Top 10 Accounts Payables Control to Improve the Bottom-Line
FulcrumWay Leading Provider of Enterprise Risk Assessment Miti...
The following is intended to outline our general product
direction. It is intended for information purposes only,
and may ...
Program Agenda
 Introduction
 Top 10 Challenges Addressed by Advanced Controls

 Oracle GRC Advanced Controls Solution
...
What Do We Mean by Control ‘Issues’
• Issues with a definite impact on the bottom line
Example: Duplicate Vendor Payment

...
Financial Impact
 Duplicate pays – often not huge amounts of $$

individually
 What’s the big deal?
1. They add up!
2. I...
Impact on Sales
UNINTENTIONAL ERRORS AND LEAKAGE
Global, Fortune 500 Firm, High-Tech
• Over 4 Quarters, consultants found ...
Program Agenda
 Introduction
 Top 10 Challenges Addressed by Advanced Controls

 Oracle GRC Advanced Control Solution
...
Advanced Controls
What is it?
 Layer of automated controls over ERP controls

 Continuously monitor key controls
 Detec...
Standard + Advanced Controls

Standard
Controls
Track
Payments

User Roles

Hide
Displays of
Sensitive
Data

3-Way
Match
A...
Top 10 Accounts Payable Issues
How does it affect the bottom line?
Top 10 Issues

Bottom Line Impact

Duplicate Invoices –...
Issue1: Duplicate Invoices – 2 Invoices

•Discrepant Invoices
•Late Payments
•Honest mistake/ Fraud
Advanced Control
Detec...
Issue2: Duplicate Payments – 2 Vehicle
• 2 Vehicles like Invoices and P-Card
• Paper Invoice and Electronic Process
• Expe...
Issue3: Erroneous Charges to Invoice

• Who pays freight, insurance?
• Are invoices based on POs?
• Special deals
Advanced...
Issue4: Late Payments

• “Never pay late fees”
• Open Vendor Credit
• Can result in Duplicate Payment
Advanced Control
Det...
Issue5: Tax Errors - Sales/ Use/ VAT
•Wrong Amounts
•Proper jurisdiction
•Proper documentation
•VAT Reclaim
Advanced Contr...
Issue6: Master Vendor Management
•Potential duplicate payments
•Segregation of Duties Concern
•Correspondence Issues
Advan...
Issue7: Purchase Order Problems
• Split Purchase Order
• Blanket Purchase Order
• After the Fact PO
Advanced Control
Detec...
Issue8: Missed Discounts
•Inefficient processing
•Best financial return for any company
•Track discount lost and why
•Fix ...
Issue9: Early Payment
• Negative cash flow
• Fraud
• Analyze early payments
Advanced Control
Detective:
 Detect payments ...
Issue10: Travel & Entertainment
• Employee misuse
• Constant leakage to the bottom line
• Make manager responsible
• Part ...
Program Agenda
 Introduction
 Top 10 Challenges Addressed by Advanced Controls

 Oracle GRC Advanced Controls Solution
...
GRC Advanced Controls
One Enterprise Foundation

 Risk & Controls Repository
 Assess and Certify
 Detect Policy Violati...
Oracle Advance Control Process Overview
Optimization

Cash Flow

Prevent Leakage

Business Risks

Controls Objectives

Con...
Exception Based Dashboard

24

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Confidential – Oracle...
Continuous Monitor – Duplicate Invoices

25

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Confide...
Control Definition

26

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Confidential – Oracle Intern...
Incident Management

27

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Confidential – Oracle Inter...
Incident Management

28

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Confidential – Oracle Inter...
Preventive Measure

29

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Confidential – Oracle Intern...
Preventive Measure

• Enforce controls & policy within the ERP systems

30

Copyright © 2013, Oracle and/or its affiliates...
Advanced Controls
Enables you to:
Increase Process Effectiveness
Improve Bottom-Line

Reduce Operational Risk

31

Copyrig...
Advanced Controls
Detect unwanted transactions

Improve Bottom Line
Detect settings that cause loss
Make Processes More Ef...
Program Agenda
 Introduction
 Top 10 Challenges Addressed by Advanced Controls

 Oracle GRC Advanced Control Solution
...
Case Study

34

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Confidential – Oracle Internal
Why Oracle GRC Advanced Control?
•Compliance Requirement from internal/external audits
•Global country regulations
•Acquis...
Use Cases - Scope
Duplicate payments by
invoice

Maverick buying
PO date should be
prior to the invoice
date

$

Identify ...
Use Cases – Scope
Identifying erroneous
high value payments
Payments more than 30%
increase of the last rolling 6
months p...
Use Cases - Scope
File attachment on Expense Reports (ER)
Identify ERs with supporting documents in unacceptable formats (...
Phase1 Facts
Date Analyzed
Graph Initial Build

