FulcrumWay GRC Solutions
Upcoming SlideShare
Loading in...5

FulcrumWay GRC Solutions



FulcrumWay GRC Solutions presentation

FulcrumWay GRC Solutions presentation



Total Views
Views on SlideShare
Embed Views



4 Embeds 14

http://www.techgig.com 9
http://www.mantala.com.mt 2
http://www.mantala.ae 2
http://www.techgig.timesjobs.com 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Open Compliance & Ethics Group (www.oceg.org) 07/04/10 © OCEG, ALL RIGHTS RESERVED
  • 1

FulcrumWay GRC Solutions FulcrumWay GRC Solutions Presentation Transcript

  • Risk Assessment and Controls Monitoring Copyright ©. Fulcrum Information Technology, Inc. A FulcrumWay International Regional Service Partner
  • FulcrumWay Market Leadership
    • FulcrumWay: is the #1 End-to-End Provider of Governance, Risk and Compliance Expertise, Solutions and Software Services for Oracle enterprise customers
    • Expertise: Risk Management, Compliance, IT Audit, Internal Controls, Financial Reporting and GRC Software implementation consulting services. Since 2003, we have successfully assisted over one hundred Fortune-500 to Middle Market companies across all major industry segments.
    • Packaged Solutions: Oracle certified Systems Integrator and ISV member of the Oracle Partner Network. FulcrumWay solution are built on software technologies from Oracle Corporation. FulcrumWay GRC Solutions are the #1 choice of Oracle customers.
    • Software Services: We enable organizations to assess Financial, Operational and Information Technology risks, monitor internal controls and optimize business processes. Auditors, Risk Managers and Business Process Owners can rapidly assess enterprise risk and monitor controls using web based software services.
    • Privately Held Delaware corporation with US presence in:
    • New York, Texas and California
    • International Presence in UK, Chile, Italy, Singapore, Turkey and India
  • FulcrumWay Clients Media and Entertainment Financial Services Healthcare Natural Resources Life Sciences Industrial Manufacturing Defense Oil and Gas High Technology Retail Industrial Equipment Communications View slide
  • FulcrumWay™ Insight
    • Compliance Week Magazine - Healthcare Firm Aligns Compliance Efforts, Cuts Costs
    • Economist Magazine –Compliance Guide for Enterprise Systems
    • Podcasts – How Automating the Enterprise Risk Management Process helps organizations comply with regulations
    • OAUG GRCSIG - Impact of AS5 for Oracle Enterprise Customers
    • IIA – Top Five Reasons for Automating Application Controls
    • Oracle Open World – Annual GRC Dinner, GE and Birds Eye Case Study
    • Collaborate - Financial Governance - Achieving Timeliness, Reliability and Efficiency in Financial Management and Reporting
    • Webcasts – GRC Best Practices, Trends and Expert Insight
    Thought Leadership View slide
  • FulcrumWay 2009 Events
    • December 16 – Webinar " Strengthening Compliance and Performance by improving the Financial Transaction Controls and Close Processes "
    • December 2 – Financial Governance Luncheon in Palo Alto
    • November 18 - Webinar  "Ensuring Compliant Processes and IT Risk Management with Configuration Change Controls"
    • November 13 – FulcrumWay at the SROAUG Meeting in Los Angeles at the LAX Crowne Plaza
    • November 4 – “ OAUG GRC Special Interest Group Meeting: GRC Highlights @ Oracle OpenWorld 2009”
    • October 28 – “Aligning Risk and Performance Management” Oracle iSeminar
    • October 22 – “ Slashing Compliance Costs and Boosting Risk Management In Midsized Companies” free Webinar
    • October 21 – “Risk and Compliance Management Power Across the Enterprise: Oracle’s Enterprise GRC Manager” free Webinar
    • October 11-15 – Oracle OpenWorld: 4 GRC Sessions and the Sixth Annual GRC Roundtable Dinner
    • September 29 – NYC Metro OAUG Meeting GRC Session
    • September 16 – “Risk and Compliance Management Success Stories: GRC Business Cases that Get Approved” free Webinar
    Current, Recent and Upcoming Events
  • Governance, Risk and Compliance Challenges
    • Detect and Prevent Outright Fraud
    • Mitigate Financial Misstatement Risk
    • Develop and Maintain Sustainable Regulatory Compliance Processes
    • Effectively Test and Monitor Internal Controls
