Optimizing order to-cash (e-business suite) with GRC Advanced Controls
Upcoming SlideShare
Loading in...5
×
 

Optimizing order to-cash (e-business suite) with GRC Advanced Controls

on

  • 728 views

Mark Stebleton, Oracle GRC Advanced Controls Product Management and Daryl Geryol, Navillus Partners explain how to optimize your Order to Cash process.

Mark Stebleton, Oracle GRC Advanced Controls Product Management and Daryl Geryol, Navillus Partners explain how to optimize your Order to Cash process.

Statistics

Views

Total Views
728
Views on SlideShare
728
Embed Views
0

Actions

Likes
0
Downloads
53
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Optimizing order to-cash (e-business suite) with GRC Advanced Controls Optimizing order to-cash (e-business suite) with GRC Advanced Controls Presentation Transcript

  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal1
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal2 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal3 @OracleAdvCntrls Post Questions Before, During and After
  • Optimizing Order-to-Cash (E-Business Suite) with GRC Advanced Controls Mark Stebelton, CPA, CFE Director, Product Management – Oracle Daryl Geryol SVP, Technology and Operations - Navillus
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal5 Program Agenda  Twitter Topic Review – Session Flow  Oracle Advanced Controls Overview - Mark  Implementation Review, Tips and Tricks  Order to Cash Examples  Questions, Demo Pod and Other GRC Sessions
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal6 Advanced Controls Market Info and Drivers
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal7 Strategic Priorities Survey of 263 Finance Executives BETTER CONTROLS AND EFFICIENCIES Reaching New Heights: The Dividends of Collaboration between Finance and Procurement is published by CFO Publishing LLC, May 2012 Compliance Understanding Payables Exposure Audit and Control of Procurement Business Risk Analysis
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved.8 Confidential – Oracle Internal Vulnerable Key Processes Error, Waste, Misuse, Abuse and Fraud Source: “2011 OAUG Governance, Risk & Compliance Best Practices Survey”, Unisphere Research, Feb 2011
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved.9 Confidential – Oracle Internal Standard Controls User Roles 3-Way Match Approval Hierarchies Standard Controls Social Media Policy E-learning Ethics Policy
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved.10 Confidential – Oracle Internal Standard + Advanced Controls Sentiment Analysis Split Purchase Orders Hide Displays of Sensitive Data Duplicate Payments Transaction Threshold Amounts Duplicate Vendors Fine- grained User Access Configuration Snapshots & Audit Trial Transaction Pattern Analysis Fuzzy Logic, ‘similar values’ User Roles 3-Way Match Approval Hierarchies Advanced Controls Standard Controls Social Media Policy E-learning Ethics Policy
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal11 Oracle Advance Controls Product Slides
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal12 GRC Advanced Controls One Enterprise Foundation Enterprise Risk & Controls Foundation Dashboards, Reports and Alerts NotificationsWorklists Email PerspectivesSearch Risk, Controls & Compliance Management ReviewsDocumentation Assessments RemediationSurveys Continuous Controls & Risk Monitoring SetupsAccess Master Data Audit TestsTransactions User Authored ControlsData Connectors Fraud & Error Patterns RoleBasedAccessSecurity WebServices&APIs Custom or Legacy Applications Comprehensive  Enterprise Risk Management  Financial Governance  Continuous Controls Monitoring Flexible • Business User Authoring • Access, Transactions, Setups • Extensible to Other Platforms Data Driven (Big Data)  100% of Transactions  Manage by Exception  Optimize Processes
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal13 Application Access Controls Governor (AACG)  Complete user and entire path analysis  Removal of false-positives  Library of pre-built automated SOD controls for EBS and PSFT  Author new controls, extend to any business application Advanced SOD and Security Compensating Policies Preventive Provisioning Remediation (Clean-up) Access Analysis Define Access Controls Detection Prevention
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal14 • 100% Audit • Continuously monitor accuracy of transactions and mitigate exposure to fraud • Test against thresholds • Search for anomalies • Focus on Exceptions Pre-delivered Transaction Controls Suspect Transactions Pre-delivered Transaction Controls Suspect Transactions Review and Address Suspects Detection Prevention Enterprise Transaction Controls Governor (TCG) Advanced Transaction Analysis Preventive Transactions Controls Identify & Review Suspects Perform Transaction Analysis Define Transaction Controls
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal15 Configuration Controls Governor (CCG) Advanced Configuration Analysis • Achieve consistent application setup and operating standards across multiple instances • Track audit trails for changes to key configurations • Tightly control change management to accelerate development and test time Define Configuration Controls Enforce Change Control Manage Data Integrity Detection Prevention Manage Data Integrity Enforce Change Control Monitor Configuration Changes Compare Configuration Deployed Define Configuration Controls
