• Save
Oaugnj fulcrum wayoracle_advancedcontrolsp2p_mar15
Upcoming SlideShare
Loading in...5
×
 

Oaugnj fulcrum wayoracle_advancedcontrolsp2p_mar15

on

  • 604 views

 

Statistics

Views

Total Views
604
Views on SlideShare
272
Embed Views
332

Actions

Likes
0
Downloads
0
Comments
0

3 Embeds 332

http://www.oaugnj.org 214
http://oaugnj.org 104
http://app6.websitetonight.com 14

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Oaugnj fulcrum wayoracle_advancedcontrolsp2p_mar15 Oaugnj fulcrum wayoracle_advancedcontrolsp2p_mar15 Presentation Transcript

  • Enhancing ProcessEffectiveness with AdvancedFinancial ControlsAdvanced Controls for EBSProcure to Pay ProcessesJohn Nicholson Dir Alliances & Marketing, FulcrumWayVin Raso, Advanced Controls, Oracle 1
  • Complete Advanced Controls Solution Complements core ERP to enhance business efficiency Enterprise Risk & Controls Foundation Dashboards, Reports & Alerts Worklists Notifications Email Search Perspectives Report Risk, Controls & Compliance Management Documentation Reviews Assessments Surveys Remediation Manage Continuous Controls & Risk Monitoring Access Setups Master Data Transactions Audit Tests Enforce Custom or Legacy Applications2 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • What do Advanced Controls do? 1. Augment Standard ERP Controls 2. Bridge GAP – Policy Creation and Transaction Systems 3. Automate Policy Enforcement 4. Deliver Business Process Efficiency A well executed business process is run efficiently AND according to corporate policies3 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Improve Cash Flow* Accounts Payable Network Benchmark: AP Controls May 2011; 425 Companies** Made to measure CFO’s on finance and procurement process improvement, CFO Research, May 2012 4 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Advanced Controls augment controls delivered in ERPSupplier Risk Controls o Monitor purchases of unauthorizedProcurement Controls items, such as contraband goods,HCM Controls competitors products, etc.Time & Expense Controls o Monitor holds that are not resolvedFinancial Close Controls within specified time. (Unusual TimeCapital Asset Controls Delays)Order to Cash Controls o Monitor purchases that circumvent expenses thresholds by splitting the purchase into multiple transactions ( Split Transactions) 5 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • What Are Advanced P2P Financial Controls?Give you the means to: Reduce & Recover Financial Leakage Improve Cash Flow Make Processes More Effective, Efficient Reduce Compliance Costs, Increase Accuracy 4 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential - Oracle Internal6 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • What Are Advanced P2P Financial Controls?Give you the means to: Reduce & Recover Financial Leakage …by Improve Cash Flow Continuously Monitoring Your Make Processes More Effective, Efficient Financial Applications Reduce Compliance Costs, Increase Accuracy 5 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential - Oracle Internal7 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • What Are Advanced P2P Financial Controls? Advanced Controls: Reduce & Recover Financial Leakage Detect unwanted transactions Improve Cash Flow Detect settings that cause loss Make Processes More Effective, Efficient Detect problematic exceptions Reduce Compliance Costs, Increase Acc Automate risk, control management 6 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential - Oracle Internal8 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Example - Oracle Procure-to-Pay Control Points Procure-to Pay Controls are RequiredSpend Corporate Performance Management CollaborationCategories Settlement Strategic Sourcing & Contract Mgmt Indirect Banks & MRO Purchase Receive Issue Requisition Goods / Goods / Invoice Payments Services Services Direct Payment Materials Processors Supplier Collaboration Services SWIFTNet Business Process Models Service Oriented Architecture 9 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Example - Oracle Procure-to-Pay Automated Controls for Strategic Sourcing & Contract MgmtSpend Corporate Performance Management CollaborationCategories Settlement Strategic Sourcing & Contract Mgmt CONTROLS Indirect Banks & MRO Are there inappropriate Are there frequent associations between a Purchase Receive changes to Supplier Requisi- Issue information?vendor and an employee? Goods / Goods / Invoice tion Services Payments Services Direct Payment Materials Processors Do you have duplicate Are you missing critical suppliers? Are your vendors compliant with trade supplier information? Is regulations? Are the vendors Supplier Collaboration the information