Case Study · Identity & Access Management

How a Fortune 500 Firm Eliminated SoD Violations

A publicly traded Fortune 500 technical professional services enterprise was carrying recurring Segregation of Duties violations and audit findings into every cycle. Compunnel built an end-to-end IAM program — least-privilege RBAC, lifecycle automation, and centralized governance — that removed the violations at the source and made compliance a byproduct of daily operations.

Fortune 500
Publicly traded technical professional services enterprise
Multi-Unit
Multiple business units, fragmented operating systems
100%
Onboarding fully automated end-to-end
Zero
SoD violations after program close-out
The Challenge

Manual identity processes producing the same audit findings, cycle after cycle.

Across multiple business units, identity operated as a collection of ad-hoc processes rather than a program. Each unit handled provisioning, role changes, and reviews differently — and every audit surfaced the same Segregation of Duties violations the prior audit had flagged. The root cause was structural, not procedural.

  • IAM processes fragmented and manual — access decisions inconsistent across business units.
  • Provisioning workflows lagging behind organizational change, slowing daily operations.
  • Segregation of Duties (SoD) violations surfacing in every audit cycle.
  • No standardized Role-Based Access Control (RBAC) across the enterprise.
  • Automated controls absent — exceptions handled reactively, not by design.
  • Compliance exposure and operational drag accumulating in parallel.
Our Approach

An automated governance program that closes audit findings at the source.

We did not patch the symptoms. We rebuilt the operating model so the violations had nowhere to form.

Architect
A mature, end-to-end IAM program across business units

Replaced ad-hoc identity processes with a single program spanning the enterprise — one operating model, one governance framework, one auditable system of record.

Govern
Enterprise-wide least-privilege RBAC

Standardized role-based access across all units. Entitlements aligned to job function rather than historical artifact, with continuous review baked into the program.

Automate
Joiner-Mover-Leaver (JML) lifecycle automation

Onboarding, role changes, and offboarding now run as automated workflows — closing the lag between an organizational event and the access change it should trigger.

Detect
Automated SoD controls + centralized access governance

Segregation-of-Duties policies enforced in real time, not in retrospect. Every entitlement decision flows through a centralized governance layer that produces audit evidence as a byproduct.

Outcomes

What changed for the client.

100% automated onboarding

New hires productive on day one with the right access — no spreadsheets, no manual tickets, no exceptions.

Zero SoD violations

Segregation-of-Duties conflicts removed at the source. Audit cycles run without the access-control findings that defined every prior review.

Full audit visibility and compliance

Access ownership, entitlements, and review status visible at any moment — evidence is always current, never assembled under pressure.

Capabilities Delivered

What the program was built on.

End-to-End IAM ProgramLeast-Privilege RBACJML Lifecycle AutomationAutomated SoD ControlsCentralized Access GovernanceContinuous Access Review
Download the Full Case Study

Get the complete engagement story — problem, approach, and measurable outcomes.

By submitting, you agree to be contacted by a Compunnel advisor. We never share your information with third parties without your consent.

Carrying the same audit findings year after year?

Our IAM advisors will assess your current access governance, identify the structural gaps that keep producing the same violations, and propose a program built to close them at the source.

Talk to an IAM Advisor →