Debbie Whitmire

Chief Financial Officer, Miller Industries

Miller Industries was founded in 1990 and is the world’s largest manufacturer of towing and recovery equipment.  Our equipment is what helps when your car breaks down on the side of the road or when roadways need to be cleared after an accident. 

Listed on the New York Stock Exchange, Miller Industries has a total of four manufacturing facilities in the United States, England, and France. 

Miller Industries markets its products under the well-known brands of Century®, Holmes®, Chevron®, Vulcan®, Boniface®, and Jige®. We provide a complete line of quality equipment including carriers up to 30 feet in length with deck capabilities of up to 40,000 lb and towing recovery units with boom capacities of 100 tons. Products are sold and serviced through the largest distribution network in the industry. 

Supernova Award Category: 
Digital Safety, Governance, Privacy, and Cybersecurity
The Problem: 

As a publicly traded company, compliance is crucial to protecting investors and minimizing the risk of financial fraud or unauthorized access to sensitive data. We operate with a lean workforce of just 1,600 employees so it is common for staff to take on multiple roles or responsibilities. Additionally, each manufacturing facility has its own staffing structure, adding complexity to managing standardized roles across the organization. As a result, ensuring there was Segregation of Duties (SoD) without placing constraints for users to perform their jobs was challenging.   

Managing SoD involved a manual process called "negative testing," where individual testing was conducted to determine what an employee could or could not do. This process had to be repeated each time a user was added or changed roles. It was an ongoing effort, not just an annual exercise for auditors.  

We were also challenged in conducting annual user access reviews because we didn’t have a tool in place that makes it easy for every manager in the company to verify if their people have the right user access.  We would complete reviews manually by connecting with certain managers if we made an organizational change and high-risk areas to prepare for audits.  

The Solution: 

When Miller transitioned to Infor CloudSuite Automotive in 2021, we embraced the opportunity to streamline manual processes we previously relied on with Infor Governance, Risk, and Compliance (GRC).  It is an integrated risk and compliance platform that continuously monitors business processes and offers the most automation and out-of-the box controls for our ERP.  The solution gave us the confidence to adopt a new cloud ERP system, enforcing access controls while still enabling users to perform their daily tasks.   

It would have been extremely difficult to go live with Infor CloudSuite without the support of Infor GRC. As we continue to roll out Infor CloudSuite to new locations, Infor GRC operates smoothly in the background, allowing us to quickly assign roles and give users access to a test environment. This enables them to carry out necessary testing, and when transitioning to the production environment, there’s minimal risk of disruption due to authorizations or access issues.

The Results: 

Infor GRC has freed our financial executives, business managers, IT team, and auditors from the manual and error prone procedures to ensure that the organization’s internal processes and policies are enforced and auditable. ​ It has reduced our risk management costs while providing our executive team with confidence that the necessary oversight is in place. 

With Infor GRC Authorization Manager, SoD management is fully automated.  Infor GRC provides a standard set of rule books with our ERP to automatically generate any SoD violations for us to review as well what if analysis to test different role or permission scenarios.  All the risks are laid out, removing the need to do negative testing.  Now, we only spend one or two hours with the external auditors, which is a huge savings on our side. 

Infor GRC Certification Manager solved a major challenge in conducting annual user access reviews because it an automated process that makes it easy for every manager in the company to verify their people have the right user access. Previously we spent weeks to prepare for audits and now we do a quick, daily check-in with the dashboard to see where we are in the process.  

Miller Industries partnered with New River Systems to implement Infor GRC. A great benefit of the relationship was a focus on transfer of knowledge so that we are empowered to build out more functionality and maintain the system ourselves and support the business as it transitions from generation to generation.   

Metrics: 

Infor GRC has transformed the daily tasks of my team. Instead of handling numerous manual steps, the GRC dashboard provides my team answers, saving hours of gathering information and tracking down people to make corrections.  With the deployment of two modules, Authorization Insight and Certification Manager, Infor GRC is lowering risk and cost at Miller Industries.   

  • Authorization Insight for fast and accurate mitigation and auditing: 
    • 93% productivity improvement and 672 hours saved annually 
    • 90% reduction in auditing costs related to access testing 
  • Certification Manager for easy user access review and completion: 
    • 100% user access reviews 
    • 98% productivity improvement, 105 hours saved annually 

To see the video testimonial speaking to metrics, click here 

The Technology: 

Infor GRC is a multi-tenant, centralized platform: 

  • Stream ERP application data for monitoring 
  • Analyze the data extracted 
  • Report and display violations identified during the analysis (GenAI summarizes the violations) 
  • Notify business users about the risks 

The platform is the core and comprises of data extraction, rules, and reporting engines. Insights provide predefined, highly configurable content offerings that notify about the actions each user can perform in the ERP systems.  

Disruptive Factor: 

Before we had Infor Certification Manager, we were not able to perform across all our  users.  We prioritized high risk areas, but we did not have the bandwidth to connect with each manager.  What is game changing is that Infor GRC Certification Manager fully automates the user access review process and is finished in a two-week period. Each manager is responsible for reviewing and sign off on user roles and responsibilities that they have in the system.  

The Infor GRC dashboard tracks each manager’s progress, sends reminder notifications to ensure timely completion of review, and finally escalates to their manager if we're getting close to the deadline.  Once completed, the CIO reviews and signs off so it can be given to the external auditors. 

Shining Moment: 

With continuous expansion over the past several years, Miller required tighter control of user access and a more accurate and efficient approach to audit preparedness and managing governance, risk, and compliance.  I’m proud we dedicated time to implement Infor GRC when most of our time was prioritized and dedicated to a successful ERP cloud migration. As a result, we have reduced risk management costs while providing our executive team with confidence that the necessary oversight is in place. 

About Miller Industries

Miller Industries was established in 1990 and has since become a recognized leader in the global market for towing and recovery equipment. At Miller Industries, we are known for our strong commitment to innovation and quality througout the industry.