Oversight Systems: Nonstop CopBy Brian P. Watson | Posted 2006-06-07 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Oversight Systems helps cut auditing expenses.
Like taking care of kids, keeping transactional systems in check requires full-time attention, and customers say Oversight Systems is the kind of babysitter everyone should have.
Mark Van Holsbeck, director of enterprise security at office supplies maker Avery Dennison, knows all about it. Executives at the company didn't think internal fraud was a problembut they knew it was something they needed to address.
"And we knew we could never catch it, unless somebody in the operation told us," Van Holsbeck says. "Otherwise, there was nothing we could do."
In late 2002, Avery Dennison was using security-monitoring software from BrainTree but needed a tool that could police activity in real time and automatically track it to create a trail for auditors.
With Oversight's software, Avery Dennison auditors are seeing the benefits. For one, since the monitoring is documented, the bean counters don't need to spend as much time with business-process heads, according to Van Holsbeck. Also, since auditors are scheduled to visit only 50 of the company's 200 sites worldwide, the audit trails help them determine which areas need to be put under their microscope.
Internal auditors at American Electric Power (AEP) also saw potential in Oversight Systems. In 2004, they pitched the tools to Mike Sullivan, the Columbus, Ohio, energy company's director of accounting services.
Oversight's specialty is fraud detectionthe company has roots in intrusion-detection softwarebut Sullivan wanted to go a step further: to knock out fraud while getting a tighter grip on his company's PeopleSoft transactional databases.
AEP deployed Oversight, which helped the company identify, correct and track problems in its system, such as duplicate payments or pricing errors on invoices. Sullivan is now implementing a segregation-of-duties capability in the software that he expects will limit access problems and show auditors that AEP has a continuous monitor in place.
So far, it's paying off. Before the company implemented the system, it was paying external auditors an undisclosed fee to recover about $1 million annually in lost revenue from vendors. Sullivan says Oversight helped AEP chop down incorrect payments and other errors, bringing the recovered revenue down to $300,000, which helped reduce the company's bill from the auditors.
Sullivan and his team gave Oversight Systems feedback on what they'd like to see in the product. For example, they wanted to more easily export data from reports into Excel spreadsheets. Oversight recently added that capability, Sullivan says.
Most users at AEP give the product a firm thumbs-up. "I have not heard anything negative about it all," Sullivan says.
Wendy Roberts, manager of internal audit for Stratex Networks, a microwave radio technology company in San Jose, Calif., is implementing Oversight to monitor her company's Oracle systems for vendor changes, payment activity and access conflicts.
In November 2005 she evaluated its tools against those from two competitors. Roberts credits Oversight's user-friendly interface and the company's staff with getting her business.
Avery Dennison's Van Holsbeck considered a competitor's product (he wouldn't say which one), but it didn't have rules built into the software. The vendor billed the software as "flexible," he recalls: In other words, the company had to build its own rules set.
"I could sit around a table and come up with rules," Van Holsbeck says. "But I'd rather buy them."