Continuous Monitoring for Enterprise Applications:

Real Needs, Real Solutions.November 22, 2002

5th Continuous Assurance and Auditing Symposium

Newark, NJ

2

About Approva: Background

3

What does Approva do?

4

What is the customer pain?

5

Large Software Manufacturer

• Pain Point (SAP) External Audit identified problems with Separation of Duties conflicts, etc. 19,000 composite profiles to manage Many users had access to sensitive Basis transactions (high risk) Not responding to user requirements rapidly enough Business units were not involved in the approval process Built an internal tool, which is costly to upgrade and maintain ($500k/yr)

• Who in organization Head of Internal Audit, Program Manager, SAP Security

• What Approva can do for them Prevent unauthorized SOD violations Automated approval process for role assignments Rules-based transaction auditing

• Benefit to Customer Reduce exposure to risk. Simplified Role Management Cross Application Support

6

Large Beverage Manufacturer

• Pain Point (SAP) Limited visibility into business transactions and user roles Multiple “Qualified” Audits Found that creation of part numbers led to $100M in excess spare

parts inventory

• Who in organization Head of SAP Application

• What Approva can do for them Automated SoD analysis for SAP Ongoing monitoring of sensitive transactions Encouraged by our early work

• Benefit to Customer Reduce Audit Failures Monitor for Process Inefficiencies

7

Large Manufacturing Company

• Pain Point (SAP) Unable to keep up with access changes for 30,000 users Need to add 100,000 hourly workers to SAP Can’t solve with people; staff went from 3 to 12, now adding 5 more Need SoD analysis Access management to SAP was a risk issue in last audit

• Who in organization & How we got there Manager of Information Risk Management

• What Approva can do for them Automated approval process for role assignments Liked our application focus rather than infrastructure focus Encouraged by our early work

• Benefit to Customer Reduce exposure to risk. Simplified Role Management

8

Large Retail Company

• Pain Point (PeopleSoft) Visibility on sensitive transactions (e.g., violation of insider-trading

rules) Automating provisioning to their applications Takes 2 weeks to provision a new employee Understanding user rights within applications

• Who in organization Head of Internal Audit, Internal Auditor for IT, Mgr InfoSec.

• What Approva can do for them Visibility into who is doing what in PeopleSoft & custom application Automated approval process for role assignments Rules-based transaction auditing

• Benefits to Customer Reduce risk of fines (for insider trading)

Reduce cost leaks

9

Who needs this?

10

BizRights: How does it work?

11

BizRights: What are the benefits?

12

Q & A