For Bridgestone Australia, one of the most well-known tyre manufacturers in the country, dealing with risk is a daily reality. Part of their brand promise is reducing risk for their customers who trust them to manufacture high-quality tyres to keep their families safe on the road.

But when it came to managing financial risk in their SAP system, they faced challenges. With a growing team, maintaining access controls within their SAP system had become time-consuming, inefficient and costly.

High growth and legacy ERP set-up no longer sustainable

Bridgestone Australia has used SAP since 1998 and over the years the volume of users has increased significantly. In 2008 they had a small number of SAP users due to running two systems within the company, namely SAP and iSeries. Due to the volume of users being fairly small, managing segregation of duties was relatively simple.

The turning point came in 2013/14 when all Bridgestone users needed to be migrated to SAP and many new processes were introduced.

With a large number of users and the complexity of the process, the team knew this process needed to move from the existing manual processes to automation.

The search for a commercial solution

Having investigated several options, Bridgestone decided that a custom solution was the way to move forward. Leading the charge for a fit-for-purpose solution was Jess Barnes, Senior Business Analyst in the SAP team at Bridgestone Australia.

Jess understood the complexity required to create a custom program that would handle the needs of the business and the plan was for her to write IT specifications for the program during the first quarter of 2015.

It was then at the Mastering SAP Conference Australia that Jess came across Soterion, and discovered their solution could do everything she needed it to do, presenting the data beautifully, and meeting budgetary requirements.

After three days of training, the Soterion team worked closely with Bridgestone’s infrastructure team to set up a Soterion server to talk to their SAP server. After a proof of concept, in 2016 Bridgestone Australia started using the Soterion solution.

“The tool is very useful to us because it gives us a clear picture and transparency of ourfinancial risk in the business and the team is able to present the stats to the risk committee and executive team providing peace of mind to all.”

– Jess Barnes, Senior Business Analyst

Adjusting the solution makes it more powerful

Although Soterion’s solution can be used out-the-box, there were certain setups that Jess and the Bridgestone team needed to do to customise it to their specific requirements and integrate into the company’s risk and governance control policies.

1. Reviewing the rule set

The first thing the Bridgestone team did was to review the risk level and relevancy of the standard rule set. They decided to create their own Bridgestone rule set so that they could add their own set transactions to the list.

The out-the-box solution shows low, medium, high or critical risk levels. In the system, Bridgestone found that certain risk levels which were marked as ‘high’ they saw as ‘medium’, however, a relevancy checkbox allowed the team to keep oversight of all risks regardless of the levels.

2. Segregation of Duties (SOD)

The second activity the team embarked on was to review all the risks that they have in the business by looking at all their users. They needed to define a mitigating control for each of them, something that the business and auditors would both agree on.

After running the SOD risk details within the Soterion solution, users who had a particular risk were highlighted together with a long description function that defined the risk. The team were then able to record a mitigating control.

Role simulation and user simulation were used on a daily basis. When creating a new role the team could instantly check whether there was any segregation of duties, look into their risk definition details and allocate a mitigating control, ready for audit.

Key lessons from Bridgestone’s implementation

• Once a mitigating control has been decided on, it is a good idea to review it regularly. Bridgestone Australia does this on a yearly basis to ensure their mitigating controls are still relevant.
• When setting up roles, ensure there are no conflicts in the same role. Revoking a role is difficult to do once the role has been set, especially with a large number of users. Setting this up correctly from the very beginning is crucial.
• There is no need to develop a custom solution. Solutions such as Soterion’s GRC software can do everything and more, and brings with it expert knowledge which has been built up over years.

About Soterion

Soterion is an international leading provider of governance, risk and compliance solutions for organisations running SAP. Soterion’s user-friendly GRC solutions provide in-depth access risk reporting to allow organisations to effectively manage their access risk exposure. Soterion is passionate about simplifying the governance, risk and compliance processes, with a focus on translating this complexity into a business-friendly language to enhance better decision making and business accountability.

How can Soterion Help You?

Soterion is the market leader in business-centric GRC. By converting the technical GRC language into a language the business users can understand, we facilitate business buy-in and accountability.

Feel free to email us on info@soterion.com. Let us help you take your GRC to the next level.

This article is sponsored by Soterion

The post Driving Governance at Bridgestone with Soterion appeared first on InsideSAP Asia.

The financial close is a mad dash, in which accountants work long days, eat at their desks, and when a discrepancy arises, they tear at their hair trying to verify the source of the mistake.

Other casualties include the smart minds in Financial Planning and Analysis (FP&A) forced to wait until month-end to do the vital work of projecting the company’s financial future, rather than building their forecasts as the days go by. When FP&A is in limbo, so is the CFO. This is no way to run a modern finance organisation. Yet, it remains the case in far too many companies.

But there is a different way and it’s called Continuous Accounting. By automating the functions of accounting like account reconciliations, variance analyses and transaction matching, among others, closing the books is continuous. Instead of a manic rush at the end of the month, quarter or year to delve into the details, accountants attend to their activities at their own pace.