130M records processed

Graph
Incremental Build

1.3M records processed

N...
Lessons Learned
Hardware
Configuration

ETL Performance
Assessment

Model & Control
Analysis Assessment

• TCG analyzes mi...
Thank You! Join us on LinkedIn to view
Summary and Q&A
webinar and discussion

41

Copyright © 2013, Oracle and/or its aff...
Upcoming SlideShare
Loading in...5
×

Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013

139

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
139
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013

  1. 1. Top 10 Accounts Payables Control to Improve the Bottom-Line FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions Enterprise Risk Management Financial Close Monitor Advanced Controls Catalog Enterprise Audit GRC Monitor Swarnali Bag Product Strategy, Oracle Corporation Leverage Technology: Move Your Business Forward™ Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright ©. Fulcrum Information Technology, Inc.
  2. 2. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  3. 3. Program Agenda  Introduction  Top 10 Challenges Addressed by Advanced Controls  Oracle GRC Advanced Controls Solution  Case Study  Q&A 3 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  4. 4. What Do We Mean by Control ‘Issues’ • Issues with a definite impact on the bottom line Example: Duplicate Vendor Payment • Issues with a potential impact on the bottom line Example: Split Purchase Order • Issues with Cash Flow Impact on the bottom line Example: Incorrect Vendor Payment Term 4 4 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  5. 5. Financial Impact  Duplicate pays – often not huge amounts of $$ individually  What’s the big deal? 1. They add up! 2. Impact on sales 3. Impact on EPS 4. Prevent fraud and the honest mistakes 5 5 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  6. 6. Impact on Sales UNINTENTIONAL ERRORS AND LEAKAGE Global, Fortune 500 Firm, High-Tech • Over 4 Quarters, consultants found $17.5M in payment errors Profile  Centralized Payables Operation  Well Staffed  Clean Sox Audit Post Audit Recovery  $17.5M Total Payment Errors Found  $6.8M Total Recovery  $4.08M After Fees  18 Month Cycle 6 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  7. 7. Program Agenda  Introduction  Top 10 Challenges Addressed by Advanced Controls  Oracle GRC Advanced Control Solution  Case Study  Q&A 7 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  8. 8. Advanced Controls What is it?  Layer of automated controls over ERP controls  Continuously monitor key controls  Detect and Report issues as they occur  Prevent issues from occurring  Quickly see high risk issues with exception based dashboards  Address issues that affect the bottom line  Reduces operational risk and process effectiveness 8 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  9. 9. Standard + Advanced Controls Standard Controls Track Payments User Roles Hide Displays of Sensitive Data 3-Way Match Approval Hierarchies Track Discounts Split Purchase Orders Duplicate Vendors Transaction Threshold Amounts Duplicate Payments Fuzzy Logic, ‘similar values’ 9 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal Transaction Pattern Analysis Advanced Controls Sentiment Analysis Finegrained User Access Configuration Snapshots & Audit Trial
  10. 10. Top 10 Accounts Payable Issues How does it affect the bottom line? Top 10 Issues Bottom Line Impact Duplicate Invoices – 2 invoices Overpayment to Supplier Cash Leakage Duplicate Invoices – 2 vehicle Overpayment to Supplier Cash Leakage Erroneous Charges to Invoice Overpayment to Supplier Cash Leakage Late Payment Overpayment to Supplier Cash Leakage Tax Errors Inaccurate Tax Cash Leakage Duplicate Vendor in Vendor Master File Inaccurate Vendor Master Cash Leakage Purchase order Related Issues Financial Fraud and Misuse Cash Leakage Early Payment Untimely Payment to Supplier Negative Cash Flow Missed Discounts 10 Business Risk Untimely Payment to Supplier Negative Cash Flow Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  11. 11. Issue1: Duplicate Invoices – 2 Invoices •Discrepant Invoices •Late Payments •Honest mistake/ Fraud Advanced Control Detective:  Detect invoices with “Similar” invoice number, same amount to the one supplier  Detect invoices made to the same suppliers but in different business unit  Detect invoices made to different vendor with very similar names Preventive: • Put duplicate invoices on hold until proper investigation is complete 11 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  12. 12. Issue2: Duplicate Payments – 2 Vehicle • 2 Vehicles like Invoices and P-Card • Paper Invoice and Electronic Process • Expense Report and Petty Cash • Multiple payment vehicle for a vendor Advanced Control Detective:  Detect suppliers with multiple method of payment  Detect payment made by procurement card and checks Preventive: • Put duplicate invoices on hold until proper investigation is complete • Prevent Supplier from getting paid through paper invoice if he is setup for electronic payment 12 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  13. 13. Issue3: Erroneous Charges to Invoice • Who pays freight, insurance? • Are invoices based on POs? • Special deals Advanced Control Detective:  Detect invoices where freight was charged when in PO it was supposed to be pre-paid by the vendor  Detect invoices where freight was charged and warehouse charged freight separately  Detect invoices billed for quantities than what was actually shipped Preventive: • Put suspect invoices on hold until proper investigation is complete 13 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  14. 