Under the Hood at Honeywell

A glimpse into Honeywell International's compliance infrastructure suggests that the company has manufactured a compliance capability that is built to last.

The global company balances a commitment to strengthening compliance while proceeding with complex strategic initiatives, including what will soon be the largest single-instance SAP ERP deployment in the world. The Morristown, N.J.-based company's success in walking this tightrope is noteworthy in the wake of questions about U.S. companies' ability to remain globally competitive -- that is, to carve out the money and time to pursue strategic initiatives -- while meeting regulatory requirements.

The achievement is also noteworthy in light of the recent surge in ERP deployments among companies of all sizes: Core ERP license revenue grew by 18 percent, or $9.2 billion, from 2005 to 2006, AMR Research reports. More companies of all sizes are relying more heavily on their ERP systems and related financial applications. This means that effective regulatory compliance depends more on managing the numerous risks that reside inside those systems and among their numerous and increasingly dispersed users.

Like other companies willing to open up the hoods of their compliance and risk management capabilities, Honeywell relies on a blend of people, process, and technology to manage its system access controls monitoring. Unlike many of these organizations, however, Honeywell relies to a greater extent on the glue of cross-functional and cross-organizational collaboration to hold its compliance responsibilities, processes, and technology together. This compliance-communications savvy contains lessons for companies large and small: Some of Honeywell's key compliance challenges are the same issues that non-accelerated filers currently grapple with in their Sarbanes-Oxley compliance efforts.

"As a security professional, I've got to care about, understand, and be ready to address the situation if someone has access to steal $500,000 from the company using our ERP application," emphasizes Jason Lish, manager, application and data security, for Honeywell global security. "Sarbanes-Oxley is no longer a finance issue or a security issue; it's both. These teams need to have an effective relationship, and we've been able to achieve that in our organization."