Voice of Experience: Conflict Resolution Limits Fraud

By Brian P. Watson  |  Posted 2006-06-07
Bill Cronin
I.T. Director, Finance & HR Systems
Plano, Texas

MANAGER'S PROFILE: Oversees finance and human-resources technologies for the Plano, Texas-based product development software and services firm, with sales of $1.15 billion in 2005.

THE CHALLENGE: In late 2004, with its first formal audit of internal controls under Sarbanes-Oxley creeping up, Cronin and his team brought in a consultant who they thought might help UGS reach compliance. But UGS was looking for more—specifically, a software program that could build business rules and analyze conflicts while operating inside the company's SAP enterprise resource planning system.

HIS PROJECT: UGS implemented Approva's BizRights in early 2005 to oversee more than 6,000 worldwide users across its SAP system. Right at the start, Cronin said BizRights helped him find about 3,000 violations, like employees who had access to both creating vendor names in the system and submitting payments to them.

EXCEPTIONS TO THE RULE: Using the software, Cronin's team eliminated all but 170 conflicts, which still exist today. But to meet Sarbanes-Oxley requirements, UGS put into place mitigating controls: An employee needs permission from two superiors each time he wants to circumvent actions BizRights had flagged as a conflict.

ROPING IT IN: The overall goal, Cronin says, was to weed out all potentially troubling conflicts while setting up a process that essentially takes care of itself—in other words, the system looks for other conflicts as they arise in SAP. "We did an extensive cleanup," he says, "and when we finished it, we said we didn't want to go back and do this again."