Risk, Control & Compliance with INFOR Approva
Upcoming SlideShare
Loading in...5
×
 

Risk, Control & Compliance with INFOR Approva

on

  • 436 views

Second event of the 2014 GRC series, this webcast looked at one of the leading GRC platforms, INFOR Approva Continuous Monitoring, and invited Steve Buchner of Sonova to share his experiences and ...

Second event of the 2014 GRC series, this webcast looked at one of the leading GRC platforms, INFOR Approva Continuous Monitoring, and invited Steve Buchner of Sonova to share his experiences and insights.

Ever greater demand for better visibility and better control over financial business processes and results require management to apply more sophisticated techniques for control and assurance. As such, data analytics and controls intelligence for the Finance, Risk and IS functions have become critical capabilities to ensure that financially relevant processes are operating as designed and in compliance with organisational governance and audit requirements.

Watch the recording below and meet Steve Buchner of Sonova, the world leader in hearing solutions. With 18 years of experience in ERP, IT management and strategy, Steve shares his GRC journey experiences, challenges and insights. He is joined by Steve Rooney, an experienced Risk and Controls expert and recognised INFOR Approva practice leader, who explores best practices in exploiting the Approva family of tools for effective management of Segregation of Duties (SoD), User Access Controls, Process Controls, Transaction Monitoring and Automated Control Reviews for the finance and assurance functions.

Moderated by Dan French, CEO of Consider Solution, this panel of experts addresses:

- Visibility over Financial Processes & Controls
- The 3 Lenses of Insight – Control & Compliance, Fraud and Operational Risk Management, Finance Process Optimisation
- High Impact Results with INFOR Approva
- Critical Success Factors – best practices
- The Sonova experience
- Entry Points for Deeper Insight
- Q&A

Statistics

Views

Total Views
436
Views on SlideShare
436
Embed Views
0

Actions

Likes
0
Downloads
22
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Risk, Control & Compliance with INFOR Approva Risk, Control & Compliance with INFOR Approva Presentation Transcript

