grc advanced controls oow2014 stop financial leakage - cisco, noble energy, sherwin william
DESCRIPTION
TRANSCRIPT
Stop the Financial Leakage &Cure the Drought in ProfitsPanel Discussion CON8203
Jim Lach Corporate IT Controls and Compliance Leader, Sherwin Williams
Gavin Leavay Navillus Partners
Vital Nattuva IT Manager - Finance and Employee Services IT, Cisco Systems
Jeramie Taylor CISA, CFE, Manager - Internal Controls, Noble Energy
Moderator: Barry Greenhut, Director - GRC Product Development, Oracle
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
3
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Agenda
4
Introduction
Panel Discussion
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Financial Leakage
• $1,000,000 lost per year for every billion spent
• Each incident of fraud costs $100,000 to $1,700,000*
“For a company with a 5% profit margin, $1 million in recoveries equates to $20 million in incremental sales”
*Source: 2010 ACFE Report to the Nations on Occupational Fraud and Abuse
Protiviti 2010 – Procurement Assessment and AP Recovery Solutions
“[Most companies] expect to find .1% of a company’s spend in financial leakage”
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Key Financial Control Issues
51% make 10 to 30% of all payments too early**
64% make 10 to 30% of payments too late**
55% of companies are unable to collect 20 to 40% of total revenue within contracted payment terms**
46% of AP departments have not reviewed AP policies for over a year
434 Senior Finance Executives
** Made to Measure CFOs on finance- and procurement-process improvement, CFO Research, May 2012
* Accounts Payable Network Benchmark: AP Controls May 2011; 425 Companies
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Accounts Payable Recovery Audit
UNINTENTIONAL ERRORS AND LEAKAGE
Global, Fortune 500 Firm, High-Tech
• Over 4 Audit Cycles, consultants found $17.5M in payment errors
Profile
Single Business Application Instance
Centralized Payables Operation
Well Staffed
Clean SOX Audit
Audit Recovery Findings
18 Month Cycle
$17.5M Found– $ 8.3M Total Recovery= $ 4.8M After Fees
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Survey of 263 Finance Executives
Need for Better Controls and Efficiencies
15%
28%
33%
42%
48%
Improve Cash Flow and Working Capital
Reaching New Heights: The Dividends of Collaboration between Finance and Procurement is published by CFO Publishing LLC, May 2012
Compliance
Understanding Payables Exposure
Audit and Control of Procurement
Business Risk Analysis
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
• Lack of Staff• False Positives• Access to Data• Visibility to Issues• Mergers & Acquisition• Decentralized Operations• Outsourcing
DRIVERS
Segregation of DutiesDuplicate PaymentsManual ProcessesEmployee Reimbursements
Compliance with Policy
Automation ChecksApprovals
Standardization/Consistency
Signatures/Authority
Accounts Payable Network Benchmark: AP Controls May 2011
Survey of 425 Companies
Top 10 Control Challenges
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Agenda
10
Introduction
Panel Discussion• Jim Lach Corporate IT Controls and Compliance Leader, Sherwin Williams
• Gavin Leavay Navillus Partners
• Vital Nattuva IT Manager - Finance and Employee Services IT, Cisco Systems
• Jeramie Taylor CISA, CFE, Manager - Internal Controls, Noble Energy
• Moderator: Barry Greenhut, Director - GRC Product Development, Oracle
• PLEASE ASK QUESTIONS ANYTIME!
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
4:45 pm
ID # 8210Doing Your ERP Implementation/ Upgrade Right with Oracle Advanced Controls Solutions
OLYMPIC ROOM, Westin
TUESDAY: Oracle GRC Advanced Controls
11
SPEA
KER
S:SE
SSIO
NS:
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
10:00 am
ID # 8207Stop the Fraudster! Set the Tone at the Top and Prevent Fraud with Oracle Advanced Controls
OLYMPIC ROOM, Westin
WEDNESDAY: Oracle GRC Advanced Controls
12
SESS
ION
S:
2:45 pmWEDNESDAY
ID # 8200Do You Really Know What Your Users Can Do—or Maybe Have Done?
