Advance controls 2013

865 views
799 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
865
On SlideShare
0
From Embeds
0
Number of Embeds
36
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Oracle’s core financial management solution sets the new standard for Finance. It helps organizations increase efficiency and effectiveness with:Centralized key business functions to support shared servicesSelf-service collaboration to reduce the burden on your accounting staffAnd extensive spreadsheet and imaging integration to reduce data entry and errors often associated with manual processesIt helps organizations meet global requirements with:Its unified global platform that allows companies to operate anywhere in the worldCommon, rules-based accounting infrastructure that helps standardize accounting policiesAnd simultaneous support for multiple GAAPs to meet global reporting requirementsLastly, it helps Controllers close their books faster with:Its tightly integrated, complete financial management solution that includes centralized consolidation and close management withFlexible reporting formats, such as XBRL
  • Controls are required for any organization that runs a financial system. Oracle provides a comprehensive control structure that provides continuous, embedded monitoring and enforcement within each of it’s critical applications. In addition, Oracle provides a Framework platform for regulations and policies that can help risk and compliance groups manage and monitor the all of the controls and risks within the organization. Today we will focus specifically on the controls Oracle provides for the Procure-to-Pay financial process.
  • Oracle provides 4 main types of controls for EBS, Segregation of Duties – controls that ensure monitoring and enforcement is in place around users having conflicting access within EBS.Application Configuration– controls that manage and monitor key setup information within EBS Transaction Monitoring – controls that identify suspect transaction scenarios that have occurred within EBS. Preventive – controls that can be embedded into EBS itself to control transaction processing
  • To help Controllers close their books faster, Oracle provides a comprehensive financial close solution . The solution encompasses all the areas impacted by the close with automation, visibility and workflow to manage the entire close process.Hyperion Financial Management is the core of the solution which manages the financial consolidation and delivers automated reporting to all stakeholders. It is pre-integrated with Oracle Financial solutions but is also designed to consolidate information from multiple, disparate sources, transaction systems and data warehouses. Implementing it does not require changes to underlying transaction systems, so you can save on integration costs and efforts. It’s common foundation includes tight integration with other Oracle performance management applications and Governance, Risk, and Compliance solutions. This integration reduces the total cost of ownership by providing a single point of maintenance that other point solutions and non-integrated EPM suites cannot match.
  • Controls are required for any organization that runs a financial system. Oracle provides a comprehensive control structure that provides continuous, embedded monitoring and enforcement within each of it’s critical applications. In addition, Oracle provides a Framework platform for regulations and policies that can help risk and compliance groups manage and monitor the all of the controls and risks within the organization. Today we will focus specifically on the controls Oracle provides for the Procure-to-Pay financial process.
  • Slide Transition: What types of controls exist?Controls can be broadly categorized as ERP controls and advanced controls. ERP controls are inherent to your ERP systems and include controls such as requiring approval of purchase orders. To have an effective control environment, it is important to take advantage of these ERP controls where appropriate.And while ERP controls do a great job, in today’s complex business environment further control solutions may be necessary.Advanced financial controls are another tier of controlsthat complement or augment ERP controls in two key ways: 1) they can alert management when ERP controls are changed, and 2) they provide flexible solutions to automatically analyze process activities to highlight possible errors, or when users might be working around policies. Advanced controls provide further benefits because they automate controls that might have been performed manually before, and they also reduce manual work necessary to resolve errors.Let’s now take a look at a few examples of how ERP and advanced controls work together to provide the most optimal solutions for your business processes.
  • Slide Transition: What types of controls exist?Controls can be broadly categorized as ERP controls and advanced controls. ERP controls are inherent to your ERP systems and include controls such as requiring approval of purchase orders. To have an effective control environment, it is important to take advantage of these ERP controls where appropriate.And while ERP controls do a great job, in today’s complex business environment further control solutions may be necessary.Advanced financial controls are another tier of controlsthat complement or augment ERP controls in two key ways: 1) they can alert management when ERP controls are changed, and 2) they provide flexible solutions to automatically analyze process activities to highlight possible errors, or when users might be working around policies. Advanced controls provide further benefits because they automate controls that might have been performed manually before, and they also reduce manual work necessary to resolve errors.Let’s now take a look at a few examples of how ERP and advanced controls work together to provide the most optimal solutions for your business processes.
