Cutting Through Compliance Noise: How Jabil Tackled SAP Risks

With approximately $28.9 billion in FY 2024 revenue and operations in over 100 global locations, Jabil processes millions of SAP transactions daily. For this Fortune 200 supply chain leader, ensuring Sarbanes-Oxley Act (SOX) compliance across such vast transaction volumes was a major challenge: how to detect genuine segregation of duties (SoD) violations without being overwhelmed by false positives.

The company’s governance team, led by Global Governance Lead Susan Zortea, found themselves overwhelmed by the large volume of data needing analysis. Traditional compliance methods created too much noise, causing the team to spend valuable hours investigating theoretical risks instead of focusing on actual violations that posed real threats to the organization.

“With millions of SAP transactions daily, it’s crucial to focus on actual risks—not just theoretical ones,” explained Zortea. The team needed a solution that could provide real-time visibility into true SoD conflicts at scale with granular detail, regardless of transaction size.

Real-Time Transaction Monitoring

Jabil’s solution involved implementing Pathlock’s automated access risk analysis platform. Pathlock’s technology automatically identifies all SoD issues with transaction-level insights that allowed Jabil to see exactly who executed conflicting transactions, identify specific invoices, and determine whether transactions originated from vendors or customers. This detailed visibility enabled the team to prioritize high-impact issues and respond quickly to genuine violations.

“We can now zero in on true violations—whether it’s a thousand dollars or ten million—and that has completely changed how we manage SoD,” said Zortea. “What was once complex and time-consuming is now automated, precise, and highly effective.”

The impact went beyond internal operations to affect external audit processes. With accurate reporting and clear documentation of actual conflicts, Jabil’s external auditors gained new confidence in the company’s controls, which reduced the costs of audit preparation and allowed the governance team to shift their focus from compiling reports to enhancing processes.

From Reactive to Strategic Compliance Management

Pathlock’s SAP Access Violation Management application continuously monitors SAP and non-SAP systems to identify SoD conflicts and expose violations by user, business process, and risk. This helps organizations like Jabil pinpoint their highest exposure areas and find clear paths for correction.

Today, Jabil’s SoD management process has shifted from a reactive compliance stance to a strategic approach that supports proactive risk management. With real-time detection and detailed transaction insights, the governance team can focus on strategic compliance while staying ahead of new risks.

What This Means for SAP Insiders

Prioritize SoD platforms that provide real-time monitoring and actionable insights. SAP professionals should seek solutions that act as a single control point for enforcing cross-application rules while offering transaction-level visibility into users, invoices, and the origins of conflicts. Effective platforms also reduce false positives by distinguishing between potential risks and actual violations, thereby minimizing wasted effort. This ensures compliance teams can focus resources on the highest-impact risks.

Ensure adoption challenges are addressed early to drive success with SoD management. Resistance to change and complex rule setup can derail progress if not managed carefully. Organizations that thrive often start small, focusing on high-risk areas before expanding. Jabil’s experience shows the value of clearly defining genuine violations versus false positives, with IT, audit, and business teams collaborating to set practical thresholds. The overarching lesson is that technology should simplify compliance and sharpen strategic focus, not add new layers of complexity.

Implement proven best practices to unlock the full value of SoD management. The Jabil case highlights the importance of using real-time monitoring to identify genuine conflicts, leveraging automation to cut down manual work, and providing auditors with transaction-level documentation to build confidence. According to Pathlock, companies that follow these steps can see measurable benefits, including improved compliance, faster closing cycles, and lower audit costs. Ultimately, SAPinsiders should view automated SoD management not as a regulatory burden but as a strategic tool that boosts efficiency, protects reputation, and enhances resilience in a complex compliance landscape.