Case Study - Adhesive Products

Oracle Risk Management Cloud Implementation

Project Summary:

In the manufacturing industry since 1994, our client  is one of the leading adhesive product suppliers in the United States. As a family-owned business, the organization is not subject to Sarbanes-Oxley (SOX) regulations, however their rapidly accelerating growth was driving a need to automate controls to enable them to scale and manage their risk accordingly. The client chose Oracle Risk Management Cloud to assist them with documenting & deploying automated controls to monitor for separation of duties (SOD) issues, perform Sensitive Access Reviews, Advanced Configuration & Transaction Monitoring. HiQuest worked closely with the client and their systems integrator during the larger enterprise resource planning (ERP) implementation to incorporate SOD and audit controls into the DNA of their processes.
Because this was the client’s initial implementation of the Risk & Controls program, HiQuest’s initial goal was to familiarize them with the product and work side-by-side with the client to integrate the new tool in their day-to-day duties. HiQuest did this through a series of demonstration and training sessions, and then applied its consulting expertise and  industry best practices knowledge to draft a list of recommended controls and configurations. The controls were then loaded into Oracle Risk Management Cloud to be tested, deployed and automated. 
After identifying which SOD policies were relevant to the client, HiQuest utilized Access Controls to identify Intra- & Inter-role SOD conflicts. Access Controls provided the needed insight to identify what changes were needed to the roles to eliminate SOD conflicts. HiQuest then worked closely with the client’s solution architect and offered suggestions to modify or create custom roles to eliminate identified SOD conflicts. Through a series of working sessions, the client was able to gain a strong understanding of remediation tactics, allowing them to quickly flag and resolve outstanding SOD and Sensitive Access conflicts. Where SOD issues could not be solved or eliminated, HiQuest utilized advanced transaction and configuration audit policies to deploy mitigating controls that monitor ERP for any policy violations.

Challenges:

  • Accelerated company growth requirements created a sense of urgency to focus on eliminating SOD issues and reporting auditable transactions.
  • Risk and Control management was a manual process that used spreadsheets for SOD analysis and created challenges for the internal controls team as their growth exacerbated the issues exponentially.

Results:

  • Risk Management Cloud was implemented without no issues with the delivery of even more controls than initially planned, on-time and on-budget.
  • The automation of key controls allowed rapid remediation and set the foundation for a continuous monitoring process that reduced cost, cycle time, and human error.
  • The client was able to utilize the Risk Management tools to assist in their role design to identify & avoid SOD issues

To request the full case study, please contact us here