Presentation is loading. Please wait.

Presentation is loading. Please wait.

Continuous Monitoring for Enterprise Applications: Real Needs, Real Solutions. November 22, 2002 5 th Continuous Assurance and Auditing Symposium Newark,

Published byMadison Richard Modified over 8 years ago

Similar presentations

Presentation on theme: "Continuous Monitoring for Enterprise Applications: Real Needs, Real Solutions. November 22, 2002 5 th Continuous Assurance and Auditing Symposium Newark,"— Presentation transcript:

1 Continuous Monitoring for Enterprise Applications: Real Needs, Real Solutions. November 22, 2002 5 th Continuous Assurance and Auditing Symposium Newark, NJ

2 2 About Approva: Background

3 3 What does Approva do?

4 4 What is the customer pain?

5 5 Large Software Manufacturer Pain Point (SAP)  External Audit identified problems with Separation of Duties conflicts, etc.  19,000 composite profiles to manage  Many users had access to sensitive Basis transactions (high risk)  Not responding to user requirements rapidly enough  Business units were not involved in the approval process  Built an internal tool, which is costly to upgrade and maintain ($500k/yr) Who in organization  Head of Internal Audit, Program Manager, SAP Security What Approva can do for them  Prevent unauthorized SOD violations  Automated approval process for role assignments  Rules-based transaction auditing Benefit to Customer  Reduce exposure to risk.  Simplified Role Management  Cross Application Support

6 6 Large Beverage Manufacturer Pain Point (SAP)  Limited visibility into business transactions and user roles  Multiple “Qualified” Audits  Found that creation of part numbers led to $100M in excess spare parts inventory Who in organization  Head of SAP Application What Approva can do for them  Automated SoD analysis for SAP  Ongoing monitoring of sensitive transactions  Encouraged by our early work Benefit to Customer  Reduce Audit Failures  Monitor for Process Inefficiencies

7 7 Large Manufacturing Company Pain Point (SAP)  Unable to keep up with access changes for 30,000 users  Need to add 100,000 hourly workers to SAP  Can’t solve with people; staff went from 3 to 12, now adding 5 more  Need SoD analysis  Access management to SAP was a risk issue in last audit Who in organization & How we got there  Manager of Information Risk Management What Approva can do for them  Automated approval process for role assignments  Liked our application focus rather than infrastructure focus  Encouraged by our early work Benefit to Customer  Reduce exposure to risk.  Simplified Role Management

8 8 Large Retail Company Pain Point (PeopleSoft)  Visibility on sensitive transactions (e.g., violation of insider-trading rules)  Automating provisioning to their applications  Takes 2 weeks to provision a new employee  Understanding user rights within applications Who in organization  Head of Internal Audit, Internal Auditor for IT, Mgr InfoSec. What Approva can do for them  Visibility into who is doing what in PeopleSoft & custom application  Automated approval process for role assignments  Rules-based transaction auditing Benefits to Customer  Reduce risk of fines (for insider trading)  Reduce cost leaks

9 9 Who needs this?

10 10 BizRights: How does it work?

11 11 BizRights: What are the benefits?

12 12 Q & A

Download ppt "Continuous Monitoring for Enterprise Applications: Real Needs, Real Solutions. November 22, 2002 5 th Continuous Assurance and Auditing Symposium Newark,"

Similar presentations

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.

Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.
Leverage InformationTechnology: Turn Risk into Reward ™ Copyright ©. Fulcrum Information Technology, Inc. Top Five Reasons for Automating Application Controls.

Leverage InformationTechnology: Turn Risk into Reward ™ Copyright ©. Fulcrum Information Technology, Inc. Top Five Reasons for Automating Application Controls.
«Knowledge is power». DO YOU KNOW WHAT’S GOING ON IN YOUR COMPANY? LanAgent «Knowledge is power»

«Knowledge is power». DO YOU KNOW WHAT’S GOING ON IN YOUR COMPANY? LanAgent «Knowledge is power»
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
OAUG SOX Panel Krista Ladd Oracle Applications Manager Silicon Image, Inc.

OAUG SOX Panel Krista Ladd Oracle Applications Manager Silicon Image, Inc.
1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.

1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.
Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.

Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.
Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.

Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.
Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.

Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.
SAP An Introduction October 2012.

SAP An Introduction October 2012.
Change Management Chris Colomb Trish Fullmer Jordan Bloodworth Veronica Beichner.

Change Management Chris Colomb Trish Fullmer Jordan Bloodworth Veronica Beichner.
Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
IDENTITY MANAGEMENT: PROTECTING FROM THE INSIDE OUT MICHAEL FORNAL, SECURITY ANALYST PROVIDENCE HEALTH & SERVICES SOURCE SEATTLE CONFERENCE 10.23.13 -10.24.13.

IDENTITY MANAGEMENT: PROTECTING FROM THE INSIDE OUT MICHAEL FORNAL, SECURITY ANALYST PROVIDENCE HEALTH & SERVICES SOURCE SEATTLE CONFERENCE
Integrated Security Solutions © 2006 TK Consulting, LP realtime Confidential March 11, 2007 APM Demo.

Integrated Security Solutions © 2006 TK Consulting, LP realtime Confidential March 11, 2007 APM Demo.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
NASC Presentation – March 2014 An Overview of Pennsylvania’s Internal Controls By: Anna Maria Kiehl, CPA State Comptroller/Chief Accounting Officer Governor’s.

NASC Presentation – March 2014 An Overview of Pennsylvania’s Internal Controls By: Anna Maria Kiehl, CPA State Comptroller/Chief Accounting Officer Governor’s.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Identifying Segregation of Duties Issues in a PeopleSoft Environment

Identifying Segregation of Duties Issues in a PeopleSoft Environment
Segregation of Duties for Infor-Lawson Software 1.

Segregation of Duties for Infor-Lawson Software 1.

Similar presentations

Ads by Google