FRANCISCAN I ROOM, Westin
10:45 am
IOFM Workshop: How Your Vendor Master File is Critical to GRC and Compliance
Presenter: Jon CasherLength: 90 MinutesCPE Credits: 1.5
ZEUM ROOM 8th FLOOR, Palomar JON CASHER Ph.D.
IOFM WorkshopPresident, Casher Associates
Leading Industry Expert & Consultant
CPECREDITS
1.5
LOCATION: Hotel Palomar4th & Market
Contact: Dane Roberts [email protected]
SPEA
KER
S:
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
10:15 am
ID # 8208Achieve a Quicker and Compliant Financial Close with Oracle Governance, Risk, Compliance
OLYMPIC ROOM, Westin
THURSDAY: Oracle GRC Advanced Controls
13
SPEA
KER
S:SE
SSIO
NS:
12:45 pm
ID # 8154Controlling for Multiple ERP Systems with Oracle Advanced Controls
OLYMPIC ROOM, Westin
2:45 pm
ID # 8213How Your Vendor Master File is Critical to Governance, Risk Management and Compliance
OLYMPIC ROOM, Westin
LOCATION: Westin3rd & Market
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
5:00 pmWEDNESDAY
ID # MTE 8487Meet the Governance, Risk, and Compliance Experts
METROPOLITAN III ROOM
MEET EXPERTS & DEMO GROUNDS: Oracle GRC
14
HO
ST:
SESS
ION
S:
ID # 4250Demo Station: Oracle Fusion Governance, Risk, and Compliance Advanced Controls
MONDAY 9:45 – 6:00TUESDAY 9:45 – 6:00WEDNESDAY 9:30 – 3:45
LOCATION: Westin3rd & Market
HO
ST:
SESS
ION
S:
LOCATION: Moscone West
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
DEMOgrounds: Moscone West Station ID WCL-003
15
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Follow Us & join the conversation .
Oracle GRC Advanced Controls Group
@OracleAdvCntrls
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 17
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Background and Supplemental Information
19
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 20
Background and Supplemental Information
Sherwin Williams
Since its founding by Henry Sherwin and Edward Williams in
1866, The Sherwin-Williams Company has not only grown to
be the largest producer of paints and coatings in the United
States, but is among the largest producers in the world.
Sherwin-Williams
Advanced Controls
Jim Lach
Corporate IT Controls and Compliance Leader
Advanced Controls
CCG Version 5.5.1
Snapshots and Change Tracking in place
ACG Version 8.6.4.7159
Heavily used for User Access Models
TCG Version 8.6.4.7181
Minor usage to date. Development in process.
TPCG
Minor usage to date. Development in process.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 24
Background and Supplemental Information
Noble Energy
Company OverviewA company of growth and expansion
25
Founded in 1932 by Lloyd Noble
Noble Energy is an S&P 500 public company with reserves of 1.4 billion barrels of oil equivalent and assets totaling over $19 billion at year-end 2013
Noble Energy's corporate purpose is "Energizing the World, Bettering People's Lives®”
We strive to provide energy for the world through finding and producing hydrocarbons, while positively influencing the lives of our stakeholders. To us, the two responsibilities cannot exist separately.
