Quarterly security audits used to take six weeks at CTB, Inc. With Pathlock Access Analysis, the team now identifies SoD risks in hours.
A Heavy Burden of Manual Audits
As a Berkshire Hathaway company, CTB must audit its JD Edwards World security quarterly, with additional scrutiny from annual external audits. But as Jennifer Leatherman, Director of Business Systems, explained, “Preparing for our audits was a nightmare.” Every quarter brought new audit demands, leaving the team scrambling to adjust reports, shift responsibilities, and respond to findings after the fact.
The accounting group helped define basic Segregation of Duties (SoD) rules for key processes, such as Purchase to Pay and Order to Cash. But the process remained largely reactive. JDE’s native tools and third-party reporting systems produced results that were difficult to interpret, and business controllers tasked with reviewing security found the process to be time-consuming and confusing. A single audit cycle could take up to six weeks to complete.
Turning the Corner with Pathlock
CTB discovered Pathlock Access Analysis at INFOCUS 2018 and quickly saw how it could change their approach. Within a day of training, they were live. “It was a real eye-opener to realize how many security gaps we were overlooking,” said Leatherman. “Now, all I have to do is request an audit, and we get results within 48 hours.”
The solution provides CTB with out-of-the-box SoD rules, easy-to-navigate drilldowns, and controller-friendly interfaces. Business unit leads log in, review only their users, and identify inappropriate access without relying on IT. “You just click the user to find the rule and the security conflict,” said Leatherman.
Access Analysis also flags other critical issues, such as *Public access, overuse of Function Key security, or users not assigned to any groups. And with each audit, progress is visible. “It’s like a scorecard,” Leatherman said. “It shows us the issues, tells us how to fix them, and lets us prove we’re improving.”
Audits in Hours, Not Weeks
CTB now completes each quarterly audit in a fraction of the time. What once took six weeks now wraps up in days, sometimes just one week for controller review. In the first six months, CTB reduced its number of security issues by 50%, transforming its audit process from reactive cleanup to proactive control.
“We can analyze SoD more rigorously and audit the whole system—not just last quarter’s issues. Our team feels ready for anything the auditors throw at us.”
— Jennifer Leatherman, Director of Business Systems, CTB, Inc.