  • © 2014 Consider Solutions All rights reserved. Solutions for World Class Finance 2014 GRC Series Managing Risk, Control & Compliance With INFOR Approva Continuous Monitoring 20th February 2014
  • Solutions for World Class Finance Welcome 2 © 2014 Consider Solutions All rights reserved Today‟s Speakers: Dan French CEO Consider Steve Rooney Consulting Practice Leader Consider Steve Buchner Senior Manager, IT Sonova
  • Solutions for World Class Finance Business Streams ‐ Financial Control & Compliance ‐ Risk Assurance ‐ Finance Process Optimization 3 © 2014 Consider Solutions All rights reserved solutions for world class finance
  • Solutions for World Class Finance Clients 4 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Today‟s Discussion Introductions & Objectives Visibility over Financial Processes & Controls GRC – 3 Lenses of Insight High Impact Capabilities with INFOR Approva CM ‐ Segregation of Duties ‐ Process Configuration Monitoring ‐ Certification/Attestation ‐ Transaction Exception Monitoring The Sonova GRC Journey Entry Points for Deeper Insight Q&A 5 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Objectives Share insights & experiences in Governance, Risk & Compliance (GRC) Illustrate Process Optimization potential of GRC Introduce latest capabilities, use-cases & lessons learned for INFOR Approva CM Learn from the Sonova journey Offer tips for the journey to maximize the value 6 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Risk and Control challenges 7 © 2014 Consider Solutions All rights reserved Segregation of duties Duplicate payments Employee reimbursements Unauthorized purchases Fraud prevention Overpayments Checks and approvals Compliance with policy Regulations Standardization Fraud Detection/Prevention 68% ERM 50% SOX 404 40% Compliance 38% Regulatory Compliance 29% What drives these challenges? Lack of staff Manual processes Human errors Access to data Visibility to issues Mergers and acquisitions Integrated systems Decentralized operations Outsourcing Source: KPMG Continuous Monitoring & Continuous Auditing Survey
  • Solutions for World Class Finance IIA 2013 Pulse of the Profession - Outlook 8 © 2014 Consider Solutions All rights reserved Risk management effectiveness 5% Other 12% Strategic/business Risk 4% Fraud 4% IT (general) 12% Compliance 14% Sarbanes-Oxley 12% Financial (general) 13% Operational 24% Source: The Institute of Internal Auditors
  • Solutions for World Class Finance Financial Accounting - Risk and Control 9 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Ineffective controls erode performance 10 © 2014 Consider Solutions All rights reserved What actually does happen =Processes are ignored or circumvented Policies cannot be cost- effectively enforced Fraud & Waste Sub-optimal Cash Mgmt Ineffective Process Delays and Rework Audit/Compliance Costs Unnecessary Risk  - - - - - - - - - - - - Performance Impact - - - - - - - - - - - - - > What should happen
  • Solutions for World Class Finance 3 Lenses for Visibility Financial Control & Compliance ‐ ICFR ‐ SOX ‐ Data Governance ‐ Control Self Assessment Risk Assurance ‐ Fraud ‐ Error ‐ FCPA Finance Process Optimization ‐ Eliminating Waste ‐ Driving Simplification & Standardization ‐ Optimizing Cash Flow 11 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Continuous Monitoring: Four Layers & Three Lenses . . . 12 © 2014 Consider Solutions All rights reserved Transactions (CCM-T) “Where are the exceptions? __________?” Master Data (CCM-MD) “Is the underlying data accurate and controlled?” Access to Applications (CCM-SOD) “Can anyone __________?” Configuration of IT Systems & Processes (CCM-AC) “Do our systems allow anyone to __________?” “Did Do” “Can Do” Financial Control & Compliance Risk Assurance Finance Process Optimization
  • Solutions for World Class Finance Infor Approva CM components Application security and user access monitoring modules Authorizations (User Access) – “Can do” User Activity – “Did do” Access Manager (Provisioning) – “Can do” Process transaction and master data monitoring modules Procure to Pay – “Did do” General Ledger – “Did do” Order to Cash – “Did do” Process Insight Studio - “Did do” System and configuration monitoring modules Configuration Insight - “Can do” Certification (Attestation) Manager 13 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance 360° view of Control & Risk Exceptions 14 © 2014 Consider Solutions All rights reserved Track Results Identify Exceptions View Context Investigate Take Actions
  • Solutions for World Class Finance Applications PeopleSoft Financials PeopleSoft HRMS Reconnet Solomon Catalyst BBW Baan LN JD Edwards Financials JDA Lawson S3 Island Pacific PKMS Receiving JBA IFS MS Dynamics / Navision Spirit MAST MFG Pro Sun Systems Essbase Ariba Buyer & Sourcing Applications SAP 3.1h 3.1i 4.0B 4.5B 4.6B 4.6C 4.7 ECC 5.0 & 6.0 SAP BW/BI 3.0B 3.1 3.5 Oracle - eBusiness Suite v11/12 Peoplesoft HRMS 8.8 FI 8.8 Hyperion HFM 3.0 HFM 4.0 Applications Monitored 15
