Standardizing the control and compliance environment
Taking the risk out of compliance
The backbone of Syngenta’s compliance program
- Moving from traditional periodic testing to continual testing and walkthroughs
- Using representative sample methodology to assess the control environment
- Proactive remediation
- Test results fed a Global Process Owners’ organization
- A central team – a single point of contact for all stakeholders
- Continuous internal control evaluation – process walkthroughs and control testing are performed on a continual basis with monthly Service Delivery Reviews to report results and discuss remediation. Additional process walkthroughs and control testing are performed to ensure that SOX requirements are met.
- Internal audit recommendations follow-up – Internal audit recommendations are tracked globally and reported to proactively identify and assess issues that are have become overdue or need special attention. An independent audit is performed to ensure that recommendations have been sustainably implemented.
- Access controls process – research and risk analysis of ERP access for each request is carried out to ensure risk-free access in line with Segregation of Duties (SOD) specifications. Audit and approval of emergency access ensures that usage is within requirements. Monthly reporting that includes insights into the current status of SOD risks and emergency access usage allows for the identification of improvement areas in role design and reduction in emergency access usage.
Results count – increased confidence in the compliance environment
Implementation of the CAP resulted in a significant increase in confidence among stakeholders in the compliance environment. The CAP enforces the Control Framework across business units, which proved to be challenging before its implementation keep the full stop.
An independent CAP team based out of Capgemini’s Global Competency Center in Bangalore enabled Syngenta to free up resources in its headquarters, regions, and country teams. This led to some specific tangible benefits including:
- Cost savings – the cost of CAP offset a reduction in internal compliance resources by more than 35%, substantially reduced contract compliance resources, and reduced external audit fees.
- Agility – a centralized CAP team allows Syngenta to respond to compliance requirements resulting from new business changes with much more agility and less cost.
- Transparency – monthly reporting provides visibility on a near real-time basis on open risks and their remediation status.
- More objective controls testing – the CAP team is fully independent from control performers and managers.
- Increased efficiency – Syngenta has remained SOX compliant at all times.
- Risk free SOD – continuous provisioning with risk free roles and remediation helps reduce SOD risks to a minimum globally.