Case Study: Honeywell
Continuous Auditing of User Access & General Computing Controls at Honeywell
Honeywell Aerospace is a leading global provider of integrated avionics, engines, systems and service solutions for aircraft manufacturers, airlines, business and general aviation, military, space and airport operations. Honeywell Aerospace is a division of Honeywell International, a $36 billion diversified technology and manufacturing leader, serving customers worldwide with aerospace products and services; control technologies for buildings, homes and industry; automotive products; turbochargers; and specialty materials.
Business Challenge
With thousands of users worldwide and a compliance infrastructure that spreads across the globe, Honeywell Aerospace needed a controls intelligence solution that would address two very critical audit findings:
- Excessive access to business transactions by business and non-business personnel existing in the production environment.
- A lack of a formal process for monitoring the activities of users with excessive business transaction access.
Honeywell’s 2005 annual audit was the second year in a row that the company’s external auditor, PwC identified user access issues. The audit findings received the board of directors’ and management attention and soon became a corporate priority. In addition to the audit and SOX compliance mandates, Honeywell also had to meet additional security regulations like ITAR. To compound the issue, Honeywell was in the midst of a global rollout of SAP at the time. Given the multi-layered challenge Honeywell faces, they needed a compliance solution that would not only address the user access issues and mitigate possible violations but also create a repeatable process that would savetime and resources on an ongoing basis.
Approva's Approach
To address the audit and security requirements, Honeywell formed a cross-functional team comprised of business managers and staff fromfinance andIT Security. The team implemented the Approva BizRights controls intelligence platform to continuously monitor for user access violations and continuously audit their SAP environment.
Results
Using the Approva solution, Honeywell reduced SoD violations by two-thirds in less than a month. “The nice thing is that we now know where we are in terms of access issues before internal audit comes in. By that time, we are already starting to drive the remediation of any new issues that crop up,” said Jason Lish, Senior Manager, Application and Data Security, Honeywell. Honeywell’s automated continuous monitoring framework has delivered some long-term benefits in addition togreatly reducing the time the company now spends on manual work. The Approva BizRights platform has helped Honeywell to:
- Eliminate 3,000 violations within a 30-day period
- Close out two audit findings related to excessive access and monitoring
- Automate reports and provideaudit trails
- Identify control exceptions and automate mitigating controls
- Reduce the cost of monitoring controls
- Provide a common data set for finance, IT security, business managers, and the SAP team to drive ongoing improvements