XsXprt, a User Access Compliance and License Management tool for SAP

Private & Confidential.

Product Overview

EW Consultants Private Limited. Private & Confidential.

Contents

2

❯ Challenges with User Access in SAP ERP System X

❯ Need for Automated Access Controls tools X

❯ About Us X

❯ Our Team X

❯ About XsXprt X

❯ Product Overview X

❯ Key Features X

❯ Value Added Features X

❯ Value Delivered X

❯ Annexures X

Challenges with User Access in SAP ERP System

EW Consultants Private Limited. Private & Confidential. 4

Challenges with User Access in SAP ERP System

❯ Difficulty in identifying who (users) has what (access)?

❯ How to provide assurance to the auditors that user access controls are in place?

❯ SUIM report unable to provide holistic view of the segregation of duties (SOD) conflicts?

❯ How to ensure the security of data and prevent fraud from happening in SAP?

❯ How to ensure that users are getting authorizations based on their roles & responsibilities?

❯ How to check the addition or modification in authorizations will not lead to SOD Conflicts?

❯ Difficulty in managing access change requests and getting appropriate approvals for them?

❯ Are user licenses efficiently managed to save the company from paying penalties due to SAP EULA violations?

❯ SAP Administration team wasting productive time and effort in building reports every month/quarter

Need for Automated Access Controls tools


2013 Sarbanes-Oxley Compliance Survey, conducted by Protiviti:

6

Need for Automated Access Controls tools

‘Are You Doing Enough to Prevent Access Risk and Fraud?’ A study on SAP Customers conducted by insiderPROFILES


There are more than one reason that requires Managements of small, medium and large organizations to look for

automation of user access controls. Below are some of the compliances, beside statutory audits, which requires

assessment of user access controls on a periodic basis:

❯ Section 177(4)(vii) and 143(3)(i) of the Indian Companies Act 2013

❯ Sarbanes Oxley (SOX)

❯ J-SOX

❯ HIPAA

❯ PCI

❯ GLBA

❯ ISO 9004:2009

❯ ISO 19011:2011

❯ SSAE 16

❯ GS007

SAP ECC is the leading ERP system in the world with over 253,500* customers worldwide. It is a very complex

application security design that requires a specialized skill set and tool to assess the strength and weaknesses of user

access and the grass root level.

7

Compliances impacting User Access Controls

Disclaimer:

* Facts and Figures obtained from SAP.com

** SAP, R/3, mySAP, NetWeaver and ABAP are legal trademarks of the SAP AG, Walldorf.

About Us


EW Consultants Pvt. Ltd.

We offer a wide range of services in four major domains i.e. People, Process, ERP Systems and IT Infrastructure. Our service offerings are

classified into Risk Advisory, Consulting, Business Solutions and Training. Our Business Solutions division focuses on developing enterprise

applications.

We have a team of dedicated, experienced and highly qualified advisory professionals who have worked for ‘Fortune 500’ clients across

countries including US, UK, Europe, APAC, UAE and India. Our team comprises of CA, MBA, CISA, ISO 9000 Auditor, Engineers and SAP

Certified professionals. Our team comes from diverse Big4 backgrounds, bringing extensive delivery and project management experience

for rendering risk advisory services. Along with SAP ECC system, our team has hand-on experiences working on leading audit tools such as

SAP GRC Access Controls, Approva Bizright Access Controls, etc.

We are supported by our team of domains experts and business partners bringing combined experience of over 500 man-years, to help us

deliver best of our services. We are also fortunate in receiving guidance from our advisory board, a team of senior management executives

such as CFO's, CIO's from various industries in India and globally.

9

About Us

Risk Advisory

Consulting

Business Solutions

Training


About Us

IT Infrastructure

ERP System

Process

People

We provide One-stop

solution for all your

business needs…

Our Capabilities

Our Team


Our Team – Gourav Ladha

About XsXprt


XsXprtTM

, is an user access and compliance management tool designed to work with SAP ERP system. It acts as a

decision support system that will allow you to timely identify and fix user access violations. XsXprt is designed to

manage various internal and external compliances.

It provides deeper insight of user access through its comprehensive reports and simulators. XsXprt bring to you the

leading industry control practices, through the vast experience our experts from diversified sectors.

Primary objectives:

❯ Identification of Segregation of Duties (SOD) violations and access to sensitive business functions

❯ Providing assurance to auditors on user access controls

❯ Building strong internal controls to prevent unauthorized access

❯ Actively monitoring usage of licenses and health check of users access

❯ Reducing cost of compliance and preparing for compliance audits such as SOX

Leveraging our years of global experience in SAP Risk Advisory, focused on User access risk management and

Segregation of duties controls, we bring to you an advanced automated solution for smartly managing user access

controls in SAP.

