GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, Sherwin William

Stop the Financial Leakage & Cure the Drought in Profits
Panel Discussion CON8203
Jim LachCorporate IT Controls and Compliance Leader, Sherwin Williams
Gavin LeavayNavillus Partners
Vital NattuvaIT Manager -Finance and Employee Services IT, Cisco Systems
JeramieTaylor CISA, CFE, Manager -Internal Controls, Noble Energy
Moderator: Barry Greenhut, Director -GRC Product Development, Oracle
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
3

Agenda
4
Introduction
Panel Discussion

Financial Leakage•$1,000,000 lost per year for every billion spent•Each incident of fraud costs $100,000 to $1,700,000*
“For a company with a 5% profit margin, $1 million in recoveries equates to $20 million in incremental sales”
*Source: 2010 ACFE Report to the Nations on Occupational Fraud and Abuse
Protiviti 2010 –Procurement Assessment and AP Recovery Solutions
“[Most companies] expect to find .1% of a company’s spend in financial leakage”

Key Financial Control Issues
51% make 10 to 30% of all payments too early**
64% make 10 to 30% of payments too late**
55% of companies are unable to collect 20 to 40% of total revenue within contracted payment terms**
46% of AP departments have not reviewed AP policies for over a year
434 Senior Finance Executives
** Made to Measure CFOs on finance-and procurement-process improvement, CFO Research, May 2012
* Accounts Payable Network Benchmark: AP Controls May 2011; 425 Companies

Accounts Payable Recovery AuditUNINTENTIONAL ERRORS AND LEAKAGE
Global, Fortune 500 Firm, High-Tech
•Over 4 Audit Cycles, consultants found $17.5M in payment errors
Profile
Single Business Application Instance
Centralized Payables Operation
Well Staffed
Clean SOX Audit
Audit Recovery Findings
18 Month Cycle
$17.5M Found–$ 8.3M Total Recovery= $ 4.8M After Fees

Survey of 263 Finance Executives
Need for Better Controls and Efficiencies
15%
28%
33%
42%
48% Improve Cash Flow and Working Capital
Reaching New Heights: The Dividends of Collaboration between Finance and Procurement is published by CFO Publishing LLC, May 2012ComplianceUnderstanding Payables ExposureAudit and Control of ProcurementBusiness Risk Analysis

•Lack of Staff
•False Positives
•Access to Data
•Visibility to Issues
•Mergers & Acquisition
•Decentralized Operations
•Outsourcing
DRIVERS
Segregation of Duties
Duplicate Payments
Manual Processes
Employee Reimbursements
Compliance with Policy
Automation
Checks
Approvals
Standardization/Consistency
Signatures/Authority
Accounts Payable Network Benchmark: AP Controls May 2011
Survey of 425 Companies
Top 10 Control Challenges

Agenda
10
Introduction
Panel Discussion
•Jim LachCorporate IT Controls and Compliance Leader, Sherwin Williams
•Gavin LeavayNavillus Partners
•Vital NattuvaIT Manager -Finance and Employee Services IT, Cisco Systems
•JeramieTaylor CISA, CFE, Manager -Internal Controls, Noble Energy
•Moderator: Barry Greenhut, Director -GRC Product Development, Oracle
•PLEASE ASK QUESTIONS ANYTIME!

4:45 pm
ID # 8210Doing Your ERP Implementation/ Upgrade Right with Oracle Advanced Controls Solutions
OLYMPIC ROOM, Westin
TUESDAY: Oracle GRC Advanced Controls
11
SPEAKERS:
SESSIONS:

10:00 am
ID # 8207Stop the Fraudster! Set the Tone at the Top and Prevent Fraud with Oracle Advanced Controls
WEDNESDAY: Oracle GRC Advanced Controls
12
SESSIONS:
2:45 pm
WEDNESDAY
ID # 8200Do You Really Know What Your Users Can Do—or Maybe Have Done?
FRANCISCAN I ROOM, Westin
10:45am
IOFM Workshop: How Your
Vendor Master File is Critical to GRC and Compliance
Presenter: Jon Casher
Length: 90 Minutes
CPE Credits: 1.5
ZEUM ROOM 8th FLOOR, Palomar
JON CASHER Ph.D.
IOFM Workshop
President, Casher Associates
Leading Industry Expert & Consultant
CPE
CREDITS
1.5
LOCATION:
Hotel Palomar
4th & Market
Contact: Dane Roberts Dane.Roberts@oracle.com
SPEAKERS:

10:15 am
ID # 8208Achieve a Quicker and Compliant Financial Close with Oracle Governance, Risk, Compliance
THURSDAY: Oracle GRC Advanced Controls
13
SPEAKERS:
SESSIONS:
12:45 pm
ID # 8154Controlling for Multiple ERP Systems with Oracle Advanced Controls
2:45 pm
ID # 8213How Your Vendor Master File is Critical to Governance, Risk Management and Compliance
LOCATION:
Westin
3rd & Market

