When companies select a new ERP software solution, they do it assuming the functionality included will do its intended job, unless it’s something that requires customization—in which case, the company purchasing the software knows that going into the engagement.
In the case of job roles that come “out of the box”, unfortunately, this rule generally does not hold true.
GP Strategies Corporation, a global provider of customized performance improvement solutions for sales and technical training, discovered this when they implemented Oracle’s ERP Cloud solution.
Oracle makes an excellent cloud ERP solution; that was not an issue. But GP Strategies received a recommendation from their system integrator to use the Oracle-seeded job roles, that they would provide the best ability to manage day-to-day operations. This was not true, and issues with segregation of duties (SoD) and allowing the wrong individuals extensive sensitive access became apparent almost immediately. It was time to customize roles.
In addition to needing a solution that could integrate with Oracle Cloud and provide other capabilities like the ability to review custom roles quickly and easily, GP Strategies is a publicly traded company. This means they needed a Sarbanes-Oxley (SOX)-compliant solution, which is very demanding and often means the solution will be an expensive one.
GP Strategies’ search uncovered Fastpath, the only cost-effective solution that met their strict compliance requirements and other needs, providing greater visibility into SoD conflicts and reducing time-to-issue identification and remediation. Fastpath also offered powerful features like Audit Trail, Identity Manager, and Access Certifications—functionality not available with other products, regardless of price.
The final piece of the puzzle was getting the content needed for testing access control risks, which is not provided by audit/SoD tools. GP Strategies selected ERP Risk Advisors’ ERP Armor solution for the task of understanding which privileges in Oracle ERP Cloud are associated to each side of an SoD conflict. They also engaged ERP Risk Advisors to perform a requirements analysis and supervise the role customization process.
GP Strategies was thrilled with the results of the Fastpath/ERP Armor solutions as well as the companies that implemented them. There is now confidence in data quality, and the ability to review each new custom job role for SoD conflicts during design development kept the project moving along.