New Features

While we retained the trusted features that are so well-known by the wide CSI Authorization Auditor user base, the newly built interface of CSI AA 2016 makes running SAP Security processes simple and convenient.

These new features of CSI Authorization Auditor 2016 will help you get:

• Faster results, even with larger data. SAP systems keep getting bigger. CSI AA 2016 can handle large data sets and is faster in analyzing the data. The .Net architecture of CSI Authorization Auditor 2016, doesn't only render data at high speed, it also eliminates the 2GB database restriction that was known as platform memory limitations.
• Easier performance of tasks, so less training is needed. A sequence of dialog boxes leads the user through a series of well-defined steps (wizard). Tasks that are infrequently performed are easier to perform using the wizard. CSI AA 2016 supports reporting the right results in the fastest way. Because of the use of the new interface and wizards, users are guided through the application with additional information on the screen, which reduces training effort enormously.
• Receive messages automatically. Messages can be distributed according the RACI matrix. Implement the organizations’ responsibility assignment matrix to automate the security task messages. People are informed automatically when they need to perform a task in the security process.
• Speed up the reporting process. Work simultaneously with multiple users on the same data to see the results, no more manual report distribution.
• Flexible reporting. CSI AA 2016 comes with a large number of useful reports and dashboards. Is the report or dashboard not fitting the business requirements? Customization is also possible, which enables you to make your own reports. End-users can define their own grouping of all data shown on screen and every view can be exported to different formats like .xlsx, .xml, .pdf and .accdb.
• Be able to reproduce audit reports all the time. CSI AA 2016 uses two databases; an application database and an archive database. All original SAP data, as well as all the audit results, are saved in the archive. The advantages are enormous. Previous audit result are immediately available if necessary, the audit results can be compared in detail with previous audit results and new audit roles and requirements can be checked against old downloads. Trending dashboards that show the evolution over (a) certain period(s) can be produced within seconds.
• More effective security process. New reports and dashboards make it possible to compare the audit results. See if your security results are improving.
• Get compliant. With the use of role information and statistical data from your SAP system you can analyze the correctness of your role assignments. CSI 2016 also gives a clear view if access rights are accumulating in the security concept. This information can be used to clean up your authorization concept to get in compliance.
• Gain insight into inconsistencies. All analyses are done separately on authorization level and transaction code level, including executed information. The differences between these results give authorization managers an immediate insight into inconsistencies in the SAP roles and/or audit rules and/or in the access governance process.
• Causing information is available. All audit reports have the full causing information available within insight how these access rights are assigned to users. An indication is given on every level if the user needs the role.
• Speed up documenting the security process: Documenting the security process can take a long time. With CSI AA 2016 you can simultaneously implement and document the business process with risks and controls step by step. Add any information about the security process to CSI AA 2016 and make changes on the fly. Use CSI AA 2016 to quicky document the security process.
• Information available at your fingertips. Useful user information can now be found in CSI AA 2016. Always wanted to know which roles are assigned to the user, which transactions a user can (and did) execute (even if the transactions are already removed) and which authorizations is assigned to the user in his user buffer? All this, and more information is available.
• Reduce time, automate your controls. SAP table values can be checked automatically against pre-defined values. Reduce your monitoring time with automated monitoring.
• Prove that you are compliant. All the compliance data (like test evidence, compensating controls, business model, etc.) is stored in CSI AA 2016. With all the information in one place, you can easily prove you are compliant.
• Save on SAP license costs. Are you paying too much for SAP licenses? Reduce expensive license costs and pay only for the licenses and authorizations you really need. CSI AA 2016 gives a clear overview of all your SAP licenses.
• Control changes. CSI AA 2016 logs all changes made to the rule sets. Control the changes.

Gains

Information available at your fingertips. On user level all information available:

• all indirect roles assigned,
• user buffer details,
• all transaction codes a user can execute,
• all transaction codes executed by the user in the past (even if the user no longer has access).
• Flexible reporting. The end-user can define its own grouping of all data shown on the screen and every grid can be exported to .xlsx, .xml, .pdf, .accdb.
• Causing information is available. All audit reports have the full causing information available with insight into how these access rights are assigned to users. On every level an indication is given if the user needs the role.
• Less training needed. A new interface and wizards guide users through the application. Additional information is given on-screen which reduces training effort enormously.
• Be able to reproduce audit reports at all time. CSI AA uses two databases; an application database and an archive database. All original SAP data as well as all the audit results are saved in the archive. The advantages are enormous. Previous audit result are immediately available if necessary, the audit results can be compared in detail with previous audit results and new audit roles and requirements can be checked against old downloads. Trending dashboards that show the evolution over (a) period(s) can be produced within seconds.
• Gian insight into inconsistencies. All analyses are done separately on authorization level and transaction code level and executed information. The differences between these results give experts an immediate insight into inconsistencies in the SAP roles and / or audit rules and / or in the access governance process.

Benefits

Efficient (ROI)

• Can be done online with instant access to intelligence reports
• Root cause analysis is done automatically and available on screen

Effective (Best Practice / Security Improvement)

• Mergers: IT risks are known within a week
• QA check on your SAP monitoring system
• Simulation on rule changes
• How much does the system deviate
• Preventive SOD analysis can be run
• Full root cause analysis done in each SoD report

Tuned for business readiness

• Dynamic and pointed on demand on any SAP system
• Mergers: process & IT risks are known within a week
• Report on Desired State versus Actual State