Client: Global Food and Beverage Company

Client Situation

The AddVantage Group was engaged by the Governance, Risk and Controls group for a Fortune 100 food and beverage company to help select and implement a new Controls Management tool, which was required after the company completed a major divestiture.

• Client was required to identify access management tools that could replace the existing tool, which due to divestiture-related licensing issues, would no longer be available
• Client lacked the expertise required to identify and select tool as well as to determine the impact from a process and skill set perspective
• There was a limited amount of time to transform all current Access Controls over to the new tool
• Due to limited experience with Controls Management tools, client team members lacked subject matter expertise required to implement and support a new application

Our Approach

• Advocated for clients business, technical and controls environment during tool selection presentations from 3rd party vendors
• Assisted client in reviewing proposals from third party implementers for the technical tool implementation
• Developed a timeline and approach in coordination with client and third party vendor team members
• Continuously clarified timeline and responsibilities, advocating for client during the implementation process with third party implementers
• Guided client staff during the review of access controls translation from legacy systems, validation and verification
• Identified issues related to the transition including the development of new processes and the hiring of new staff to support the new tool and organization
• Collaborated with client management and executive leadership to set expectations, deliver regular status updates, identify resource gaps and propose viable process, resource or technical solutions
• Supported knowledge transfer to controls and business team members through coaching and formal training programs
• Led development and review of step-by-step process documentation

Outcomes

• Client selected the SAP GRC 10.x tool that was aligned with company strategy
• Client staff were developed and trained on a repeatable controls reporting process
• Critical timeline and transition plan targets were met
• Successful implementation of GRC Access Controls 10.x and GRC Process Controls 10.x
• Increased reliability of GRC Access Controls reporting for Access Development, Access Requests, SOX reporting and internal and external audit purposes
• Established a foundation for the future implementation of Controls Automation