For Heads of IT and Business Systems of Pre-IPO Companies: How to get your NetSuite account IPO-ready and SOX compliant in just one month without killing your team using automated Change Management processes 

Step One:

Watch the Video

Step Two:

Click on "Get a Price" to Fill Out a Questionnaire and Speak to Someone On Our Team

Get A Price

Recent SuiteApp Reviews

      - Strongpoint Helped Us Achieve SOX Compliance Before Our IPO!

6/30/2020

ZoomInfo recently held the first tech IPO in our current landscape and Strongpoint helped set us up as the largest tech IPO in ten years. Technically, we have a year after our first 10Q to be SOX compliant but because of their prebuild change control policies, approval routing, ITGCs, SOD and automated reporting, they put us a year ahead of the game. Their implementation team is extremely knowledgeable and is able to get us up and running very quickly offering a very high time to value. Our SOX audit team said we had the best controls for an organization pre-IPO that they had ever seen. Thanks Strongpoint!

 

Our SOX audit team said we had the best controls for an organization pre-IPO that they had ever seen
I Cant Say Enough about Strongpoint

      - Great Product

6/23/2020

We’re constantly learning more about the features of Strongpoint and it has really helped us with change management and many ongoing clean up and maintenance initiatives in NetSuite. We’re currently looking at the “Separation of Duty” reporting feature as part of our own review. As a vendor, I can’t say enough about Strongpoint as they have been awesome to work with.

 

      - Necessary Product in Complex Environments

5/15/2019

We used to rely on JIRA and manual attachment of approvals when our team would promote changes to Production. Now, we’re using the formal process that Strongpoint provides – it has been a success across the board.

Both our leaders and our developers have significantly better insight as to what is going to be impacted indirectly when we are making changes. For our developers this is allowing us to get in front of issues better and for our leaders they are asking better questions: have we thought about all the use-cases, who did the regression testing for the indirect changes, etc.

The team at Strongpoint that managed our implementation was attentive, knowledgeable, and overall excellent to work with. We hope to maintain this relationship as we continue to expand our use of this bundle.

 

... a success across the board
Get A Price

Trusted by NetSuite Compliance Teams

Who We Are and How We Help

Customers often come to us in preparation for audit — or after having completed an audit where concerns or deficiencies were raised.

In either case, one thing is consistent — the teams responsible for managing NetSuite must support the growth of their organizations. Working to pass an audit is a necessary part of that growth, but it's also something that takes key staff away from other priorities.

That's where Strongpoint comes in. Strongpoint is a "Built for NetSuite" certified managed bundle that installs natively in your account. It starts by giving you automatic documentation of all your custom objects and the connections between them. Then, a suite of progressively more sophisticated tools helps you automate your compliance processes — saving time, saving money and freeing up team members to focus their expertise where it's most useful. 

Get A Price

Without Strongpoint

Passing audit a SOX audit requires a series of time-consuming, labor-intensive tasks. Without help, most NetSuite teams don't have the in-house resources to:

  • Document and track all customizations in the system
  • Determine and implement appropriate change controls
  • Add rigour to the change management process — and potentially support it with additional tools
  • Customize the system to enforce appropriate segregation of duties (SoD)
  • Build saved searches to track the configuration changes in the system, and identify those that are critical

The result is that many teams either struggle to pass their initial audit — often doing so with inadequate systems that make the process even more difficult going forward — or pay expensive consultant fees to get the job done right. Fortunately, there is an easier way. 

With Strongpoint

Strongpoint automates several key aspects of SOX compliance, so your team can focus on more important matters. The bundle implements quickly, using out-of-the-box rules and tools to:

  • Document customizations and dependencies
  • Log and track changes
  • Perform impact analysis and risk assessment
  • Track change requests, approvals and associated changes
  • Report, review and resolve non-compliant changes
  • Enforce and report on segregation of duties and access controls
  • Track critical transactional or record-based events with master data and financial controls

As one of our customers puts it, 

“The automation that Strongpoint builds in to protect the system is unlike anything else on the planet!”

