<Insert Picture Here>
Financial Audit Scoping Tool
Blueprint for Oracle GRC Applications
Implement Audit Standard 5 (AS5) scoping to streamline financial
reporting compliance
• Financial Audit Scoping Tool Blueprint Overview
• Business Challenges
• Solution Details
• Challenges, Capabilities & Benefits
• Process Flows
• Capabilities Details
• Related Requirements Coverage
• Oracle Blueprints for Oracle GRC Applications
Financial Audit Scoping ToolAgenda
Blueprint purpose:• Integrate Oracle Enterprise GRC Manager with Hyperion Financial
Management to allow auditors and managers to evaluate business
process risk based on its impact on financial balances
• Blueprint benefit:• Helps customers implement Audit Standard 5 (AS5) scoping to streamline
financial reporting compliance
• Reduce external audit fees by providing a methodical, rule-based
selection criteria that aligns financial audit activities with controls
Blueprint items:• Auditor Workbench with robust, integrated controls selection based on
accounts, organizations, financial balances and risk-based criteria
• Pre-built analytics of in-scope controls for assessments
• Automated creation and initiation of EGRCM Controls Assessments
Financial Audit Scoping Tool Solution Summary
• Financial Audit Scoping Tool Blueprint Overview
• Business Challenges
• Solution Details
• Challenges, Capabilities & Benefits
• Process Flows
• Capabilities Details
• Related Requirements Coverage
• Oracle Blueprints for Oracle GRC Applications
Financial Audit Scoping ToolAgenda
SEC fact:
Auditing Standard No. 5 (AS5) directs auditors to focus on those areas that present the
highest risk, such as the financial statement close process and controls designed to prevent
fraud by management.Source: SEC Approves PCAOB Auditing Standard No. 5, July 2007
Percentage of Internal Control
Weaknesses by Category
Personnel
Issues
17%
Financial
Close and
Controls
37%
Significant
Account
Level
40%
Other
6%
Source: Market Reactions to the Disclosure of Internal Control Weaknesses and to the
Characteristics of those Weaknesses Under Section 302 o the Sarbanes Oxley Act Of 2002,
July 2007
Financial Audit Scoping Tool CFOs struggle to improve governance of their financial processes
Financial Audit Scoping ToolFrequency and Complexity of Transaction
• Top-Down, Risk-Based Approach for Identifying Significant
Accounts and Key Controls to Audit
• Focuses Testing on Risk Exposure rather than Coverage
• Reduces Control Testing Audit Costs
• Fine Tunes the Definitions of Material Weakness and
Significant Deficiency
• Guidance is Designed to Facilitate more Efficient External
Auditing including
• Scaling of the Audit for the Size and Complexity of the
Company
• Removes Requirements to Evaluate Management’s Process
7
Financial Audit Scoping ToolBest Practices to Reduce Level of Effort
• Financial Audit Scoping Tool Blueprint Overview
• Business Challenges
• Solution Details
• Challenges, Capabilities & Benefits
• Process Flows
• Capabilities Details
• Related Requirements Coverage
• Oracle Blueprints for Oracle GRC Applications
Financial Audit Scoping ToolAgenda
Financial Audit Scoping Tool GRC Fundamental to Financial Close
Ledger
Close
Data
AssuranceConsolidation
Internal
Managemen
t Reporting
External
Financial
Reporting
Filing
Documentatio
nFinancial Processes, Risks & Controls
Assessment Control Effectiveness Orchestration Misstatement Risk Modeling
TestingProcess-Based
Audit Scoping
Accounts-Based
Audit Scoping
Risk-Based
Audit Scoping
Investigation Suspicious Financial Transaction Analysis & Monitoring
Remediation Risk Mitigation Planning, Tracking and Evidencing
Certification Internal Controls over Financial Reporting 302 Certification
Close
Compliance
Key Capabilities:
•A unified workbench that brings HFM and EGRCM data together
into a single workspace
•Consolidated significant accounts in HFM that are mapped to
controls in EGRCM are readily identified, as well as associated risks
•Controls that are identified as in-scope are easily assigned to
testers in an assessment plan
•Executive dashboards with the financial coverage of the
assessment plan, as well as the type and nature of the controls that
are in scope
EGRCM Capabilities:
• EGRCM enables customers to manage GRC-related business
processes across the enterprise and HFM enables customers to
centralize financial reporting and enterprise consolidations.