valid? blacklisted? Services SWIFTNet Business Process Models Service Oriented Architecture 10 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Example - Oracle Procure-to-Pay Automated Controls for Requisitions and PurchasesSpend Corporate Performance Management CollaborationCategories Do you have duplicate Settlement Purchase Orders? Strategic Sourcing & Contract Mgmt Indirect Are POs created on the Banks & MRO same day as goods Purchase Receive arrive? Requisition Issue Goods / Goods / Invoice Services Payments Services Direct Payment Materials Are there split POs? Processors CONTROLS Supplier Collaboration purchases with non- Are there Services preferred vendors? SWIFTNet Business Process Models Service Oriented Architecture 11 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Example - Oracle Procure-to-Pay Automated Controls for Receiving, Invoices, and PaymentsSpend Corporate Performance Management CollaborationCategories Are you making accurate and Settlement timely payments? Strategic Sourcing & Contract MgmtAre payment term changes reviewed before payment? Indirect Banks & MRO ReceiveAre there duplicate invoice Requisi- Purchase Issue Goods / Goods / Invoiceamounts being processed? tion Services Payments Services Direct Payment Did the person making the Materials CONTROLS Processors payment create or modify the vendor? Supplier Collaboration Services Are there discrepancies in freight charges? SWIFTNet Business Process Models Service Oriented Architecture 12 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Example - Procure to Pay Optimization Cash Flow Prevent Leakage Business Risks Controls Objectives Continuous Monitors Capture all Supplier and Invoices Split purchase orders Discounts Created by Same User Unapproved or Incident ! Illegal Suppliers Accurate Supplier Discounts Lost due to Multiple Suppliers with Incident ! Information Delays in Payment the similar email domain Delayed Supplier payments Incident ! Valid Purchase Multiple Suppliers with Purchase Orders issued Orders the same Tax ID to Blocked Suppliers Incident ! Unauthorized Purchases Ensure Separation Multiple Suppliers with Monitor purchases of Investigate of Duties in the same Bank Account unauthorized items, Procurement Number such as contraband Close13 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • Procure to Pay embedded ERP controls - sample Purchasing/Accounts Payable – User security to prevent improper access to business functions – Segregation of Requisitions from Purchase Orders Auto Create of Purchase Orders/RFQ from Requisitions – One, Two or Three way matching of purchases to payments – Purchasing and Payment tolerances – Vendor purchasing/pay site configuration – One-time vendor indicator – Purchasing Approvals Based on dollar value Commodity Type14 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • Procure to Pay specific advanced controls Purchasing – Compare Vendor Address with Employee address, looking for similarities – Duplicate Suppliers, similar names or same tax ID – One time vendors, Audit rules on the one-time vendor flag changes – PO creation date is the same as the receiving date – Split purchase orders – Duplicate purchase orders Accounts Payable – Change rule for change in payment terms & Change tracking object for terms and tolerances – Duplicate Invoices Control – Same employee create vendor and invoice to vendor15 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • Common Advanced Controls requested Open/Closing Accounting Periods Adding KFF Account values Hiding private/sensitive data – Social Security Number – Bank Account information – Home addresses Automated period close and consolidation process16 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • Common Advanced Controls requested Security Rules Cross Validation Rules Foreign Currency exchange rate changes Key Flexfield Segments System Profiles ERP Responsibilities Payment Terms and Tolerances Form Changes Alert Changes Bank Account Information Journal Sources and Categories17 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • Oxbow Corporation, West Palm Beach, FL Corporate Overview • Large Mining, Chemical, Energy & Oil company headquartered in West Palm Beach, FL • 1,200 Employees worldwide and $4B annual revenue • Own Oracle E Business Suite R12 and several Non-Oracle Systems Overall Challenges and the Need for GRC • Heterogeneous business application environment • Inability to track unusual activity on sensitive financial data • Lack of proper internal controls in various processes • Insufficient documentation on access, configurations and transaction controls 18
