How to automate and unify a corporate SoD Compliance across divisions operating different ERP applications
Customer Profile
Name of Customer | Griffin Pipe Products |
Headquarters | Downers Grove, IL, United States |
Customer Industry | Ductile Iron Pipe manufacturer |
Web address | www.griffinpipe.com |
Business Requirements
Griffin Pipe is a leading manufacturer of water transmission products for North American distributors, contractors and municipalities. Griffin Pipe is headquartered in Downers Grove, Illinois and operates two manufacturing locations which provide broad coverage to all markets throughout the United States.
As a subsidiary of Amsted Industries, Griffin Pipe is obliged to comply with the regulations Amsted provides regarding financial and operational governance. These regulations include Segregation of Duties (SoD) policies, established to stay in compliance with SOX 404 regulations. To achieve compliance, the current process of ensuring that users are granted access based on their job functions only, needed to be improved.
Solution
Griffin Pipe, also using the Workflow Management solution of Dynaflow, selected Dynaflow Compliance for a number of reasons:
- The unprecedented automation of SoD scanning functions, saving Griffin Pipe (and eventually other Amsted subsidiaries) significant manual work and associated costs.
- The ability of Dynaflow Compliance to validate SoD conflicts associated to multiple back-end (ERP) solutions, enabling Griffin Pipe to validate its Baan authorizations while allowing Amsted to deploy Dynaflow Compliance in other subsidiaries, using other ERP/Office applications.
- The ability to create SoD Rules in line with Amsted policies and to configure these to operate in a consistent manner in different divisions, therefore satisfying the requirements of centralized SoD management and de-centralized SoD execution.
Implementation
Using the SoD Automation Best Practices methodology refined over the last 6 years with organizations such as Tyco, ABB, Bio-Rad, etc., Dynaflow performed the installation and scanning of thousands of Griffin Pipe Baan authorizations in a turn-key manner. In addition, it made it possible for all Baan SoD conflicts to be identified within the first week of implementation. The Dynaflow methodology facilitated the adaptation of the SoD Rules logic to be in line with the Amsted auditing policies, resulting in a fully automated SoD control addressing Amsted SoD requirements.
With the lessons learned from this successful implementation phase at Griffin Pipe, another Amsted division, Burgess-Norton (world’s largest manufacturer of piston pins and leading producer of powder metal parts) has recently started using Dynaflow Compliance for its MAX and MS Dynamics back-end systems. “Not only can Burgess-Norton re-use the custom SoD Rules defined within our Griffin Pipe project to speed up their project, the “Enterprise/SaaS” architecture of Dynaflow Compliance eliminate the need to perform another installation, saving them even more time and money” states Mike Widicus, Manager—Financial Accounting & Reporting, Griffin Pipe.
Finally, the web-based Dynaflow Compliance Portal enables all Amsted subsidiaries to provide Managers with the status of the SoD risk and related mitigation/resolution data, and any other Business Controls & Risks information ensuring complete and accurate compliance to internal and external regulations, and the ongoing monitoring of them.
Benefits
- Reduced the SoD validation time and effort by 80%
- Ability to deploy in a efficient and consistent manner the centrally defined SoD policies across several Amsted subsidiaries using one single solution
- Very low TCO made possible by the Dynaflow Compliance En-terprise/SaaS repository structure
- Ability to apply cross-applications SoD control on Managers having access to several divisional systems
- Leveraging of policies & rules defined in one subsidiary to speed up and unify the SoD controls across other divisions
- Ability to use Dynaflow Compliance to also monitor SoD risks related to IT access (shared drives, VPN connections etc.).