Increasing Internal Controls with Applimation Integra

2

Applimation Overview

• Founded in 1998

• 230+ customers worldwide

• Headquartered in New York City

• Offices throughout North America and Europe

• Software solutions that manage data growth and ensure integrity throughout the application lifecycle

3

Applimation Lifecycle Management

Informia Archive

Informia Subset

Informia Reorg

Integra Transaction

Integra Access

Integra Apps

Integra Codebase

Informia Integra

4

Applimation Customers Worldwide

Continuous Monitoring in Oracle Applications

Applimation Integra

6

Integra Codebase

Integra Apps

Integra Access

Integra Transaction

APPLIMATIONINTEGRA

code

setups

security

transactions

Oracle Applicationsenvironment

Continuous Monitoring in Oracle Applications

Key Controls& Transactions

ContinuousMonitoring

7

Sarbanes-Oxley Cycles

Oracle ICM(Repository of

Controls)

Integra(Continuous Monitoring)

Document Risks & Controls

Monitor Changes &

Test Controls

8

Sarbanes-Oxley Hurdles

9

Accounting Systems

Income Statement

BalanceSheet

AP AR FA INV OM Etc…

G/L

10

Difficult Questions to Answer

• How do you know key controls are operating effectively throughout year?

• Can you report on ALL changes to key controls?

• How do you search for segregation of duties or evaluate user access?

• How do you know controls are same for each business unit?

• How do you document key controls within systems?

11

Integra Apps & Codebase

Integra Apps• Automated

Documentation– Setups and Configurations

• Comparisons– Across Multiple Instances– Across Sets of Books and

Operating Units– Across Multiple Versions

• Change Tracking– Monitoring and Reporting

• Data Migration (setups)

Integra Codebase• Automated Documentation

– Forms, Reports and Code

• Comparisons/Impact Analysis– Across Multiple Instances– Across Multiple Versions

• Change Tracking– Monitoring and Reporting– Version Control

• Code Promotion

12

Examples of Setup

Setup Data

Application SecurityDocument ApprovalsChart of AccountsProfile OptionsUsersApplication SetupsMRP rules

Operational Data

CustomersSuppliersEmployeesBuyersItemsChart of Account ValuesCategory Codes

13

Example of System Controls

• 3 way matching of PO, Invoice and Receipt• Document spending limits (authorization of PO)• Security rules/access to sensitive transactions

– employee salaries– chart of account values– financial statement reports (FSG’s)– price lists– inventory attributes

• Action for late delivery of goods• Inventory stocking rules• Rules to create tax on sales orders• Depreciation methods

14

Examples of Code

Files

FormsReportsMenusLibrariesPL/SQLEtc.

Database Objects

SchemasIndexesGrantsDb LinksFunctionsPackages

15

Who is Responsible for Setup?

System Administrators

Implementation Consultants

Super Users

Maintenance across all applications and overall environment

Initial applications setup

Maintenance of specific business applications

16

Setups Change More Than You Think

• Intentional– Operational Changes– Growth of Company– Business Requirement Changes– New Functionality Introduced by Upgrades

• Unintentional– Unknown Consequences– User Error – Unexpected Changes Caused by Patches

Integra Apps

18

Automated Documentation: Snapshot

Point-in-time picture

Run on demand or scheduled

19

Snapshot Report

20

Comparison Report

Differences

21

Automated Change Tracking

• Integra Apps - Change Tracking

– Who?

– What?

– When?

– Where?

Automatically captures a complete historical audit trail. Details of

EVERY change.

22

What? Who?Where? When?

Change Tracking

23

On-line Change Tracking

24

Data Migration

SourceDatabase

Extract w/FNDLOAD

TargetDatabase

1. Utilizes FNDLOAD – 100% supported by Oracle2. Automatically extracts/loads setups3. Optionally edit/modify data4. Select one row or many

Load w/FNDLOAD

EditDataFile

Extract and Load w/FNDLOAD

25

Data Migration Road Map

• Release I Sep 1st

– System Administration

• Release II Sep 30th

– GL, AP, AR

• Release III Dec 30th

– PO, INV, BOM, OM

Available for 11.5.7 and higher

26

Data Migration Road Map

System Administration Module– Attachments– Concurrent Programs– Custom Messages– Descriptive Flexfields– Flexfield Value Hierarchy

(Rollup Groups)– Flexfield Value Security

Rules– Forms– Functions– Key Flexfields

– Lookup Types and Values– Menus– Profile Options and Values– Request Groups– Request Set– Responsibilities– Users– Value Set Values– Value Sets

Integra Codebase

28

Examples of Code

Files

FormsReportsMenusLibrariesPL/SQLEtc.

Database Objects

SchemasIndexesGrantsDb LinksFunctionsPackages

29

Documentation

Automated Code Documentation

30

Comparisons

31

Dependency/Impact Analysis

Stored Procedure searches where you can see blocks of code instead of a single line of code.

See potential impact of scheduled code changes before you make them.

32

Continuous Monitoring - Maintain Versions

Schedule code promotion Formal check-in/check-out

Automated environment monitoring

Integra Access

• Evaluate User Access• Search for Segregation of Duties Issues

34

Integra Access

User

Responsibility

Menu

Function

Form

Evaluate User Access• Search by User • Search by Form/Function

Search for Segregation of Duties• Identify incompatible Functions & Forms

35

Segregation of Duties

Integra Transaction

• Monitor transactions for anomalies • Identify thresholds • Alert notifications

37

Financials Bundle 1

38

Financial Bundle 2

39

Integra Codebase

Integra Apps

Integra Access

Integra Transaction

APPLIMATIONINTEGRA

code

setups

security

transactions

Oracle Applicationsenvironment

Continuous Monitoring in Oracle Applications

Key Controls&

Transactions

ContinuouslyMonitored

40

For More Information

Mark NelsonApplimation, Inc.

Phone: (212) 560-7878E-mail: mnelson@applimation.com

www.applimation.com

Unreliable•Unpredictable environment where controls are not are not designed or in designed or in placeplace

Informal•Controls are designed and in place but are not are not adequately adequately documenteddocumented

Standardized•Controls are designed, in place, and are are adequately adequately documenteddocumented

Monitored•Standardized controls with periodic testingperiodic testing for effective design and operation with reporting to management

Optimized•Integrated internal controls with real-time real-time monitoringmonitoring by management and continuous improvement

Low Efficiency•Substantial manual manual effortsefforts•Testing & validation required of activities•Management time commitment: Substantial

Medium Efficiency•Some manual testing required for key activities•Some reliance on Some reliance on monitoringmonitoring•Reliance on certifications & acknowledgements•Management Time Commitment: Significant

High Efficiency•Reliance on continual continual monitoringmonitoring & review of periodic testing•Use of dashboard for key indicators and controls•Reliance on certifications & acknowledgements•Management Time Commitment: Moderate

Source: PriceWaterhouseCoopers white paper on Sarbanes-Oxley Act of 2002

Internal Controls Maturity

Eff

icie

ncy

42

Architecture

ApplimationHome

Test(11i)

Dev(10.7)

Prod 1(11)

Prod 2(10.7)

Snapshots & Comparisons

43

Integra Apps Integra Apps

Architecture

ApplimationHome

Test(11i)

Integra Apps

Dev(10.7)

Integra Apps

Prod 1(11.0.3)

Prod 2(10.7)

Snapshots & Comparisons

SetupChanges