Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
250
On Slideshare
250
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
5
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Top 10 Accounts Payables Control to Improve the Bottom-Line FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions Enterprise Risk Management Financial Close Monitor Advanced Controls Catalog Enterprise Audit GRC Monitor Swarnali Bag Product Strategy, Oracle Corporation Leverage Technology: Move Your Business Forward™ Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright ©. Fulcrum Information Technology, Inc.
  • 2. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 3. Program Agenda  Introduction  Top 10 Challenges Addressed by Advanced Controls  Oracle GRC Advanced Controls Solution  Case Study  Q&A 3 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 4. What Do We Mean by Control ‘Issues’ • Issues with a definite impact on the bottom line Example: Duplicate Vendor Payment • Issues with a potential impact on the bottom line Example: Split Purchase Order • Issues with Cash Flow Impact on the bottom line Example: Incorrect Vendor Payment Term 4 4 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 5. Financial Impact  Duplicate pays – often not huge amounts of $$ individually  What’s the big deal? 1. They add up! 2. Impact on sales 3. Impact on EPS 4. Prevent fraud and the honest mistakes 5 5 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 6. Impact on Sales UNINTENTIONAL ERRORS AND LEAKAGE Global, Fortune 500 Firm, High-Tech • Over 4 Quarters, consultants found $17.5M in payment errors Profile  Centralized Payables Operation  Well Staffed  Clean Sox Audit Post Audit Recovery  $17.5M Total Payment Errors Found  $6.8M Total Recovery  $4.08M After Fees  18 Month Cycle 6 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 7. Program Agenda  Introduction  Top 10 Challenges Addressed by Advanced Controls  Oracle GRC Advanced Control Solution  Case Study  Q&A 7 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 8. Advanced Controls What is it?  Layer of automated controls over ERP controls  Continuously monitor key controls  Detect and Report issues as they occur  Prevent issues from occurring  Quickly see high risk issues with exception based dashboards  Address issues that affect the bottom line  Reduces operational risk and process effectiveness 8 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 9. Standard + Advanced Controls Standard Controls Track Payments User Roles Hide Displays of Sensitive Data 3-Way Match Approval Hierarchies Track Discounts Split Purchase Orders Duplicate Vendors Transaction Threshold Amounts Duplicate Payments Fuzzy Logic, ‘similar values’ 9 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal Transaction Pattern Analysis Advanced Controls Sentiment Analysis Finegrained User Access Configuration Snapshots & Audit Trial
  • 10. Top 10 Accounts Payable Issues How does it affect the bottom line? Top 10 Issues Bottom Line Impact Duplicate Invoices – 2 invoices Overpayment to Supplier Cash Leakage Duplicate Invoices – 2 vehicle Overpayment to Supplier Cash Leakage Erroneous Charges to Invoice Overpayment to Supplier Cash Leakage Late Payment Overpayment to Supplier Cash Leakage Tax Errors Inaccurate Tax Cash Leakage Duplicate Vendor in Vendor Master File Inaccurate Vendor Master Cash Leakage Purchase order Related Issues Financial Fraud and Misuse Cash Leakage Early Payment Untimely Payment to Supplier Negative Cash Flow Missed Discounts 10 Business Risk Untimely Payment to Supplier Negative Cash Flow Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 11. Issue1: Duplicate Invoices – 2 Invoices •Discrepant Invoices •Late Payments •Honest mistake/ Fraud Advanced Control Detective:  Detect invoices with “Similar” invoice number, same amount to the one supplier  Detect invoices made to the same suppliers but in different business unit  Detect invoices made to different vendor with very similar names Preventive: • Put duplicate invoices on hold until proper investigation is complete 11 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 12. Issue2: Duplicate Payments – 2 Vehicle • 2 Vehicles like Invoices and P-Card • Paper Invoice and Electronic Process • Expense Report and Petty Cash • Multiple payment vehicle for a vendor Advanced Control Detective:  Detect suppliers with multiple method of payment  Detect payment made by procurement card and checks Preventive: • Put duplicate invoices on hold until proper investigation is complete • Prevent Supplier from getting paid through paper invoice if he is setup for electronic payment 12 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 13. Issue3: Erroneous Charges to Invoice • Who pays freight, insurance? • Are invoices based on POs? • Special deals Advanced Control Detective:  Detect invoices where freight was charged when in PO it was supposed to be pre-paid by the vendor  Detect invoices where freight was charged and warehouse charged freight separately  Detect invoices billed for quantities than what was actually shipped Preventive: • Put suspect invoices on hold until proper investigation is complete 13 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 14. Issue4: Late Payments • “Never pay late fees” • Open Vendor