Company OverviewA focus on core value added assets
26
Oracle EBS OverviewThe technology that aligns the businesses
27
Implemented Oracle EBS version 11.5.10 in Q4 of 2007
Currently on Oracle EBS version 12.1.3
6 instances including 1 Prod, 4 Test, 1 Dev; April 2014 – Add 2 Test
Oracle EBS is hosted by Oracle Managed Cloud Services in Austin, TX
All employees and some contractors are users – ~3000
EBS Modules: General Ledger
Financial Reporting
Payables
Receivables
Fixed Assets
Projects
Asset Management
Inventory
Purchasing
iExpense
OTL Time Entry
Human Resources
Payroll
P2 Enterprise Upstream: Revenue
Revenue Reporting
Division Orders
Joint Venture Accounting
Production Reporting
Report Centers
Oracle EBS OverviewUniquely Noble Operations
28
Noble does not “sell” consumer products or services, we find and extract and oil/gas in which ownership is transferred at meters or when arriving at a processing facility
We operate globally which causes challenges with managing banks, payments and reconciliations around the world
Financial procurement authorization is captured at the requisition, not the purchase order
Budgeting and forecasting take place in Hyperion, external to EBS
iRecruitment/HR creates candidate accounts in EBS Currently over 300,000 “users” if unfiltered for candidates
Noble is currently working on a “Foundation 2020” project which will revamp how we use Oracle for several major processes
Moving ForwardThe Journey Continues
ACCESS GLOBAL CONDITIONS (ACG):
ACGs were setup and tested one-by-one (14 Total) Exclude certain IT Service Accts (oracle managed, etc.)
Exclude if Menu and/or Sub-Menu Grant Flag = N; Menu Prompt = No Prompt
Exclude if Not Within the Same Set of Books
Exclude if Function is Query Only
Exclude if Responsibility and/or User is End Dated
ACG testing consisted of looking at both production and test environments
Result count for each test was tracked to determine if there was or was not a reduction in results
29
Moving ForwardThe Journey Continues
AACG:Requirement - Re-validation of Seeded Content Access Points
Developed Custom Reports to help validate access points:• Confirmed if access point is used by NBL / resides with a NOBL Responsibility
• ID unexpected responsibilities where access point exists
• Determine if other access points should be considered / included
30
Moving ForwardThe Journey Continues
Example of Value Added Validation:
Looked up the Seeded “Bank Account Reconciliation” access point
ID’ed other access points that should be considered
Opened a responsibility with this in test and uncovered a Noble custom form / access point (undetected by IT Custom Report or GRC)
31
Moving ForwardThe Journey Continues
TCG:Requirement - Validation of Seeded Content
Individually loaded, customized and refined each TCG model
Ran each Model Object (i.e. table) wide open to view exactly what populates and what does not
Refined each filter until only a complete and accurate set of data was returned
Used seeded content as starting place for additional models
Examples of New TCG Models:
Dormant User Accounts
Expense Report Expenses
Passwords Not Set to 90 Days
Person Addr XX% Similar to Payee Addr 1, 2, 3
Person Addr XX% Similar to Customer Addr 1, 2, 3
Person Addr XX% Similar to Supplier Site Location
Person Home Addr within the Paid to Addr
Supplier Name Contains XXXX, Pmt Not Void & Exclude Employee Pmts
32
Moving ForwardThe Journey Continues
PCG:Requirement – Internal Controls to drive the use of this module
Only 1 IT User has access to PCG in Production
Only 2 Internal Controls people have access in Test + 1 IT User
Internal Controls learning and building our own PCG Rules in Test
Developed a naming convention of all PCG Rules
Examples of PCG Controls:
Set Password Lifespan field default to 90 days
Restrict Financial DOA Administration
Restrict Procurement DOA Administration
Limit User update access to System Administration, etc. (in Test)
Restrict Inventory Transaction Types
Restrict Noble Journal Source and Categories
Restrict Noble Password Reset Responsibility
CCG: Will be utilized in late 2014 and early 2015
Intelligence: Linked into OBIEE, but dashboards will need to be built out
Manager: Noble utilizes a non-Oracle product solution in place of this
33
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 34
Background and Supplemental Information
Cisco
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
IT Manager, Cisco Systems Inc
IT Manager in Finance and Employee Services IT
IT Service Owner for Payable & Expenses, Procurement Services and Fixed Asset Management
Has been part of the transformational efforts at Cisco to consolidate multiple geographically aligned Finance instances into Single Global Instance on R12
Before Cisco, he has played an instrumental role in Implementing Oracle financials at various renowned companies across the Globe.