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal16 Preventive Controls Governor (PCG) •Configure advanced controls in Oracle EBS •Replace Forms customizations for easier support and upgrades •Change-track critical fields for auditing •Require approval for changes to critical data Oracle E-Business Suite In-line Controls Notification of Changes Logged Changes to Critical Data Required Approvals Blocked Access to Sensitive Data Detection Prevention Mask Sensitive Data
  • - Optimizing Order-to-Cash (E Business Suite) with Oracle Advanced Controls
  • 18 AGENDA Navillus Partners Presenter Bio Project Introduction Accomplishments Business Case examples What is Next? Q & A
  • 19 NAVILLUS PARTNERS An international consulting firm headquartered in Boston, MA An Oracle Gold Level Partner specializing in Oracle Governance, Risk & Compliance & E-Business Suite professional implementation and advisory services Recognized as the #1 Oracle GRC Partner in 2012 Highly experienced resources with one of the strongest track records for delivery success in the North America & Europe. Oracle Resource(s) have 13+ years dedicated to Oracle Implementations, Security Design, and Project / Program Management Our team members average more than 8 years of Oracle Advanced Controls Experience The majority or our team developed core Oracle Advanced Controls Applications Proprietary accelerated delivery methodology, NAViGATE Process Driven approach tailored specifically for Advanced Process & Controls and Governance, Risk, and Compliance ‘Design In’ Approach for Oracle e-Business Suite & PeopleSoft implementations and upgrades Developed and maintain and Advanced Process & Controls Library Solution set process optimization and control accelerators GRC & Business Process Controls Library for PCG, CCG, & TCG Comprehensive extension to Oracle’s out of the box Access Controls Content Application Modules File System APPLTOP -
  • 20 PRESENTER BIO Daryl Geryol- As Partner and Senior Vice President of Technology and Operations for Navillus Partners, Daryl brings more than 15 years of Oracle system integration, GRC leadership and implementation experience across various organizations and industries worldwide. He has successfully led numerous Oracle GRC related engagements helping clients achieve a greater level of compliance security, an automation of complex regulatory requirements including SOX 404, 302, OMB A-123, HIPAA, PCI DSS, PII and SSI. Daryl is well known for his innovative application of Oracle GRC’s Controls Suite technology in helping clients optimize complex or time consuming business processes across the enterprise. He is a published author/co-author of such books as, “Shining the Light on the Release 12 World” as well as a presenter on various topics covering Oracle applications, GRC and industry best practices for upgrades, implementation and business process controls automation. -
  • 21 PROJECT INTRODUCTION Company Information: Fortune 100 Company implementing Oracle R12 covering all business processes Objectives: Implement Oracle Advanced Controls to address not only regulatory requirements but eliminate customization, address data entry and transaction efficiency and accuracy per corporate policy. Policies dictated the reduced usage of DFFs, support of centralized processes such as Supplier Vendor master and optimization of application functionality. These controls addressed the P2P, O2C and R2R processes with 54 controls moved to production Solution: Implement Oracle Advanced controls and leverage each application throughout the organization. Oracle Access Controls manages Segregation of Duties and Sensitive Access reporting Oracle Configuration Controls manages key configurations across the numerous environments Oracle Preventive Controls supports corporate audit policies and IT analysts. These controls addressed the P2P, O2C and R2R processes with 54 controls in production Application Modules File System APPLTOP - Focus
  • 22 ACCESS CONTROLS SUMMARY Application Modules File System APPLTOP - Core Financials 18 controls • Covering sensitive access functions (cross validation, account setup, Periods, FSGs) • Focus on major functions(COA, Journal Entry, Posting, FSGs • Controls added for Project and Billing functions (expenditures, draft invoices, budgets) Procure to Pay 20 controls • Covering sensitive access functions (approval setup, buyer, terms) • Focus on major transactions (invoices, payments, purchasing, receipts) Order to Cash 25 controls • Covering sensitive access functions (customer, receivable setups, holds, discounts, pricing) • Focus on major transactions (Order, shipment, AR Transaction) IT Controls (system, Security and Administration) 10 controls • Covering sensitive access functions (User, Responsibility, Menu, Function, Concurrent Managers)
