Phinergy, a clean energy company focused on developing metal-air technology, needed an automated solution to streamline its IT General Controls (ITGC) audits, which were taking 200 hours annually.
Liza Ohayan
CFO, Phinergy
“The one thing I don’t have enough of is time, so automating ITGC audits was instantly appealing. Scytale drastically cut down the time and cost associated with our IT audits. It’s one less thing for me to worry about and it took no time at all to get going with it. Literally, a few clicks of a button and the reports were ready. I used to hate audit time but now it’s always running and no manpower is wasted. It’s a win-win.”
Phinergy’s ITGC audit process was largely manual and disproportionately resource-intensive relative to the company’s size. Despite having only two systems in scope, Priority ERP and Azure Active Directory, and a dedicated HR system, the audit required significant effort and extensive cross-departmental coordination. The absence of automated tooling created a meaningful operational burden, increasing the risk of delays, inefficiencies, and inconsistencies in evidence collection and compliance validation.
The audit scope covered Priority ERP and Azure Active Directory, and an HR system. During the audit period, the company underwent significant infrastructure changes. These included the migration of the Priority ERP database from an on-premises SQL environment to the cloud and the transition from on-premises Active Directory to Azure Active Directory. All changes occurred within a single audit period, requiring controls to be assessed and evidenced before, during, and after the migration to ensure continuity of SOX ITGC compliance.
In addition, the lack of a formal ITSM platform limited standardized workflows, approvals, and native audit trails typically expected for SOX ITGC compliance. To address this gap, alternative automation and continuous monitoring mechanisms were implemented to compensate for the absence of ITSM tooling while still producing reliable, auditable evidence.
To address the operational burden and complexity of a largely manual ITGC audit process, Phinergy implemented Scytale’s ITGC automation platform. The solution automated key ITGC controls and evidence collection activities across all in-scope systems, including Priority ERP, Azure Active Directory, and the dedicated HR system, significantly reducing manual effort and cross-departmental coordination.
The platform integrated with all in-scope systems to provide complete ITGC coverage. This enabled continuous monitoring of controls throughout the audit period — before, during, and after the migration of the Priority ERP database to the cloud and the transition from on-premises Active Directory to Azure Active Directory — ensuring consistent SOX ITGC coverage despite ongoing infrastructure changes within a single audit cycle.
Throughout the audit, the Scytale team worked closely with Phinergy in a hands-on manner, guiding the organization step by step in leveraging the platform and taking full ownership of the implementation process. This included configuring integrations, aligning controls to the evolving environment, and supporting evidence validation in real time.
In the absence of a formal ITSM system, Scytale’s automation capabilities were used to establish structured workflows and auditable trails. A key improvement was the automation of employee onboarding, where data captured through a standardized email template and the HR system was automatically ingested into the platform, triggering access provisioning controls and generating reliable audit evidence with minimal manual intervention.
Scytale automated 100% of Phinergy’s ITGC audits, enabling continuous monitoring and independent detection of deficiencies.
The platform integrated smoothly with Phinergy’s existing systems, reducing manual effort and centralizing compliance activities.
Guided workflows, automated onboarding processes, and data integration streamlined operational efficiency, making compliance tasks more manageable.
Phinergy saw a 75% reduction in audit time in the first year, with a 90% reduction in the second year onwards, significantly lowering time and cost associated with audits.
The implementation of Scytale’s solution drastically reduced Phinergy’s audit time from 200 hours to just 90 minutes for two rounds of testing in 2023, the rest of the work was taken care of by the platform. This resulted in a 90% reduction in the total audit time, allowing the company to focus on its core mission of advancing clean energy technologies while enhancing its compliance and monitoring capabilities.
Scytale automated 100% of Phinergy’s ITGC controls, covering critical areas for both Priority ERP and Active Directory systems:
Priority Logical Access Controls
Control | Priority |
Logical Access | |
Users Review | ✔ |
Admin Users Review | ✔ |
Role Assignment | ✔ |
User Account Creation (On Boarding) | ✔ |
Terminated User Access (Off Boarding) | ✔ |
Password Settings | ✔ |
Change Management | |
Change Request | ✔ |
QA Approvals | ✔ |
UAT Approvals | ✔ |
Manager Approval | ✔ |
Active Directory Logical Access Controls
Control | Active Directory |
Logical Access | |
Users Review | ✔ |
Admin Users Review | ✔ |
User Account Creation (On Boarding) | ✔ |
Terminated User Access (Off Boarding) | ✔ |
Access to Key Financial Folders | ✔ |
Password Settings | ✔ |
