2. Learn how other companies are eliminating
SoD conflicts and soaring through their
internal audits
CHEMICAL
How PeroxyChem nearly
eliminated SoD conflicts
with Access Analyzer
SECURITY
How a fortune 500 global
security company reduced
SoD Auditing by 700+ hours
COSMETICS
How a global cosmetics
company met increased
audit requirements
during an SAP GRC
install.
3. "To date, we've been able to reduce our critical
Segregation of Duties (SoD) conflicts by over
80% and our high SoD conflicts by over 60%.
We've also been able to formally document
our mitigating controls within the tool, which is
being relied upon by our external auditors."
- SR. MANAGER INTERNAL CONTROLS & POLICIES
GLOBAL SECURITY SYSTEMS CORPORATION
Case Study 2: Security Firm
5. Global Security Firm
A global security and asset
protection organization with nearly
200 offices throughout North
America. They help companies
protect their employees,
customers, facilities, and
operations from internal and
external threats. Providing safety
which allows businesses to work
smarter through enhanced
security management and
information management
solutions.
7. Prior to using ERP Maestro, they
utilized a team of compliance
personnel to manually validate SoD
and user access concerns. This
approach was intensively manual,
prone to human error, slow, did not
cover the full scope of potential risk,
and rarely relied on by external
audit. Most importantly, it was
not continuous. This manual
approach was costing them
approximately $120,000 and
640 hours of internal resource time
per SAP instance and audit cycle.
CHALLENGES
There was the cost of management’s
time to coordinate and review
the manual process as well as the
incremental cost of external auditors
to validate and retest the systems.
Passing access security audits
became an annual gamble for the
organization because of this
approach, resulting in significant
manual testing by external auditors
due to their inability to rely on this
organizations selective manual
evaluations and testing.
One of their top requirements
was the ability to provide a
fast implementation to meet
audit deadlines. However, the
solutions considered were all
above $400,000 in cost
($200,000 licensing with an
additional $200,000
implementation and
configuration cost on
average). Further, the average
proposed implementation
time was about four to six
months.
Manual Processes Opportunity Cost Budget
9. Solution
With ERP Maestro this organization found a
solution that was not only cost-effective
but also enabled them to achieve their
goals of efficiency, effectiveness, and
agility. Access Analyzer was implemented
in a couple of hours as a monthly
subscription. Alternate solutions offered
similar savings over doing it manually, but
due to their high cost, required operating
for a couple of years to see any ROI. ERP
Maestro’s low-cost subscription model, in
contrast, was a significant and immediate
savings of at least $352,800 in year one.
The ERP Maestro solution was able to meet
their timelines and achieve access control
automation. The organization was pleased,
as they were then able to use the
remaining budget to start addressing the
remediation of identified access issues.
Simple, Quick and
Affordable
11. THE ERP MAESTRO
SUBSCRIPTION,WAS AN
IMMEDIATE AND DIRECT
SAVINGS
OF 61% ON TOP OF
WHAT THEY
WERE ALREADY
SPENDING BY DOING
IT MANUALLY.
12. In 1 hour, ERP Maestro completes what used to take 732 hours before when they
performed it manually.
Manual processes were costing approximately $121,200 per year. They recognized
immediate as well as ongoing annual savings of $74,000 after replacing their
manual effort with ERP Maestro's Access Analyzer.
Savings in external audit who used to do all the access control testing themselves is
$50,000 a year.
Through ERP Maestro’s SaaS deployment model, there was no additional cost in
hardware as well as time installing hardware in this organization’s datacenter, as
well as no cost in the ongoing maintenance and upkeep. The first year savings is
believed to be in the area of $50,000 for hardware and maintenance alone.
The organization sees further value moving forward as the SaaS model means they
are continuously upgraded to the latest release and do not have to undertake the
cost of an upgrade project every three to five years.
Using ERP Maestro, this organization has been able to identify both quantitative (hard objective facts and figures)
and qualitative (soft subjective opinions and experience) measures of value as they pertain to the effectiveness of
access management that they have benefited from.