  • 23 ADVANCED CONTROLS (FOR EBS) PRODUCTION SUMMARY Application Modules File System APPLTOP - Core Financials 11 controls • Corporate wide push to eliminate descriptive flexfields, personalizations and custom code wherever possible. • Place audit trails on key value fields. • Enforce expenditure orgs, data entry standards Procure to Pay 18 controls • Approval and audit of changes to payment terms, use of extension forms to provide reasons for updates and approval history/comments. • Application of additional form security for data created through 3rd party. • Enforce expenditure orgs, data entry standards Order to Cash 25 controls • Contract security, disallowing entry or copy of contracts with incorrect characters, required contracts field updates based on contract line type, security of contract fields based on client specific criteria. • Notification of Order lines with revenue past due. • Credit Memo Approval process • Order entry controls (order types, freeze lines….)
  • 24 DEFERRED ENGINEERING BILLING FROM CONTRACTS Business Problem- Billing was deferred until engineering billing was at 50% or more. At this time the other project items could be billed in full. This was a manual process, which inherently had delays in billing and prone to errors. This simple act of updating a project required contracts and coordination to ensure billing was done correctly. Solution Using Advanced Controls, a process flow was created that would assess the deferred billing progress of all items, and then remove the deferred billing status, allowing that contract to bill. Benefits No human intervention is saving upfront time and research when billing was incorrect No delays in revenue recognition No customization Happy users -
  • 25 DEFERRED BILLING PROCESS FLOW Application Modules File System APPLTOP -
  • 26 EXAMPLE OF CONTRACT EXCLUSION Application Modules File System APPLTOP - Exclude from invoicing
  • 27 DERIVE ORDER TYPES Business Problem- It is imperative that the correct order line types are selected during order entry due to complexity in line type mapping to receivables transaction types. The AR transaction types require their own sequence thus setting up an order incorrectly would result in incorrect receivables and other reconciliation issues. Solution Advanced controls was used to default the correct order line type on orders based on factors such as project code, project line type, customer address and item removing possibility of AR interface errors. Benefits Removed human errors that were being introduced in order management during order type selection Improved receivables accuracy and reconciliation No customization -
  • 28 EXAMPLE MAPPING
  • 29 DRAFT INVOICES APPROVAL Business Problem- Invoices require approval prior to actual invoice print. Draft invoices are provided to support this process- but required a way to manage what lines had been approved from the draft. Solution Using both Advanced Controls form and flow rules, order lines were frozen (secured from update) producing a draft invoice and an approval process to remove the freeze and allow final invoicing. Benefits Elimination of invoice errors and reversal resubmission of invoices. No customization -
  • 30 EXAMPLE OF DRAFT INVOICE LINE FREEZE
  • 31 WHAT IS NEXT? Access Controls Incorporate single sign on with the GRC application Move to a preventive provisioning process Fraud Analysis Provide analysis models and controls to address monitor for fraud in the following areas • Payables  Invoicing (Duplication, out of tolerance, aging, terms)  Payments ( Duplication, Void/Reissue, out of tolerance, aging) • Receivables  Credit memo analaysis, credit holds, customer changes • General Ledger  Posting irregularities  High risk accounts Further Optimization Preventive Controls will continue to be the GO TO development tool onshore and offshore to eliminate custom coding and inflexible customization -
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal32 Advanced Controls Approach
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal33 Fusion Platform with Dashboards, Alerts & Drilldowns Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal33 Advanced Controls Approach
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal34 • Embedded intelligence provides visibility into multiple control and process areas. Advanced Controls – Embedded Dashboards
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal35 • Move away from silo’d information • Multiple ERPs monitored from a single application. Advanced Controls – Embedded Dashboards
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal36 • Automatic alerts notify appropriate personnel for action • Actionable Insight to drive the business forward Advanced Controls – Business Process Monitoring
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal37 Sophisticated Controls Monitoring and Enforcement Engine Advanced Controls Approach Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal37
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal38 Access Analysis Create Conflict Conditions Remove False Positives
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal39 Access Hierarchy Example – Oracle EBS Role Responsibility Menu Sub - Menu Function: Create Invoice Function: Create Customer Other important attributes: Operating Units, Data Groups, Set of Books etc Access Points
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal40 Interpreting Access Conflicts  User Role Permission List  Menu  Panel Component  Page Definition Finding the Right Path to Resolution U R M C D L Remove Menu Path Conflicts