Get Started Today

Or, read on for a review of seven critical steps towards reaching SOX compliance in NetSuite

Get a Price

Who Is This For?

Heads of IT and Finance Systems

You are the Head of IT or Systems for a pre-IPO company, or another organization that has recently become subject to SOX compliance requirements. Your main focus is establishing and integrating systems to enable the rapid growth of your company.  However, on top of that, you now need to ensure that your NetSuite change management processes are SOX compliant.

Your cloud systems are incredibly complex and putting in manual processes to monitor them is nearly impossible.  A mature NetSuite account can have tens of thousands of customizations, connected in a hundred thousand different ways. Your users and developers are making hundreds of changes in the system weekly or even daily. Your team is maxed out already — and getting them to create and adhere to audit-ready processes would take up their already scarce time.

What Are Good Processes Worth?

If your audit results in material deficiencies, your costs increase by hundreds of thousands of dollars. What's more, your key resources will be occupied for weeks responding to auditors — instead of working on strategic projects. Worst of all, your management will be breathing down your neck to get these issues resolved. And unless you get the right tools in place now, this will happen every year.

 

Why It Matters

ERP systems are becoming more complex, your business requires a constant stream of urgent changes, and compliance requirements are getting tighter every year.

Not only do your processes need to be SOX compliant, your team needs to have flexibility and control over how they make changes. When someone — internally or externally — makes a change, they can't accidentally break something. 

Most of all, you don’t want to learn what you need to do by failing your audit.

Smarter Compliance in Seven Steps

Get A Price
audit@2x

Step 1: Automated Documentation of Customizations and Dependencies

NetSuite accounts can have tens of thousands of customizations; these customizations can be interconnected in as many as a hundred thousand different ways. To determine the risk level of a change, you need to understand these interconnections. For example, changing a saved search on its own is relatively low risk. However, if that saved search is used in a script, it could break that script or, even worse, change what gets processed by it.

Documenting and tracking this is so time-consuming that nobody does it properly. One of our clients hired a team of consultants to document their account, hoping to reduce errors and speed up decisions. After six months, they gave up — the consultants produced a mammoth spreadsheet that was only partially complete and, on average, three months out of date. Fortunately, they were referred to us by a partner and have now had accurate, up-to-date documentation for over five years.

How It Works

It is impossible to manually document the level of detail in a typical NetSuite account. It is even harder to keep that documentation updated — and if it isn't updated, it's useless. Even if you could produce accurate manual documentation, trying to work through tens of thousands of lines at audit time would be unbelievably stressful and time-consuming.

Strongpoint does this automatically. We’ll help your team kick off our scanners and all of the work will be done in only a couple days — without impacting the performance of your system or the productivity of your team. And after the initial scan, Strongpoint will automatically keep your documentation up to date, so it is always reliable.

document@2x

Step 2: Automated Change Logging

NetSuite accounts are changing constantly. End users change saved searches; Administrators change fields, forms and list values; developers create and change scripts and workflows. In a typical NetSuite account, this can be hundreds of changes per month — and thousands of system notes.

One of our customers was audited by the internal audit team from their parent company. They manually reviewed 62000 system notes to see if Strongpoint was screening them correctly. In the end, all of those system notes related to 52 significant changes, all of which were caught by Strongpoint. But they were most impressed that Strongpoint had reviewed and cleared all of the remaining changes correctly. By identifying the majority of these changes as low risk and approving them automatically, Strongpoint saved the company many hours of wasted effort, and ensured that those critical changes received the scrutiny and approval they required. 

How It Works

Some companies track changes using system note searches focused on critical scripts and workflows. However, auditors increasingly criticize these searches as incomplete, since they do not include changes to objects that can impact a script or workflow, such as fields and searches used in the script. By definition, this method also misses critical changes that are not tracked in system notes.