Cisco Confidential 36© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Solve
Innovate
ChangeOur Vision
For nearly 30 years, we’ve focused on helping
to change the way the world works, lives, plays,
and learns.Our Strategy
We solve our customers’ most important business challenges by delivering intelligent networks and technology architectures
built on integrated products, services, and
software platforms.
Cisco Confidential 37© 2013-2014 Cisco and/or its affiliates. All rights reserved.
CiscoAt-a-Glance
Revenue: $47.1B, -3% Y-Y Growth, $36B Products, $11B Services
$6.3 R&D (13.35% of Cisco revenue)
More than 71,000 employees
Nearly 70,000 channel partners
380 global sites doing business in 165+ countries
More than 18,000 patents
28,000 engineers (39% of our workforce)
#1 or #2 in most market segments we serve
More than 170 acquisitions since 1993
Broad portfolio of integrated products and solutions
FY14Stats
Other Stats
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Purchasing
iProcurement
iExpenses
General Ledger
Fixed Assets
Accounts Payable
Core
FinancialsEmployee
Self-ServiceR12.1.3
Travel
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Duplicate vendorsIdentify creation of
duplicate vendor sites
Duplicate payments by vendorIdentify duplicate invoice
processing by vendor
Maverick buyingPO date should be
prior to the invoice
date
Duplicate payments by invoiceIdentify duplicate invoices by
similar invoice and by vendor
Accounts Payable$
Duplicate invoice
Duplicate invoiceDuplicate vendor in
vendor master file
PO related problems
Identifying erroneous high value paymentsPayments more than 30%
increase of the last rolling 6
months payment to the vendor
$Erroneous payment
Withholding Tax (APAC)Identify the suppliers/ invoices
where the incorrect rate of WHT
was applied
Tax errors
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
iExpense
File attachment on Expense Reports (ER)Identify ERs with supporting documents in
un-acceptable formats (like editable
attachments like .txt)
Noncompliant expenses
Duplicate Expense
Amex/cash surfingVerify if same expense has
been claimed both as Amex and
cash$
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
• One (1) YearData Analyzed
• 103 Million records processed
Graph Initial Build
• 800 Thousand records processed
Graph Incremental
Build
• Six (6) Custom Business Objects
No. of Custom BOs
• Six (6) use cases in Accounts Payables
• Two (2) use cases in iExpenseNo. of Controls
• 3 times a weekSync and
Control Analysis Schedule
• GRC-all-8.6.5.1645GRC
Version
• Oracle DB 11.2.0.3.10Database
• Firefox 24
• Internet Explorer 9x, 8xBrowser
• Oracle WebLogic Server 12.1.2 with Oracle JDK 1.7.0_51
• Application Development Runtime 12.1.2 and RCU 12.1.2
Application Server and Middleware
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
2-3 K per day
• Total Incidents generated
750-800 per day
• Incidents Closed and Resolved
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Hardware Configuration
• TCG analyzes millions of
transactions so it needs
enough resources (disk
space and memory)
• Follow Oracle
recommended h/w and
s/w and make
adjustments based on the
volume of transactions
Model & Control
Analysis Assessment
• Optimize the design of
models
• Avoid nested UDO
• Replicate read-only
schema instead of using
apps schema of EBS
Fit/Gap Analysis
• Understand the
importance of Incident
Status and State Code
and how it affects the
remediation process
• Validate the model
results first before
running the controls
• Verify the availability of
business objects for the
use cases
Oracle Support
• Early engagement with
Oracle
• Tight collaboration and
partnership with Oracle
ETL Performance Assessment
• Perform and document
multiple iterations of graph
build and Control Analysis.
Monitor sys resources
• Plan to get weekly or daily
refresh of datasource data
with production data
• Analyze transaction volume
of each business object used
in models
• Understand the ETL design
and Data Extraction criterion
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 44
Background and Supplemental Information
Navillus Partners
45
ABOUT NAVILLUS PARTNERS
International professional services and solutions firm headquartered in Boston, Massachusetts
Established in 2009, Navillus has experienced on average 40% growth year over year in Oracle
Advanced Controls professional services
Oracle Gold Level Partner specializing in Oracle Advanced Controls & E-Business Suite / PeopleSoft
professional implementation and advisory services
Recognized as the #1 Oracle Advanced Controls Partner in 2012 & 2014!