This is a revolutionary concept – closing at the speed of business. Instead of pulling accountants from their basic bookkeeping functions and pushing them into an intense period of financial data summations, reconciliations, error checking and correcting, the accountants are applying the allocations and making the necessary adjustments when they can – a little bit on Tuesday, a bit more on Wednesday.

Here are the top five reasons all organisations should institute Continuous Accounting.

1. Automated processes lead to greater accuracy

Accounting is plagued by spreadsheets. Enterprise Resource Planning (ERP) systems have long been an integral part of every finance organization, but they can only get you so far. Most organisations must still rely on spreadsheets and hours and hours of rote, manual labor to fill in the gaps left by their ERP systems in order to perform the close. The main problem with spreadsheets is that people use them, and people are prone to human error. As every accountant will attest, it is very difficult to detect mistakes in spreadsheets, particularly when they have a highly compressed period of time to do it, like the financial close. These complex workflows increase the threat of incurring a material weakness under Section 404 of the Sarbanes-Oxley Act (SOX). Automation provides a highly transparent way to collect, manage, track and analyse financial data and provides a level of control and visibility simply not available with spreadsheets as we know them.

2. Moving at the speed of business

Business occurs around the clock on a daily basis, while the activities to prepare the monthly, quarterly or annual close generally happen en masse. Why is it that Finance and Accounting (F&A) compresses 30 days of work into a five-day or more timeframe? By turning big tasks into incremental ones, accountants are put in charge of their work lives, and given the opportunity to assess the financial close throughout the close development lifecycle. Since Continuous Accounting is always ‘on’ – 24/7 – accountants can access the data they need to close the books ‘today’, discerning anomalies well in advance of the actual close. They can then respond to these discrepancies at their leisure.

3. Time freed is time invested

By more efficiently distributing the workload through Continuous Accounting, accountants are no longer restricted to a rigid period of time in which to perform their duties. An account can be reconciled immediately after the inception of the transaction, instead of putting it off to when there is a critical mass of transactions.

By aligning the work of accountants with the orderly flow of business, accountants are liberated to apply their particular skills to an analysis of the financial data. Accountants are freed from the enormous amount of time they spend collecting and verifying data, giving them the opportunity to redirect their efforts toward analyzing the data and being much more productive, strategic employees.

Continuous Accounting frees accountants to be more productive, forward-looking members of their organization.

4. Greater efficiency with less labour

When most of the duties in the financial close are put off to the end of the month, quarter or year, Finance often has to staff up for these peak overload periods. This is a highly inefficient way to manage an organisation’s F&A skill sets, resulting in bloated accounting departments, squandered time and excessive costs. By investing in the software that fosters Continuous Accounting, there is much less need, if any, for temps. Not only that, the number of hours spent by accountants to complete their tasks decreases.

5. Continuous Accounting fosters continuous improvement

Since business is inherently dynamic, a company’s policies, procedures and human behaviours must be flexible and adaptable. By providing the means to review transactions and other business data on a continuous, real-time basis, accountants gain knowledge into the organisation’s accounting processes to improve them on an ongoing basis.

With Continuous Accounting, CFOs and Controllers gain flexibility, in the sense that they can reevaluate how best to schedule and organize work aligned with the accounting cycle. This is what continuous improvement is all about – ongoing assessments of processes followed by thoughtful changes to improve their effectiveness and efficiency.

The benefits of Continuous Accounting are so powerful, sensible and strategic that the organisations that first implement these processes will gain a competitive advantage. By making more efficient and productive use of accountants’ time and valued work, CFOs, controllers, internal audit and the accountants themselves are better able to achieve the company’s strategic objectives at less cost, with the added bonus of more meaningful work.

Therese Tucker is CEO of finance controls and automation software company BlackLine.

The post Avoiding the dreaded ‘last mile’ of finance appeared first on InsideSAP Asia.

Built on the SAP HANA Cloud Platform (HCP), the first new service is designed to simplify access governance and to help organisations centrally manage identities and assess and mitigate risks to optimise compliance processes across the enterprise.

“We are building upon our extensive experience with GRC and security to help customers harness the latest security and performance benefits of SAP HANA Cloud Platform,” said Kevin McCollom, head of solution management for GRC solutions, SAP.

SAP Cloud Identity Access Governance is designed to optimise user system assignments to align with both organisation and compliance policies. According to SAP, the service will help businesses avoid potential expensive access issues such as those involving financial losses and fraud. At the same time, it will reduce the ongoing operating costs of auditing and compliance.

The cloud deployment will ensure that businesses can quickly identify and address critical access issues as well as potentially costly segregation-of-duty conflicts. Customers will have the ability to dynamically refine or remove incorrect or unused user roles, which will enable organisations to lower audit costs while ensuring ongoing compliance.

The new access analysis service, scheduled for general release in Q3 2016, will work in conjunction with existing cloud identity solution, SAP HCP single sign-on, which provides cloud-based secure authentication. Together, they are designed to help organisations simplify identity management across a cloud and on-premise environment.

The new series of services is being designed to be employed independently or in combination, enabling organisations to expand their identity and access governance services to match their own functional requirements and pace of growth.

The post SAP cloud identity solution first in series to improve access governance appeared first on InsideSAP Asia.