Casa engl

845 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
845
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Casa engl

  1. 1. Check Aud ® for SAP ® Systems IBS Portfolio CheckAud ® Objective Target groups Functions Analysis tree SoD Matrix References Ask us about our Demo version !
  2. 2. <ul><li>CheckAud works to ensure </li></ul><ul><li>efficient system audits, leaving time for your own innovative work efforts. </li></ul><ul><li>Authorization audits are complete and comprehensive – random sampling does not provide sufficient results! </li></ul><ul><li>Audits are not limited to superficial methods. Our know-how and manuals provide you with the scope necessary in a system audit. </li></ul><ul><li>An internal control system for SAP ® authorizations can be implemented with minimal effort. </li></ul>Check Aud ® for SAP ® Systems IBS Portfolio CheckAud ®  Objective Target groups Functions Analysis tree SoD Matrix References
  3. 3. Authorization Chaos? Check Aud ® Cleans it Up Revision – Does the SAP® System confrom to the requirements in regulation compliance? Administration – Audit before your auditor arrives! Departments – The data, or process owner supervises their own data, achieving transparency at a glance! Data protection – Is personal data sufficiently protected? Auditor – The year-end closing. IBS Portfolio CheckAud ® Objective  Target groups Functions Analysis tree SoD Matrix References
  4. 4. <ul><li>Offers support in </li></ul><ul><li>the audit of all authorizations in the SAP ® systems </li></ul><ul><li>implementation, construction and examination of your internal control system </li></ul><ul><li>adherence to the guidelines of the Sarbanes-Oxley Act and the legal requirements of the authorization concept </li></ul><ul><li>documentation of the authorization concept </li></ul><ul><li>observance of the data protection guidelines </li></ul>Check Aud ® for SAP ® Systems IBS Portfolio CheckAud ® Objective Target groups  Functions Analysis tree SoD Matrix References
  5. 5. Functions in Overview <ul><li>Authorization audit </li></ul><ul><ul><li>via segregation of duties matrix </li></ul></ul><ul><ul><li>via CheckAud ® analysis tree </li></ul></ul><ul><ul><li>For all SAP ® systems, including BIW </li></ul></ul><ul><ul><li>Cross-system / -client </li></ul></ul><ul><li>System audit </li></ul><ul><ul><li>Evaluations of the data dictionary </li></ul></ul><ul><ul><li>Supervision of the system parameters </li></ul></ul><ul><ul><li>User evaluations </li></ul></ul><ul><ul><li>ABAP source code analysis </li></ul></ul><ul><li>Reporting </li></ul><ul><ul><li>Know-how shared through integrated audit tips </li></ul></ul><ul><ul><li>Comprehensive reporting of all analyses </li></ul></ul><ul><ul><li>Standard reports </li></ul></ul>IBS Portfolio CheckAud ® Objective Target groups  Functions Analysis tree SoD Matrix References
  6. 6. The Analysis Tree <ul><li>The audit plan for each SAP ® Modul </li></ul><ul><li>Audit information for each audit item, based on 30 years worth of know-how at IBS Schreiber </li></ul><ul><li>Over 2,000 pre-defined critical authorizations </li></ul><ul><li>Fully expandable and customizable </li></ul>IBS Portfolio CheckAud ® Objective Target groups Functions  Analysis tree SoD Matrix References
  7. 7. The Segregation of Duties Matrix IBS Portfolio CheckAud ® Objective Target groups Functions Analysis tree  SoD Matrix References Number of risks Double click for details…
  8. 8. Critical Authorizations <ul><li>Combination of SAP ® authorization objects </li></ul><ul><li>Detailed as far as the field values </li></ul><ul><li>AND / OR – connections possible </li></ul><ul><li>Audit looks for users, who have been assigned these rights </li></ul>Functions  Authorizations Critical processes SoD Matrix BIW Audit User Analysis Simulation Automation References
  9. 9. Critical Authorizations For each user who is discovered to have authorization, the following details will be displayed: Functions  Authorizations Critical processes SoD Matrix BIW Audit User analysis Simulation Automation References <ul><li>Application authorizations </li></ul><ul><li>Transaction authorizations </li></ul><ul><li>Assigned field values </li></ul><ul><li>Origin of rights </li></ul>
  10. 10. Critical Authorizations <ul><li>Unlimited number of AND / OR combinations possible in a query </li></ul><ul><li>There are around 2,000 predefined authorizations available in the standard version </li></ul><ul><li>Ca. 35,000 department-specific queries contained in multiple analysis trees in the delivery contents </li></ul><ul><li>All authorizations can be expanded to fit your own definitions </li></ul>We would be glad to provide you with a demo version or to present the system to you live! Functions  Authorizations Critical processes SoD Matrix BIW Audit User analysis Simulation Automation References
  11. 11. Critical Business Operations Who can maintain vendors, create invoices / credit memos and start the payment run?  With one click, you will see the authorized users and the source of their rights. A traffic symbol indicates wheter the audit result has been deemed critical. Functions Critical Authorizations  Critical Processes SoD Matrix BIW Audit User Analysis Simulation Automation References