5:00 pm
WEDNESDAY
ID # MTE 8487
Meet the Governance, Risk, and Compliance Experts
METROPOLITAN III ROOM
MEET EXPERTS & DEMO GROUNDS: Oracle GRC
14
HOST:
SESSIONS:
ID # 4250Demo Station: Oracle Fusion Governance, Risk, and Compliance Advanced Controls
MONDAY 9:45 –6:00
TUESDAY 9:45 –6:00
WEDNESDAY9:30 –3:45
LOCATION:
Westin
3rd & Market
HOST:
SESSIONS:
LOCATION:
MosconeWest

DEMOgrounds: MosconeWest Station ID WCL-003
15

Follow Us & join the conversation .
Oracle GRC Advanced Controls Group
@OracleAdvCntrls

Background and Supplemental Information
19

Background and Supplemental InformationSherwin Williams

Since its founding by Henry Sherwin and Edward Williams in 1866,The Sherwin-Williams Company has not only grown to be the largest producer of paints and coatings in the United States, but is among the largest producers in the world.

Sherwin-Williams Advanced Controls
Jim Lach
Corporate IT Controls and Compliance Leader
jim.r.lach@sherwin.com

Advanced Controls
CCG Version 5.5.1
Snapshots and Change Tracking in place
ACG Version 8.6.4.7159
Heavily used for User Access Models
TCG Version 8.6.4.7181
Minor usage to date. Development in process.
TPCG
Minor usage to date. Development in process.

Background and Supplemental InformationNoble Energy

Company OverviewA company of growth and expansion
25
Founded in 1932 by Lloyd Noble
Noble Energy is an S&P 500 public company with reserves of 1.4 billion barrels of oil equivalent and assets totaling over $19 billion at year-end 2013
Noble Energy's corporate purpose is "Energizing the World, BetteringPeople'sLives®”
Westrive to provide energy for the world through finding and producing hydrocarbons, while positively influencing the lives of our stakeholders. To us, the two responsibilities cannot exist separately.

Company OverviewA focus on core value added assets
26

Oracle EBS OverviewThe technology that aligns the businesses
27
Implemented Oracle EBS version 11.5.10 in Q4of 2007
Currently on Oracle EBS version 12.1.3
6instances including 1 Prod, 4 Test, 1 Dev; April 2014–Add 2 Test
Oracle EBS is hosted by Oracle Managed Cloud Services in Austin, TX
All employees and some contractors are users –~3000
EBS Modules:
General Ledger
Financial Reporting
Payables
Receivables
Fixed Assets
Projects
Asset Management
Inventory
Purchasing
iExpense
OTL Time Entry
Human Resources
Payroll
P2 Enterprise Upstream:
Revenue
Revenue Reporting
Division Orders
Joint Venture Accounting
Production Reporting
Report Centers

Oracle EBS OverviewUniquely Noble Operations
28
Noble does not “sell” consumer products or services, we find and extract and oil/gas in which ownership is transferred at meters or when arriving at a processing facility
We operate globally which causes challenges with managing banks, payments and reconciliations around the world
Financial procurement authorization is captured at the requisition, not the purchase order
Budgeting and forecasting take place in Hyperion, external to EBS
iRecruitment/HR creates candidate accounts in EBS
Currently over 300,000 “users” if unfiltered for candidates
Noble is currently working on a “Foundation 2020” project which will revamp how we use Oracle for several major processes

Moving ForwardThe Journey Continues
ACCESS GLOBAL CONDITIONS (ACG):
ACGs were setup and tested one-by-one (14 Total)
Exclude certain IT Service Accts (oracle managed, etc.)
Exclude if Menu and/or Sub-Menu Grant Flag = N; Menu Prompt = No Prompt
Exclude if Not Within the Same Set of Books
Exclude if Function is Query Only
Exclude if Responsibility and/or User is End Dated
ACG testing consisted of looking at both production and test environments
Result count for each test was tracked to determine if there was or was not a reduction in results
29

AACG:
Requirement-Re-validation of Seeded Content Access Points
Developed Custom Reports to help validate access points:
•Confirmed if access point is used by NBL / resides with a NOBL Responsibility
•ID unexpected responsibilities where access point exists
•Determine if other access points should be considered / included
30

Example of Value Added Validation:
Looked up the Seeded “Bank Account Reconciliation” access point
ID’edother access points that should be considered
Opened a responsibility with this in test and uncovered a Noble custom form / access point (undetected by IT Custom Report or GRC)
31

TCG:
Requirement-Validation of Seeded Content
Individually loaded, customized and refined each TCG model
Ran each Model Object (i.e. table) wide open to view exactly what populates and what does not
Refined each filter until only a complete and accurate set of data was returned
Used seeded content as starting place for additional models
Examples of New TCG Models:
Dormant User Accounts
Expense Report Expenses
Passwords Not Set to 90 Days
Person AddrXX% Similar to Payee Addr1, 2, 3
Person AddrXX% Similar to Customer Addr1, 2, 3
Person AddrXX% Similar to Supplier Site Location
Person Home Addrwithin the Paid to Addr
Supplier Name Contains XXXX, PmtNot Void & Exclude Employee Pmts
32