The first in the industry to hold Oracle Advanced Controls Specialization accreditation
Is an Oracle authorized training partner
Navillus is a privately held company that has been profitable consistently both from a cash and accrual
basis since the 4th month of operations with zero external debt outstanding.
Our team’s collective experience includes:
168 years working in the information technology industry
177 years implementing the Oracle e-Business Suite ERP package
76 years implementing the Oracle GRC applications
More than 512 GRC implementations to the team’s credit to date
46
ABOUT NAVILLUS PARTNERS
Highly experienced resources with one of the strongest track
records for delivery success in the North America & Europe.
Oracle Resource(s) have 13+ years dedicated to Oracle Implementations, Security Design, and Project /
Program Management
Our team members average more than 8 years of Oracle Advanced Controls Experience
The majority or our team was involved in the development of the original versions of the Oracle Advanced
Controls Applications
Proprietary accelerated delivery methodology, NAViGATEProcess Driven approach tailored specifically for Oracle Advanced Controls
‘Design In’ Approach for Oracle e-Business Suite & PeopleSoft implementations and upgrades
Developed and maintain our ACE Process & Controls LibraryProcess optimization and control accelerators
GRC & Business Process Controls Library for PCG, CCG, & TCG
Comprehensive extension to Oracle’s out of the box Access Controls Content
-
47
NAVILLUS PARTNERS IS A WORLD LEADER
More than 500 combined Oracle Advanced controls implementations
34+ skilled and experienced Advanced Controls professional worldwide
Functional & technical experience across nearly all Oracle e-business applications
(HRMS, Financials, Supply Chain Management, CRM, other)
Multiple consultants with Oracle accredited specializations
Experience
Global
Delivery
Centers
of Excellence
Right-shore Delivery capabilities for Oracle Advanced Controls including
utilization of our experienced Chennai, India team, well beyond installation &
technical responsibilities
Navillus provides training to customers and other implementation partners
worldwide
International experience in more than 10 countries
Navillus’ Center of Excellence (CoE) is a solution center that works closely with
Oracle OAC Product & Product Strategy and promotes and trains the extended
team on new product features and techniques
Provides new and innovative delivery techniques from in-field feedback and
experience to continuously enhance our NAViGATE Methodology
Works with Oracle’s product group on new features and enhancements
Maintains and updates our internal development and demo labs
48
NAVILLUS ADVANCED CONTROLS CASH LEAKAGE USE CASE
49
NAVILLUS PARTNERS DEPLOYMENT INFORMATION
Library Prebuilt Transaction Control Models and Preventive Controls
to provide immediate ROI
1 week for existing installs
2 weeks requiring installation of TCG and PCG
Recent Client Deployment Resulted in identifying:
$271K in Duplicate Spend
Over 150 Duplicate Suppliers
Rules designed to provide prevent controls and continuous
oversight to specific process and system limitations resulting in
duplicate spend -
50
ANALYSIS FOR IMMEDIATE ROI
Recent Deployment of Navillus TCG Controls focused on Cash Leakage
Deployed 7 Duplicate Invoice/Payment Monitors – Possible duplicate invoices based on attribute combinations (e.g. same invoice number and amount, same supplier, invoice amount and date)• 7 Variations of Supplier, Inv #, Invoice Amt., Inv. Date attribute review
• Duplicate Invoices - Same invoice number and amount
Deployed 4 Duplicate Supplier Monitors – different possibilities for review• Similar name suppliers
• Suppliers with the same tax ID
• Combinations of Name, Address, etc.