    Dell Talking Again After Audit More than four years of intentionally misstated results will cost the computer maker millions. Says one exec: “ This is not a happy story ” Business Week, 2008 The Public Company Accounting Oversight Board issued a 33-page alert to auditors, telling them to plan their audits with an eye towards the new risks that spring from management acting under economic pressure. Compliance Week, 2009 Online fraud is becoming so lucrative, said Katherine Hutchison, PayPal’s senior director of global risk management, that it has developed into an industry with specialized players that hire each others in areas such as harvesting credit card numbers and freight forwarding. “A single professional thief doesn’t have to have all of the skills needed to commit fraud,” she said. ) WSJ April, 2009
  • Enterprise GRC Program Management
    • Current State
    • Managed in silos
    • Mostly reactionary
    • More projects than programs
    • Handled separately from mainstream processes and decision-making
    • People used as middleware
    • Limited and fragmented use of technology
    • Future State
    • Enterprise approach
    • Integrated controls and processes
    • Program based approach
    • Embedded within mainstream processes and decision-making
    • Effective use of information technology
    • Architected solutions
    (c) OCEG, 2008 GRC Program Management
  • The Big Picture: GRC Maturity
    • Informal:
    • Adhoc approach
    • Compliant but at a high cost to business
    • Manual control
    • No best practices
    • Reactive :
    • Tactical approach
    • Risks are documented
    • Manual risk assessment and reporting
    • After the fact reporting
    • Proactive :
    • Unified, standardized & strategic approach
    • Policies are enforced
    • Automated process
    • Prevent policy violation
    • Optimized:
    • GRC objectives embedded throughout the organization
    • Analyze and trend
    • Automated risk mitigation / Predictive risk assessments
    Compliance and Audit Automation Controls and Process Monitoring Integrated GRC IT Governance Enterprise Risk Management Financial Governance
  • Enterprise Applications / IT Infrastructure Significant Business Processes / Operations Management Financial Management Operations Management Audit / Compliance Enterprise Management Enterprise Model Oracle EBS Hyperion JD Edwards PeopleSoft SAP Legacy/Custom Financial Close Procure to Pay Hire to Retire Other … Order to Cash Corporate Governance Planning and Forecasting Performance Management Risk Management Reporting Budgeting Reconciliation Audit Planning Assessment / Testing Issues / Actions
  • Continuous Controls Monitoring / IT Governance Oracle EBS Hyperion JD Edwards PeopleSoft SAP Legacy/Custom Process Monitoring Financial Close Procure to Pay Hire to Retire Other … Order to Cash Financial Governance Operations Management Audit / Compliance Automation Enterprise Risk Management Corporate Governance Planning and Forecasting Performance Management Risk Management Reporting Budgeting Reconciliation Audit Planning Assessment / Testing Issues/ Actions FulcrumWay Enterprise Solutions Framework GRC Integration
  • Continuous Controls Monitoring / IT Governance Process Monitoring Financial Governance Operations Management Audit / Compliance Automation Enterprise Risk Management FulcrumWay End to End GRC Services Financial Risk Dashboard Governance/Policy Dashboard Operational Risk Dashboard KPI/KRI Dashboard Automated Reconciliation Disclosure Workflow Financial Intelligence Plan Optimizer Test Automation Self-Assessment Issue / Remediation Workflow Close Monitor P2P Monitor T&E Monitor O2C Monitor H2R Monitor Segregation of Duties Privileged Access Transactions Configurations e-Discovery Identity GRC Integration
  • FulcrumWay ™ GRC Strategic Opportunity Assessment Senior Management Board Process Owner Chief Officer Chief Auditor Audit Managers / Control Owners Assess Risks Scope Audit Plan Prepare Work Papers Test Internal Controls Certify Results Disclose Business Results Gather GRC Data Establish Risk & Controls Library Document Issues/ Actions Implement Changes Establish Control Environment
  • FulcrumWay Expertise, Packaged Solutions and Software Services
  • FulcrumWay Touch-less Integration ™ Financial adapters for Oracle E-Business Suite, Oracle’s PeopleSoft Enterprise, and Oracle’s JD Edwards EnterpriseOne. Universal adapters to extract and load data from non-Oracle or legacy applications
