How a publicly traded SaaS company built audit-ready change controls in under two weeks
Read the case study
“Why didn’t we do this a year ago? It could have saved us a lot of heartache.”
— Isaac Klinger, Director of Business Systems at Smartsheet
As auditors become more familiar with how change approvals work in NetSuite, they’re increasingly on the lookout for situations where emergency changes and hot fixes can go unaccounted for — something the Smartsheet team learned the hard way during their first SOX audit.
Before going live with Strongpoint, they were using screenshots and spreadsheets to track change approvals — and as diligent as they were in following it, their process had no way of knowing when something slipped through the cracks.
For Smartsheet, showing the changes that followed their policies was the easy part. What was harder — and what auditors increasingly want to see from NetSuite teams — was proving they were on top of the times when they didn’t.
The Problem With System Notes
Smartsheet's first impulse was to turn to their system notes — after all, that’s what they were doing with other in-scope systems. The problem was that system notes in NetSuite often contain way more information than any team can sort through.
“We tried to run an audit log history for a month and I think it returned something like 600,000 rows!” Director of Business Systems Isaac Klinger told us.
To go through NetSuite's system notes manually, Klinger said, "we either need to double my team, or find a tool that can help us with this process."
What they needed was a proper change management system with smart detective controls. That’s when they turned to Strongpoint.
We either need to double my team, or find a tool that can help us with this process.
Smartsheet had Strongpoint up and running in two weeks — with less than 6-8 hours of work
Going Live in Less Time
The specific factors that brought SmartSheet to Strongpoint weren’t unique — but the timing was. Our products can be onboarded in a few hours but the reality is that, for most of our clients, getting buy-in across the finance and IT departments can take a few weeks.
SmartSheet needed to have four months of detective change controls prior to the start of their next fiscal year, in Feb. 2021. That meant they needed to get up and running with Strongpoint by October 1st, 2020.
With the help of our customer success team, we were able to build on the successful processes Smartsheet already had in place — and get them live with our tools in under two weeks.
Before and After
Going live with Strongpoint didn’t just keep their auditors happy — it radically rebuilt how they managed their ERP.
“Our change process for NetSuite... has totally changed,” Klinger said.
Initially, Klinger’s team had planned to rely on Strongpoint solely for its detective controls. But “seeing the functionality after a couple demos, we were like, why wouldn’t we just move into Strongpoint for all our changes?”
Now, they can easily generate noncompliant change reports showing effective detective controls. They can also produce resolved noncompliant changes reports showing that those controls were acted on.
And because Strongpoint is fully native to NetSuite, their data stays secure — and admins are automatically prevented from making policy changes that could corrupt their reporting.
Our change process for NetSuite... has totally changed.
Now, Smartsheet is saving 15-20 hours a month on audit prep — and staying compliant without expanding their team
What's the ROI?
Strongpoint’s detective controls and other audit prep tools are already delivering considerable time savings for Klinger and his team.
"For all of our other systems, we do a monthly review of all the changes that went through change management... now Strongpoint automatically does that," Klinger said.
When combined with Strongpoint's smart reporting, “I can see, easily, saving 15-20 hours a month," on an ongoing basis. And that’s not even counting the extensive investigations they’d need following a deficient audit in the future.
Best of all, Smartsheet is only getting started with Strongpoint. Upgrading to our SoD module will save them even more time and money in the future by automating key controls around segregation of duties.
The Bottom Line
For a publicly traded company like Smartsheet, anything that reduces stress and increases the certainty around audit prep is a very good thing. With Strongpoint, Smartsheet now has processes in place that will demonstrate compliance to their auditors — without exhausting Klinger and his team.
Any public company with audit requirements can benefit from Strongpoint. Our system is easy to use, working natively in NetSuite and fitting seamlessly with your existing process. We even support integration with JIRA and ServiceNow.