ITGC Automation for a Global Chemicals and Minerals Manufacturing Company
ICL
Client
ERP
CRM
User Management
HR
Controls automated
130 controls
Systems in focus
SAP (9 separated environments), Active Directory (more than 38 000 users), SuccessFactors (30 000 users), Salesforce, Servers and Databases.
Records audited (with AudITech)
More than 200 000 records daily
Sites
Israel, Germany, the Netherlands, Spain, the U.K., Austria, France, Belgium, Turkey, the U.S.A, Brazil, China, and Australia
Problem
ICL, a global chemical industry leader listed on the NYSE, develops sustainable crop nutrients and operates across 100 entities worldwide with over 12,000 employees.
SOX compliance was a major challenge for ICL, due to the extensive scope of their ITGC RACM, which included more than 250 controls across multiple sites worldwide. The frequent onboarding and offboarding of employees due to the large workforce, posed challenges in maintaining audit integrity and mitigating potential financial audit risks.
Furthermore, the complexity of auditing such a large company, with each subsidiary having its own SAP system and other platforms such as Active Directory, Salesforce, SuccessFactors, and different databases, made ITGC audits a significant challenge. Auditing all 9 SAP systems individually was particularly time-consuming. It was a very repetitive process, whereby the same systems (i.e SAP) were having to be tested independently in every location. The SOX team had to fly to various global sites to manage the ITGC audits, which made the process exhausting.
AudITech has currently automated nearly 130 controls, significantly saving time and simplifying ITGC audits. The platform analyzes over 38,000 users in Active Directory and 20,000 users in SuccessFactors, auditing over 200,000 records daily.
Solution
ICL decided to get the help of AudITech’s platform to simplify and automate their ITGC audit processes. AudITech’s self-auditing software provided the opportunity to view all systems globally from a single dashboard, reducing the need for the SOX team to travel as frequently, making the whole ITGC audit process much more pleasant.
AudITech provided crucial assistance in several key areas:
Change Management:
AudITechs’s software matches change request tickets across multiple systems, facilitating the identification of deficiencies in change management processes. This allowed ICL to determine if any change requests were missing tickets and if there were changes with no evidence of QA and UAT done.
Terminated User Access (Off Boarding):
Another area of concern was terminated user access (off boarding). The AudITech platform conducts daily audits on 100% of the user population, presenting an ideal solution for this issue. It ensures thorough scrutiny of all users to detect any active logins post-termination. This would be impossible to do manually due to the number of users. The platform’s daily updates enable prompt remedial actions by the team to address such gaps effectively.
Access (review) to Key Financial Folders:
Another critical focus area was monitoring access to key financial folders. The platform applied rules based on user departments to flag unauthorized access. This would allow the team to promptly identify users with unauthorized access and restrict their permissions accordingly.
Results
AudITech has currently automated nearly 130 controls, significantly saving time and simplifying ITGC audits. The platform analyzes over 38,000 users in Active Directory and 20,000 users in SuccessFactors, auditing over 200,000 records daily. This sheer volume of data going through AudITech’s platform daily would be impossible to do manually.
The SOX team and control owners can monitor ITGC audits from anywhere in the world, allowing for better oversight over controls and faster response times to remediate deficiencies. The easy to use dashboard has provided a single source to view all controls across all subsidiaries making it simpler to identify deficiencies and ensure standardized ITGC audits across the group.