14

Product Overview


❯ Risk Management

❯ Quickly identify access risk such as super user access and SOD violations that may lead to do fraud or misreporting

❯ Compliance reporting

❯ Adhere to the current and future compliance requirements of the regulatory bodies, using our comprehensive reports

❯ Auditor Assurance

❯ Provide assurance to your internal and external auditors by providing real-time audit data per their requirements

❯ Business specific rules and matrices

❯ Design your own custom rule books from our huge repository of SOD rules and assess the state of your user access

❯ User access provisioning

❯ Be proactive and check possible ‘what-if’ violation scenarios using our dynamic simulators before assigning new authorizations

❯ License cost management

❯ Take control of your SAP user license utilizations to manage license cost and SAP license audits

15

Key Features


❯ Rule enhancement

❯ Our innovation to automatically manage rules in the rulebooks with dynamically changing user access

❯ Dynamic workflow

❯ A comprehensive and customizable workflow with high security and email alerts to ensure approval process can be automated

❯ Statistical measures

❯ Statistically computed risk scores to help categorize the users in to groups per their risk levels

❯ Infographic dashboard

❯ Infographic view of the user access issues to provide a bird-eye view for the management to devise an action plan

❯ In-memory processing

❯ Built with in-memory capabilities to provide you faster processing and scalability (tested on data of 9000+ users)

❯ User-friendly design

❯ Interface designed to provide user comfort for any technical / functional user to work with ease

16

Value Added Features


Administrator:

❯ In-built rule-set repository to assist in evaluation of gaps

❯ Reduction in effort for managing user access and change request

❯ Get real-time state of user access and violations using smart reports

❯ High speed in-memory data processing to save time and optimized resource utilization

❯ SAP Certified Integration to ensure safety of data

Management:

❯ Infographic dashboard and variety of reports to provide a bird-eye view of access to SAP

❯ Audit and compliance readiness

❯ Reduction in cost of compliance

❯ No need to spend on expensive IT infrastructure and implementation projects

❯ Improved assurance on user access controls

Process Owners:

❯ Simplified process for requesting and reviewing access

❯ Take ownership of user access based on defined roles & responsibilities

Auditors:

❯ Quick and accurate assessment of gaps using detailed reports

❯ Increased reliability on audit data as compared to traditional methods

17

Value Delivered

Annexure


Background:

HDFC Standard Life Insurance Company Limited (HDFC Life) is one

of the leading private life insurance companies in India. HDFC Life

implemented SAP in December 2009 with over 1700 users.

Challenges:

Since the implementation of SAP at HDFC Life, they were facing

challenges in managing their user access based on their roles and

responsibilities:

❯ Continuously changing access requirements of the

business users

❯ Extensive employee movements new joiners, transfers,

terminations, etc.

❯ Managing change request w.r.t. 2000+ roles assigned to

1700+ users, in SAP

❯ Difficulty in maintaining segregation of duties and access

to sensitive business transactions

❯ Pressure from management and external auditors to

ensure user access compliance and many more….

Solution:

❯ Identifying gaps

❯ Suggesting solution for remediation

❯ Redesigning existing roles

❯ Realigning user access provisioning process

19

Case Study

Result of the exercise:

As a result of the project, their were visible improvements in the

user access and process also got streamlined. However, managing

this process manually was still a challenge.

User access optimization exercise was able to provide them

immediate resolution of issues, however managing user access in

a long run required more then spreadsheets. To manage this

activity on a continuous basis they required an automated

solution. A tool that can help them perform preventive checks

before granting access to users, based on this new SOD matrix.

Implementation of XsXprt:

Considering this challenge, we suggested them to leverage our

user access and compliance management tool - ‘XsXprt’.

XsXprt is an advanced tool capable of performing both what-if

simulations and providing conflict reports within the SAP user

access. It provides deeper insight of user access on a near real-

time basis. It can help identify and remediate gaps affecting user

access in SAP.

How XsXprt helped:

❯ Reducing their overall time and effort in managing access

❯ Enabling daily check for possible SOD conflicts

❯ Acting on issues related to user access, licensing and

overall health-check, using detailed report

❯ High speed data processing and silent data extraction

using seamless integration with SAP


Software:

❯ Operating System: Windows Server 2008 onwards

❯ Database: Microsoft SQL Server 2008 R2 onwards

❯ IIS: Version 7.0 onwards

❯ ASP.Net Framework: version 4.0 onwards

❯ Xtract IS

Hardware:

❯ Storage: 40-50 GB

❯ Memory: 6-8 GB RAM

Deployment:

❯ Time required: 2-3 days

❯ Custom Rule-set development: 12-15 days (optional)

20

Application Perquisites


XsXprt - Preview

Thank You.

Gourav Ladha

MBA, SAP Certified

Director

Mobile : +91-971-295-2955

Email: [email protected]

www.ewcindia.co.in +91-79-65444107

G-402, Titanium City Centre, Anand Nagar 100 Feet Road, Satellite, Ahmedabad - 380015

EW Consultants Private Limited