Mark Stebleton, Oracle GRC Advanced Controls Product Management and Daryl Geryol, Navillus Partners explain how to optimize your Order to Cash process.
19. 19
NAVILLUS PARTNERS
An international consulting firm headquartered in Boston, MA
An Oracle Gold Level Partner specializing in Oracle Governance, Risk & Compliance & E-Business
Suite professional implementation and advisory services
Recognized as the #1 Oracle GRC Partner in 2012
Highly experienced resources with one of the strongest track records for delivery success in the North
America & Europe.
Oracle Resource(s) have 13+ years dedicated to Oracle Implementations, Security Design, and Project /
Program Management
Our team members average more than 8 years of Oracle Advanced Controls Experience
The majority or our team developed core Oracle Advanced Controls Applications
Proprietary accelerated delivery methodology, NAViGATE
Process Driven approach tailored specifically for Advanced Process & Controls and Governance, Risk, and
Compliance
‘Design In’ Approach for Oracle e-Business Suite & PeopleSoft implementations and upgrades
Developed and maintain and Advanced Process & Controls Library
Solution set process optimization and control accelerators
GRC & Business Process Controls Library for PCG, CCG, & TCG
Comprehensive extension to Oracle’s out of the box Access Controls Content
Application Modules File System APPLTOP
-
20. 20
PRESENTER BIO
Daryl Geryol-
As Partner and Senior Vice President of Technology and Operations for Navillus Partners, Daryl
brings more than 15 years of Oracle system integration, GRC leadership and implementation
experience across various organizations and industries worldwide.
He has successfully led numerous Oracle GRC related engagements helping clients achieve a
greater level of compliance security, an automation of complex regulatory requirements
including SOX 404, 302, OMB A-123, HIPAA, PCI DSS, PII and SSI.
Daryl is well known for his innovative application of Oracle GRC’s Controls Suite technology in
helping clients optimize complex or time consuming business processes across the enterprise.
He is a published author/co-author of such books as, “Shining the Light on the Release 12
World” as well as a presenter on various topics covering Oracle applications, GRC and industry
best practices for upgrades, implementation and business process controls automation.
-
21. 21
PROJECT INTRODUCTION
Company Information: Fortune 100 Company implementing Oracle R12 covering all business processes
Objectives: Implement Oracle Advanced Controls to address not only regulatory requirements but
eliminate customization, address data entry and transaction efficiency and accuracy per corporate policy.
Policies dictated the reduced usage of DFFs, support of centralized processes such as Supplier Vendor
master and optimization of application functionality. These controls addressed the P2P, O2C and R2R
processes with 54 controls moved to production
Solution: Implement Oracle Advanced controls and leverage each application throughout the
organization.
Oracle Access Controls manages Segregation of Duties and Sensitive Access reporting
Oracle Configuration Controls manages key configurations across the numerous environments
Oracle Preventive Controls supports corporate audit policies and IT analysts. These controls
addressed the P2P, O2C and R2R processes with 54 controls in production
Application Modules File System APPLTOP
- Focus
22. 22
ACCESS CONTROLS SUMMARY
Application Modules File System APPLTOP
-
Core Financials 18 controls
• Covering sensitive access functions (cross validation, account setup, Periods, FSGs)
• Focus on major functions(COA, Journal Entry, Posting, FSGs
• Controls added for Project and Billing functions (expenditures, draft invoices, budgets)
Procure to Pay 20 controls
• Covering sensitive access functions (approval setup, buyer, terms)
• Focus on major transactions (invoices, payments, purchasing, receipts)
Order to Cash 25 controls
• Covering sensitive access functions (customer, receivable setups, holds, discounts, pricing)
• Focus on major transactions (Order, shipment, AR Transaction)
IT Controls (system, Security and Administration) 10 controls
• Covering sensitive access functions (User, Responsibility, Menu, Function, Concurrent Managers)
23. 23
ADVANCED CONTROLS (FOR EBS) PRODUCTION SUMMARY
Application Modules File System APPLTOP
-
Core Financials 11 controls
• Corporate wide push to eliminate descriptive flexfields, personalizations and custom code wherever
possible.
• Place audit trails on key value fields.
• Enforce expenditure orgs, data entry standards
Procure to Pay 18 controls
• Approval and audit of changes to payment terms, use of extension forms to provide reasons for
updates and approval history/comments.
• Application of additional form security for data created through 3rd party.
• Enforce expenditure orgs, data entry standards
Order to Cash 25 controls
• Contract security, disallowing entry or copy of contracts with incorrect characters, required contracts
field updates based on contract line type, security of contract fields based on client specific criteria.
• Notification of Order lines with revenue past due.
• Credit Memo Approval process
• Order entry controls (order types, freeze lines….)
24. 24
DEFERRED ENGINEERING BILLING FROM CONTRACTS
Business Problem- Billing was deferred until engineering billing was at 50% or more.
At this time the other project items could be billed in full. This was a manual process,
which inherently had delays in billing and prone to errors. This simple act of updating
a project required contracts and coordination to ensure billing was done correctly.
Solution
Using Advanced Controls, a process flow was created that would assess the deferred billing
progress of all items, and then remove the deferred billing status, allowing that contract to bill.
Benefits
No human intervention is saving upfront time and research when billing was incorrect
No delays in revenue recognition
No customization
Happy users -
26. 26
EXAMPLE OF CONTRACT EXCLUSION
Application Modules File System APPLTOP
-
Exclude from
invoicing
27. 27
DERIVE ORDER TYPES
Business Problem- It is imperative that the correct order line types are selected
during order entry due to complexity in line type mapping to receivables transaction
types. The AR transaction types require their own sequence thus setting up an order
incorrectly would result in incorrect receivables and other reconciliation issues.
Solution
Advanced controls was used to default the correct order line type on orders based on factors such
as project code, project line type, customer address and item removing possibility of AR interface
errors.
Benefits
Removed human errors that were being introduced in order management during order type
selection
Improved receivables accuracy and reconciliation
No customization
-
29. 29
DRAFT INVOICES APPROVAL
Business Problem- Invoices require approval prior to actual invoice print. Draft
invoices are provided to support this process- but required a way to manage what
lines had been approved from the draft.
Solution
Using both Advanced Controls form and flow rules, order lines were frozen (secured from update)
producing a draft invoice and an approval process to remove the freeze and allow final invoicing.
Benefits
Elimination of invoice errors and reversal resubmission of invoices.
No customization
-
31. 31
WHAT IS NEXT?
Access Controls
Incorporate single sign on with the GRC application
Move to a preventive provisioning process
Fraud Analysis
Provide analysis models and controls to address monitor for fraud in the following areas
• Payables
Invoicing (Duplication, out of tolerance, aging, terms)
Payments ( Duplication, Void/Reissue, out of tolerance, aging)
• Receivables
Credit memo analaysis, credit holds, customer changes
• General Ledger
Posting irregularities
High risk accounts
Further Optimization
Preventive Controls will continue to be the GO TO development tool onshore and offshore to
eliminate custom coding and inflexible customization
-