U.K based IT multi-national implements Oracle ERP Cloud with ZERO SoD violations
Our customer is based in the United Kingdom. They are a public-listed software development company founded in 2000. They are part of the computer systems design and related services industry and provide digital transformation consulting, agile software development services, and various automation solutions. The customer has 10,000 + employees and generates $450 + million in annual sales.
As part of their new Oracle ERP Cloud implementation, the customer wanted to ensure there were no control conflicts in their new ERP environment. Additionally, the customer wanted to improve their SoD controls considering the impending governance reforms in financial reporting standards in the UK. In the imminent UK SOX regulations, it is thought directors will be required to conduct an annual review of the effectiveness of internal controls over financial reporting and explain the outcome in their annual reporting.
Before working with SafePaaS, the customer did not have an SoD model or solution in place. They were unsure of their user’s access to the ERP. The customer required:
- Visibility over user privileges and access
- Visibility over key data fields such as bank accounts and supplier data fields, and
- A full audit record of all the changes that their managed services provider was making to their ERP while they were in the system
To help them achieve their SoD and access management objectives, the customer selected two SafePaaS products, Access Monitor™ and MonitorPaaS™. These products combined met and exceeded the customer’s needs.
Access Monitor™ is a User Access Review and Verification solution that automates the customer’s quarterly User Access Review and Verification process. Notifications are sent to each department manager, application owner, and process owner to review active users and privileges assigned to those users. This solution enabled the customer to detect and prevent unauthorized user access rights and quickly correct any conflicts. With Access Monitor™, the customer can run a compressive report detailing the review and verification process as evidence to support the effectiveness of their user access controls.
MonitorPaaS™ delivers actionable insight into the customer’s business processes for a timely response to events based on the risk tolerance and treatment guidelines established by management and mandated by regulators. The customer can continuously monitor business activities within their enterprise applications to mitigate risk.
With SafePaaS, the customer improved productivity and reduced costs by enforcing access policies such as SoD rules before violations were introduced into their ERP environment. The customer can also control sensitive business information and secure potential threats and vulnerabilities using Access Monitor™ and MonitorPaaS™.
SafePaaS solutions allowed the customer to analyze their SoD conflicts and review user access within their new Oracle ERP Cloud environment. The customer can now quickly ensure that the proper level of access has been granted.