  • Solutions for World Class Finance Financial Control & Compliance Lens Focus on Internal Controls over Financial Reporting (ICFR) Identifying control exceptions ‐ Manage & monitor who has what access to your financial systems Segregation of Duties Sensitive Access User Access Certification Emergency & Elevated Access Compliant User Access Provisioning ‐ Embedded (configured) Controls Monitoring ‐ Transaction Exception Monitoring Automated Compensating Controls Process Assurance 16 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Access Control Cycle - Best Practice Approach 17 © 2014 Consider Solutions All rights reserved Establish Policies for SOD, Sensitive Access, Configura tion Changes Identify and Analyze Possible Threats Remediate Threats and Establish Compensating Controls Analyze Ongoing User Access Changes to Prevent New Risks Automate Provisioning of Change Requests Periodically Review & Certify User Access
  • Solutions for World Class Finance Managing Segregation of Duties.. ..Is a Tradeoff 18 © 2014 Consider Solutions All rights reserved Freedom to Get the Job Done User Access Risks
  • Solutions for World Class Finance Infor Approva ... SOD Rules … 19 © 2014 Consider Solutions All rights reserved SAP SOD Rule Lawson SOD Rule
  • Solutions for World Class Finance SOD Violation example 20 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Activity of User 21 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Automated compensating control 22 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Gartner Comment 23 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Risk Assurance Lens Risk monitoring beyond ICFR Identifying business exceptions ‐ Error ‐ Waste ‐ Fraud Transaction Exception Monitoring addressing . . . Purchase to Pay Order to Cash Record to Report Travel & Entertainment HR & Payroll FCPA . . . . 24 © 2014 Consider Solutions All rights reserved “The typical organization loses 5% of its revenues to fraud & waste each year”
  • Solutions for World Class Finance Potential Risks ... 25 © 2014 Consider Solutions All rights reserved Procurement: ‐ Duplicate Payments ‐ Goods delivered without a PO ‐ Non-standard payment terms ‐ Invoice value greater than received ‐ Duplicate Invoices Sales: – Price Reductions – Undelivered orders – Exceptional customer credits/returns – Non standard payment terms Fixed Assets: – Inappropriate asset depreciation periods – Misclassified capital equipment Travel Expenses: – Duplicate claims – Ineligible items claims General Ledger: – JE postings into prior periods already closed – Unusually large JEs – Manual payments – Manual journal entries requiring review and approval
  • Solutions for World Class Finance Example Exception Rule … Conditions for Duplicate Payment 26 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Exception Detail 27 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance PO where Vendor Name from PO Matches with OFAC SDN List 28 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Gartner Comment 29 © 2014 Consider Solutions All rights reserved Approva has prebuilt integration links to multiple ERP vendors. It provides good workflow for exception management, robust reporting and intuitive rule building. Magic Quadrant for Continuous Controls Monitoring
  • Solutions for World Class Finance Finance Process Optimization Lens Focus on Process Efficiency & Standardization Identifying „out of envelope‟ exceptions Key Exception Indicators (KEIs) ‐ Transaction Exception Monitoring Performance & Cash sapping practices Non-standard processes “Evolved” working practices Local variants Policy avoidance 30 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance We TRY to control standardization . . . 31 © 2014 Consider Solutions All rights reserved GR is created against PO Purchasing creates PO for Shipment Truck drops off shipment, but no PO exists Warehouse calls up Purchasing to create a PO ERP is configured to only allow GR if PO exists, however…
  • Solutions for World Class Finance What can impact process performance ... „Key Exception Indicators‟ 32 © 2014 Consider Solutions All rights reserved Procure to Pay: ‐ Multi-touch POs ‐ PO mismatches a PR ‐ “Pro-forma” POs ‐ Vendor records missing key data ‐ Invoice mismatches to PO / GR ‐ Goods delivered without a PO ‐ Duplicate Vendor records General Ledger: – Posted documents not cleared for extended period – Duplicated effort - Journal entries with missing key data – Duplicate GL accounts Order to Cash: – Multi-touch Orders – “Pro-forma” invoices – Undelivered Sales Orders – Sales Orders without Customer PO – Changes to Payment Terms – Customer records with missing data – Duplicate Customer records
  • Solutions for World Class Finance Case Study 1: Invoice Processing 33 © 2014 Consider Solutions All rights reserved Desired process ‐ Purchase Order to initiate and approve purchase ‐ Touch-less Invoice/Payment approval on match KPIs ‐ First time match rate ‐ Invoice processing cost/effort What can go wrong (Key Exception Indicator) ‐ Duplicate Invoices, duplicate vendors, imprecise POs Discovery ‐ 3% duplicate invoices causing re-work and cash loss Root Cause ‐ Different vendor records set up by different groups for same vendor ‐ Supplier resending invoices if payment not received ‐ Invoices not matching PO … needing manual review
  • Solutions for World Class Finance Case Study 2: Purchase Order Processing 34 © 2014 Consider Solutions All rights reserved Desired process ‐ Purchase Request to approve expenditure ‐ Purchase Order to initiate and approve purchase KPIs ‐ Maximize spend under PO ‐ PO processing cost What can go wrong (Key Exception Indicator) ‐ Multiple touch POs, changes to PO Pricing & Terms Discovery ‐ 11% POs change activity Root Cause ‐ Pro-forma POs, Master Data inaccuracy