  12. 12. Segregation of Duties Has there been a violation of the segregation of duties? Functions Critical Authorizations Critical Processes  SoD Matrix BIW Audit User Analysis Simulation Automation References Attribute of a risk -risk -risk group -risk description -compensating controls -description of the control -responsible persons
  13. 13. BIW-specific Authorizations <ul><li>Evaluation of the SAP ® BIW-specific Authorizations </li></ul><ul><li>The authorizations of the Business Information Warehouse </li></ul><ul><li>are displayed in their entirety with the authorization evaluations, among other attributes, such as: </li></ul><ul><li>access options for users, for instance, with roles to info areas / info providers / queries </li></ul><ul><li>the assignment of own authorization objects to the info providers is evaluated automatically </li></ul>Functions Critical Authorizations Critical Processes SoD Matrix  BIW Audit User Analysis Simulation Automation References
  14. 14. Rights per User Which transactions can Ms. Teiler execute? Functions Critical Authorization Critical Processes SoD Matrix BIW Audit  User Analysis Simulation Automation References
  15. 15. Simulation of Modifications Will the changes made to authorizations lead to a desired result? Following the simulated deletion of a role, Ms. Teiler has only 5 of her original 44 authorizations. Functions Critical Authorizations Critical Processes SoD Matrix BIW Audit User Analysis  Simulation Automation References
  16. 16. Fully-automated Report 1 A scheduler completes the analyses regularly and on its own. Functions Critical Authorizations Critical Processes SoD Matrix BIW Audit User Analysis Simulation  Automation References Check Aud ® Scan Ins Aud 1 Check Aud ® CheckScan SAP - Scheduler 1 SAP 1 Time & Rotation Output Format Reports SAP System & Logon Report n Report 2 Analysis Trees
  17. 17. Follow Up Audit – Delta CheckAud ® RoadMap 2010  Follow Up Matrix Export Export Assistant Data Protection 2011 et seq . CheckScan Assistant JAVA Authorizations LDAP Authorizations Database Security References Which changes have been made since the most recent audit?
  18. 18. Matrix Export <ul><li>Broad view display </li></ul><ul><li>User vs. function </li></ul><ul><li>Ideal as a report for heads of department! </li></ul>CheckAud ® RoadMap 2010 Follow Up Audits  Matrix Export Export Assistant Data Protection 2011 et seq . CheckScan Assistant JAVA Authorizations LDAP Authorizations Database Security References
  19. 19. Export Assistant <ul><li>Exchange of the report components </li></ul><ul><li>More flexibility in designing the exports </li></ul><ul><li>Complete exports also based on the entire audit </li></ul>CheckAud ® RoadMap 2010 Follow Up Audits Matrix Export  Export Assistant Dataprotection 2011 et seq . CheckScan Assistant JAVA Authorizations LDAP Authorizations Database Security References
  20. 20. <ul><li>Required retention periods for personnel data </li></ul><ul><li>A report shows whether the P data was deleted after the required period of time has passed. </li></ul><ul><li>Pseudonymization of user data </li></ul><ul><li>The P-data in CheckAud ® for SAP ® Systems can be assigned with an alias. </li></ul>Advancements in Data Protection CheckAud ® RoadMap 2010 Follow Up Audits Matrix Export Export Assistant  Data Security 2011 et seq . CheckScan Assistant JAVA Authorizations LDAP Authorizations Database Security References
  21. 21. Assistant for CheckScanSAP <ul><li>Simplification of automated scans and evaluations </li></ul><ul><li>Scans are executed step-by-step through the configuration </li></ul><ul><li>All options for automation are displayed </li></ul><ul><li>Planning individual and multiple scans </li></ul>CheckAud ® RoadMap 2010 Follow Up Audits Matrix Export Export Assistant Data Protection 2011 et seq .  Scan Assistant JAVA Authorizations LDAP Authorizations Database Security References
  22. 22. UME / LDAP Evaluations <ul><li>Readout of the Portal Content Directory : </li></ul><ul><ul><li>Readout and display in the tree structure </li></ul></ul><ul><ul><li>Rights evaluation (SAP ® ABAP stack) in combination with PCD / UME </li></ul></ul><ul><ul><li>LDAP Evaluation </li></ul></ul><ul><ul><li>Evaluation of rights (LDAP; e.g. Windows ® ADS) in combination with PCD / UME </li></ul></ul>CheckAud ® RoadMap 2010 Follow Up Audits Matrix Export Export Assistant Data Protection 2011 et seq . CheckScan Assistant  JAVA Authorizations LDAP Authorizations Database Security References
  23. 23. Database Security <ul><li>Further advancements for the evaluation of: </li></ul><ul><li>UNIX authorizations </li></ul><ul><li>Oracle authorizations </li></ul><ul><li>Cnostructing Queries, such as: </li></ul><ul><li>Who has access to the data of an SAP ® HCM by way of the ABAP stack, the portal, the database or the operating system? </li></ul><ul><li>Who has access rights, by means of an SAP ® portal, to certaion Windows ® directories? </li></ul>CheckAud ® RoadMap 2010 Follow Up Audits Matrix Export Export Assistant Data Protection 2011 et seq . CheckScan Assistant JAVA Authorizations LDAP Authorizations  Database Security References
  24. 24. CheckAud ® RoadMap 2010 Follow Up Audits Matrix Export Export Assistant Data Protection 2011 et seq . CheckScan Assistant JAVA Authorizations LDAP Authorizations Database Security  References Some of our well-known customers.
  25. 25. Contact <ul><li>IBS Schreiber GmbH Zirkusweg 1 20359 Hamburg </li></ul><ul><li> +49 (0) 40 / 69 69 85-42  +49 (0) 40 / 69 69 85-31 </li></ul><ul><li>www.checkaud.de </li></ul>

×