14. Issue4: Late Payments • “Never pay late fees” • Open Vendor Credit • Can result in Duplicate Payment Advanced Control Detective:  Detect invoices that are approaching due date base on supplier/ PO payment term  Identify users who have consistently not paid vendors on time  Detect payments to vendors that are consistently late Preventive: • Send alerts on upcoming payments that are approaching due dates 14 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  15. 15. Issue5: Tax Errors - Sales/ Use/ VAT •Wrong Amounts •Proper jurisdiction •Proper documentation •VAT Reclaim Advanced Control Detective:  Detect sales tax invoices by vendors for non-taxable items  Identifies use tax in error on non-taxable goods and services  Identify all VAT invoices that are approaching due date of the calendar year  Detect if sales tax goes over a threshold value  Identify supplier invoices where VAT is charged based on supplier location vs where the service is rendered 15 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  16. 16. Issue6: Master Vendor Management •Potential duplicate payments •Segregation of Duties Concern •Correspondence Issues Advanced Control Detective:  Duplicate payment made to multiple entities of the same supplier  Identify purchases made from unapproved vendors  Identify suppliers with similar or different names but with same Tax ID Number or address  Identify suppliers who exists in the “Do not do business with” suppliers Preventive:  Ensure Segregation of duties between supplier creation and other conflicting functions  Detect suppliers with similar names at the time of supplier creation 16 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  17. 17. Issue7: Purchase Order Problems • Split Purchase Order • Blanket Purchase Order • After the Fact PO Advanced Control Detective:  Detect Split PO to work around approval threshold  Detect standard PO issued to a supplier where a blanket PO exists Preventive:  POs over a certain threshold require approvals  Good receipts cannot take place without an approved PO  Mandate PO number during invoice creation 17 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  18. 18. Issue8: Missed Discounts •Inefficient processing •Best financial return for any company •Track discount lost and why •Fix root causes whenever possible Advanced Control Detective:  Identifies special rebate from the PO contract that the invoice failed to mention  Track invoices that missed discount date by a little margin Preventive: • Send alerts on upcoming discounts available for payments above a threshold 18 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  19. 19. Issue9: Early Payment • Negative cash flow • Fraud • Analyze early payments Advanced Control Detective:  Detect payments made earlier than supplier payment term  Alerts a user if payment term setup is changed Preventive: • Set up an approval process if payment term is changed • Prevent payment term to be changed • Ensures segregation of duties between invoice creation and supplier creation 19 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  20. 20. Issue10: Travel & Entertainment • Employee misuse • Constant leakage to the bottom line • Make manager responsible • Part of annual review Advanced Control Detective:  Identify suspicious activity between coworkers to highlight the pattern of interrelationship in the expense reports  Detect expenses claimed in an expense report instead of booking through approved channels  Detect expense splitting Preventive: • Deny expenses through unapproved channels unless approved by senior management 20 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  21. 21. Program Agenda  Introduction  Top 10 Challenges Addressed by Advanced Controls  Oracle GRC Advanced Controls Solution  Case Study  Q&A 21 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  22. 22. GRC Advanced Controls One Enterprise Foundation  Risk & Controls Repository  Assess and Certify  Detect Policy Violations Dashboards, Reports and Alerts Worklists Notifications Email Search Perspectives Risk, Controls & Compliance Management Documentation Reviews Assessments Surveys Remediation Continuous Controls & Risk Monitoring Access Setups Data Connectors Master Data Transactions User Authored Controls Audit Tests Fraud & Error Patterns Custom or Legacy Applications 22 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal Web Services & APIs Role Based Access Security Enterprise Risk & Controls Foundation  All Users & Applications  100% of Transactions  All Processes ̶ Procure to Pay ̶ Order to Cash ̶ Financial Reporting ̶ User Access  Manage by Exception  Optimize Processes
