Wherever electricity is flowing through a cable or data is being transmitted over a fiber optics cable, HellermannTyton products are never far away. Over the last 85 years, the company has developed into a leading global provider of cable management solutions and is on track to continue this growth both nationally and internationally. This expansion is also reflected in its SAP systems and authorizations, which have grown alongside its success. Today, systems with this level of complexity are expected – internally and externally – to comply with strict requirements.
The SAP systems are audited on a cyclical basis by internal and external auditors. Without a suitable tool involved, these audits are synonymous with highly extensive efforts, from preparation and subsequent tracking of audit results and assessment methods, and the internal audit of the compliance situation down to deriving measures to be taken. Those doing this manually report often less than satisfactory results, despite putting in so much effort.
In focus: reducing efforts, while continuing to meet all compliance requirements.
HellermannTyton has set itself a task for the future: It aims to monitor its IT compliance continuously and more intensively. Among other objectives, the company is focused on more systematically monitoring and optimizing its system landscape. In focus: Keep the efforts required of its team for daily monitoring and cyclical audits and any follow-on optimization as low as possible, while attaining the maximum IT compliance. To do this, the company looked for a flexible tool and a strategic partner in SAP compliance and SAPauthorizations.
The decision makers at HellermannTyton wanted to find a GRC audit tool capable of continuously mapping and managing internal processes with regard to governance, risk and compliance. In particular, such a tool needed to be capable of assigning authorizations and checking SoD conflicts (i.e. dual control principle). In addition, it needed to meet both the team’s own standards and those of the company’s internal auditors – as well as the requirements from external auditors. And all the better if the tool could support optimization of the SAP authorization concept and allow transparent SAP user and authorization management.
Deploying SAST SUITE and the associated support
Over the course of a two-day proof-of-concept workshop, a multidisciplinary team of HellermannTyton decision makers and SAP authorizations specialists installed, configured and thoroughly checked SAST SUITE to ensure it met each and every customer requirement. After this selection process, HellermannTyton decided to implement SAST SUITE – in favor of AKQUINET as its strategic partner to handle SAP compliance and SAP authorizations.
Thanks to the SAST SUITE and the set of rules it includes, authorization and SoD analyses are now available in real-time and support compliance with internal guidelines. “SAST SUITE and the highly specialized SAP consultants at AKQUINET won us over through and through,” explained the HellermannTyton team.
Uncover new potential. Derive actions.
As part of the software implementation and based on analyses, the responsible team also drew up a new authorization concept for the Finance department. The compliance status was able to be boosted in the Finance department as a result of new roles for all employees, minor process adjustments, and continuous checks performed by the SAST SUITE.
Automating audit activities and freely configurable rules.
Another important objective of the project was to fulfill different requirements for compliance reporting.
The Group auditors check the compliance status of the SAP systems at HellermannTyton on a cyclical basis. Prior to the introduction of SAST SUITE, the Group audit rules were implemented and compliance maintained exclusively by taking a manual approach, i.e. with no support from the systems. This took a great deal of effort from both the internal auditors and the staff across the various user departments.
“Since we deployed SAST SUITE, these audits are carried out with system support to the greatest extent possible, which decisively reduced the audit effort and made everything so much more transparent,” said the HellermannTyton team responsible for compliance.
In addition to its large portfolio of functions and ease of use, SAST SUITE also made the cut because of its great configurability.
Major project success through the manifold profitability of solutions offered by SAST SUITE
To meet all the requirements, HellermannTyton and its external auditors tested the Group’s set of rules against that of SAST SUITE.
The SAST SUITE rules fully satisfied the external auditors. Actually, the tool’s rule set was actually more comprehensive – because some 95 percent (a majority) of Group rules were already built into SAST SUITE. Not only that, custom developments were able to be integrated into the SAST SUITE set of rules with no issues. The external auditors analyzed all the audit rules and found them suitable.
Now, Group audits of the SAP systems take place automatically, by just pressing a button. This means that HellermannTyton itself can prepare for its audits – and perform them – at any time. This also means that Group policies can be adapted any time.
Have you been tasked with properly reorganizing authorization management to save time and resources? If you want to provide better SAP compliance and security, or carry out individual audit activities automatically in the future, find out more on our SAST SOLUTIONS website or get in touch with us.
Sascha Heckmann (Lead Consultant SAP Authorizations, SAST SOLUTIONS)
HellermannTyton GmbH is a leading manufacturer of products that bundle, secure, connect, insulate, protect, and identify cables and wires. It also provides network connectivity solutions. These products are used in every industry in vehicles, machines, and buildings. The company also develops individualized products for its customers’ industrial applications.
HellermannTyton employs over 5,750 people in 39 countries. The company is a subsidiary of a large technology company listed on the New York Stock Exchange. Its financial accounting is performed in accordance with US GAAP and in conformity with the SOX compliance requirements.
Other interesting topics: