Approva: Firm Grip on Controls

Low approval ratings are the talk of Washington, D.C., these days, but in nearby Reston, Va., Approva wins praise from customers for its financial management products despite the four-year-old firm’s limited history.

Ed Dunn, manager of information technology with Graphic Packaging International, says he likes the overall features of Approva’s BizRights controls-monitoring software, such as its easy-to-use report creator. Plus, he says, it does the job that two employees used to perform manually. “From what I can tell, Approva is just dead-on with this product,” he says.

The Marietta, Ga.-based paperboard packaging maker implemented BizRights in 2004, to evaluate access privileges of 3,300 users across its SAP systems to meet Sarbanes-Oxley requirements. And Dunn’s not finished: This fall, Graphic Packaging expects to deploy an updated version of BizRights that includes a workflow product that automates requests for access-control changes and generates reports for audits.

BizRights also helped Pratt & Whitney’s compliance efforts lift off. Bob Barnhart, the company’s director of information-technology business applications, says that at first, the East Hartford, Conn.-based aerospace division of United Technologies thought it could build its own application on SAP to set business rules needed for Sarbanes-Oxley compliance.

But while Barnhart’s team was able to build the rules, they soon realized software companies like Approva had a lot more expertise with the regulation. “When Sarbanes-Oxley came around, it was much more prescriptive in what we had to do,” Barnhart says. Because the company was concerned about “missing something,” it abandoned its proprietary tool and implemented BizRights in 2004.

Pratt & Whitney now monitors 20,000 users of its SAP transactions systems worldwide with BizRights. Barnhart says the company uses information from the software to immediately shut down access to any employees who could potentially commit fraud (for example, by issuing payments to fictitious vendors in the SAP system that actually go to themselves).

UGS had a similarly enlightening experience. BizRights helped the Plano, Texas-based product development software maker reach compliance by weeding out thousands of segregation-of-duty conflicts on SAP systems among its 6,000 global users, according to applications security officer Dave Thompson.

This fall, Thompson expects to meld Approva’s conflicts-tracking capabilities with a workflow function that should let UGS more effectively route reports and requests for access changes to appropriate managers.

Still, Thompson says there’s one feature he’d like to change in BizRights. When the program spots a conflict, it displays a “view reasons” option to help a manager understand the risk. The problem, according to Thompson, is that BizRights floods administrators with multiple pages of detail—up to 50—before providing the actual reason for a conflict and how it can be prevented.

Approva, for its part, says customers can configure the amount of detail provided and the format for each type of conflict.

Meanwhile, Catherine Okano, I.T. operations manager with construction equipment maker Multiquip, says determining the return on her investment in BizRights will take into account the software’s ability to hold down audit fees by catching conflicts before auditors do. That’s because auditors usually go through a longer—and more expensive—process when they find fraud risks. Says Okano, “That’s when you start getting really socked in the pockets.”

Fraud Detection Software

Approva
1950 Roland Clarke Place
Reston, Va 20191
(703) 956-8300
Www.Approva.Net

TICKER: Privately held

EMPLOYEES: 200
Prashanth V. Boccasam, CEO
Silas Matteson Senior VP, Products

PRODUCTS
BizRights allows companies to set, monitor and analyze access controls over enterprise resource planning systems, including those from Oracle and SAP.

Financials

REVENUE: Not disclosed

FUNDING TO DATE: $30M in three rounds

INVESTORS: Columbia Capital, New Enterprise Associations, Novak Biddle Venture Partners, Sierra Ventures, Hyperion Solutions Corp.

Reference Checks

Pratt & Whitney
Bob Barnhart
Dir., I.T. Business Applications
[email protected]

UGS
Dave Thompson
Applications Security Officer
[email protected]

Graphic Packaging International
Ed Dunn
Mgr., I.T.
[email protected]

Multiquip
Catherine Okano
Mgr., I.T. Operations
[email protected]