PASS Program Helps Companies Prepare for Increased External Auditor and PCAOB Scrutiny and Reduce Internal Controls Conflicts by 80%.
WESTON, FL (PRWEB) OCTOBER 07, 2015
ERP Maestro announced today the introduction of a new free, no-commitment offering, the Pre-Audit SoD Scan (PASS), for companies of any size running SAP® ERP software. The announcement comes as organizations begin to find it more difficult to pass audits due to higher expectations from external auditors in the wake of updates to the COSO framework.
PASS helps SAP clients understand what external auditors will see when they run their analysis of the clients’ access controls, and give them the intelligence needed to proactively prepare for and pass upcoming audits. In a 30-minute session using a simple automated tool, the organization gets a complete analysis of their SAP access controls including a full user analysis, role analysis, and detailed conflict reports that expose all risks – down to the specific users executing on those risks.
End of year audit cycles are creating urgency within enterprises of all sizes looking to meet demanding requirements while balancing the rising costs of audits. The COSO 2013 update of the widely adopted internal controls framework, which will directly influence audit programs beginning this year, ushers in stronger requirements for completeness and accuracy that can only be accomplished by automated solutions.
As a result, the Public Company Accounting Oversight Board (PCAOB) is increasingly scrutinizing external audit firms that are not thoroughly examining completeness and accuracy of internal controls in organizations, including Segregation of Duties (SoDs). The 2014 results of the PCAOB’s inspections of audits showed an average audit failure rate of more than 39 percent of inspected audits.i
“The impact to organizations is, in short, tougher audits,” said the Director of GRC Technology at a Big Four firm during a recent joint webinar with ERP Maestro. “A higher level of control, more automation within processes and the use of technology to manage those controls is now the expectation; basically the bar has been set higher. Clients now need an automated solution or more transparency around the way controls are handled. So now we’re putting that pressure onto the client companies we’re auditing to ensure they have that completeness and accuracy.”
Increased Standards and Rising Audit Costs
Increased standards could mean increased costs and hours if organizations are not properly prepared. A recent study commissioned by global consulting firm Protiviti found that 58 percent of companies said their external audit fees increased in fiscal 2014, reflecting, in part, the PCAOB’s inspection reports of external auditors and the adoption of COSO 2013 to guide documentation efforts.ii
According to an evaluation by independent analyst firm GRC 20/20, one Fortune 500 organization saved over $120,000 a year in manual and external audit costs and reduced auditing time from over 700 hours down to less than one by using ERP Maestro. “To date, we’ve been able to reduce our critical Segregation of Duties (SoD) conflicts by over 80% and our high SoD conflicts by over 60%,” said a Sr. Manager, Internal Controls & Policies at the Fortune 500 organization. “We’ve also been able to formally document our mitigating controls within the tool, which is being relied upon by our external auditors.”
Gartner estimates that only 30 percent of companies with complex business applications requiring enforcement of segregation of duty (SOD) controls make use of automated SOD controls monitoring solutions, according to its April 28, 2015 “Market Guide for SOD Controls Monitoring Tools” by Anmol Singh and Brian Iverson.iii Gartner recommends that “Compliance and IAM leaders should consider automated solutions for improving control over SoD risks for key business systems.”
“ERP Maestro wants to help companies running SAP be better prepared this audit season and we believe the Pre-Audit SoD Scan is the perfect tool to accomplish this,” said Jody Paterson, Co-Founder and CEO, ERP Maestro. “At a time when enterprise-level security threats are becoming a new normal, and fraud is at an all-time high, the PASS is a no-risk way to get ahead of any potential issues and avoid the significant costs that come with a failed audit.”
The ERP Maestro Pre-Audit SoD Scan is available to any organization running SAP ERP. There is no obligation to commit to a subscription with ERP Maestro. If the client is interested in continued access and generating new analyses, they may sign up for a free 14-day trial to evaluate the full access controls platform. To request a 30-minute PASS session visit
Click here to view the full press release.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
iii Market Guide for SOD Controls Monitoring Tools; 28 April 2015; Anmol Singh, Brian Iverson
About ERP Maestro
ERP Maestro is the only cloud-based solution that automates access controls in SAP®. With no upfront cost and a 30-minute setup, ERP Maestro automatically monitors segregation of duty (SoD) compliance, sensitive access, emergency access and secure provisioning – allowing organizations to prevent fraud, pass corporate access audits and comply with regulatory and legislative requirements. Risk management is real-time and continuous, and audit-ready reporting is available out of the box. ERP Maestro has been recognized by Gartner as a representative vendor for SoD Monitoring Tools and honored by analyst firm GRC 20/20 with both the 2014 GRC Innovation and Value Awards. To learn more visit