  • Advanced Controls Methodology Access Controls Segregation of Duties i.e. Preventive Controls Form Rules i.e. limiting Policy Load access to a field User Provisioning i.e. Flow Rules i.e. approval rule Detection and remediation informational message on of SODs trigger Conflict Reports i.e. Audit Rules i.e. track changes Report on Intra and Inter Change Control Rules i.e. reason Responsibility conflicts code as to why a field is changed Business Objects i.e. Snapshots i.e. capturing specific Tables and fields within setup/configuration info EBS Suite Comparisons i.e. comparing snapshots between ledgers, operating Parameters i.e. Filters, units, instances Patterns and Functions Change Tracking i.e. TCG Models i.e. string of monitor any change Transaction Controls business objects that to configuration Configuration Controls generate suspects 19
  • Governance Risk Compliance Project ImplementationConfiguration Controls Functionality What it does for us: Snapshots Automate time-stamped documentation of key controls across all Oracle Applications modules. Comparison Difference Analysis: determine what’s different when problems occur, verify what’s changed after project activity. Monitor consistency of controls across Instances, Versions, Points in Time, Operating Units, and Sets of Books. Change Tracking Automate real-time monitoring of key controls in Oracle. Ensure visibility and integrity of controls over a period of time.
  • Snapshots • Take Snapshots of Configuration Setups • Data is pulled from Oracle Application Tables Retrieve Configuration Setup Data • Specify constraints to focus on certain tables • Export Values into HTML, PDF, or Excel Formats 21
  • Comparison
  • Change Tracking• Query a change tracker to identify changes across multiple instances.• Select multiple applications to monitor• Query requires Change Tracking Transfer program to run before any data can be collected. (This program transfers change tracking data from the ERP instances to CCG.)
  • Change Tracking Continued…• Monitor Configuration Changes• Users and administrators can monitor before-and-after values, responsible user, and time stamp
  • Configuration Control Objects S=Snapshot Comparison FrequencyAP - Oracle Payables C=Change Tracker Daily Weekly MonthlyAP Payment Terms S XAccount Derivation Rules S XAccounting Calendar S XAccounting Event Class Options S XAcctng Attribute Assignments S XApplication Acctg Defs History S XApplication Acctng Definitions S XBank Branches S XBanks S XDescriptive Flexfield Segments S XDescriptive Flexfields S XFinancials Options S XIncome Tax Regions S XInvoice Tolerances S XKey Flexfield Segments S XKey Flexfields S XOpen Acct Balances Listing Def S xOpen and Close Periods S xPayables Options S XPayables System Setup S XSupplier Banking Details- Bank S XSupplier Banking Dtls- Branch S XSupplier Contacts S XSupplier Sites S XSuppliers S XSuppliers (Sites) Attachments S XTax Codes S X 25
  • Building an Optimized Control EnvironmentPreventive Controls • Set of applications that run within Oracle EBS as a component of the GRC Application Suite • Prevent ‘Out of Policy’ activity from occurring, notify & alert key personnel with variances • Modifies security, navigation, Form Rules field and data properties • Defines & implements Flow Rules business processes • Tracks changes to the values Audit Rules of fields in database tables • Regulates changes to the Change Control values of fields in EBS forms.
  • EBS Form Rule Capabilities • Defines what actions the element performs • Empowers the user to make changes to EBS forms and processes Set security attributes Compile lists of values (LOV) Establish navigation paths Set field attributes Display messages Run SQL statements Define default values for fields Execute Flow Rule process 27
  • Form Rule Highlights Hidden Field Modify Security Settings Field Required Create Messages Edit Messages Edit Background Edit Field Properties Edit Prompt Hide Field Data
  • Audit Rules Highlights • Document changes to database field values – Old vs. New Values – Transaction Type (Insert, Update or Delete) – User Responsible for Change – Timestamp – Audit Report
  • Change Control Highlights• Ensure Data Integrity• Regulate changes to fields in EBS forms• Set approval and reason code requirements for enforced management Enable visual attributes to identify controlled fields Build reason codes to clarify why a change occurred
  • Goals of Using Access Controls and Transaction Controls Access Controls • Scope SOD Policies • Identify high-risk areas and mark policies on AACG • Run Conflict Analysis for high risk areas (select sample) • Generate User Conflict Reports • Follow up with business leads and redesign responsibilities (Modify Security Model) • End-date users Transaction Controls • Enable us to create continuous control monitors • Manage control monitors using the GRCC controls platform by defining: – A workflow routing – A workflow definition