  23. 23. Oracle Advance Control Process Overview Optimization Cash Flow Prevent Leakage Business Risks Controls Objectives Continuous Monitors Unapproved or Illegal Suppliers Capture all Discounts Duplicate Invoice Payments Supplier and Invoices Created by Same User Delayed Supplier payments Accurate Supplier Information Discounts Lost due to Delays in Payment Multiple Suppliers with the similar email domain Incorrect Vendor Payment Valid Invoice Payments Erroneous Payment Purchase Orders created after Invoice Incident ! Incident ! Incident ! Valid Purchase Orders Duplicate vendor in vendor master file Split Purchase Order Incident ! Investigate Close ERP Transaction Payment Hold 23 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  24. 24. Exception Based Dashboard 24 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  25. 25. Continuous Monitor – Duplicate Invoices 25 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  26. 26. Control Definition 26 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  27. 27. Incident Management 27 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  28. 28. Incident Management 28 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  29. 29. Preventive Measure 29 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  30. 30. Preventive Measure • Enforce controls & policy within the ERP systems 30 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  31. 31. Advanced Controls Enables you to: Increase Process Effectiveness Improve Bottom-Line Reduce Operational Risk 31 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal …by Continuously Monitoring Your ERP Applications
  32. 32. Advanced Controls Detect unwanted transactions Improve Bottom Line Detect settings that cause loss Make Processes More Effective, Efficient Detect problematic exceptions Reduce Operational Risk Automate policy management 32 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  33. 33. Program Agenda  Introduction  Top 10 Challenges Addressed by Advanced Controls  Oracle GRC Advanced Control Solution  Case Study  Q&A 33 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  34. 34. Case Study 34 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  35. 35. Why Oracle GRC Advanced Control? •Compliance Requirement from internal/external audits •Global country regulations •Acquisitions and new legal entities •Solution Compliance Variation •Capability to monitor 100% of data •Scalability for Oracle and non Oracle integration 35 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  36. 36. Use Cases - Scope Duplicate payments by invoice Maverick buying PO date should be prior to the invoice date $ Identify duplicate invoices by similar invoice and by vendor PO related problems Duplicate invoice Accounts Payable (Phase I) Duplicate vendors Duplicate payments by vendor Identify creation of duplicate vendor sites Identify duplicate invoice processing by vendor Duplicate vendor in vendor master file 36 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Duplicate invoice Confidential – Oracle Internal
  37. 37. Use Cases – Scope Identifying erroneous high value payments Payments more than 30% increase of the last rolling 6 months payment to the vendor VAT rate Identify different VAT rates applied by the same vendor, for same goods/services, for same bill to entity $ Accounts Payable (Phase II) Erroneous payment Tax errors Withholding Tax (APAC) Identify the suppliers/ invoices where the incorrect rate of WHT was applied Tax errors 37 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  38. 38. Use Cases - Scope File attachment on Expense Reports (ER) Identify ERs with supporting documents in unacceptable formats (like editable attachments like .txt) Noncompliant expenses Forensic repeat offenders Identify expenses claimed in iExpenses instead of booking through approved channels Expense splitting Identify expenses that were split to avoid policy violation Inappropriate T&E claim iExpense (Phase II) Collusion – analysis of attendees $ Analysis of attendees to highlight the pattern of interrelationship with coworkers related to suspicious ER activity Inappropriate T&E claim Identify the expenses claimed using unapproved channels, and by wrong categorization to avoid activating the report for audit Inappropriate T&E claim Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Amex/cash surfing Verify if same expense has been claimed both as Amex and cash Duplicate expenses Key word search in category 38 Inappropriate T&E claim Confidential – Oracle Internal
  39. 39. Phase1 Facts Date Analyzed Graph Initial Build 130M records processed Graph Incremental Build 1.3M records processed No. of Entities Approximately 150+ No. of Use Cases 39 For One (1) Year Four use cases in Accounts Payables Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  40. 40. Lessons Learned Hardware Configuration ETL Performance Assessment Model & Control Analysis Assessment • TCG analyzes millions of • Perform multiple iterations of graph build. Monitor sys resources • Optimize the design of models transactions so it needs enough resources (disk space and memory) • Follow Oracle recommended h/w and s/w and make adjustments based on the volume of transactions 40 • Analyze transaction volume of each business object used in models • Understand the ETL design and Data Extraction criterion Copyright © 2013, Oracle and/or its affiliates. All rights reserved. • Replicate read-only schema instead of using apps schema of EBS • Implement control data level security (by region) so incidents can only be viewed by the right user for that region Confidential – Oracle Internal Fit/Gap Analysis Oracle Support • Verify the availability of business objects for the use cases • Early engagement with Oracle • Validate the model results first before running the controls • If you don’t need to secure your incidents, then do not use perspective for security • Tight collaboration and partnership with Oracle
  41. 41. Thank You! Join us on LinkedIn to view Summary and Q&A webinar and discussion 41 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×