Deployed 2 Missed Discount Monitors – identifying Suppliers offering discounts where no discount taken
51
SUMMARY OF RECENT DEPLOYMENT
Review of one Duplicate Payment TCG Model looking for Invoices with the same invoice number and amount identified:
• Identified Results (20 month review): 175 incidents totaling ~$5 million USD = $2.5 million in possible overspend
• Likely Dups from Result Review Identified: 8 incidents representing ~$271k (11%) in possible overspend (see next slide)
Duplicate Supplier – Different possibilities for review
• Similar name suppliers - 1745
• Suppliers with the same tax ID – 165
Missed Discounts - Suppliers offering discounts with no discount taken on Invoice 61 invoices – totaling @97K, missed discount of @4.8K.
52
LAYERED APPROACH FOR DUPLICATE INVOICES
Identified weaknesses with TCG lead to Preventive Controls design with PCG
Duplicate Issues identified and related PCG Control
• Duplicate payments across supplier site or OU
Rule designed to Prevent or Warn of duplicates across OU or Site at entry.
• One letter’s case or placement different in the invoice number
Rule to restrict invoices to all capitals and holds or warning of similar numbers
• Duplicate suppliers in system and two different suppliers paid
Rule warn or hold duplicate suppliers at entry
53
DUPLICATE INVOICES SUMMARY
4755
1142
1712
1756 118
0
500
1000
1500
2000
2500
3000
3500
4000
4500
5000
Dup Invoice 1 Dup Invoice 2 Dup Invoice 3 Dup Invoice 4 Dup Invoice 5 Dup Invoice 6 Dup Invoice 7
Nu
mbe
r o
f In
cid
en
ts
Control Name
Incident Violation Counts
54
DUPLICATE INVOICES SUMMARY
$42.0
$28.6
$37.3
$2.5
$0.009$0.0
$2.0
$0.0
$5.0
$10.0
$15.0
$20.0
$25.0
$30.0
$35.0
$40.0
$45.0
Dup Invoice 1 Dup Invoice 2 Dup Invoice 3 Dup Invoice 4 Dup Invoice 5 Dup Invoice 6 Dup Invoice 7
Dolla
r A
mou
nt ($
US
mil)
Control Name
Dollar Amount of Duplicate Invoice incidents
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 55
Background and Supplemental Information
Oracle
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
…by Continuously Monitoring Your Financial Applications
Advanced Controls
Give you the means to:
Make Processes More Effective, Efficient
Reduce Operational Risk
Improve Bottom Line
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Make Processes More Effective, Efficient
Reduce Operational Risk
Improve Bottom Line
Advanced Controls
Detect unwanted transactions
Detect settings that cause loss
Detect problematic exceptions
Automate policy management
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Improve Bottom Line
Advanced Control
• Detect Unwanted Transaction
Business Review
• Determine Response
Financial Application
• New Business Rule
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Replace Manual Management of
Policies
…with Automated
Workflows & Repositories
Reduce Manual Effort & Expense
More Timely & Complete
Results
Replace Manual Sampling
…with Linked Continuous
Monitors
Reduce Manual Effort & Expense
More Complete & Accurate
Results
Reduce Operational Risk
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Do I Need Advanced Controls?
Experience unwanted transactions?
Experience adverse events?
Depend on process exceptions?
Find compliance expensive?
Experience audit findings?
Does your organization…
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Do I Need Advanced Controls?
Grown through acquisition
Many operating units
Publicly traded stock
Highly regulated industry
Multi-state or multi-national
Experience unwanted transactions?
Experience adverse events?
Depend on process exceptions?
Find compliance expensive?
Experience audit findings?
Does your business… Do you struggle with complexity?
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Do I Need Advanced Controls?
Preparing to use an Oracle Application?
Upgrading an Oracle Application?
Changing its business processes?
