"SBA Communications Improves SOX Compliance Processes and Reliability with Fastpath"
SBA Communications (SBA) is a leading independent owner and operator of wireless communications infrastructure in the United States. SBA generates more than $500 million in annual revenue through building and leasing wireless facilities and towers for Cellular, PCS, CLEC and fixed/mobile broadband-based networks.
As a publicly-traded company, SBA must adhere to the Sarbanes-Oxley (SOX) compliance requirements in which both management and an external auditor must report on the adequacy of the company's internal control over financial reporting. For many publicly-traded companies, Sarbanes-Oxley (SOX) imposes heavy regulatory and financial costs as well as compliance burdens on an organization. Documenting and testing financial controls, both manual and automated, requires significant effort and is often the most expensive part of SOX compliance.
To help meet SOX requirements and help reduce the internal compliance burden, SBA looked for an audit and compliance solution that would integrate well with their existing ERP solution, Microsoft Dynamics GP, and provide them with detailed audit reporting without increasing overhead and support costs. SBA Communications looked to Fastpath’s leading audit and compliance solutions to deliver secure compliance reporting quickly and easily saving time and eliminating manual processes.
"Auditing and Reporting in a Complex Accounting Environment"
SBA has a variety of legal entities that comprise their ERP environment. “Given the complexity of our business, any auditing solution that we considered would need to work across many of our environments without fail,”said Jorge Grau, Chief Information Officer at SBA. SBA was downloading security reports into Excel and manually updating and cross-checking them monthly to perform segregation of duties analysis. “Our auditors wanted clear reports showing who had access to the company information and then report on what the users did in each system. The standard Microsoft Dynamics GP reporting did not meet their reporting requirements and we needed a better solution,”added Grau.
Managing Segregation of Duties (SOD) Conflicts SBA was able to eliminate the manual process of downloading the monthly security reports and reconciling them. Fastpath’s standard conflict list for Microsoft Dynamics GP segregation of duties (SOD) allowed SBA to quickly implement a robust risk analysis process. Fastpath Assure provided the auditors and SBA’s IT staff with a sustainable SOD platform with the necessary reports for current and future reporting periods.
"Data Integrity and Audit Trail"
To meet the audit requirements of Sarbanes-Oxley, SBA monitored changes to key fields in all of their systems. With the unique capabilities to record changes to all Microsoft Dynamics GP databases, Fastpath Audit Trail allowed SBA to monitor all of their databases and report on the data through a common, flexible reporting tool.
“Fastpath’s products were designed for companies like ours and were easy to implement. With the standard templates for audit trail and conflict lists for SOD included with the product, we are able to generate meaningful reports in a matter of hours now vs. days or sometimes weeks before,”explained Grau.
"Identity and Access Management"
In order to secure their Microsoft Dynamics GP environment to comply with SOX, SBA needed to limit system administrator access and ensure that all Microsoft Dynamics GP users were adhering to tighter password policy controls.
With Fastpath Config AD, a single sign-on and enterprise class security management solution, SBA achieved those goals by allowing administrators to manage all aspects of Microsoft Dynamics GP user security from Active Directory. New hire and termination processes were simplified and even straightforward tasks like resetting a password, can now be completed with a few mouse clicks. Eliminating the need for a second login provided SBA additional security measures beyond what is available with Microsoft Dynamics GP and ensured that only authorized employees have access to sensitive information.
“With streamlined processes and consistent roles, Fastpath Config AD has provided a more secure environment. It has also saved us time and money as we are using fewer internal resources to manage system security,” said Grau.
Better Reporting and Security with Minimal Resources
Fastpath made it possible for SBA to adequately secure their Microsoft Dynamics GP environment and deliver the compliance reports that auditors were demanding. The software was seamlessly integrated into their business processes making the audit part of their daily efforts and not a once a year or quarterly effort.
Grau noted, “At SBA we are committed to creating an environment that is secure and transparent for our auditors. Compliance requirements will only get more prevalent over time and Fastpath made it possible for us to move audit compliance reporting from a painful quarterly task to continuous pain-free process. Thanks to Fastpath, our internal reporting is much better and has given our management and shareholders confidence in the reporting they receive.”