The Challenge Creating an Agile Foundation to Build-Off Like many marketing departments, Cprime's team had…
Prepping for IPO: A Real Estate Juggernaut Achieves SOX Compliance Using Jira and Confluence
Industry: Commercial real estate
Company Size: 4,400 Employees
Location: Headquartered in New York, United States, with locations worldwide
- Atlassian Custom Development
- Strategic Consulting (Atlassian Confluence)
- Strategic Consulting (Atlassian Jira)
This large commercial real estate development company had grown very quickly in the years leading up to the decision to go public. As a result, systems and processes required a significant overhaul in preparation for compliance requirements under the Sarbanes-Oxley (SOX) regulations that would become binding on day one following the IPO. They needed a way to manage the efforts around achieving compliance, and a solution that would allow them to maintain that compliance going forward. They tapped Cprime — a partner for several years prior — to use their existing Jira and Confluence systems to accomplish this.
Cprime has been working with this company for several years. Specifically, they rely on us to handle:
- Licensing for their Atlassian products
- Managed hosting
- Custom development
- Consultation around Atlassian solutions
As the company began preparing for their IPO, however, we deprioritized all other work so we could focus solely on developing a strategy ensuring the organization could achieve SOX compliance.
In the months preceding the IPO, a lot of internal changes occurred. The CEO resigned, and leadership carried out extensive reorganization and downsizing to bolster a sagging balance sheet. They knew that, with that situation in the recent past, SOX auditors would be especially diligent as soon as the company went public.
So, Cprime Solutions Architect Clayton Chancey — who was previously directly involved in Atlassian consultation and custom development at the company — took on the responsibility of developing their SOX compliance strategy for the Atlassian suite in partnership with leadership and dedicated SOX consultants. He served as Product Owner leading a team of six Atlassian experts, and coordinated custom development work carried out by the Cprime Studios team based in Ukraine.
“Our goal was twofold,” Clayton recalls. “We needed to revamp the setup of one of their core systems — Atlassian Jira — to make it SOX compliant. And, they wanted to actually manage their compliance activities using Jira as their project management solution. So, we needed to help develop the overall compliance strategy and configure Jira and Confluence to support that.”
John Lucas, Cprime Solutions Architect explains, “They contacted Cprime to take this on because they already recognized us as the Atlassian experts. It’s commonplace for companies to bring in compliance consultants to provide general guidance — and they did — but they could only offer blanket recommendations for how all apps and systems should function to comply with SOX regulations. They weren’t familiar enough with Jira to offer any practical guidance. We could.”
The Cprime team took a broad view to ensure they set up Jira to accommodate all SOX requirements. Jira will also efficiently manage compliance activities across the organization. So the team needed to creatively consider:
- Onboarding and offboarding
- Access control
- Segregation of duties and approvals
- Reporting and auditability
To accomplish their dual objective, Clayton, John, and the team made Jira a central hub. It could be used to track and coordinate auditable activities across multiple systems. This required custom integration development to connect Jira to various systems including those used by Finance and HR. Internal workflows and custom automation ensure that the activity that occurs within Jira is, itself, compliant. At the same time, activity coordinated with other systems is thoroughly tracked and reportable by means of simple dashboards and automated reports that can be pulled on demand for both internal and external auditing purposes.
Additionally, all the activity occurring within Jira could be tied to a dedicated space on Confluence to facilitate documentation and collaboration while maintaining the proper SOX-compliant access controls so no aspect of the financial reporting data could be compromised.
The company went public late in 2021 and, soon after, our solutions helped them achieve full SOX compliance. Shortly thereafter, external auditors conducted a thorough investigation and confirmed this designation. Needless to say, this outcome more than satisfied our client.
“Maintaining and validating compliance is always going to be an ongoing process,” Clayton concludes, “so we continue to partner with the client to administrate and optimize the Jira configurations and develop scripts and integrations as needed. But, they did the heavy lifting upfront.
“Cprime’s key differentiator in this project was the well-rounded solution we were able to provide with a particular expertise in the Atlassian solutions that other compliance consultants simply couldn’t match.”Want to share with a colleague? Download the PDF
Featured Team Members
Clayton Chancey is a highly motivated and dedicated Solutions Architect, with more than 7 years of experience and extensive knowledge in all areas of Jira and Confluence. He is experienced in leading projects from concept to completion with outstanding results. Clayton is passionate about using his technical, analytical, and communication skills to develop himself and the organizations he serves.
John Lucas is a passionate problem solver who enjoys using his own intellectual curiosity to learn new things while helping others. Leveraging 8 years of experience with strong communication and listening skills, he brings a depth of knowledge when it comes to solution development and positive outcomes in the Atlassian tools space.