Strongpoint is the only native NetSuite system that reviews all changes to customizations. It automatically sorts the wheat from the chaff, alerting your team to critical changes and providing simple explanations about what changed.

impact@2x

Step 3: Automatic Impact Analysis and Risk Assessment

We designed Strongpoint to help teams get more done — quickly and safely. Massively simplifying compliance and auditing is the outcome of a great process, not a goal that can be achieved by itself.  And the key to an efficient but tight process is automating risk assessment and impact analysis.

Without Strongpoint, impact analysis is difficult, and requires extensive personal knowledge of the system. Without the right information, it isn't possible for someone managing NetSuite to tell if a change to a saved search is:

  1. Safe (ie, not connected to any automation)
  2. Risky from an IT perspective (ie, used in a script or workflow that, if changed, could break the script or affect data integrity)
  3. Risky from a Finance perspective (ie, used in a sensitive process such as SOX compliance)

One of our customers had a tight change process based on JIRA. It worked and they passed audit, but it was a time-consuming and, despite the best efforts of their team, they were still making mistakes.

NetSuite recommended that they look at Strongpoint. We set them up with a new process that was much more efficient — but in ways they hadn’t expected. Instant impact analysis saved their Admins and BAs a lot of time — but approvals were actually slower, because management started asking better questions. And that’s where the real savings kicked in: mistakes and rework were dramatically reduced, and management had more confidence in the process. 

How It Works

Strongpoint impact analysis is driven by NetSuite best practices and combines detailed dependency information with practical explanations of risk. Whether you are working in JIRA/ServiceNow or in Strongpoint directly, you can quickly set up change policies that guide your team to follow the right process for your company. This ensures that the change process is both efficient and effective.

icon 3@2x

Step 4: Automated Change Request / Change Log Reconciliation

Our customers often hear the following from their Auditors: “Thanks for showing us all the planned changes in your ticketing system, can you now show us your unapproved changes?” This critical question is at the heart of the audit and often focuses in on more difficult changes to track, such as Scripts, Workflows, Enabled Features, or Managed Bundles.

Making a list of changes in your account is only half the battle. Proving that you understand why the changes were made, that they had the appropriate approvals, and that they followed the right process is just as important.

A longstanding customer described their old audits as a three week medical exam — a very visual and strangely apt analogy: the process was unpleasant, the preparation was even more unpleasant and you never knew what the auditors were going to find.

Without Strongpoint, this customer spent weeks preparing for their audit — and failed anyway. Their experience now could not be more different. Our continuous audit process ensures the account is ready to review at any time. They can quickly produce for their auditors three standard reports that answers almost all their questions. 

How It Works

Documenting the links between approved change tickets and NetSuite system notes is a very time-consuming and non-value adding process for your critical IT staff. They are either spending days every quarter manually reconciling system notes to tickets, or spending days during an audit responding to auditor requests based on sampling. Either way, it is a tremendous waste of IT capacity.

Strongpoint automatically reconciles changes to approvals and automatically tracks the changes and updates that are the most difficult to capture manually. This functionality can be easily integrated into JIRA and ServiceNow using pre-configured plugins, so that your teams can continue using those platforms while taking advantage of Strongpoint’s industry-leading impact analysis and change policies.

compliance@2x

Step 5: Reporting, Review and Resolution of Non-Compliant Changes

Nobody’s perfect and your auditors don’t expect perfection. Rather, they are looking for consistent oversight on all critical changes. In other words, they expect you to have a policy and to follow it.

NetSuite consultant RSM asked us to assist with a customer who had a catastrophic audit despite laboriously documenting the changes in their system. This customer's global CFO had determined leave NetSuite if they couldn’t resolve these issues. The customer implemented Strongpoint and began to receive a weekly report of non-compliant (ie, unapproved) changes. This accountability not only tightened their processes but also enabled them to be ready for audit at any time. They passed the next audit with flying colors and were held up as a global example of how to run compliance efficiently.