  • Access Controls SOD Remediation Steps Segregation of Duties (SOD) is an internal control process to minimize the occurrence of undetected errors or intentional and criminal fraud. The errors may be inadvertent and unintentional, but expose the organization to financial risks and violation of policy.• Scope SOD Policies• Identify high-risk areas and mark policies on Access Controls• Run Conflict Analysis for high risk areas (select sample)• Eliminate false positives• Generate Intra-Role Conflicts• Generate User Conflict Reports• Follow up with business leads and redesign responsibilities (Modify Security Model)• End-date users
  • Access Controls Procure to Pay Policies 33
  • Provide fine grained access and SOD 34
  • Provide fine grained access control and segregation of duties 35
  • Providing Additional Security for Business TransactionsTransaction Controls • Users define “models” that Attributes classify transactional risk • Composed of a “filter” that specifies a “business object” and an “attribute” Business • Business Object- One or more Objects databases tables that hold information pertinent to a transaction • Attribute- Column within the selected object Models
  • Transaction Controls Model Filters • Models can be “defined” or use a “pattern”: • Defined: – Models can contain multiple filters – i.e. multiple business objects and attributes • Pattern: – Benford: Variations from a list of numbers, where leading digit is distributed in a specific, non-uniform way (ex: % above or below a baseline) – Mean: Calculates a mean for a set of attribute values, identifies values that are too far above or below mean. (ex: outliers) • Models can be imported from a separate source file • Users can customize business objects to fit into library (only xml files)
  • Transaction Control MonitorsAP Invoices Over Threshold Identify AP Invoices that are over a certain Threshold AmountDormant Inventory Items Check for Dormant Inventory ItemsDormant User IDs Identify dormant user IDsDuplicate Vendor Payments Identify Duplicate Vendor Payments within a specified time periodEnter Post Journals SOD Violation Identify Journals that are entered and posted by the same user.Manual Journal Entries over Threshold Amount Identify Manual Journals created in General Ledger that are above the specified threshold amountPO Over Threshold Amount Identify Purchase Orders that are over a certain Threshold Amount.Sales Order Over Credit Limit Control Monitor for Sales Order over Credit LimitSales Order Over Threshold Amount Identify Sales Orders that were booked for a value over a threshold amountSOD Violation between AP Invoices and PO Identify purchasing and payables documents entered by the same user.DocumentsTerminated Employees with Active User Ids Identify Terminated Employees with Active User Ids
  • Transaction Control Monitors (cont.) • Define credit usage rules In Order Management, credit usage rule sets define the set of currencies that will share a predefined credit limit during the credit checking process, and enable the grouping currencies for global credit checking. • Customer reporting hierarchy Receivables uses the following hierarchy to determine the default payment term for your transactions, stopping when one is found: 1. Bill–to site 2. Customer Address 3. Customer 4. Transaction Type • Approval limits Approval limits affect the Adjustments, Submit AutoAdjustments, and Approve Adjustments windows as well as the Credit Memo Request Workflow. Define approval limits to determine whether a Receivables user can approve adjustments or credit memo requests. You define approval limits by document type, dollar amount, reason code, and currency. • Aging buckets Define aging buckets to review and report on open receivables based on the number of days each item is past due. For example, the 4–Bucket Aging bucket that Receivables provides consists of four periods: –999 to 0 days past due, 1 to 30 days past due, 31–61 days past due, and 61–91 days past due. 39
  • Realized Benefits • Formulate key Performance Indicators (KPI) based on relevant benchmarks and best practices • Cost reduction & high return of investment (ROI) showing a short term gain and has ongoing benefits • Provide analysis that measure the entire life-cycle of a transaction, from the purchase requisition to AP, while providing full insight into cash-flow and financial commitments • Improved accuracy • Optimize business processes • Increased visibility for achievement of service levels and compliance 40
  • Today’s Speakers Contact Information