Credit • Can result in Duplicate Payment Advanced Control Detective:  Detect invoices that are approaching due date base on supplier/ PO payment term  Identify users who have consistently not paid vendors on time  Detect payments to vendors that are consistently late Preventive: • Send alerts on upcoming payments that are approaching due dates 14 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 15. Issue5: Tax Errors - Sales/ Use/ VAT •Wrong Amounts •Proper jurisdiction •Proper documentation •VAT Reclaim Advanced Control Detective:  Detect sales tax invoices by vendors for non-taxable items  Identifies use tax in error on non-taxable goods and services  Identify all VAT invoices that are approaching due date of the calendar year  Detect if sales tax goes over a threshold value  Identify supplier invoices where VAT is charged based on supplier location vs where the service is rendered 15 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 16. Issue6: Master Vendor Management •Potential duplicate payments •Segregation of Duties Concern •Correspondence Issues Advanced Control Detective:  Duplicate payment made to multiple entities of the same supplier  Identify purchases made from unapproved vendors  Identify suppliers with similar or different names but with same Tax ID Number or address  Identify suppliers who exists in the “Do not do business with” suppliers Preventive:  Ensure Segregation of duties between supplier creation and other conflicting functions  Detect suppliers with similar names at the time of supplier creation 16 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 17. Issue7: Purchase Order Problems • Split Purchase Order • Blanket Purchase Order • After the Fact PO Advanced Control Detective:  Detect Split PO to work around approval threshold  Detect standard PO issued to a supplier where a blanket PO exists Preventive:  POs over a certain threshold require approvals  Good receipts cannot take place without an approved PO  Mandate PO number during invoice creation 17 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 18. Issue8: Missed Discounts •Inefficient processing •Best financial return for any company •Track discount lost and why •Fix root causes whenever possible Advanced Control Detective:  Identifies special rebate from the PO contract that the invoice failed to mention  Track invoices that missed discount date by a little margin Preventive: • Send alerts on upcoming discounts available for payments above a threshold 18 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 19. Issue9: Early Payment • Negative cash flow • Fraud • Analyze early payments Advanced Control Detective:  Detect payments made earlier than supplier payment term  Alerts a user if payment term setup is changed Preventive: • Set up an approval process if payment term is changed • Prevent payment term to be changed • Ensures segregation of duties between invoice creation and supplier creation 19 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 20. Issue10: Travel & Entertainment • Employee misuse • Constant leakage to the bottom line • Make manager responsible • Part of annual review Advanced Control Detective:  Identify suspicious activity between coworkers to highlight the pattern of interrelationship in the expense reports  Detect expenses claimed in an expense report instead of booking through approved channels  Detect expense splitting Preventive: • Deny expenses through unapproved channels unless approved by senior management 20 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 21. Program Agenda  Introduction  Top 10 Challenges Addressed by Advanced Controls  Oracle GRC Advanced Controls Solution  Case Study  Q&A 21 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 22. GRC Advanced Controls One Enterprise Foundation  Risk & Controls Repository  Assess and Certify  Detect Policy Violations Dashboards, Reports and Alerts Worklists Notifications Email Search Perspectives Risk, Controls & Compliance Management Documentation Reviews Assessments Surveys Remediation Continuous Controls & Risk Monitoring Access Setups Data Connectors Master Data Transactions User Authored Controls Audit Tests Fraud & Error Patterns Custom or Legacy Applications 22 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal Web Services & APIs Role Based Access Security Enterprise Risk & Controls Foundation  All Users & Applications  100% of Transactions  All Processes ̶ Procure to Pay ̶ Order to Cash ̶ Financial Reporting ̶ User Access  Manage by Exception  Optimize Processes