  • Slide Transition: Another great example is CSX Corporation.Customer Profile – CSX Corporation is a national transportation company that provides rail, intermodal, and rail-truck transload services. Existing Problems – They operate in a very decentralized environment and were facing significant challenges managing complex government regulations.Product Used – Application Access Controls Governor (AACG)Benefits Received – In addition to having the ability to quickly identify and remediate system-user access conflicts, the solutions provided CSX executives with a real-time, enterprise-wide foundation to support forward-looking strategic planning.
  • Slide Transition: One of our more recent success stories with USANA Health Sciences. Customer Profile – USANA Health Sciences develops and manufactures high-quality nutritionals, personal care, energy and weight management products. Problems – Their controls environment was manually intensive, they had inefficient processes, and they were concerned about how their upgrade would impact their controls environment. Product Used – Application Access Controls Governor (AACG), and Configuration Controls Governor (CCG)Benefits Received – They were able to ensure a proper controls structure was retained after their upgrade, and improve change management. They are also looking to use other advanced control applications to detect suspicious transactions and redundant business practices, and prevent control violations and process breakdowns before they occur.
  • Slide Transition: Oxbow Carbon came to utilize advanced financial controls to standardize their processes to better manage their acquisitions. Customer Profile – Oxbow is a natural resources company with operations in 17 cities in the US, and 35 cities internationally.Existing Problems – Oxbow had gone through numerous acquisitions in recent years. As a result, the company was running 13 distinct enterprise resource planning (ERP) systems, which limited visibility of critical business information and created IT governance challenges.Product Used – Entire suite of advanced controls.Benefits Received – Instilled a preventive approach regarding inappropriate user access, efficiently notify management when high-risk configuration changes are being made, and reap tremendous time and cost savings.
  • Slide Transition: Our final success story is Experian. Customer Profile – Experian is a leading global information services company, providing data and analytical tools to clients in more than 60 countries. Existing Problems – Experian operates in a highly-regulated industry where data security was an extremely critical requirement. They found it increasingly difficult to ensure proper data security. Product Used – AACG and Preventive Controls Governor (PCG).Benefits Received – Experian was able to reduce the time and effort spent managing user access and detecting and resolving inappropriate user access.
  • Advance controls 2013

    1. 1. Enhancing ProcessEffectiveness with AdvancedFinancial ControlsZeeshan KhanOracle Sales1 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    2. 2. Agenda R12’s Core Financial Management What do Advance Controls do? Why Advance Controls? How do we use Advance Controls? Where do Advance Controls impact?2 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    3. 3. R12’s Core Financial Management The New Standard for Finance Operations • Centralized key business functions to support shared services Increase Efficiency • Self-service collaboration of customers, employees, and and Effectiveness suppliers • Extensive spreadsheet and imaging integration • Unified global platform Meet Global Requirements • Common, rules-based accounting infrastructure • Support for multiple GAAPs • Tightly integrated, complete end-to-end solution Close Books • Centralized consolidation and close management Faster • Flexible reporting formats, such as XBRL3 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    4. 4. R12 Single Global Instance: Continuous, Embedded, Framework Performance Management Planning, Budgeting, Profitability Role-Based & Forecasting Management Scorecards Continuous, Embedded: Advance Controls in Key Financial Processes Multiple control types Financial Control Credit-to-Cash Procure-to-Pay & Reporting to support each Cash & Treasury Travel & Expense Asset Lifecycle & financial process Management Management Real Estate Mgmt Governance, Risk and Compliance GRC Processes GRC Infrastructure GRC Insight Fusion Middleware End-to-End Master Data Comprehensive Enterprise Industry Processes Management Security Analytics4 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    5. 5. What do Advanced Controls do? Augment Standard ERP Controls Bridge GAP – Policy Creation and Transaction Systems Automate Policy Enforcement Deliver Business Process Efficiency across Systems • Hyperion, Concur, Workday and other systems5 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    6. 6. Why Advance Controls? Financial Controls - Are Required Ensure Data Integrity Protect Against Error + Fraud Provide Compliance6 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    7. 7. How do we use Advance Controls Robust Types of Automated Controls Monitor Control Effectiveness What users What’s changed in What are the have done the process execution patterns Segregation of Application Transaction Duties Configuration Monitoring Preventive What users How is the process How users execute can do set up processes Enforce Policies in Context7 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    8. 