Risk-Free Oracle ERP Cloud implementation. 

Oil and gas exploration company saves 30% on implementation costs

Customer tests over 100 SOD policies in days

Customer Profile

The customer is a rapidly growing full-cycle deep-water oil and gas exploration and production company focused on the Atlantic Margins. Their key assets include production offshore Ghana, Equatorial Guinea, and the U.S. Gulf of Mexico, as well as a world-class gas development offshore Mauritania and Senegal. They also maintain a proven basin exploration program in Equatorial Guinea, Ghana, and the U.S. Gulf of Mexico. To sustain their growth plans the customer selected Oracle ERP Cloud to support scalable growth.

Customer Challenges

To accommodate the company’s rapid growth, the organization implemented Oracle ERP Cloud for its procure to pay cycle. They needed to find an SoD solution that would integrate well within their cloud environment and provide detailed audit reporting, SoD visibility, and scalable non-employee roles. The client worked with SafePaaS and an audit firm to assist with the implementation, the security design-build process, and the establishment of governance processes to protect their new ERP. Prior to implementation auditors required a full review of all the ERP Cloud roles to ensure the SOD risks were mitigated in the production roll-out. IT Security was called upon to ensure that the roles provided to users didn’t violate the company’s security policies or access controls and Business users needed the assurance that the process controls such as 3-way match, approval hierarchy, and cross-validation rules were configured accurately in ERP Cloud Finance management to prevent financial misstatement risk in GL, AP, FA, and AR modules.

The customer used Enterprise Access Monitor (EAM) to overcome their SoD challenges during the implementation of Oracle ERP Cloud. EAM is a Segregation of Duties and Sensitive Access management solution. The customer’s ERP System Administrators, Compliance managers, IT Security Managers, and Process Controls Owners use this solution to define their access policies, assess access risk, detect access control violations, and remediate access control violations. Additionally, both the customer’s Internal and External Auditors were able to review the access violation reports to establish the effectiveness of access controls. 

Results

  • Implementation cost savings 30%

  • Within three days, SafePaaS provided role and user violation reports with over 100 SoD policies tested 

  • Reviewed over 300 configurations in GL, AP, FA, AR, INV, PO, TNE modules 

  • Provided access to Cloud ERP Risk Repository with over 500 access, transactional and configuration risks to internal audit and control owners to map to the risk and controls matrices changes because of the new system 

  • Created 100+ unique Oracle ERP roles 

  • Identified 30+ SDLC control defects

Conclusion

SafePaaS solutions gave the customer the ability to analyze their SOD conflicts and easily review user access within their new Cloud ERP environment to ensure the proper level of access was granted quickly. Prior to going live with Oracle Cloud ERP, SafePaaS was able to identify and remediate 25 audit findings and reduce the number of manual controls by 27%. With SafePaaS, the customer’s roles are now free of unmitigated SoD conflicts and the total number of conflicts at the user level has also been reduced.

Ready to take the next step?

Request additional information or contact a SafePaaS specialist today to learn more about how we can address your unique business needs.

Listen to SafePaaS Adil Khan as he explains how an American upstream oil company mitigated risk.