Global high-tech manufacturer eliminates 80% of their manual SoD process
Customer reduces costs while improving efficiency with SafePaaS integrated solutions
Customer Profile
Our client is a multi-national supplier of high-tech software and sales solutions to the automotive industry. They have more than 50,000 employees and a 100-year history in the industry of providing pioneering products and services to customers worldwide.
Challenges
As a publicly-traded company in the United States, our customer must comply with Sarbanes Oxley (SOX) Section 404 requirements on internal controls across all its operations worldwide, including North America, Europe, and Asia. Under SOX compliance, companies must publish information in their annual reports concerning the scope and adequacy of the internal control structure and procedures for financial reporting. Testing and remediating violations with legacy tools had become a problem for our customer. They were looking for a better-performing solution that would work quickly with their existing software.
Our customer wanted to improve their existing segregation of duties controls in a more advanced and effective way to provide additional coverage to their existing controls. The existing tools identified large numbers of violations coming out of the system. Our customer was trying to remediate these violations with legacy rule-based tools, and the process was largely manual. Additionally, our customer had a large support team and wanted to monitor their superuser access to their ERPs. Monitoring superuser access would help them reduce risk and establish a compliance review process.
Our customer also wanted to monitor super user access to their ERP’s to reduce risk and establish a compliance review process. This was because they have a large support team to support the global business.
The customer also wanted to increase the external auditor's reliance on ERP Access Controls Monitoring.
SafePaaS Solutions
After numerous years of a tedious and primarily manual audit process, our customer found that they needed to enhance their audit and remediation processes and improve ERP security. With AccessPaaS™ the customer improved productivity and reduced costs by enforcing access policies such as segregation of duties before violations were introduced into their ERP environment. The customer also improved their user provisioning process with iAccess™. iAccess™ freed up the customer's sizeable global support team by automating access requests. Freeing up the support team allowed the customer to improve productivity and reduce costs because they could focus on other critical activities.
Along with iAccess™, our customer implemented FirefighterID™ to address their concerns over granting superuser access. FirefighterID™ helped the customer enforce a consistent, compliant, secure process for controlling superuser access across multiple systems with an independent system of record to prevent audit-trail manipulation. FirefighterID™ allowed the customer to provide their auditors a complete trail of all superuser activity with no performance impact or overhead to the target application. In addition to current activity, FirefighterID™ can track the customer's old and new values to detect suspicious activity.
Business Justification
- The customer reduced user provisioning time by identifying and eliminating 80% of the manual process steps, which resulted in over $150,000 cost reduction in audit and remediation costs in only the first year.
- The customer created additional access policies to ensure compliance during the user provisioning process and our solutions detected hidden risk that their old systems had missed.
- The customer lowered their ERP total cost of ownership by ensuring that all users are assigned to only pre-approved roles.
- The customer improved their SoD and access controls testing time by providing auditors the access log reports showing all update, review, and approve role design changes.
- The customer accelerated their ERP access approval time by identifying valid SoD conflicts before the roles were assigned to users.
SafePaaS solutions have given the customer the ability to analyze their SoD conflicts and easily review user access within their complex ERP environment to ensure the proper level of access.
Ready to take the next step?
Request additional information or contact a SafePaaS specialist today to learn more about how SafePaaS can address your unique business needs.