Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2007 Approva Corporation. All rights reserved. Continuous Monitoring & Audit Taj Chadha Senior Director, Integration Solutions Practice.

Published byCornelius McKinney Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2007 Approva Corporation. All rights reserved. Continuous Monitoring & Audit Taj Chadha Senior Director, Integration Solutions Practice."— Presentation transcript:

1 © 2007 Approva Corporation. All rights reserved. Continuous Monitoring & Audit Taj Chadha Senior Director, Integration Solutions Practice

2 © 2007 Approva Corporation. All rights reserved. 2 Introduction Business Controls Challenge Controls Solution Real World Examples Q & A Agenda

3 © 2007 Approva Corporation. All rights reserved. 3 About Approva Approva provides continuous monitoring and audit software that enables finance, business, IT and audit to automate and strengthen business controls. On-Demand Controls Testing Preventativ e Controls Preventativ e Controls Exception Based Reporting Exception Based Reporting On-Demand Testing Closed-Loop Remediation Preventive Controls Continuous, Exception- Based Monitoring

4 © 2007 Approva Corporation. All rights reserved. 4 Selected Approva Customers Manufacturing, Transportation & Public Sector Technology, Telecom & Media Consumer Products & Retail Pharmaceutical & Biotech Energy & Chemicals

5 © 2007 Approva Corporation. All rights reserved. 5 The Business Controls Challenge

6 © 2007 Approva Corporation. All rights reserved. 6 Approva’s Controls Monitoring & Audit Solution

7 © 2007 Approva Corporation. All rights reserved. 7 Approva’s Controls Monitoring & Audit Solution

8 © 2007 Approva Corporation. All rights reserved. 8 The Siemens Experience Moving from Manual to Automated Controls Monitoring

9 © 2007 Approva Corporation. All rights reserved. 9  Identify and resolve segregation of duties (SoD) violations across all 3 SAP instances  Empower business users to identify role violations and take corrective action  Implement a complaint provisioning process to prevent new SoD violations  Standardize the design and testing of business controls across all 18 subsidiaries Siemens PG’s CFO gave a 12-month deadline to identify & remediate all SOD violations User Access Challenges

10 © 2007 Approva Corporation. All rights reserved. 10  Siemens decided that automation was the only way to address SoD challenges  Approva identified 32,000 SoD violations  Approva’s out-of-the-box rules enabled business users to analyze and remediate violations By automating controls monitoring Siemens was able to eliminate all SoD violations within 10 weeks! Overcoming SoD Challenges

11 © 2007 Approva Corporation. All rights reserved. 11  Significantly reduced audit preparation time  Eliminated 3,000 segregation of duties (SoD) violations in 4 months  Automation helped not just identify but also remediate user violations faster  Respond to auditors’ request faster than before (takes four days now versus two months earlier) Key Benefits of SoD & Preventive Controls

12 © 2007 Approva Corporation. All rights reserved. 12 Siemens Power Gen Siemens AG Siemens North America Siemens internal audit groups standardizing Approva rules for consistent audits Siemens corporate information office has selected Approva as a global governance standard Auditors can access most required controls information remotely KPMG has also licensed Approva to conduct audits “Last year only 2 auditors came to visit and the meetings lasted less than an hour!” Controller, Siemens PowerGen Source: Siemens Study, ASUG/Sapphire, Atlanta, March 2007 Siemens Energy & Automation Moving Towards Corporate-Wide Controls Auditing

13 © 2007 Approva Corporation. All rights reserved. 13 Limited Brands Monitoring Controls Across 20+ Applications

14 © 2007 Approva Corporation. All rights reserved. 14 Brand 1 Brand 1 Brand 2 Brand 2 Brand 3 Brand 3 Brand 4 Brand 4 Brand 5 Brand 5 Limited Brands IT Environment Applications

15 © 2007 Approva Corporation. All rights reserved. 15 Key Business Challenges Identify & remediate segregation of duties (SoD) violations across 26 apps. Identify Information Owners and hold accountable for SoD violations. Meet aggressive (3 month) deadline for SOX 404 management’s assertion Transition applications to new SAP instance. Continue to manage components of legacy applications that remain in place. Create the capability to quickly add new applications as business needs change.

16 © 2007 Approva Corporation. All rights reserved. 16 SOX Compliance & Sustainability SQL Database Crystal Reports App #10 App #11 App #12 App #13 App #14 App #15 App #17 App #16 App #1 App #2 App #3 App #4 App #5 App #6 App #8 App #9 App #7  Flat files mapped roles & users to common format and stored in SQL database  Crystal Reports produced output to Excel  Weekly process required 2-3 hours  Manage false positives Microsoft Excel LBI Conflict Matrix  Defined high level categories of financial functionality within LBI  Defined Matrix of conflicting duties for high level categories  Mapped legacy application functionality to LBI high level categories

17 © 2007 Approva Corporation. All rights reserved. 17 Data Flow Between Applications, SQL & Approva SQL Database App #7 App #9 App #10 App #11 App #12 App #13 App #15 App #14 App #1 App #2 App #3 App #5 App #6 App #4 Unique User ID DB CBEU Adapters Integration With Project Insight Implemented Approva rule set. Integrated LBI legacy conflict matrix & Approva rule set. Developed custom Approva BEU adapters for LBI legacy applications Developed custom SQL database to create a common ID for an individual’s disparate IDs across applications

18 © 2007 Approva Corporation. All rights reserved. 18 Extended controls monitoring to include new SAP modules and non-SAP applications App #17 App #17 IBM Data Stage ETL Tool SQL Database App #7 App #9 App #10 App #11 App #12 App #13 App #15 App #14 App #1 App #2 App #3 App #5 App #6 App #4 Unique User ID DB CBEU Adapters App #16 App #18 App #18 BEU Adapters Created Repeatable Process

19 © 2007 Approva Corporation. All rights reserved. 19 Honeywell Going beyond SoD to General Computing Controls

20 © 2007 Approva Corporation. All rights reserved. 20 Many Internal & External Challenges Audit Outsourcing App Security Physical Security Customization Segregation of Duty (SOD) BASIS Monitoring Excessive Access Hand-off Integrity Partner security/nationality compliance Validation Backdoors Secure SDLC Third Party Integration DR/BCP Global DC Design Instance Integrity Customized roles and T-codes Aero Security Challenges

21 © 2007 Approva Corporation. All rights reserved. 21 Compliance with government laws, Honeywell policies and customer contractual requirements Secure technical data from foreign nationals Control the shipment of licensable products Policies and procedures Internal controls Prevent or detect employees from perpetrating and concealing actions which could damage the firm’s financial standing or reputation US citizen Operational security requirements Need-To-Know Not entered into SAP ITAR Business reqs Sarbanes-Oxley Customer reqs Classified data Beyond SOX Compliance

22 © 2007 Approva Corporation. All rights reserved. 22  Monitor system settings and flags, log file settings, and other key elements to quickly identify high-risk IT settings  Enforce security & password policy, analyze system parameters (including those from SAP’s RSPARAM report) to monitor critical security policies, such as password length and expirations  Monitor and report on changes to SAP clients, including transport landscapes, transport destinations and program change history. Managers can be alerted when transports occurs outside of normal windows, such as one-off or repetitive role changes General Computing Controls Monitoring

23 © 2007 Approva Corporation. All rights reserved. 23 High-level violation trend ~1106 user violations as of 10/03 ~3600 user violations as of 9/27

24 © 2007 Approva Corporation. All rights reserved. 24 Success Story “Under the Hood at Honeywell” Business Finance Magazine, Oct 2007 boost its productivity by 20 percent. “We've greatly reduced the amount of time we spend on manual work, reallocated our people to other activities, such as developing security around our new business intelligence modules," says Lish, who estimates that the new compliance monitoring processes and technology have helped his team boost its productivity by 20 percent. reduced his consultant spend by $200,000 Lish has also reduced his function's reliance on outside consultants now that his staffers spend less time on manual compliance monitoring and analysis. Through August, Lish had reduced his consultant spend by $200,000 compared to the same period in 2006.”

Download ppt "© 2007 Approva Corporation. All rights reserved. Continuous Monitoring & Audit Taj Chadha Senior Director, Integration Solutions Practice."

Similar presentations

Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services 704-814-0004.

Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services
Chapter 15: Packaged Software and Enterprise Resource Planning

Chapter 15: Packaged Software and Enterprise Resource Planning
SUNFIX Consulting Co., Ltd The Partner sign of success. Company Profile channel partner :

SUNFIX Consulting Co., Ltd The Partner sign of success. Company Profile channel partner :
Www.tectia.com COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
The Islamic University of Gaza

The Islamic University of Gaza
Sarbanes-Oxley Compliance Process Automation

Sarbanes-Oxley Compliance Process Automation
…optimise your IT investments Spreadsheet Management Maturity Model Philip Howard Research Director – Bloor Research.

…optimise your IT investments Spreadsheet Management Maturity Model Philip Howard Research Director – Bloor Research.
Information Risk Management in the Audit Chapter 9 Presented by Dee Dee Owens, Senior Manager KPMG LLP KPMG LLP.

Information Risk Management in the Audit Chapter 9 Presented by Dee Dee Owens, Senior Manager KPMG LLP KPMG LLP.
1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.

1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.
Rick Killpack Senior Product Manager Identity and Security Novell, Inc. sample for a picture in the title slide SAP and Novell: Extending IT Governance.

Rick Killpack Senior Product Manager Identity and Security Novell, Inc. sample for a picture in the title slide SAP and Novell: Extending IT Governance.
1 © Copyright 2008 EMC Corporation. All rights reserved. Litigation Response Planning: eDiscovery Best Practices Stephen O’Leary Sr. eDiscovery and Compliance.

1 © Copyright 2008 EMC Corporation. All rights reserved. Litigation Response Planning: eDiscovery Best Practices Stephen O’Leary Sr. eDiscovery and Compliance.
Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.

Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.
One Firm. One Team. Countless Opportunities. Baruch College Come out to network and learn more about a career with KPMG that is far beyond coding !

One Firm. One Team. Countless Opportunities. Baruch College Come out to network and learn more about a career with KPMG that is far beyond coding !
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 11 - 1 The Impact of Information Technology on the Audit.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Impact of Information Technology on the Audit.
Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

Euseden INTERNAL AUDIT & ASSURANCE SERVICES.
ENVIRONMENTAL DATA MANAGEMENT & SHALE GAS PROGRAMS INTERNATIONAL PETROLEUM ENVIRONMENTAL CONFERENCE NOVEMBER 14, 2013.

ENVIRONMENTAL DATA MANAGEMENT & SHALE GAS PROGRAMS INTERNATIONAL PETROLEUM ENVIRONMENTAL CONFERENCE NOVEMBER 14, 2013.
Continuous Monitoring as a tool for Fraud Detection Anton Bouwer CQS Technology Holdings

Continuous Monitoring as a tool for Fraud Detection Anton Bouwer CQS Technology Holdings
Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
ACL Solutions for Continuous Auditing and Monitoring John Verver CA, CISA, CMC Vice President, Professional Services & Product Strategy ACL Services Ltd.

ACL Solutions for Continuous Auditing and Monitoring John Verver CA, CISA, CMC Vice President, Professional Services & Product Strategy ACL Services Ltd.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Similar presentations

Ads by Google