Is your organization…
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Advanced Controls Are Used in High-Risk EBS & PSFT Processes
• EXAMPLE: Find questionable invoices that can’t be found by other solutions
Provide insight intotransactions & setups
• EXAMPLE: Put questionable invoices on hold for dispositionProcess owners leverage
insight
• EXAMPLE: Avoid paying invalid invoices
Process owners maximize benefit of
insight
63
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Embedding Advanced Controls Accelerates Processes, Increases Accuracy, Reduces Risk
64
Pre-Built TCG Control for EBS/PSFT Embedded in EBS/PSFT Process
1 Prevent payment of duplicate invoicesand payment requests
1. Inspect potential duplicates (incl. fuzzy matches on vendor names, amounts, dates, vendor addresses, invoice numbers)
2. Put selected duplicates on hold
2 Prevent duplicate vendors 1. Inspect potential duplicates (incl. fuzzy matches on names, address, phone numbers, email domains, bank accts, tax IDs, etc.)
2. Inactivate selected duplicates
3 Prevent employees from acting as suppliers
1. Inspect potential violators (incl. employees whose payroll bank accounts or tax IDs match suppliers’ accounts/IDs or invoice/payment requests’ accounts/IDs)
2. Put selected invoices/requests on hold, notify employees’ managers
4 Prevent split POs 1. Inspect potential split items2. Put selected splits on hold
5 Prevent improper steering of purchases to vendors
1. Inspect top amounts awarded to vendors by buyer2. Inactivate selected vendors, notify buyers’ managers
6 Prevent purchase/sales transactions with restricted entities
1. Inspect POs, payment requests and sales orders to restricted vendors and customers
2. Put selected transactions on hold
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Solutions for Embedding Advanced Controls
Typical solution:
1. Review Advanced Controls data
2. Research context in ERP
3. Take action in ERP
4. Update Advanced Controls accordingly
One-click solution:
Use single user interface* to:
a. Review Advanced Controls and ERP data EXAMPLE: Duplicate invoices
b. Trigger ERP action and update Advanced ControlsEXAMPLE: Put selected invoices on hold
* Provided by Specialized partners
65
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Partner Case Study: PeopleSoft
Business Requirement:
• Review ~5,000 potentially erroneous payment requests each week (worth ~$60 million)
• For each request: hold for investigation, or release for payment
One-Click Solution:
• TCG controls detect requests that require review
• Dashboard lets users review requests and route them appropriately in PeopleSoft Financials
• Provided by FulcrumWay
Outcome: Prevents an average of $100 million in erroneous payments annually
66
Agencies Payment Requests PeopleSoft Financials (New Payment System)
Auto Payments on Hold
Payment Requests
PeopleSoft GRC
SQL/Legacy
E-Business
Release Payments on Hold not selected for audit
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Built by Specialized Partner
Built by Specialized Partner
Built by Specialized Partner
Concept Visualization: One-Click Solution for E-Business Suite
67
User Views TCG Incidents…
One-Click
…and EBS Invoices
Selected Invoices are Put on Hold in EBS, Incidents are marked “Processed” in TCG
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Recommended Integration Architecture for One-Click Solutions
• Specialized Partners plan, develop and support one-click solutions
• Recommended integration architecture:
68
OracleE-Business Suite
or PeopleSoft
Specialized Partner’s One-ClickSolution
OracleTransaction
Controls Governor
Pre
-Bu
ilt S
erv
ice
s Pre
-Bu
ilt Service
s
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Recommended User Experience for One-Click Solutions
• Specialized Partners plan, develop and support one-click solutions
• Recommended one-click user experience options:
69
Oracle E-Business Suite
or PeopleSoft
Specialized Partner’s One-Click Solution
…or…
UI Embedded in ERP
…or…Specialized Partner’s One-ClickSolution
Standalone UI
Portal
Specialized Partner’s One-Click Solution
UI Embedded in Portal
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Guidance to Customers
• The preceding slides illustrate a one-click solution that can be provided by Specialized Partners
• If you’d like to consider the solution further, start by ensuring:
– Your intended use is described by the preceding slidesSUMMARY: You plan to embed a TCG control in an EBS or PeopleSoft process
– You already use your TCG controls as continuous control monitorsProvides incident management experience needed for successful planning
– A Specialized Partner is helping you plan, develop, deploy and support your solution
70