  • 23. Oracle Advance Control Process Overview Optimization Cash Flow Prevent Leakage Business Risks Controls Objectives Continuous Monitors Unapproved or Illegal Suppliers Capture all Discounts Duplicate Invoice Payments Supplier and Invoices Created by Same User Delayed Supplier payments Accurate Supplier Information Discounts Lost due to Delays in Payment Multiple Suppliers with the similar email domain Incorrect Vendor Payment Valid Invoice Payments Erroneous Payment Purchase Orders created after Invoice Incident ! Incident ! Incident ! Valid Purchase Orders Duplicate vendor in vendor master file Split Purchase Order Incident ! Investigate Close ERP Transaction Payment Hold 23 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 24. Exception Based Dashboard 24 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 25. Continuous Monitor – Duplicate Invoices 25 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 26. Control Definition 26 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 27. Incident Management 27 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 28. Incident Management 28 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 29. Preventive Measure 29 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 30. Preventive Measure • Enforce controls & policy within the ERP systems 30 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 31. Advanced Controls Enables you to: Increase Process Effectiveness Improve Bottom-Line Reduce Operational Risk 31 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal …by Continuously Monitoring Your ERP Applications
  • 32. Advanced Controls Detect unwanted transactions Improve Bottom Line Detect settings that cause loss Make Processes More Effective, Efficient Detect problematic exceptions Reduce Operational Risk Automate policy management 32 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 33. Program Agenda  Introduction  Top 10 Challenges Addressed by Advanced Controls  Oracle GRC Advanced Control Solution  Case Study  Q&A 33 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 34. Case Study 34 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 35. Why Oracle GRC Advanced Control? •Compliance Requirement from internal/external audits •Global country regulations •Acquisitions and new legal entities •Solution Compliance Variation •Capability to monitor 100% of data •Scalability for Oracle and non Oracle integration 35 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 36. Use Cases - Scope Duplicate payments by invoice Maverick buying PO date should be prior to the invoice date $ Identify duplicate invoices by similar invoice and by vendor PO related problems Duplicate invoice Accounts Payable (Phase I) Duplicate vendors Duplicate payments by vendor Identify creation of duplicate vendor sites Identify duplicate invoice processing by vendor Duplicate vendor in vendor master file 36 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Duplicate invoice Confidential – Oracle Internal
  • 37. Use Cases – Scope Identifying erroneous high value payments Payments more than 30% increase of the last rolling 6 months payment to the vendor VAT rate Identify different VAT rates applied by the same vendor, for same goods/services, for same bill to entity $ Accounts Payable (Phase II) Erroneous payment Tax errors Withholding Tax (APAC) Identify the suppliers/ invoices where the incorrect rate of WHT was applied Tax errors 37 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 38. Use Cases - Scope File attachment on Expense Reports (ER) Identify ERs with supporting documents in unacceptable formats (like editable attachments like .txt) Noncompliant expenses Forensic repeat offenders Identify expenses claimed in iExpenses instead of booking through approved channels Expense splitting Identify expenses that were split to avoid policy violation Inappropriate T&E claim iExpense (Phase II) Collusion – analysis of attendees $ Analysis of attendees to highlight the pattern of interrelationship with coworkers related to suspicious ER activity Inappropriate T&E claim Identify the expenses claimed using unapproved channels, and by wrong categorization to avoid activating the report for audit Inappropriate T&E claim Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Amex/cash surfing Verify if same expense has been claimed both as Amex and cash Duplicate expenses Key word search in category 38 Inappropriate T&E claim Confidential – Oracle Internal
  • 39. Phase1 Facts Date Analyzed Graph Initial Build 130M records processed Graph Incremental Build 1.3M records processed No. of Entities Approximately 150+ No. of Use Cases 39 For One (1) Year Four use cases in Accounts Payables Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
  • 40. Lessons Learned Hardware Configuration ETL Performance Assessment Model & Control Analysis Assessment • TCG analyzes millions of • Perform multiple iterations of graph build. Monitor sys resources • Optimize the design of models transactions so it needs enough resources (disk space and memory) • Follow Oracle recommended h/w and s/w and make adjustments based on the volume of transactions 40 • Analyze transaction volume of each business object used in models • Understand the ETL design and Data Extraction criterion Copyright © 2013, Oracle and/or its affiliates. All rights reserved. • Replicate read-only schema instead of using apps schema of EBS • Implement control data level security (by region) so incidents can only be viewed by the right user for that region Confidential – Oracle Internal Fit/Gap Analysis Oracle Support • Verify the availability of business objects for the use cases • Early engagement with Oracle • Validate the model results first before running the controls • If you don’t need to secure your incidents, then do not use perspective for security • Tight collaboration and partnership with Oracle
  • 41. Thank You! Join us on LinkedIn to view Summary and Q&A webinar and discussion 41 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal