Case Study / Home Manufacturer

Clayton Homes

The Largest Mobile Home Manufacturer in the US Achieves Its Goals with Fastpath…and Experiences the Benefits of a “Proactive” Approach

The Challenge

Headquartered in Maryville, Tennessee, Clayton Homes was founded in 1956 by Jim Clayton to refurbish and resell mobile homes. By 2002, Clayton Homes had an revenue of $1.2 billion and was acquired by Berkshire Hathaway in 2003. Clayton Homes is now the largest builder of manufactured housing and modular homes in the United States. Subsidiaries include the Clayton Home Building Group, Clayton Properties Group, Vanderbilt Mortgage, 21st Mortgage, and the HomeFirst Insurance Agency.

When Matthew Rekers, ERP Specialist III and Risk Advisory Lead, started at Clayton Homes, the company was moving from a legacy system to Oracle Cloud. Coming from a public accounting background into an internal audit position, Matt could see their existing systems had Separation of Duties (SoD) challenges, so he started an advisory project to address the SoD issues before the company moved to Oracle Cloud and SCM Cloud.

“The front-end is the best place to help companies just starting out on a new implementation and going forward. And Fastpath is one of the most cost-effective tools to do that.”

Matthew Rekers, ERP Specialist III and Risk Advisory Lead, Clayton Homes

The solution

Realizing the task of managing SoD controls for the new software was going to be complicated, Matt reached out to many other companies including a Berkshire Hathaway subsidiary that had already implemented Oracle Cloud and found many of them were using Fastpath. While performing his due diligence, Matt found that many companies were struggling with their SoD and risk conflicts in Oracle Cloud because they were trying to fix the issues by retrofitting user roles after they went live on the software. According to Matt, “It turns out that many of the seeded roles within Oracle Cloud come with inherent SoD conflicts. I actually never found anyone who dealt with SoD issues on the front end.”

Matt’s team also considered other SoD solutions, but in their view, they were not as robust as Fastpath and were more expensive and challenging to use. “Plus,” Matt explained, “those solutions are designed to fix SoD problems that are caused by the seeded roles that come with Oracle Cloud. They just did not have the ROI potential we were looking for.” Fastpath allowed Clayton Homes to focus in on what they needed for the design of custom user roles. “We also felt that Fastpath would be the most responsive to any concerns we had with the product going forward,” Matt concluded.

The results

Matt’s team used Fastpath to design user roles for both the Oracle Cloud financial and supply chain products prior to go-live. Big Four auditors provided by Berkshire Hathaway helped with reviews of the user roles and the company passed “with flying colors.” Implementing Fastpath from the start of their Oracle Cloud implementation has made it much easier for Matt’s team to monitor maintain the security roles within Oracle. Fastpath lets his team review weekly Separation of Duties automated reports. “ITGC and SOX becomes less of a concern,” he said. “And if anything is a problem, I learn about it through my weekly audit reviews.” Access reviews are conducted quarterly, and roles can be reviewed by business unit. Fastpath also helps the team monitor sensitive access issues (correcting manual journal entries, errors, and higher-risk access problems) on a monthly basis, identify exposure to risk, and to take corrective action, as necessary.

When sharing his feedback about the company’s experience with Fastpath, Matt was compelled to stress the lessons he gleaned from the companies he interviewed while performing his due diligence, looking for a SoD tool like Fastpath—and how being proactive helped his team avoid the issues they encountered. A key to the success of Clayton Homes implementing Fastpath was to plan for and address SoD roles, controls, and rulesets on the frontend, before the implementation began. “Many companies wait until the implementation is over and the roles have been baked in,” said Matt.

“Changing the roles at that point requires a complete overhaul of the business processes within the organization. This affects not only change management, but also the business practices after the users become used to how the new systems work. By setting up the security and SoD roles with the proper functionality during the implementation makes it much easier for users because they are already changing their work routine with the new software and will not notice the difference.” So, if this problem is so prevalent, why do so many companies fall into this trap? Matt thinks he knows at least some of the reasons: “It’s the nature of the SaaS systems and the complexities of going to the cloud. The CFO is ultimately responsible for the control environment, but with the pace and growth of technology, you also need someone who understands the financial controls as well as the systems. That really is the challenge – having the people on the team that can keep up with the technology.” Another piece of the puzzle involves the system integrator (SI): “Most companies don’t know that implementing system functionality and configuring the system security and controls are two distinct parts of the job. Nobody audits on the front-end and tells them there are these gaps for exposure. And there are so many changes the system integrator is doing when moving to a new system that it can easily get lost.”