Enersys Adopts Dynaflow Compliance Methodology to pass SOX audits
Customer Profile
Name of Customer | Enersys |
Headquarters | US, Switzerland, China |
Customer Industry | Industrial battery manufacturer |
Web address | http://www.enersys.com |
Business Requirements
EnerSys is the largest industrial battery manufacturer in the world, operating manufacturing and assembly facilities worldwide for customers in over 100 countries. EnerSys is uniquely positioned to provide expertise in designing, building, installing and maintaining a comprehensive stored energy solution for industrial applications throughout the world. The company’s products and services are focused on two primary markets: Motive Power and Reserve Power.
As the Sarbanes Oxley (SOX) audit requires compliance involving a list of regulations, it was imperative to adopt a compliance methodology. The compliance project also needed to be managed in various business areas, requiring compliance related content to be collected, reviewed, changed and approved and eventually distributed to the entire organization. EnerSys needed a user-friendly yet solid platform to enable global integration of their business processes, controls and employee authorizations.
In business globally for more than a decade, EnerSys was faced with the tedious task of manually validating the Segregation of Duties (SOD), both time and resources consuming. Definition and validation of business processes across several areas, involving 1000+ employees, represented quite a challenge for EnerSys. It became obvious that EnerSys had to find a solution, to be more efficient, to avoid wasting costly resources, and to satisfy the audit requirements.
Solution
Dynaflow Compliance was selected after a thorough investigation as the best solution fully compliant to Infor/Baan and currently in use by worldwide corporations, similar to EnerSys.
For EnerSys, selecting Dynaflow Compliance to resolve the key business issues was based on the following criteria:
- The availability of pre-defined Baan SOD conflict rules enabling accurate and timely scan of all Baan authorizations
Dynaflow Compliance provided pre-defined conflict rules suitable to Baan SOD, already used by other companies, successfully SOX/SOD certified by Ernst & Young (EnerSys auditor).
- Addressing imposed external regulations
Existing rules of governance had to be respected yet we needed a platform to help bringing them to the imposed external regulations. Dynaflow Compliance provided a structure of internal control – secure, documented and transparent – improving significantly how operations are supposed to be performed.
- Addressing our key internal business requirements
Next to the imposed external regulations, EnerSys internally had their own business requirements. To leverage the compliance investment even more, Dynaflow Compliance was crucial to gain control over the risk management process.
Implementation
Installation was done remotely on an existing EnerSys server, making the process quicker and less expensive. Thanks to the baseline of pre-defined SOD rules , EnerSys had the first results of the conflict scan available only a few hours after installation.
As Dynaflow Compliance is able to import and scan Baan authorizations defined in both Baan DEM and Baan Tools, EnerSys had the freedom to chose the employee group they wished to start with. They elected to SOD validate their Baan Tools managed employees initially, their largest users community.
With over a thousand employees having collectively about 100,000 user authorizations to Baan sessions, EnerSys chose the efficient strategy of SOD validating the user roles/menus before focusing on the employee accesses themselves.
“This phased approach secured several implementation benefits for EnerSys” adds Pierre Beaulieu, President of DynaFlow. “First it enabled a quicker start of the project as em-ployee roles/menus are much fewer than emplo-yees. Secondly, all employees having Baan accesses via SOD validated roles/menus became automatically validated in the process.”
Benefits
In choosing Dynaflow Compliance, EnerSys benefits from:
- “Reduced SOD validation time & effort by 90%, and in-creased user authorizations and SOD data accuracy by 100% compared with the manual approach of before”;
- Scheduled/automated SOD scans providing accurate, complete and preventive status of all SOD conflicts;
- Significant reduction of time/resources/cost in the identification and mitigation of SOD conflict;
- Quick implementation, leveraging the application benefits within only a few days of the installation;
- Provides a repository for documenting exceptions and resolutions.
- Reduced project risk knowing that other organizations with the same auditors (Ernst & Young) have successfully passed their SOX/SOD audits.
“Without Dynaflow Compliance, we believe that passing our SOX/SOD audit would have been difficult, time consuming and not humanly possible in the time allotted” Karen Carles (Manager Business Applications, EnerSys) concludes.