Approva BizRights Integration Services

 

 

Overview

Sunera is the most qualified and experienced provider of Approva BizRights® implementation and training services. We offer a complete BizRights solution: our team includes all of the expertise you will need to successful deploy BizRights. During the last three years, Sunera’s Approva practice has assisted with more than 20 BizRights implementations and trained many of Approva’s most prestigious clients.

Our Services

We have extensive experience implementing all facets of BizRights, including:

• Installing BizRights software or upgrading the software to a more recent version,
• Designing, configuring and testing rules for all BizRights Insights --- Authorization Insight (AI), Access-on-Demand (AMI), General Computer Controls Insight (GCCI), Process Insight (PI), and User Activity Insight (UAI)
• Configuring user provisioning and firefighting access,
• Developing customer specific training materials,
• Enhancing reports using sophisticated techniques in Microsoft Office products,
• Analyzing results, and
• Remediating access violations.

Sunera offers the following Approva BizRights integration and consulting services:

BizRights Integration	BizRights Training
BizRights installation and setup Rule design and configuration Firefighter access setup User provisioning workflow design and configuration Custom report development	Instructor led ACP certification training Customized client training and course development Web based training User manual and policy/procedure documentation development
Controls Assessment & Improvement	Project Management
Segregation of duties (SoD) analysis SoD remediation project planning and execution ERP security redesign ERP general computing controls configuration ERP application process controls assessments, design and configuration	Project Management Office (PMO) Project planning, coordination and reporting Organizational change management Vendor oversight Quality assurance Technical support

BizRights Methodology

In support of our Approva services, Sunera has robust methodologies and tools. For example, we have augmented the BizRights Deployment Methodology (BDM) extensively with our proprietary project accelerators.

We also have industry-specific control libraries enabling us to benchmark our client’s internal controls (i.e., BizRights rules) with other companies in similar industries. Finally, we have developed automated tools enabling us to expediently re-design ERP security roles.

Our People

Sunera’s BizRights team includes the following professionals:

• Field Engineers (FE’s): Field engineers are responsible for installing or upgrading BizRights software. They are MCSE certified and have the skills to configure Microsoft Windows Server and SQL Server software. In addition, our engineers can troubleshoot firewall, network and desktop issues.
• Approva Certified Professionals (ACP’s): Our ACPs tend to be former ERP integrators with a strong understanding of an ERP’s security model, functionality and underlying data structure. They possess the skills necessary to extract data from the ERP and build rules and reports within BizRights. Furthermore, our ACP’s have extensive experience analyzing SoD violation reports and remediating user security within the ERP.
• Internal Control Experts: We have a team of Certified Information Systems Auditors (CISA’s) that can design controls (e.g., SoD rules), assess significance of SoD violations, identify controls within an organization to compensate for SoD conflicts, prepare plans to remediate SoD violations, and coordinate remediation efforts with business process owners and ERP support teams.
• ACP Trainers: All of our instructors are manager or director level professionals with extensive hands-on BizRights, ERP, and Sarbanes-Oxley experience. Each instructor has been certified by Approva to conduct ACP and other related BizRights training. Prior to becoming qualified instructors, they each had to become ACP certified and co-lead several training sessions with either an Approva trainer or a certified Sunera BizRights trainer.

Illustrative BizRights Deployment Project

General Information:

We were engaged by a Fortune 1000 packaging company to deliver a broad range of Approva BizRights services in a complex SAP environment. Our responsibilities included configuring SAP AI rules, leveraging UAI data to streamline the remediation process, redesigning SAP security, configuring Access-On-Demand and user provisioning using AMI, upgrading from BizRights 3.0 to 3.5.2, and configuring Process Insight rules to use as compensating controls.

Industry - Manufacturing
Year - 2007
Number of Affected Sites - 37 plants
ERP Connectors - One connect to each SAP environment (Prod, Dev)
Duration - 7 months
Resources - 4 Sunera, 2 Client
Geographic Spread - United States and Germany

Infrastructure:

• SAP version 4.7

BizRights Application Server:

• Windows 2003 server SP2
• IE 7.0
• Internet Information Services (part of Windows Server 2003)
• Microsoft .NET Framework v1.1 SP1
• SAP .NET Connector

BizRights Database Server:

• Windows 2003 server SP2
• SQL Server Enterprise Edition 2005 with SP2 (Collation set to SQL_Latin1_General_CP1_C1_AS)
• Microsoft .NET Framework v1.1 SP1 SQL Server Reporting Services

Phase I: SAP Segregation of Duty Remediation and Role Redesign

We were engaged to assist with remediating segregation of duty (SoD) violations and redesigning roles within the client’s SAP environment. Our responsibilities included: evaluating the SoD rules configured within the BizRights Authorization Insight (AI) module; removing security violations from SAP users; redesigning SAP roles with inherent violations; and converting SAP users from an acquired entity to the new roles. As part of the SoD remediation effort, we leveraged BizRights User Activity Insight (UAI) module to identify roles which were not in use. This approach enabled us to remove a third of the violations without impacting transactional processing.

Phase II: Compensating Controls Analysis and Process Insight (PI) Deployment

Sunera assisted with designing compensating controls for SoD violations which were deemed to have appropriate business justification. We configured rules within Approva’s Process Insight (PI) modules to monitor transactions performed by SAP users with the SoD violations. We also evaluated Approva extracts from SAP to ensure maximum optimization of system resources.

Phase III: Upgrade to 3.5.2 and Access Management Insight (AMI) Configuration and Deployment

For the final phase of the project, we upgraded the client’s current BizRights 3.0 system to 3.5.2 as well as designed and configured Approva’s Access Management Insight (AMI) module to automate the provisioning of SAP user security privileges. Our responsibilities included development of authorization templates, approval strategies, request/approval processes, and compensating control assignment. We also designed and configured Approva’s access-on-demand functionality which provides IT users with access to firefighting ID’s to support SAP emergencies.

 

Approva BizRights ® is a registered trademark of Approva Corporation.