increasing internal controls with applimation integra
TRANSCRIPT
2
Applimation Overview
• Founded in 1998
• 230+ customers worldwide
• Headquartered in New York City
• Offices throughout North America and Europe
• Software solutions that manage data growth and ensure integrity throughout the application lifecycle
3
Applimation Lifecycle Management
Informia Archive
Informia Subset
Informia Reorg
Integra Transaction
Integra Access
Integra Apps
Integra Codebase
Informia Integra
6
Integra Codebase
Integra Apps
Integra Access
Integra Transaction
APPLIMATIONINTEGRA
code
setups
security
transactions
Oracle Applicationsenvironment
Continuous Monitoring in Oracle Applications
Key Controls& Transactions
ContinuousMonitoring
7
Sarbanes-Oxley Cycles
Oracle ICM(Repository of
Controls)
Integra(Continuous Monitoring)
Document Risks & Controls
Monitor Changes &
Test Controls
10
Difficult Questions to Answer
• How do you know key controls are operating effectively throughout year?
• Can you report on ALL changes to key controls?
• How do you search for segregation of duties or evaluate user access?
• How do you know controls are same for each business unit?
• How do you document key controls within systems?
11
Integra Apps & Codebase
Integra Apps• Automated
Documentation– Setups and Configurations
• Comparisons– Across Multiple Instances– Across Sets of Books and
Operating Units– Across Multiple Versions
• Change Tracking– Monitoring and Reporting
• Data Migration (setups)
Integra Codebase• Automated Documentation
– Forms, Reports and Code
• Comparisons/Impact Analysis– Across Multiple Instances– Across Multiple Versions
• Change Tracking– Monitoring and Reporting– Version Control
• Code Promotion
12
Examples of Setup
Setup Data
Application SecurityDocument ApprovalsChart of AccountsProfile OptionsUsersApplication SetupsMRP rules
Operational Data
CustomersSuppliersEmployeesBuyersItemsChart of Account ValuesCategory Codes
13
Example of System Controls
• 3 way matching of PO, Invoice and Receipt• Document spending limits (authorization of PO)• Security rules/access to sensitive transactions
– employee salaries– chart of account values– financial statement reports (FSG’s)– price lists– inventory attributes
• Action for late delivery of goods• Inventory stocking rules• Rules to create tax on sales orders• Depreciation methods
14
Examples of Code
Files
FormsReportsMenusLibrariesPL/SQLEtc.
Database Objects
SchemasIndexesGrantsDb LinksFunctionsPackages
15
Who is Responsible for Setup?
System Administrators
Implementation Consultants
Super Users
Maintenance across all applications and overall environment
Initial applications setup
Maintenance of specific business applications
16
Setups Change More Than You Think
• Intentional– Operational Changes– Growth of Company– Business Requirement Changes– New Functionality Introduced by Upgrades
• Unintentional– Unknown Consequences– User Error – Unexpected Changes Caused by Patches
21
Automated Change Tracking
• Integra Apps - Change Tracking
– Who?
– What?
– When?
– Where?
Automatically captures a complete historical audit trail. Details of
EVERY change.
24
Data Migration
SourceDatabase
Extract w/FNDLOAD
TargetDatabase
1. Utilizes FNDLOAD – 100% supported by Oracle2. Automatically extracts/loads setups3. Optionally edit/modify data4. Select one row or many
Load w/FNDLOAD
EditDataFile
Extract and Load w/FNDLOAD
25
Data Migration Road Map
• Release I Sep 1st
– System Administration
• Release II Sep 30th
– GL, AP, AR
• Release III Dec 30th
– PO, INV, BOM, OM
Available for 11.5.7 and higher
26
Data Migration Road Map
System Administration Module– Attachments– Concurrent Programs– Custom Messages– Descriptive Flexfields– Flexfield Value Hierarchy
(Rollup Groups)– Flexfield Value Security
Rules– Forms– Functions– Key Flexfields
– Lookup Types and Values– Menus– Profile Options and Values– Request Groups– Request Set– Responsibilities– Users– Value Set Values– Value Sets
28
Examples of Code
Files
FormsReportsMenusLibrariesPL/SQLEtc.
Database Objects
SchemasIndexesGrantsDb LinksFunctionsPackages
31
Dependency/Impact Analysis
Stored Procedure searches where you can see blocks of code instead of a single line of code.
See potential impact of scheduled code changes before you make them.
32
Continuous Monitoring - Maintain Versions
Schedule code promotion Formal check-in/check-out
Automated environment monitoring
34
Integra Access
User
Responsibility
Menu
Function
Form
Evaluate User Access• Search by User • Search by Form/Function
Search for Segregation of Duties• Identify incompatible Functions & Forms
Integra Transaction
• Monitor transactions for anomalies • Identify thresholds • Alert notifications
39
Integra Codebase
Integra Apps
Integra Access
Integra Transaction
APPLIMATIONINTEGRA
code
setups
security
transactions
Oracle Applicationsenvironment
Continuous Monitoring in Oracle Applications
Key Controls&
Transactions
ContinuouslyMonitored
40
For More Information
Mark NelsonApplimation, Inc.
Phone: (212) 560-7878E-mail: [email protected]
www.applimation.com
Unreliable•Unpredictable environment where controls are not are not designed or in designed or in placeplace
Informal•Controls are designed and in place but are not are not adequately adequately documenteddocumented
Standardized•Controls are designed, in place, and are are adequately adequately documenteddocumented
Monitored•Standardized controls with periodic testingperiodic testing for effective design and operation with reporting to management
Optimized•Integrated internal controls with real-time real-time monitoringmonitoring by management and continuous improvement
Low Efficiency•Substantial manual manual effortsefforts•Testing & validation required of activities•Management time commitment: Substantial
Medium Efficiency•Some manual testing required for key activities•Some reliance on Some reliance on monitoringmonitoring•Reliance on certifications & acknowledgements•Management Time Commitment: Significant
High Efficiency•Reliance on continual continual monitoringmonitoring & review of periodic testing•Use of dashboard for key indicators and controls•Reliance on certifications & acknowledgements•Management Time Commitment: Moderate
Source: PriceWaterhouseCoopers white paper on Sarbanes-Oxley Act of 2002
Internal Controls Maturity
Eff
icie
ncy