<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=523033&amp;fmt=gif">
SBA Communications
Case Study / SBA Communications

SBA Communications

SBA Communications Improves SOX Compliance Processes and Reliability with Fastpath

The Challenge

SBA Communications (SBA) is a leading independent owner and operator of wireless communications infrastructure in the United States. SBA generates more than $500 million in annual revenue through building and leasing wireless facilities and towers for Cellular, PCS, CLEC and fixed/mobile broadband-based networks. 

As a publicly traded company, SBA must adhere to the Sarbanes-Oxley (SOX) compliance requirements in which both management and an external auditor must report on the adequacy of the company’s internal control over financial reporting. For many publicly traded companies, Sarbanes-Oxley (SOX) imposes heavy regulatory and financial costs as well as compliance burdens on an organization. Documenting and testing financial controls, both manual and automated, requires significant effort and is often the most expensive part of SOX compliance. 

To help meet SOX requirements and help reduce the internal compliance burden, SBA looked for an audit and compliance solution that would integrate well with their existing ERP solution, Microsoft Dynamics® GP, and provide them with detailed audit reporting without increasing overhead and support costs. 

SBA has a variety of legal entities that comprise their ERP environment. “Given the complexity of our business, any auditing solution that we considered would need to work across many of our environments without fail,” said Jorge Grau, Chief Information Officer at SBA. 

SBA was downloading security reports into Excel and manually updating and crosschecking them monthly to perform segregation of duties analysis. “Our auditors wanted clear reports showing who had access to the company information and then report on what the users did in each system. The standard Microsoft Dynamics GP reporting did not meet their reporting requirements and we needed a better solution,” added Grau. 

“Fastpath’s products were designed for companies like ours and were easy to implement. With the standard templates for Change Tracking and conflict lists for SoD included with the product, we are able to generate meaningful reports in a matter of hours now vs. days or sometimes weeks before.”

Jorge Grau, Chief Information Officer at SBA

The solution

SBA Communications looked to Fastpath’s leading audit and compliance solutions to deliver secure compliance reporting quickly and easily saving time and eliminating manual processes. 

SBA was able to eliminate the manual process of downloading the monthly security reports and reconciling them. Fastpath’s standard conflict list for Microsoft Dynamics GP separation of duties (SoD) allowed SBA to quickly implement a robust risk analysis process. Fastpath provided the auditors and SBA’s IT staff with a sustainable SoD platform with the necessary reports for current and future reporting periods. 

To meet the audit requirements of Sarbanes-Oxley, SBA monitored changes to key fields in all of their systems. With the unique capabilities to record changes to all Microsoft Dynamics GP databases, Fastpath Change Tracking allowed SBA to monitor all of their databases and report on the data through a common, flexible reporting tool. 

In order to secure their Microsoft Dynamics GP environment to comply with SOX, SBA needed to limit system administrator access and ensure that all Microsoft Dynamics GP users were adhering to tighter password policy controls. With Fastpath, SBA achieved those goals by allowing administrators to manage all aspects of Microsoft Dynamics GP user security from Active Directory. New hire and termination processes were simplified and even straightforward tasks like resetting a password, can now be completed with a few mouse clicks. Eliminating the need for a second login provided SBA additional security measures beyond what is available with Microsoft Dynamics GP and ensured that only authorized employees have access to sensitive information.  

“With streamlined processes and consistent roles, Fastpath has provided a more secure environment. It has also saved us time and money as we are using fewer internal resources to manage system security,” said Grau. Not only were they able to efficiently gain visibility into their conflicts at the User and Group levels, but they were able to establish mitigations at the User level as well as easily generate the reporting they needed. 

The results

Fastpath made it possible for SBA to adequately secure their Microsoft Dynamics GP environment and deliver the compliance reports that auditors were demanding. The software was seamlessly integrated into their business processes making the audit part of their daily efforts and not a once a year or quarterly effort. 

Grau noted, “At SBA we are committed to creating an environment that is secure and transparent for our auditors. Compliance requirements will only get more prevalent over time and Fastpath made it possible for us to move audit compliance reporting from painful quarterly task to continuous pain-free process. Thanks to Fastpath, our internal reporting is much better and has given our management and shareholders confidence in the reporting they receive.”