acfe 110712 slides final3 - webinars, webcasts, lms...

Manage the Risk of Inefficiency and Occupational Fraud in Day-to-Day Business Processes

July 12 , 2011 2:00 – 3:00pm ET

Stephanie Maziol, Product Marketing Director, GRC Applications, Oracle

1

Agenda

• Welcome & Introductions

• Under-the-Radar Process Inefficiency and Vulnerability

• Inefficiency and Internal Fraud Reduction with Oracle Fusion GRC Applications

• Automated Controls Applied to Process Risks

2

3Copyright 2011 Oracle Corporation. All rights reserved.

<Insert Picture Here>

Under-the-Radar Process Inefficiency and Vulnerability


GLOBAL CORPORATE FRAUD REACHING GLOBAL CORPORATE FRAUD REACHING ALL TIME HIGHSALL TIME HIGHS

Organizations Suffering from Fraud Worldwide

Increasing Opportunity for Fraud, Waste and Errors

UNINTENTIONAL ERRORS AND LEAKAGE UNINTENTIONAL ERRORS AND LEAKAGE

Global, Fortune 500 Firm, High-Tech

Over 4 audit cycles, consultants found $17.5M in payment errors

Source: Kroll Global Fraud Report, Annual Edition 2010/2011

$0 $2.5M $5M Latin America 90%

Middle East/Africa 87%

Europe83%

North America 87%

20%

15

10

5%

Asia 92%

and Quarterly Corporate Fraud Index Network, Q1 2011


Multiple Financial Systems and Business Process Complexity Increase Risk of Errors

“Even ‘world-class’ firms average 27 different financial systems per $1B of revenue…”

- The Hackett Group

Multiple, and Heterogeneous ERP,

Legacy, Custom Systems

End-to-End Business Process


Cost of Errors is Underestimated

No Executive ConcernNo Executive Concern Dealt as OneDealt as One--Offs Offs by LOBby LOB Labor Intensive Labor Intensive

…Only 30% of companies consider error management to be a major business

problem

Handling errors is seen as the responsibility of

the line of business

Cost implications of managing exceptions are therefore hefty,

but ignored

Polling Question 1

7


Greatest Improvement Gains in Operational Processes

• Operational inefficiency and risk, often the least scrutinized and optimized

– Financial Processes• Ledger/Period Close• Payables/Receivables• Orders/Sales• Payroll/T&E

– HR Processes• Health & Safety• Hire-to-Retire

– Production Processes• Concept-to-Product

– Sales Processes• Market-to-Prospect

• Opportunity for transparency, automation and improv ement gains are the greatest


Mitigating Inefficiency and Risk

• Processes become too complex and unruly

• Controls are implemented reactively to comply with regulations and mandates

• Stakeholders too busy, not involved

• Manual control too cumbersome

• Haven’t found the right automation

• Controls are defined

• Automation enforces controls

• Controls support performance goals

• Process must complete in n hours

• Errors must occur in <n% of transactions

• Personnel must spend <n% of time performing redundant activities

• Financial loss due to error/waste/fraud/theft must be < n% of revenue


What Can Be Done?

Show Stakeholders What They Have To Gain

Increase Profit, Reduce Damage

11

Define Better Controls

Start with Low Effort, High Yield Controls

22

Enforce These Controls

Automate Where Pragmatic

33

Polling Question 2

11



Inefficiency and Internal Fraud Reductionwith Oracle Fusion GRC Applications


Detect More and Faster with Continuous Monitoring and Advanced Pattern Analysis

Apply Advanced Forensic and Pattern Analysis

Continuous Monitoring of Controls and Transactions

Duplicate POs

Accounts Payables

Duplicate/ OverpaymentInvoice

Suppliers

Test integrity of transactions and controls across business processes

Identify anomalies missed by traditional audit and controls

Visually identify suspect transactions using Benford Pattern analysisMonitor 100% of transactions and

controls in real time


Business Users Easily Build Controls and Reports

Self-Service Dashboard Reports

Business users can create interactive dashboards and personalized reporting on the

fly.

Quickly Build and Adapt Controls

Business rules and a drag-and-drop workbench makes even the most complex rules easy to

build.


Remediate High Impact Violations with Integrated Risk Prioritization and Incident Management

Incident Management

Integrated workflow efficiently resolves identified incidents and tracks status.

Risk Prioritization

Consolidated controls mgmt. and dashboard reporting automatically maps higher impact

risks.


