duties for Infor-Lawson Software 1.
Introduction to Internal Control Systems
©2011 Quest Software, Inc. All rights reserved. Patrick Hunter EMEA IDAM Team Lead 7 th February 2012 Creating simple, effective and lasting IDAM solutions.
An Approach to Correctness of Security and Operational Business Policies October 5, 2013 Discussant Graham Gal.
Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
SOA Management Packs & Governance Cheat Sheet (Shared under OPN NDA - Last Updated: 8/3/2009)OPN NDA Target Account Profile Enterprises that: Have IT infrastructure.
Reactive Companies Meet Sarbanes-Oxley Standards, Proactive Organizations Exceed Them! Therron Hofsetz Logical Apps, Inc.
© 2007 Approva Corporation. All rights reserved. Continuous Monitoring & Audit Taj Chadha Senior Director, Integration Solutions Practice.
OTM 6.1 / GTM Update and Agility China Case Sharing.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
PRESENTATION TITLE Presented by: Xxxx Xxxxx. Providence Health & Services Very large Catholic healthcare system 33 hospitals in AK, CA, MT, OR, WA 65,000.
Customs & Trade Solutions, Inc © Developing A Training Program WESCCON October 16, 2004.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner. Such approvals.
Security. Audit. Compliance. Mark Polino CPA.CITP.CFF, CGMA, Microsoft MVP Dynamics Credentialed Professional Naked and Afraid: Re-implementing.
6/13/2015 Visit the Sponsor tables to enter their end of day raffles. Turn in your completed Event Evaluation form at the end of the day in the Registration.
Security. Audit. Compliance.
Building a Sound Security and Compliance Environment for Dynamics AX Frank Vukovits Dennis Christiansen Fastpath, Inc.
1 S E C U R I T Y W E A V E R Introduction to Security Weaver, Inc. For.
Liz Piteo Native Controls in a Microsoft Dynamics Environment.
SAP GRC(Governance Risk and Compliance)/SECURITY ONLINE TRAINING  Magnific Name : SAP GRC/SECURITY 24*7 Technical support  faculty : Real time Experience.
Emerging Technology Trends – PAIB Focus Lets look at the need first…
Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.
FOR MORE informative DECISIONS
Active Directory Management Software Borna
Jabil Circuit: Monitoring Users with 95% Less Data Review with SAP® Access Violation Management by Greenlight Objectives Monitor segregation-of-duty (SoD)
Approva BizRights P-Card Insight Demo
Naked and Afraid: Re-implementing Dynamics GP Security
ENTERPRISE RISK MANAGEMENT IN THE CASE OF THE FINANCIAL SERVICE SECTOR
Security. Audit. Compliance.
Citrix: Proactively Addressing Enterprise Wide Access Compliance with SAP® Access Violation Management Company Citrix Systems Inc. Headquarters Ft. Lauderdale,
Managing Business Access Conflicts
SAP GRC(Governance Risk and Compliance)/SECURITY ONLINE TRAINING UK
Audit Automation as the Foundation of Continuous Auditing
IS4680 Security Auditing for Compliance
Security. Audit. Compliance
From Design to Cross Application Reporting
SAP Access Violation Management by Greenlight
QAD Enterprise Edition Segregation of Duties
Very Simple SoD & Audit Reporting Oracle ERP Cloud & EBS
OAUG SOX Panel Scott Tang, Project Manager
Full bleed inspiring enterprise image
MDM Enterprise.
Security. Audit. Compliance.
Product Positioning, Partner Resources and recent developments
Enterprise Resource Planning, 1st Edition by Mary Sumner
SERVICENOW GOVERNANCE, RISK, AND COMPLIANCE
SAP GRC EOH GRC Solutions Divisional divider Option 1.
GRC - A Strategic Approach
Presentation transcript:

Continuous Monitoring for Enterprise Applications: Real Needs, Real Solutions. November 22, th Continuous Assurance and Auditing Symposium Newark, NJ

2 About Approva: Background

3 What does Approva do?

4 What is the customer pain?

5 Large Software Manufacturer Pain Point (SAP)  External Audit identified problems with Separation of Duties conflicts, etc.  19,000 composite profiles to manage  Many users had access to sensitive Basis transactions (high risk)  Not responding to user requirements rapidly enough  Business units were not involved in the approval process  Built an internal tool, which is costly to upgrade and maintain ($500k/yr) Who in organization  Head of Internal Audit, Program Manager, SAP Security What Approva can do for them  Prevent unauthorized SOD violations  Automated approval process for role assignments  Rules-based transaction auditing Benefit to Customer  Reduce exposure to risk.  Simplified Role Management  Cross Application Support

6 Large Beverage Manufacturer Pain Point (SAP)  Limited visibility into business transactions and user roles  Multiple “Qualified” Audits  Found that creation of part numbers led to $100M in excess spare parts inventory Who in organization  Head of SAP Application What Approva can do for them  Automated SoD analysis for SAP  Ongoing monitoring of sensitive transactions  Encouraged by our early work Benefit to Customer  Reduce Audit Failures  Monitor for Process Inefficiencies

7 Large Manufacturing Company Pain Point (SAP)  Unable to keep up with access changes for 30,000 users  Need to add 100,000 hourly workers to SAP  Can’t solve with people; staff went from 3 to 12, now adding 5 more  Need SoD analysis  Access management to SAP was a risk issue in last audit Who in organization & How we got there  Manager of Information Risk Management What Approva can do for them  Automated approval process for role assignments  Liked our application focus rather than infrastructure focus  Encouraged by our early work Benefit to Customer  Reduce exposure to risk.  Simplified Role Management

8 Large Retail Company Pain Point (PeopleSoft)  Visibility on sensitive transactions (e.g., violation of insider-trading rules)  Automating provisioning to their applications  Takes 2 weeks to provision a new employee  Understanding user rights within applications Who in organization  Head of Internal Audit, Internal Auditor for IT, Mgr InfoSec. What Approva can do for them  Visibility into who is doing what in PeopleSoft & custom application  Automated approval process for role assignments  Rules-based transaction auditing Benefits to Customer  Reduce risk of fines (for insider trading)  Reduce cost leaks

9 Who needs this?

10 BizRights: How does it work?

11 BizRights: What are the benefits?

12 Q & A