  • Detective & Preventive Controls Enforce & validate allowable values. Ensure appropriate entitlement to change data is mapped to SOD rules Provide audit history of changes to critical application data Validate transaction against business policy rules. Including fail safe monitoring for SOD rules. Enforce & Identify transactions for validation and audit history for SOD Segregation of Duties: Ensure no conflicts of interest for a given user or role Identify user access events for validation and audit history Enforce additional access restrictions based on user entitlements based on SOD rules Control Configuration Controls Configuration Change Transaction Controls Transaction Validation Preventive Validation Transaction Monitor Access Controls Access Validation Access Monitoring Form Restriction
  • User Access Validation
  • Segregation of Duties Violation Report Once the Account Balance / Entity data in loaded into GRCi. Management will be able analyze multiple Risk Scenarios to determine Scope
  • Application Configuration Controls Library
  • Improving User Provisioning & Segregation of Duties
    • Our Client
      • Wholly owned subsidiary of Fortune 500 focused on communication and information technologies for security, safety and lifestyle enhancements
      • Operations in more than 30 countries
      • Oracle E-Business Suite
    • C hallenges
      • Comply with SOX
      • Needed to automate a manual and labor-intensive process to define and approve user access
      • Segregation of Duties Concerns
      • Oracle E-Business Environment
        • 40 Modules
        • 2,500 Users, 100 + user responsibilities
    • FulcrumWay Solutions
      • Automate User Access Provisioning Compliant with SOD Policies
    • Successes
      • Implemented access provisioning solution to identify user violations and allow auditable override capability for authorized access 
      • Security provisioning time reduction
      • Senior Management Commitment to GRC
      • SOD Rules Content jump-started comprehensive GRC management processes
      • Detected over 5,000 violations
      • Reduced access provisioning time from 14 days to 4 hours
      • Trained Process Owners through online self-service portal
  • Cost Reduction through Integrated Compliance and Control
    • Our Client
      • World’s pre-eminent gold producer, with a portfolio of 27 operating mines
      • Many advanced exploration and development projects located across five continents
      • The largest gold reserves in the industry
    • Challenges
      • Need to reduce SOX Compliance Audit expense
      • Implement continuous controls monitoring
      • Baseline ERP Configurable Controls for AS5
    • FulcrumWay Solutions
      • Identify Controls for full or partial automation
      • Benchmark ERP Configurations
      • Setup audit logs on all configuration changes
    • Successes
      • Analyzed over 1,000 controls
      • Application Audit Portal provides audit trail on all configuration changes in ERP Systems
      • Track changes to key application setup data and code
      • Approval workflows and notifications facilitate change management without negatively impacting core business operations
      • Increase visibility into the actual operations of the controls environment
      • Reduced Testing Time by 30%
  • Data Protection And Security The FulcrumWay servers are hosted in Dallas, Texas in 78,500 sq. ft. facilities with 35,500 sq. ft. raised floor (23) HVAC units totaling 574 tons which includes Very Early Smoke Detection Apparatus (VESDA) Pre-action dry pipe sprinkler system Over 500 smoke detectors in integrated system. Physical access is protected by Northern Proximity security badge entry/exit. Server Availability is ensured through Multiple TXU electrical grids: 4800 amps of 480v input power. Backup power is provided by three main transfer switches 500KVA Powerware UPS units, 90 batteries each Standalone PDUs at each cabinet row 1-megawatt generator (2000 gallon tank) 1.5-megawatt generator (2200 gallon tank) DataTrax monitoring for all datacenter infrastructure FulcrumWay utilizes some of the most advanced technology for Internet security available today. When you access our site using Netscape Navigator 6.0 or Microsoft Internet Explorer versions 5.5 or higher, Secure Socket Layer (SSL) technology protects your information using both server authentication and data encryption, ensuring that your data is safe, secure, and available only to registered Users in your organization. FulcrumWay provides each User in your organization with a unique user name and password that must be entered each time a User logs on. We issue a session "cookie" only to record encrypted authentication information for the duration of a specific session. The session "cookie" does not include either the username or password of the user.