Embedded Controls Prevent Incidents and Escalation

• Real-time, automated controls and alerts prevent fraud and errors before it occurs

• Controls installed directly into applications and without technical expertise

• Risk of fraudulent data and application changes reduced with approval workflow and audit trails

Prevent Fraud and Errors Before it Occurs


Oracle’s Governance, Risk, & Compliance Solutions

GRC IntelligenceGRC Intelligence

Executive Executive DashboardsDashboards KRIs and KPIsKRIs and KPIs AdAd --Hoc AnalysisHoc Analysis

GRC ManagerGRC Manager

Enterprise Risk Enterprise Risk ManagementManagement

Compliance Compliance ManagementManagement

Remediation Remediation ManagementManagement

GRC ControlsGRC Controls

Custom or Legacy Applications

Embedded Controls• Detective, Preventive, Contextual• Automated controls testing• Pre-built controls library

Centralized GRC Oversight • Common Repository for GRC• Audit and Assessment of Controls• Integrated remediation management

360º Visibility• Single source of GRC Information• Pre-built dashboards • Respond to KRI and issues

SOD & AccessSOD & Access Application Application ConfigurationConfiguration

Transaction Transaction MonitoringMonitoring

Preventive ControlsPreventive Controls



Automated Controls Applied to Process Risks

Polling Question 3

19


Key Processes Vulnerable to Abuse & Inadvertent Err or

Source: “2011 OAUG Governance, Risk & Compliance Best Practices Survey”, Unisphere Research, Feb 2011


Cut Procure to Pay Inefficiency & Risk

• Determine if supplier master data has changed

• Find & remediate users with privileges to enter & modify supplier master data

• Add data entry rules approving certain changes to supplier data

• Identify cash disbursements not processed but completed

• Validate supplier invoice aging, thresholds, lost discounts

Results

• Identified riskiest policies and conflicts. 25-40 controls and SOD rules were implemented.

• Automated OFAC compliance by tracking transactions against SDN listing.

• Eliminated cash payment comparisons

• Improved P2P process health and confidence

Leading global bio/pharmaceutical services organization with revenues of $1.3 B and 9,700 employees[, S&P 600 with 71 locations around 52 countries

Parexel

Requirements

• Needed solutions to expose inter-role conflicts and enforce access security

• SOD monitoring done manually thru documentation & check lists

• Ensure OFAC compliance and validate suppliers against watchlist.

• Monitor P2P transactions more effectively than looking at cash payments comparisons




Cut Order to Cash Ineffciency & Risk

• Determine if product master data is accurate

• Find & remediate users with privileges to enter & modify master data

• Add data entry rules to validate sales order ship-to destination against localized product configuration

• Find sales order transaction exceptions

• Find revenue and COGS mismatches

• Validate customer invoice aging, thresholds

Results

• Reduced order entry time by 20%• Automated audits/reports of order

entry issues• Automated exception e-mails to

notify Sales of order issue• Removed errors causing

invoice/shipping issues• Improved the overall order system

health & end user confidence

A.M. Castle, metal distributor with 55 offices in US, Europe andAsia, revenues of $1.5 B and 1,500 employees. Growth through acquisition and global expansion.

A.M. Castle

Requirements

• Inefficient, error prone quote & order entry process causing service issues

• Extensive exception reporting to correct order entry exceptions

• Numerous manual and custom audits were required to catch errors

• Many fields required additional keystrokes and navigation




Cut Financial Close Inefficiency & Risk

• Control access to ledger, ERP, consolidation, disclosure applications

• Prevent journal entries for which debit does not equal credit

• Validate that transactions are recorded according to GAAP/IFRS

• Identify changes to master data with significant impact to financial accounting or reporting implications

• Prompt users to add notes after work item is completed

Results

• Close 92 legal entities, centrally, in less than a day

• All existing controls are maintained or strengthened

• Allow for status monitoring from a single workbench

• Build better notifications and alerts

FedEx, the world's #1 express transportation provider with 200,000 employees and $37 billion in revenues, offers access to the global marketplace through a network of supply chain, transportation, business and related information services.

FedEx

Requirements

• 6 ledgers currently close in 6-7 hrs but are moving to 92 ledgers

• Going from 175 to 400 users• Are expanding from US-centric

close to one involving Canada and other regions

• Need to maintain an auditable yet efficient close


What Can Be Done?

Show Stakeholders What They Have To Gain

Increase Profit, Reduce Damage

11

Define Better Controls

Start with Low Effort, High Yield Controls

22

Enforce These Controls

Automate Where Pragmatic

33

Oracle Fusion GRC Applications Suite

• Proactively prevent transaction & processing errors

• Improve cash management & reduce AP violations

• Identify exceptions missed by traditional controls and audit

• Detect frauds faster to minimize duration & impact

• Deter fraudsters with continuous monitoring & audit trails

• Identify and remediate key control deficiencies across systems and business processes

• Analyze 100% of transactions for improved confidence and reporting

• Maximize ROI of continuous monitoring by eliminating false positives and risk prioritization

• Reduce post audit recovery and collections costs

Improve Audit Efficiency

Improve Audit Efficiency

Minimize Fraud and Abuse

Minimize Fraud and Abuse

Reduce Errors and Leakage

Reduce Errors and Leakage

30

Additional Resources

Virtual Briefing Center: www.oracle.com/goto/vbc

Oracle GRC Applications:www.oracle.com/grc

31

32

acfe 110712 slides final3 - webinars, webcasts, lms...

Documents