How It Works

Once automated and continuous audit is in place, Strongpoint alerts Administrators and Managers when a high risk change occurs without the proper approvals. This is critical information — and this automation ensures that people do not have to sift through hundreds of changes to identify the important or risky ones. In addition, it ensures that every critical change is reviewed and approved.

Strongpoint continuously audits your changes so you know you will pass audit in each of the areas we cover. Any critical change not approved in advance is flagged for review.  Non-critical changes are automatically cleared.  The result is up to a 90% reduction in audit preparation time, and significant reductions in audit costs for many customers.

roles@2x

Step 6: Segregation of Duties and Access Reviews

Implementing segregation of duties (SoD) does not have to be challenging. The difficulty is that roles and permissions are often not ideally set up to support SoD. This leads to ‘phantom’ conflicts that arise when users have inactive or obsolete permissions —which in turn necessitates significant retesting of processes. However, Strongpoint’s advanced tools and deep integration into NetSuite can substantially simplify the process.  

Customers often come to us after an SoD review conducted using a third party tool revealed a complex mess of conflicts.  One large company discovered conflicts on essentially every role and were advised to undertake a massive role redesign project.  Using our tools, they were able to rapidly identify unused roles and role assignments, as well as unused permissions within those roles, that could be safely modified to remove the conflict. 

As a result, they were able to quickly resolve the vast bulk of the conflicts, and focus their efforts on tightening process and roles in critical areas. Moving forward, their access reviews will be evidence-based, eliminating many hours of unproductive communication with executives and process owners.

How It Works

Traditional SoD access reviews are snapshots in time; auditors check roles and permissions at the time of the audit. As a result, they could miss conflicts that occurred between audits, or those requiring manual review of related changes. Strongpoint, on the other hand, continuously audits role and permission changes, and can even block particularly unsafe changes such as granting of Admin rights.

Strongpoint is the only native SoD solution for NetSuite and the only solution that can identify and resolve phantom conflicts.  Our access review tools, robust rule library and rapid implementation methodology not only identify and help resolve conflicts,  but set up the process for simpler ongoing access reviews and audits.

chnage@2x

Step 7: Master Data and Financial Controls

Configuration changes are not the only important changes to your NetSuite account. Changes to master data can significantly affect financial integrity. Similarly, not all transactional behaviour can be managed through roles and permissions alone. There may not be enough staff in a team or given subsidiary to divide up job responsibilities into separate roles. To manage these risks, you need a solid system of detective controls.

One of our customers had a robust process for approving journal entries and other financial changes, but struggled to prove to auditors that their controls were effective. Using Strongpoint, they were able to set up automated controls and consolidate the results into a single list of conflicts for regular review and clearance.

Some companies use saved search alerts as detective controls, but have difficulty proving that alerts were sent or acted upon. In addition, system notes searches can be difficult to run over a significant time frame. Our customer also had difficulty cross-matching data from different searches, and found the export and review process needlessly time-consuming.

How It Works

Strongpoint converts saved searches into powerful detective controls that automatically log violations directly in NetSuite.  Enhanced features enable cross-matching between searches to reduce false positives. Automated processing allows for searches to be run more efficiently and reliably.  Best of all, all of the control incidents can be consolidated into a single list for easy review. 

Get A Price

Enhancing the Productivity of Your Team

Give your team the tools they need to manage NetSuite effectively

The steps outlined above outline some of the key challenges companies face meeting SOX compliance requirements. But Strongpoint does more than just compliance — it's a full suite of tools for enhancing the productivity of your team, without affecting safety or system integrity. 

Watch the video for an overview of some of our key product features.

Learn more about the leading SOX compliance app for NetSuite

Caclulate your price and a member of our team will reach out to discuss your specific requirements

Get a Price