8. Where do Advanced Controls Impact – Key processes Financial Close & Reporting Order to Cash Procure to Pay Travel & Expense Extensibility - Hyperion, Concur and other systems A well executed business process is run efficiently AND according to corporate policies8 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    9. 9. Financial Close Components Financial Close Best Practices CFO Dashboard Governance, Risk & Compliance Financial Close Workflow Tax Tax Calculations Filing ERP: Data Financial Oracle R12 Assurance Consolidation Financial & Document Management Mgmt. Reporting & Filing Transactions Reporting9 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    10. 10. Oracle GRC Leveraged in Close Process Hyperion Financial Close Management Dashboard Using FCM integration tasks, GRC activities areembedded into close process 10 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    11. 11. GRC Intelligence GRC Monitor – Aligned with ERP Tasks GRC Manager GRC Controls Hyperion Financial Close Management Gantt View FCM automatically runs GRC monitors11 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    12. 12. Next Steps Discovery meeting with EA Finance executives Gaps in core processes • Inappropriate Risk • Compliance Risk • Inefficiencies (high touch manually) Demo for the Key Processes A well executed business process is run efficiently AND according to corporate policies12 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    13. 13. Appendix13 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    14. 14. Preventive Controls Embed Controls Natively in E-Business Suite • Enforce preventive controls for specific users and events natively within enterprise application • Initiate appropriate approval workflow in response to proposed modifications • Produce audit trail of change and approval history Prevention Define Initiate Enforce Prevent Read or Review Audit Preventive Approval Field Write Access Reports Controls Workflow Validation14 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    15. 15. Transaction Controls Identify Inaccurate or Fraudulent Transactions Continuously monitor accuracy of P r e -d e liv e r e d T r a n s a c tio n C o n tro ls transactions and mitigate exposure to fraud • Test against thresholds Suspect T r a n s a c tio n s • Search for anomalies • Perform transaction sampling Detection Prevention Define Perform Review and Preventive Transaction Transaction Address Transaction Controls Analysis Suspects Controls15 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    16. 16. Configuration Controls Ensure Integrity of Critical Application Setups • Achieve consistent application setup and operating standards across multiple instances • Track complete audit trails for changes to key configurations • Tightly control change management to accelerate development and test time Detection Prevention Define Document or Monitor Enforce Change Manage Data Configuration Compare Configuration Control Integrity Controls Configurations Changes16 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    17. 17. Segregation of Duties Controls Comprehensive Policy Enforcement • Simplify segregation of duties enforcement with simulation and remediation • Mitigate risk of privileged user access to enterprise applications with approval workflow and audit trails • Accelerate deployment and time to value with pre-delivered controls library Detection Prevention Define Access Access Remediation Preventive Compensating Controls Analysis (Clean-up) Provisioning Policies17 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    18. 18. ERP CONTROLS FINANCIAL PROCESSES ADVANCED CONTROLS18 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    19. 19. Risks and Advance Controls Take Control of User Access Risk ERP Control Advanced Control Maintain vendor records, Assign users proper Alert management of users with enter vendor invoices or access privileges incompatible duties make payments Same user can approve Do not assign same Monitor for users who have custody PO they created user ability to create (create PO) and authorization duties. and approve PO’s User creates PO for Limit ability to create Enable rules for users to create PO’s requisitions they created both PO’s and only for other user’s requisitions requisitions19 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    20. 20. Risks and Advance Controls Ensure Policies and Procedures Followed Risk ERP Control Advanced Control Make changes to Require workflow Audit capabilities to detect when the payment terms (e.g. approval for these changes are made. change from 30 to 60 changes days) Payment discounts not Define vendor record Flexibly apply discount rules with applied to invoice to always take based on specific events payment discounts Unauthorized changes to Do not give users Utilize rules to prevent users from vendor records access to the vendor making changes records20 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    21. 21. Risks and Advance Controls Gain Insight Into Procurement Activities Risk ERP Control Advanced Control Splitting PO’s to avoid PO’s over a certain Use sophisticated analyses to approvals threshold require compare for same vendor if same approvals goods or services are on multiple PO’s for a given period of time Purchases from non- Review PO reports to Require approval of the PO when preferred vendors identify POs to non- non-preferred vendors are used preferred vendors Entering PO’s same day Review reports to Automatically compare PO date and goods or services compare PO, entry date for anomalies received receiving dates21 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    22. 22. Risks and Advance Controls Monitor Invoicing and Payments Risk ERP Control Advanced Control Create duplicate Prevent same invoice Detect invoices for similar invoice invoices number numbers and similar invoice amounts for the same vendor Submitting invoices for 3-way match Evaluate vendor and nature of items fictitious goods or purchased with pattern / trend services analysis and alert management when unusual items are invoiced Vendor check is Utilize electronic Evaluate invoices paid multiple times intercepted, forged or payments by using pattern analysis altered22 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    23. 23. Risks and Advance Controls Risk Advanced Control Eliminate Duplicate payments •Check for potential duplicates and prevent payment records without approval •Transaction Control to report potential duplicates •Intelligence Dashboards reporting control violations Manage configuration settings •Preventive Controls enforce change control, initiate alerts and audit data real-time •Configuration Controls track changes and alert •Transaction Controls to report historical changes •Pricing & Discounts •Approval levels •Account codes •Setups •Bank accounts23 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    24. 24. Risks and Advance Controls Risk Advanced Control Stopping Payments against • Preventive Controls enforce requirement to not allow cancelled invoices payments against cancelled invoices • Transaction Control to report payments against cancelled invoices • Intelligence Dashboards reporting control violations Controlling Inventory Re-order • Preventive Controls enforce change controls on re-order levels tightly points and min-max • Transaction Control to report inventory turns outside of given tolerance(by item) • Transaction Control to report shelf life or lots past certain age • Dashboard view of inventory turns and aged inventory controls24 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    25. 25. Risks and Advance Controls Risk Advanced Control Reducing Unprocessed Credit •Preventive Controls enforce requirement for approval of Memos manual credit memos •Transaction Control to report credit memos over certain threshold or those not associated to orders •Transaction Control to report credit memos with suspicious amounts •Intelligence Dashboards reporting control violations and credit memos approval process25 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    26. 26. ERP CONTROLS Reference Clients ADVANCED CONTROLS26 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    27. 27. CSX After Before  Situation: CSX faced real-time reporting Solution: Obtained increasingly of controls environment complex government regulations.  Challenge: Fragmented and labor Results: Quickly identify and resolve user intensive issues in a decentralizedexternal access processes. Reliance on environment. Also provide management consulting resources to perform with information used for forward-looking verifications of user access. strategic planning.27 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    28. 28. USANA After Before   Situation: USANA needed modern, Solution: standards-based solutions that could – Provide more effective monitoring of replace manually intensive controls, segregation of duties optimize key business processes, and – Improve change management support a major ERP upgrade. during EBS upgrade   Challenge: Their control structure was Result: A proper controls environment was manually intensive, they had improve retained after their upgrade, and inefficientmanagement change processes, and they were concerned about how their upgrade would impact their control environment.28 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    29. 29. Oxbow CUSTOMER PERSPECTIVE After Before “We are finding a tremendous time and cost savings with Oracle Configuration  Situation: Oxbow Carbon, focused on Solution: Controls Governor, to say nothing of the growth, has gonecontinuous monitoring of – Automate through numerous problems we are avoiding,” acquisitions controls during EBS ERP in recent years. Patrick Palmer, Manager of Internal Audit implementation  Challenge: The company was running – Detect and prevent inappropriate 13 distinct enterprise resource planning (ERP) user access systems, which limited visibility of critical business information and created Results: Increased visibility into controls ITenvironment across multiple ERP governance challenges. systems. Instilled a preventive approach regarding inappropriate user access.29 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    30. 30. Experian Before After  Situation: Experian’smanual SOD Solution: Replace IT environment adheres to maximum controls and security process regulations due to the nature and  Results: Reduce the time and effort confidentiality requirements of their spent managing user access and business. detecting and resolving inappropriate user  Challenge: Experian had little visibility access. into user access within the Oracle E- Business environment.30 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.

    ×