Financial Audit Scoping Tool Solution Details
11
Customer Challenge Solution Benefit
Reducing the cost of controls
assessments
FAST integrates with the EGRCM controls component. Using FAST auditors can
easily perform a top-down approach to deciding which controls should be in-
scope for any given assessment
Integrating Financial close data with
Controls data
FAST integrates with Hyperion Financial Management. It includes a interactive
workbench that shows users how many controls are associated with monitored
reported financial amounts, thereby easily identify controls for significantly large
accounts
Understanding whether the in-scope
controls as mitigating the most relevant
risks
FAST integrates with the EGCRM risk component. Evaluating controls by their
related risks helps the auditor understand management’s evaluation of the
significance of any given risk and the likelihood and impact of any given risk.
Designing a controls assessment that
is repeatable and applies consistent
decision criteria
FAST enables an iterative controls scoping processes based on multiple
criteria. Once satisfied with the composition of the controls assessment, the in-
scope controls and can export, reloaded and modified for the next audit cycle.
Designing a controls assessment that is
composed of a certain controls
properties such as costs, control
methods and control types
FAST includes tables and graphical analysis that intuitively displays the
composition of the in-scope controls to achieve the proper coverage, cost and
make up of key controls, automated and manual controls and detective and
preventive controls
Automatically produce a controls
assessment plan based on an
iterative, robust selection criteria
FAST will programmatically setup a Controls Assessment plan that includes
multiple assessment activities, controls and steps that are managed and
monitored to completion in EGRCM.
Financial Audit Scoping ToolCustomer Challenges & Benefits Summary
12
Financial Audit Scoping ToolCapability Summary
Solution Capability Value Driver Stakeholder
Integrates with Hyperion
Financial Management
� Identify controls by Significant Accounts
� Incorporates financial account balances and
organizational structure
� Internal Audit Manager
� SOX Program Office (PMO)
� Financial Consolidations Manager
� Financial IT Admin
Integrates with Enterprise
GRC Manager
� Captures Exec Mgt as well as Line of Business
and Audit’s evaluation of risk, the level or risk.
� Identify controls by multiple perspectives and
business processes
� Internal Audit Manager
� SOX PMO
� IT Admin
Single workbench view of
Financial, Risk and Controls
data and information
� Ease of use
� 360-view across Functional Areas
� 360-view across Business Processes
� Internal Audit Manager
� SOX PMO
� IT Admin
Iteratively controls scoping
and filtering
� Rules-based criteria when selecting in-scope
controls
� Visibility and insight into controls coverage
� Internal Audit Manager
� SOX PMO
� IT Admin
Automatic generation of
EGRCM Controls
Assessment Plans
� Increased effectiveness of controls assessment
by focusing on the ‘right’ controls
� Closed-loop, top-down assessment process
� Executive Management
� Line of Business Manager
� Internal Audit / SOX PMO
• 1 - Assessment Template
• 4 - Template Activities
• 2 - Delegation Models
• 1 - Object Class
• 1 - UDTs
• 6 - Hyperion Perspective Items
• 2 - Perspective Trees
• 6 – Preconfigured Charts
EGRCMAdministrator
EGRCM Risk
Manager
EGRCM Risk
Manager
EGRCMRisk
Analyst
Setup HFM Connection
Create POV Validate HFM data
Query controls using FASTworkbench
Validate Coverage Create Assessment
Complete AssessmentTasks
EGRCMRisk
ManagerReport on Compliance
Tie controls to HFMperspectives
Financial Audit Scoping Tool Business Process
�Assess multiple risk types across lines of business