  • FulcrumWay Risk Assessment Options
    • Risk Assessment Service : You can utilize our Risk Assessment software services any time you need.  This low cost service can quickly provide you a detail view of Security and Data Access risks in your system and help you determine the scope of work needed to improve controls and security.
    • Unlimited Use Service:   You can have full unlimited access to our Risk Assessment and Monitoring Software Services so that you can analyze SOD risk as often as you like, manage violations, track remediate actions, continuously monitor access controls, and obtain periodic access control verifications from process owners.
    • Limited Use Service: You can have limited access to the Risk Assessment Software Service to perform Quarterly testing, manage violations and track remediation actions.
    • Implementation Services:   In addition to the above Risk Assessment and Controls Monitoring services, we also offer Professional Services to implement Oracle GRC Manager and GRC Intelligence software applications to help build an integrated platform for all your Governance, Risk and Compliance activities. This solution will help you consolidate multiple GRC activities into a single platform to reduce costs and provide management better visibility.
  • FulcrumWay Risk Advisory Services Define Application Controls Analyze Violations
    • Tasks :
    • Define Application Controls based on Company Control objectives
    • Assign Risk Rating to each Rule
    • Mark Waivers and Exceptions
    • Configure Snapshot ERP Data Manger
    • Setup Application Test Environment
    • Finalize project plan
    Duration Duration Duration Remediate Violations
    • Tasks:
    • Detect SOD Violations
    • Detect Configuration Baseline /Threshold Violations
    • Detect suspicious transactions
    • Setup Application Control Owners
    • Notify Controls Owners
    • Analyze SOD Violations
    • Analyze Configuration Violations
    • Analyze Transaction Violations
    • Tasks:
    • Create Corrective Action Plan
    • Redesign Roles
    • Reassign Users
    • Change Configurations
    • Restrict Transactions
    • Resolve Issues
    • Migrate to Production
    Duration Knowledge Transfer / Train the Trainer Monitor Controls
    • Tasks:
    • Setup Access Monitor
    • Setup Trx. Monitors
    • Setup Configuration Change Monitors
    • Complete Training
    • FulcrumWay delivers Rapid Return on Investment (ROI). Auditors and other users can access the application and controls library within 24 hours after signing-up. There is NO requirements to install software or hardware.
    • FulcrumWay delivers high user productivity. The web based software services are designed for ease to use for successful adoption amongst a wide range of enterprise users. Powerful Business Intelligence reporting capabilities empower users to integrate GRC into existing business processes.
    • FulcrumWay delivers lower total cost of ownership. Application owners can administer all aspects of the application without requiring IT support resources.
    • FulcrumWay delivers thought leadership and best practices. We employ a wide range of GRC Professionals including leading Sarbanes-Oxley Compliance Management Experts, Ex-Auditors with CPA, CIA and CISA Credentials, Certified Technology Professionals with deep knowledge of ERP Implementations, and Senior Oracle DBA’s to ensure superior quality of service.
    • FulcrumWay has a Successful Track Record of assisting Oracle ERP customers with compliance initiatives around Application Controls such as Segregation of Duties, Configurations, and Transactions Controls since 2003.
    FulcrumWay Advantage
  • FulcrumWay Services: Key Business Benefits
  • Continuous Controls Monitoring / IT Governance Process Monitoring Financial Governance Operations Management Audit / Compliance Automation Enterprise Risk Management Financial Risk Dashboard Governance/Policy Dashboard Operational Risk Dashboard KPI/KRI Dashboard Automated Reconciliation Disclosure Workflow Financial Intelligence Plan Optimizer Test Automation Self-Assessment Issue / Remediation Workflow Close Monitor P2P Monitor T&E Monitor O2C Monitor H2R Monitor Segregation of Duties Privileged Access Transactions Configurations e-Discovery Identity Next Steps Proof of Concept and Assessment GRC Integration
  • A FulcrumWay International Regional Service Partner Info: www.mantala.com.mt [email_address]