  • Solutions for World Class Finance Case Study 3: Receivables / Collections 35 © 2014 Consider Solutions All rights reserved Desired process ‐ Short cycle order to customer invoice to payment KPIs ‐ Days Sales Outstanding (DSO) What can go wrong (Key Exception Indicator) ‐ Sales Order to Delivery to Invoice delay Discovery ‐ Excellent cash collection metric undermined by use of Pro- forma invoices to confirm customer payment Root Cause ‐ DSO KPI, Invoicing errors
  • Solutions for World Class Finance Example Exception Rule … PO raised on or after GR 36 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Exception Detail 37 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Duplicate Vendors – same tax ID 38 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance 5 Critical Success Factors 1. Stakeholder Alignment • Engagement, Ownership, Sustaining 2. Clarity • Objectives, Measures, Progress 3. Process • Project, Program, Process 4. People, Skills & Knowledge • Train, Develop, Refresh 5. Tools • Clarity, Focus, Precision 39 © 2014 Consider Solutions All rights reserved
  • © 2014 Consider Solutions All rights reserved. Solutions for World Class Finance Steve Buchner Sr. Mgr. IT Operations Sonova Phonak Hearing Systems 40
  • Solutions for World Class Finance Sonova, Phonak & Unitron 41 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Catalyst – Initial Audit Findings 2009 Audit Finding - “unrestricted SAP User access rights for critical transactions” Authorization concept existed but lacked SOD analysis as well as necessary controls monitoring tool 42 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Getting Started Sought out help from PwC (2010) ‐ Developed SOD Ruleset ‐ Developed new SAP Role Concept (SOD compliant) Tool Selection – choose a GRC tool (2010) ‐ Selected Approva (BizRights) ‐ Selected Consider as implementation partner Beginning the Journey (2010 – present) ‐ Implementing new role concept ‐ Began analysis and remediation process with Consider 43 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Experiences along the Road 44 © 2014 Consider Solutions All rights reserved The right security concept is the foundation Once in place -> next effort is transition responsibility to business for who gets access to what!
  • Solutions for World Class Finance Challenges Inefficient Security Design ‐ Too many Authorizations ‐ Too many Roles ‐ Duplicate Transactions ‐ Increased Exposure to Risk Security resources empowered with too much user access decision-making responsibility ‐ Lack of Knowledge ‐ Lack of Time Minimal Documentation and Automation for the User Provisioning Process Lack of Control Framework (Segregation of Duties Matrix) 45 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Transitioning Ownership from IT to Finance 46 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Global Rollout With the help of Consider - In 2013 kicked off rollout of SAP Role Concept to 12 countries User SOD Remediation via Approva One followed after and remains in progress 47 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance The Access Provisioning Portal User Remediation Complete => Keep system clean With Consider implementing self service provisioning portal ‐ User access requests routed to appropiate approver IT is removed from the user provisioning process! 48 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance The Road Ahead Complete the current efforts Implement Certification Manager for yearly access reviews Extend monitoring beyond SAP 49 © 2014 Consider Solutions All rights reserved
  • © 2014 Consider Solutions All rights reserved. Solutions for World Class Finance Entry Points for Deeper Insight 20th February 2014
  • Solutions for World Class Finance INFOR Approva Continuous Monitoring Best Practice Rules informed and adopted by Big 4 Business friendly for process adoption Multi-Application Monitoring Capability Control Attestation/Certification Capability Ease of Integration into IT Landscape Continuous Improvement focus 3 Lenses of GRC Success Cost-Effective 51 © 2014 Consider Solutions All rights reserved
  • Solutions for World Class Finance Entry Points for Deeper Insight SoD Needs Assessment & Planning Workshop 52 © 2014 Consider Solutions All rights reserved Analysis of current ERP SoD status Industry best practice Organisation specific policies Assessment & benchmarking Recommendations Outline Plan Workshop Review Build the „Case for Action‟
  • Solutions for World Class Finance Entry Points for Deeper Insight QuickScan™ - Diagnostics for quick wins . . . 53 © 2014 Consider Solutions All rights reserved Scoped process & organisation target Agreed risk and/or performance themes Agreed ownership to manage and resolve transaction exceptions Ongoing analysis of all relevant system data and transactions Matching 100% of transactions and data against exception rules Work flow for addressing and resolving exceptions Process for continuous improvement Rapid Execution, Rapid Return
  • Solutions for World Class Finance Any Questions? Enjoy the journey! For any questions or a „deeper dive‟ . . . . dfrench@consider.biz Blogerati can visit . . . www.consider.biz/thinking/ @consider_ations #worldclassfinance 54 © 2014 Consider Solutions All rights reserved
  • © 2014 Consider Solutions All rights reserved. Solutions for World Class Finance 2014 GRC Series Managing Risk, Control & Compliance With INFOR Approva Continuous Monitoring 20th February 2014