�Leverage flexible quantitative and qualitative analysis models
�Monitor risks to key objectives and performance indicators
�Manage incidents and track losses and recoveries
Risk Management Process
Assess multiple risk classes and monitor overall risk health
Analyze
Risks
Monitor Key
Indicators
Establish
Context
Evaluate
SignificanceTreat Risks
Financial Audit Scoping ToolEstablish a systematic process for risk management
Account Dim
Entity Dim
Fin Balances
Period
Scenario
View
Hyperion
Financial
Management
Enterprise
GRC Manager
Account Map
Org. Map
Bus Process
Risk
Control
Assessment
RiskRisk--basedbased
Controls Controls
AssessmentsAssessments
Financial Audit Scoping Tool Key Mapped Dimensions
Out of Box -
Financial Audit Scoping Tool Blueprint Requirements Coverage
Not Out of Box -
Supports Audit Standard 5 guidance for top-down controls
assessment
Controls scoping by Financial Account, significant account
Controls scoping by Risk level, including likelihood and impact
Controls scoping by Risk evaluation, including risk tolerance and
rating
Controls scoping by organization, management and legal entity rollup
Control scoping by Financial Balance thresholds, percent of total
Iterative selection of controls
Ad-hoc selection of controls
Ability to save in-scope selection
Ability to apply last assessment scope and modify as needed
Graphical, analytical view of controls coverage and composition of in-
scope controls
Filter controls explicitly by Business Process
Support for all EGRCM Information Models
Support for other Assessment types (e.g., Risk Assessment)
Support for any data source, General Ledger
• Financial Audit Scoping Tool Blueprint Overview
• Business Challenges
• Solution Details
• Challenges, Capabilities & Benefits
• Process Flows
• Capabilities Details
• Related Requirements Coverage
• Oracle Blueprints for Oracle GRC Applications
Financial Audit Scoping ToolAgenda
Best Practices
Standardized techniques, methods, & processes, based on
business practice analysis across multiple organizations.Example: Centralized Health & Safety Incident Management
Content
Pre-defined modules, policies, reports, models, attributes,
lookups, semantic business objects, physical mappings.Example: Pre-built policies to detect SOD-related fraud in Hyperion Financial
Mgmt
Integrations
Out-of-the-box interoperability with critical business systems
delivering best practices across entire business process.Example: Connector to Hyperion FM for accounts-based controls assessment
scoping
Financial Audit Scoping Tool What are Blueprints?
Blueprints leverage the Oracle
GRC Platform Configurability and
Extensibility Framework
Health, Safety and
Environment
HSE Blueprint includes:
• 15 pre-defined Types
• 25 pre-defined Classes
• 5 pre-defined Perspectives
• 153 pre-defined Attributes
• 18 pre-defined Lookup Values
• 20 pre-defined Graphs
• 4 pre-defined Risk Context Models
• 13 pre-defined Survey Questions1
• Standalone ADF-based configurable
incident capture page
Enterprise GRC PlatformEnterprise GRC Platform
GRCIGRCI
GRCMGRCM
GRCC-AGRCC-A
GRCC-CGRCC-C
GRCC-TGRCC-T
GRCC-PGRCC-P
Functional
Components
Extensibility
Framework
RULESRULES
PATTERNSPATTERNS
SDD & SDMSDD & SDM
MODELSMODELS
MODULESMODULES
WEBCATWEBCAT
11g FMW11g FMW ADF & SOAADF & SOA
Financial Audit Scoping Tool How do Blueprints fit into the GRC Platform?
Freely available
Free, self-paced training
Free, community based support
Free, open & extensible
Financial Audit Scoping Tool How are Blueprints Different from Products?
Oracle
Partners
Customers
Enterprise GRC
Platform
• Increase ROI with one platform for all GRC Initiatives
• Share new blueprints in an online community
• Collaborate online on extending existing blueprints
Blueprints
Financial Audit Scoping Tool Blueprints Ecosystem