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal41 Elevated Productivity – Optimize Process & Empower Users • Library of pre- definedAdvanced Controls (and extensible) • Ability to build new controls by business owners (no coding) • 100% Transaction coverage (no more sampling) Transaction Controls – Author, Deploy, & Monitor
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal42 Manage Setups Manage Customers Manage Order / Invoice Dispatch Items Manage Revenue Manage Receivables Advanced Controls Business Objects (Example) Sample OTC Semantic Library Business Objects •Customer • Customer Account (Site) Contact • Customer Account Sites • Order Management Transaction Type Business Objects • Receivable Accounting Rules • Receivable Activities • Receivable Aging Buckets • Receivables Approval Limits • Receivable Auto-Cash Rule Set • Receivables Location • Receivable Receipt Class • Receivable Receipt Source Business Objects • Sales Order • Sales Order Payment • Receivables Invoice Business Objects • Ship Customer Goods • Shipping Deliveries Business Objects • Receivables Payment Schedule Business Objects • Subledger Journal Entry: Accounts Receivable • Receivables Receipt Batch
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal43 Business Logic Filters String, Integer NumericDateFunctions ANDOR
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal44 Advanced Pattern Analysis • Pattern analysis identifies outlying incidents that may not be apparent
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal45 Advanced Control Extensibility Custom or Legacy Applications Continuous SOD Controls Monitoring Pre-built Extensible Partner Pre-built CUSTOMER CARE & BILLING
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved.46 Confidential – Oracle Internal Oracle Advance Controls in the Order To Cash Process
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved.47 Confidential – Oracle Internal Example Order to Cash Controls Copyright © 2012, Oracle and/or its affiliates. All rights reserved.47 Access (SOD): Who Can Perform Transaction: What HAS Happened Create Customer and Create Order Created/edited a customer and created/edited an order Create Customer and Perform Write-Off Edited a customer and performed a write-off Modify Customer and Create Order Orders created in a period that exceeded the customer’s credit limit View an Order and Receive an Order Micro-orders for a customer to avoid approvals
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal48 TXN SYSTEMS USERS ROLES USERS SETUPS MASTER DATA ROLES TXN SYSTEMS TXN ROLES TXNUSERS SETUPS TXN ROLES SYSTEMS MASTER DATA ROLES TXN TXN SETUPS Enterprise Risk Graph
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved.49 Confidential – Oracle Internal Enterprise Risk Graph EBS EMEA SYSTEM JOHN USER Receivables ADMIN ROLE CUSTOMER MENU CUSTOMER ENTRY SUBMENU QUICK UPDATE SUBMENU EDIT CUSTOMER FUNCTION ORDER MGT MENU ORDER ERNTRY SUBMENU ORDER RELEASE FUNCTION JOHN CHANGES CUSTOMER SHIPTO FOR ACME AND PROCESSES ORDER FOR ACME
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved.50 Confidential – Oracle Internal Cut Order to Cash Inefficiency & Risk • Determine if product master data is accurate • Find & remediate users with privileges to enter & modify master data • Add data entry rules to validate sales order ship-to destination against localized product configuration • Find sales order transaction exceptions • Find revenue and COGS mismatches • Validate customer invoice aging, thresholds
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved.51 Confidential – Oracle Internal Wrapup Questions of O2C Optimization  What is YOUR organization’s overall risk exposure in the O2C process? – Ex. Duplicate customers exist to get around single customer credit limits, thus exposing the organization to material bad debts.  Who in YOUR organization can create at-risk transactions? – SOD: Create/Modify a Customer and a Sales Order  Who in YOUR organization has already created at-risk transactions?
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal52 Oracle Advance Controls OOW2013 Sessions & Demo Pod
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal53 Demo Workstation Moscone West 1st Floor #W-013 Monday Tuesday Wednesday Demo ID 3532 Workstation #: W--013 9:45 – 6:00 9:45 – 6:00 9:45 – 4:00
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal54 Demo Workstation Moscone West 1st Floor #W-013
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal55 Reducing Risk for Oracle E-Business Suite Upgrades and Implementations  1:15PM Moscone West – 3018  CON8830 Panel Discussion: Intelligent Controls for Key Business Processes and Upgrades  3:30PM Moscone West – 2002 / 2004  CON8832 Learn More About Oracle Advance Controls Wednesday
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal56 Advanced Access and User Security for Oracle E-Business Suite and Fusion Applications  2:00PM Moscone West – 3018  CON8824 Meet the Governance, Risk, and Compliance Experts  12:30PM Moscone West 2001A  MTE9412 Learn More About Oracle Advance Controls Thursday
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal57 @OracleAdvCntrls Oracle GRC Advanced Controls Join Our Linkedin Group Follow us on Twitter
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal58 ?’s
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal59 The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  • Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal60