Your SlideShare is downloading. ×
Oracle Advance Controls
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Oracle Advance Controls

1,600
views

Published on

Published in: Business

1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total Views
1,600
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
1
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 1 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 2. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.2 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 3. Fusion GRC ApplicationsStrategy and RoadmapSid SinhaSenior Director, Product Development Presenting with3 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 4. Agenda Introductions Product Strategy Customer Panel Discussion4 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 5. RISK MANAGE INTEGRATED BUSINESS PLANNIN BETTER REPORTING ATTRACT AND RETAIN TALENTPRODUCTIVITY 5 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 6. FINANCIAL REPORTIN RISK MANAGE DRIVING GROWTH INTEGRATED BUSINESS PLANNIN REDUCING COSTS MANAGING RISK BETTER REPORTINGPAYABLE ACCOUNTS ATTRACT AND RETAIN TALENTPRODUCTIVITYACCOUNTS RECEIVABLE 6 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal INVESTOR RELATIONS
  • 7. 7 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 8. Financial Impact “[Most companies] expect to find .1% of of a company’s spend in  $1,000,000 lost per year for financial leakage” every billion in spend “For a company with a 5% profit margin, $1  Each Incident of fraud costs Million in recoveries $100,000 to $1,700,000* equates to $20 Million in incremental Sales” Protiviti 2010 - Procurement Assessment and AP Recovery Solutions *Source: 2010 ACFE Report to the Nations on Occupational Fraud and Abuse8 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 9. Strategic Priorities Survey of 263 Finance Executives BETTER CONTROLS AND EFFICIENCIES Business Risk Analysis 48% Improve Cash Flow and Working Capital 42% Audit and Control of Procurement 33% Understanding Payables Exposure 28% Compliance 15%Reaching New Heights: The Dividends of Collaboration between Finance and Procurement is published by CFO Publishing LLC, May 2012 9 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 10. Control Challenges Survey of 425 companies TOP 10 CONTROL CHALLENGES* Segregation of Duties Duplicate Payments Manual Processes DRIVERS Employee Reimbursements• Lack of Staff• False Positives Compliance with Policy• Access to Data• Visibility to Issues Automation• Mergers & Acquisition Checks• Decentralized Operations• Outsourcing Approvals Standardization/Consistency Signatures/Authority 10 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal *Accounts Payable Network Benchmark: AP Controls May 2011
  • 11. Web of Control Issues Missing Prices Overpayments to Unauthorized Vendors Credit Invalid or Missing Credit Duplicate Checks Unauthorized Supplier Master Billing Errors Journal Entries Unapproved or Illegal Suppliers Duplicate Inaccurate Payments Inaccurate Manual Journal Financial Reports Entries Delayed Supplier payments Duplicate Incorrect Spilt Purchase Invoices Payment Terms Statutory Audit Orders Findings Unused Credit Supplier Fraud Memos Unauthorized Delayed Unusual Returns Access Collections11 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 12. Performance Driven Controls BUSINESS RISKS ENTERPRISE PERSPECTIVE Goals Process Optimization Human Capital CONTROL OBJECTIVES Compliance Order Mgmt. Working Capital Accounting Leakage Procurement CONTINUOUS MONITORS12 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 13. Example – Financial Leakage PERFORMANCE GOAL PREVENT LEAKAGE $ Unauthorized BUSINESS RISKS Purchases Overpayments Valid Purchase Capture All Accurate Supplier CONTROL OBJECTIVES Orders Discounts Information Purchase of Purchase Orders Discounts Lost Split Purchase CONTINUOUS MONITORS Orders Unauthorized to Blocked due to Delayed Items Suppliers Payments13 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 14. Integrated Risk and Controls Management Steps Assess Risk Identification and Compliance BUSINESS RISKS Analysis Evaluate Document Detect and CONTROL OBJECTIVES Assessments Fix Issues Reviews Author CONTINUOUS MONITORS Execute Continuous Improvement Investigate & Monitoring14 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 15. Fusion GRC Product Strategy One Enterprise Foundation BUSINESS RISKS Enterprise Risk & Controls Foundation Dashboards, Reports and Alerts CONTROL OBJECTIVES Risk, Controls & Compliance Management Continuous Controls Monitoring CONTINUOUS MONITORS Custom or Legacy Applications15 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 16. Fusion GRC Product Strategy One Enterprise Foundation Enterprise Risk & Controls Foundation  All Users  All Processes Dashboards, Reports and Alerts  All Applications Risk, Controls & Compliance Management Continuous Controls Monitoring  100% of Transactions (Not Samples)  Advanced Detection Patterns  Manage by Exception Business Application Business Application Business Application  Independent Assurance Roles and User Security Roles and User Security Roles and User Security  Strengthens ERP controlsWorkflow Controls & Set Up Workflow Controls & Set Up Workflow Controls & Set Up Masterdata Masterdata Masterdata  Does not sacrifice efficiency over Transactions Transactions Transactions control16 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 17. Fusion GRC Product Strategy One Enterprise Foundation Enterprise Risk & Controls Foundation • Manage Interdependent Risks, Dashboards, Reports & Alerts Compliance and Monitoring Initiatives Role Based Access Security Worklists Notifications Email Search Perspectives Setup and Administration Risk, Controls & Compliance Management • Closed-loop processes for documentation, assessments, Documentation Reviews Assessments Surveys Remediation remediation and testing Continuous Controls & Risk Monitoring • Flexible, User-Defined Modules Access Setups Master Data Transactions Audit Tests and Control Monitors and Data Connectors User Authored Controls Fraud & Error Patterns Audit Testing Custom or Legacy Applications17 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 18. Customer Success18 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 19. Fusion GRC Solutions19 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 20. Enterprise SOD and Security Controls Solution Capability Document, assess and certify Application Security/SOD policies Library of pre-built automated SOD controls for EBS, PSFT & Fusion Author new controls, extend to any business application Benefits – Foundation for a strong application control environment – Lower Cost of Compliance - Financial Reporting & Privacy – Reduction of Fraud and Misuse Detection Prevention Define Access Access Remediation Preventive Compensating Controls Analysis (Clean-up) Provisioning Policies20 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 21. Technical Innovation  Complete User Access Path  RelateDoe User: John Access to Actual Transactions Role: Shipping Clerk Function: Tracking POs  Connect to any provisioning engine  Extend to any authorization model Role: Shipping Supervisor Function: Purchase Orders Form: Receiving Tab: Review PO Correlate Events and Detect Policy Violation Action: Submit PO Transaction: Order 123 Action: Signature Receipt Vendor: Acme21 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 22. New Connectors Pre-built Extensible Partner Pre-built Continuous SOD Controls Monitoring CUSTOMER CARE & BILLING Custom or Legacy Applications22 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 23. 23 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 24. Advanced Financial Controls Solution Capability Conduct risk assessments across all processes Comprehensive transaction data coverage Author controls and manage Incidents Benefits – Prevent Financial Leakage – Reduce Error, Waste, Misuse and Fraud – Improve Cash-Flow Detection Prevention Perform Review and Preventive Define Controls Transaction Address Transaction Analysis Incidents Controls24 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 25. Key Financial Control Issues 434 senior finance executives 51% make 10 to 30% of all payments too early** 64% make 10 to 30% of payments too late** 55% of companies are unable to collect 20 to 40% of total revenue within contracted payment terms** 46% of AP departments have not reviewed AP policies for over a year**Accounts Payable Network Benchmark: AP Controls May 2011; 425 Companies** Made to Measure CFOs on finance- and procurement-process improvement, CFO Research, May 201225 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 26. Procure to Pay - Example Optimization Cash Flow Prevent Leakage Business Risks Controls Objectives Continuous Monitors Capture all Supplier and Invoices Split purchase orders Discounts Created by Same User Unapproved or Incident ! Illegal Suppliers Accurate Supplier Discounts Lost due to Multiple Suppliers with Incident ! Information Delays in Payment the similar email domain Delayed Supplier payments Incident ! Valid Purchase Multiple Suppliers with Purchase Orders issued Orders the same Tax ID to Blocked Suppliers Incident ! Unauthorized Purchases Ensure Separation Multiple Suppliers with Monitor purchases of Investigate of Duties in the same Bank Account unauthorized items, Procurement Number such as contraband Close26 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 27. 27 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 28. 28 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 29. 29 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 30. 30 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 31. Comprehensive Coverage 6000+ Mapped Data Fields!31 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 32. Purchase Receive Issue Requisition Invoice Goods/Services Goods/Services Payments Procure to Pay32 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  • 33. ! Controls Dashboard - × Notifications Monitoring User 2 Submitted Order Cash Duplicate Invoices #1016 & 1017 Procure to Pay Error in Transaction #1018 Travel & Expense Potential Risk in Transaction #1018 Reports ID Invoices Value Order Unapproved Transaction #1019 Inst1 1015 11,548 0 Inst2 1016 14,234 0 Inst3 1017 14,094 0 Inst4 1018 22,124 033 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 34. C O M I N G S O O N34 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 35. 35 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  • 36. Accounts Payable Recovery Audit Example Profile UNINTENTIONAL ERRORS AND LEAKAGE  Global Single Instance (EBS)Global, Fortune 500 Firm, High-Tech  Centralized Payables Operation• Over 4 Audit Cycles, consultants found $17.5M in  Well Staffed payment errors  Clean Sox Audit Audit Recovery Findings  $17.5M Found  $8.3M Total Recovery  $4.8M After Fees  18 Month Cycle36 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 37. Recovery Audit Controls Solution Capability Manage Recovery Audit Projects & Claims Library of pre-built recovery control monitors Author new controls, with advanced anomaly & pattern detection Benefits – Pre-audit preparation, secured access to data – Expand recoveries – Address root causes of leakage Detection Prevention Define Recovery Analyze Identify Recover Address Root Controls Results Incidents Claims Causes37 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  • 38. Recovery Audit - Example Improve Cash flow Recover Leakage Business Risks Controls Objectives Continuous Monitors Minimize Identify vendors with debit Same Invoice Number Uncollected Vendor balances and no Open paid in Different Delayed Collections Balances Purchase Orders Orgs/Operating Units Incident ! and Uncollectable Receivables Same charges paid on Same Invoice Number Incident ! Valid Vendor different Invoice Nos. w/ paid twice Invoices different Dates Overpayments to Incident ! Vendors Same Invoice Number Invoice entered and paid Invoice payments by paid to Multiple entities of to an incorrect/unrelated Incident ! customers with Same Supplier Supplier correct discounts Identify Customers Payments Investigate that have taken Discounts after the Discount Date Close38 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 39. Advanced Detection Engine  Pareto Pattern (80-20 Rule) – Identify top 20% of Suppliers that send 80% of duplicate invoices by amount value  Absolute Deviation Pattern – Identify Invoices for disk drives that are in the top 10% in price deviation from the average price for disk drives  Anomaly Detection Pattern – Identify T&E reports where the hotel per day charges are much higher (normal distribution) than all the other T&E reports  Clustering Pattern – Identify groups of vendors based on uncollected vendor balances39 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 40. PRGX - Recovery Audit Controls Partner Global leader in recovery audit services industry $1Billion yearly in recoveries on average, 1600 Employees Transaction-intensive industries, Clients in over 30 countries Recovered $ per year Airline $700,000 - $1,250,000 Automotive $805,000 - $2,200,000 High Tech $400,000 - $1,100,000 Manufacturing $435,000 - $1,300,000 Transportation $385,000 - $830,000 Source: PRGX recovery audit findings40 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 41. Deloitte - Recovery Audit Controls Partner Global leader in contract compliance services Broad range of revenue recovery services across multiple industries (i.e., average ROI for revenue recovery services is 10 to 1) Deep experience in the delivery of supplier and vendor management services Broad range of industry experience in Technology, Consumer Business, Life Sciences, Energy, Federal Gov. Global team of dedicated with personnel with specialized contract compliance skills41 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 42. Fusion GRC Product Strategy Summary Functional Solutions Vertical Solutions Enterprise SOD Retail Vendor Rebate Controls Controls Advanced Financial Retail Inventory Controls ControlsEnterprise Risk & Controls Foundation Dashboards, Reports and Alerts Recovery Audit Telecom Revenue Controls AssuranceRisk, Controls & Compliance Management Supplier Risk Govt. Fraud & Misuse Management Continuous Controls Monitoring Management Oil & Gas Health & Advanced T&E Safety Monitoring Controls Custom or Legacy Social Media Tax Revenue Applications Compliance Controls Management Outsourced Process Insurance Claim SLA Monitoring Controls 42 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 43. Fusion GRC Applications Summary Enterprise SOD and Advanced Financial Recovery Audit Security Controls Controls Controls Protect sensitive Ensure process Reclaim financial ERP functions integrity and efficiency leakage Lower Compliance Costs Prevent & Recover Leakage $$ USER ACCESS INTERNAL SYSTEMS EXTERNAL PRCESSES Improve Cash Flow Process Optimization43 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 44. Customer Panel Discussion44 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 45. Customer Discussion Jaime Fox Steinar Modalslid-Meling Dennis Self Senior Manager, Director, Seadrill CIO, Gilead Sciences Deloitte45 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 46. Learn more about Deloitte in the Governance, Risk, and Compliance Track Integrating GRC and Identity Management: Minimize Risk Across Your Organization Session ID: CON11738 Tuesday, 11:45-12:45 Moscone West, Room 3012 Governance, Risk, and ComplianceTrack Sponsor46 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 46
  • 47. GRC Demo Pods – Moscone West W-089; W-013 Monday & Tuesday, (10AM – 6PM); Wednesday (9:45AM – 4PM)47 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 48. Learn More About GRC Applications Monday Optimize Oracle EBS Procure-to-Pay: Cut Inefficiencies/Fraud with Oracle GRC Apps  12:15PM InterContinental - Sutter  CON9401 Optimize Oracle EBS Order-to-Cash Process, Cutting Inefficiencies, Fraud Potential  3:15PM Westin San Francisco - Stanford  CON9042 Oracle Governance, Risk, and Compliance Controls Suite for PeopleSoft Applications  3:15PM Westin San Francisco - Franciscan I  CON906848 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 49. Learn More About GRC Applications Tuesday General Session: Oracle Fusion GRC Applications Strategy and Roadmap  10:15AM Moscone West - 3014  GEN9385 Advances in Oracle Enterprise Governance, Risk, and Compliance Manager  1:15PM Palace Hotel - Concert  CON9389 Exploring Oracle Preventive Controls Governor’s Features - Real-Life Examples  1:15PM Palace Hotel - Presidio  CON584349 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 50. Learn More About GRC Applications Wednesday Case Study: Reducing Upgrade Errors and Effort While Improving Business Performance  10:15AM Palace Hotel - Presidio  CON9400 Advances in Continuous Controls Monitoring with Oracle Fusion GRC  1:15PM Palace Hotel - Twin Peaks North  CON9387 Oracle Governance, Risk, and Compliance Controls Suite Extensibility: Technical Insight  3:30PM Palace Hotel - Pacific Heights  CON904650 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 51. Learn More About GRC Applications Wednesday, Cont’d Enforcing Access Controls in Oracle Fusion Applications  3:30PM Moscone West - 2007  CON9403 Enforce Segregation of Duties with Identity Management GRC Controls  5:00PM Palace Hotel - Twin Peaks North  CON938651 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 52. Learn More About GRC Applications Thursday Leveraging Oracle Fusion GRC Apps for Oracle Fusion Coexistence  11:15AM Palace Hotel - Twin Peaks North  CON9428 EBS User Panel: Reducing Upgrade Errors and Effort While Improving Compliance  12:45PM Palace Hotel - Presidio  CON9395 PSFT User Panel: Preventing Misuse and Waste While Improving Compliance  2:15PM Westin San Francisco - Franciscan I  CON939352 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 53. The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.53 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 54. Graphic Section Divider54 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal