Approva: Firm Grip on Controls

By Brian P. Watson  |  Posted 2006-06-07 Print this article Print

Approva wins praise from customers of its financial-management apps, even though it's a newcomer.

Low approval ratings are the talk of Washington, D.C., these days, but in nearby Reston, Va., Approva wins praise from customers for its financial management products despite the four-year-old firm's limited history.

Ed Dunn, manager of information technology with Graphic Packaging International, says he likes the overall features of Approva's BizRights controls-monitoring software, such as its easy-to-use report creator. Plus, he says, it does the job that two employees used to perform manually. "From what I can tell, Approva is just dead-on with this product," he says.

The Marietta, Ga.-based paperboard packaging maker implemented BizRights in 2004, to evaluate access privileges of 3,300 users across its SAP systems to meet Sarbanes-Oxley requirements. And Dunn's not finished: This fall, Graphic Packaging expects to deploy an updated version of BizRights that includes a workflow product that automates requests for access-control changes and generates reports for audits.

BizRights also helped Pratt & Whitney's compliance efforts lift off. Bob Barnhart, the company's director of information-technology business applications, says that at first, the East Hartford, Conn.-based aerospace division of United Technologies thought it could build its own application on SAP to set business rules needed for Sarbanes-Oxley compliance.

But while Barnhart's team was able to build the rules, they soon realized software companies like Approva had a lot more expertise with the regulation. "When Sarbanes-Oxley came around, it was much more prescriptive in what we had to do," Barnhart says. Because the company was concerned about "missing something," it abandoned its proprietary tool and implemented BizRights in 2004.

Pratt & Whitney now monitors 20,000 users of its SAP transactions systems worldwide with BizRights. Barnhart says the company uses information from the software to immediately shut down access to any employees who could potentially commit fraud (for example, by issuing payments to fictitious vendors in the SAP system that actually go to themselves).

UGS had a similarly enlightening experience. BizRights helped the Plano, Texas-based product development software maker reach compliance by weeding out thousands of segregation-of-duty conflicts on SAP systems among its 6,000 global users, according to applications security officer Dave Thompson.

This fall, Thompson expects to meld Approva's conflicts-tracking capabilities with a workflow function that should let UGS more effectively route reports and requests for access changes to appropriate managers.

Still, Thompson says there's one feature he'd like to change in BizRights. When the program spots a conflict, it displays a "view reasons" option to help a manager understand the risk. The problem, according to Thompson, is that BizRights floods administrators with multiple pages of detail—up to 50—before providing the actual reason for a conflict and how it can be prevented.

Approva, for its part, says customers can configure the amount of detail provided and the format for each type of conflict.

Meanwhile, Catherine Okano, I.T. operations manager with construction equipment maker Multiquip, says determining the return on her investment in BizRights will take into account the software's ability to hold down audit fees by catching conflicts before auditors do. That's because auditors usually go through a longer—and more expensive—process when they find fraud risks. Says Okano, "That's when you start getting really socked in the pockets."

Fraud Detection Software

1950 Roland Clarke Place
Reston, Va 20191
(703) 956-8300

TICKER: Privately held

Prashanth V. Boccasam, CEO
Silas Matteson Senior VP, Products

BizRights allows companies to set, monitor and analyze access controls over enterprise resource planning systems, including those from Oracle and SAP.


REVENUE: Not disclosed

FUNDING TO DATE: $30M in three rounds

INVESTORS: Columbia Capital, New Enterprise Associations, Novak Biddle Venture Partners, Sierra Ventures, Hyperion Solutions Corp.

Reference Checks

Pratt & Whitney
Bob Barnhart
Dir., I.T. Business Applications

Dave Thompson
Applications Security Officer

Graphic Packaging International
Ed Dunn
Mgr., I.T.

Catherine Okano
Mgr., I.T. Operations

Associate Editor

Brian joined Baseline in March 2006. In addition to previous stints at Inter@ctive Week and The Net Economy, he's written for The News-Press in Fort Myers, Fla., as well as The Sunday Tribune in Dublin, Ireland. Brian has a B.A. from Bucknell University and a master's degree from Northwestern University's Medill School of Journalism.


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.