A Midsize Company Conquers Global GRC Challenges

Operational flexibility and regulatory compliance are not necessarily mutually exclusive terms.

Mountain View, Calif.-based Synopsys, a maker of semiconductor design software, reached that conclusion thanks to a Sarbanes-Oxley effort that blended new automation with traditional project management discipline throughout each of its 60 global offices.

When the $1 billion company launched its initial Sarbanes compliance effort in 2005, it certainly appeared as if its globally dispersed organizational structure, a common characteristic among growing midsize companies, might pose a compliance risk. Part of Synopsys's overall Sarbanes effort included an initiative that focused on a specific internal controls issue within its ERP system. This initiative provided benefits that stretched beyond regulatory compliance to strengthen overall risk management. The effort serves as an object lesson for midsize companies striving to master the wide world of regulatory compliance demands with a more efficient approach than that typically taken by larger companies.

"The challenge with segregation-of-duties (SoD) conflicts is that they are not an IT problem or a business problem," notes Deepak Mehrotra, Synopsys's SOX compliance manager. "These conflicts are problems that need to be addressed by three areas: IT, the compliance team, and business users."