Traditionally, organizations have leveraged the size and scale of ERP systems, like Oracle and SAP, to run their entire business. In the last decade there has been a shift toward cloud-based software and best-of-breed applications. For many, Salesforce is a primary option for customer relationship management, and Workday may be used for human capital management, in conjunction with an ERP system. In this modern era, it is rare to find a company running their business on a single brand of business software. Instead, organizations leverage many applications at once. This move to cloud-based and best-of-breed software has increased productivity and effectiveness in business processing, but it has also created increasingly complex environments. Business transactions can span two or three applications before finally landing in the general ledger.
This new business computing model results in a more difficult audit process. Not only are more applications in scope, but each application has its own data, security, and logic. Tracking access and segregating conflicting duties has always been difficult, but when a transaction flows through multiple applications it adds additional layers of complexity. Addressing this complexity is best addressed with the aggregation of siloed application data for complete and accurate analysis. For example, if an employee can edit a customer record in their CRM application and then issue invoices from their ERP or GL system, traditional security analysis techniques would fail to identify the risk. The most common response to this issue is to implement detective business process controls. Due to its manual nature, a detective approach is time consuming and requires a level of precision that is difficult to obtain and may lead to a significant control weakness.
Fastpath’s cloud platform facilitates the aggregation of security data from multiple applications into one place so businesses can think about risk as a complete business process. In 2004, we began by becoming true experts in a single application segregation of duties analysis, a solution for the increased regulation requirements brought on by Sarbanes-Oxley.
As the need to manage multiple applications became apparent, Fastpath addressed this need by building a platform in which businesses can easily add additional applications. Fastpath’s tools include pre-built integrations and out-of-the-box rulesets, along with the power and extensibility of modern cloud computing – all available to you in a matter of days, not weeks. Up-to-date access reporting, on demand segregation-of-duties analysis, risk quantification, and periodic review automation is available on all your key systems at once. We’ve done the time consuming work for you, so you have the freedom to do the important work you need to do. Schedule a demo to see how Fastpath can help you.