PCG:
Requirement–Internal Controls to drive the use of this module
Only 1 IT User has access to PCG in Production
Only 2 Internal Controls people have access in Test + 1 IT User
Internal Controls learning and building our own PCG Rules in Test
Developed a naming convention of all PCG Rules
Examples of PCG Controls:
Set Password Lifespan field default to 90 days
Restrict Financial DOA Administration
Restrict Procurement DOA Administration
Limit User update access to System Administration, etc. (in Test)
Restrict Inventory Transaction Types
Restrict Noble Journal Source and Categories
Restrict Noble Password Reset Responsibility
CCG: Will be utilized in late 2014 and early 2015
Intelligence: Linked into OBIEE, but dashboards will need to be built out
Manager: Noble utilizes a non-Oracle product solution in place of this
33

Background and Supplemental InformationCisco

© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
35
IT Manager, Cisco Systems Inc
IT Manager in Finance and Employee Services IT
IT Service Owner for Payable & Expenses, Procurement Services and Fixed Asset Management
Has been part of the transformational efforts at Cisco to consolidate multiple geographically aligned Finance instances into Single Global Instance on R12
Before Cisco, he has played an instrumental role in Implementing Oracle financials at various renowned companies across the Globe.

Cisco Confidential
36
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Solve
Innovate
Change
Our Vision
For nearly 30 years, we’ve focused on helping to change the way the world works, lives, plays, and learns.
Our Strategy
We solve our customers’ most important business challenges by delivering intelligent networks and technology architectures built on integrated products, services, and software platforms.

Cisco Confidential
37
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco
At-a-Glance
Revenue: $47.1B, -3% Y-Y Growth, $36BProducts, $11BServices
$6.3 R&D (13.35% of Cisco revenue)
More than 71,000 employees
Nearly 70,000 channel partners
380 global sites doing business in 165+ countries
More than 18,000 patents
28,000 engineers (39% of our workforce)
#1 or #2 in most market segments we serve
More than 170 acquisitions since 1993
Broad portfolio of integrated products and solutions
FY14Stats
Other Stats

Cisco Confidential
38
Purchasing
iProcurement
iExpenses
General Ledger
Fixed Assets
Accounts Payable
Core Financials
Employee Self-Service
R12.1.3
Travel

Cisco Confidential
39
Duplicate vendors
Identify creation of duplicate vendor sites
Duplicate payments by vendor
Identify duplicate invoice processing by vendor
Maverick buying
PO date should be prior to the invoice date
Duplicate payments by invoice
Identify duplicate invoices by similar invoice and by vendor
Accounts Payable
$
Duplicate invoice
Duplicate invoice
Duplicate vendor in vendor master file
PO related problems
Identifying erroneous high value payments
Payments more than 30% increase of the last rolling 6 months payment to the vendor
$
Erroneous payment
Withholding Tax (APAC)
Identify the suppliers/ invoices where the incorrect rate of WHT was applied
Tax errors

Cisco Confidential
40
iExpense
File attachment on Expense
Reports (ER)
Identify ERs with supporting documents in
un-acceptable formats (like editable
attachments like .txt)
Noncompliant expenses
Duplicate Expense
Amex/cash surfing
Verify if same expense has been claimed both as Amex and cash
$

Cisco Confidential
41
•One (1) Year
Data Analyzed
•103 Million records processed
Graph Initial Build
•800 Thousand records processed
Graph Incremental Build
•Six (6) Custom Business Objects
No. of Custom BOs
•Six (6) use cases in Accounts Payables
•Two (2) use cases in iExpense
No. of Controls
•3 times a week
Sync and Control Analysis Schedule
•GRC-all-8.6.5.1645
GRC Version
•Oracle DB 11.2.0.3.10
Database
•Firefox 24
•Internet Explorer 9x, 8x
Browser
•Oracle WebLogic Server 12.1.2 with Oracle JDK 1.7.0_51
•ApplicationDevelopmentRuntime 12.1.2 and RCU 12.1.2
Application Server and Middleware

Cisco Confidential
42
2-3 K per day
•Total Incidents generated
750-800 per day
•Incidents Closed and Resolved

Cisco Confidential
43Hardware Configuration
•TCG analyzes millions of transactions so it needs enough resources (disk space and memory)
•Follow Oracle recommended h/w and s/w and make adjustments based on the volume of transactionsModel & Control Analysis Assessment
•Optimize the design of models
•Avoid nested UDO
•Replicate read-only schema instead of using apps schema of EBSFit/Gap Analysis
•Understand the importance of Incident Status and State Code and how it affects the remediation process
•Validate the model results first before running the controls
•Verify the availability of business objects for the use casesOracle Support
•Early engagement with Oracle
•Tight collaboration and partnership with Oracle ETL Performance Assessment
•Perform and document multiple iterations of graph build and Control Analysis. Monitor sys resources
•Plan to get weekly or daily refresh of datasource data with production data
•Analyze transaction volume of each business object used in models
•Understand the ETL design and Data Extraction criterion

Background and Supplemental InformationNavillus Partners

45
ABOUT NAVILLUS PARTNERS
International professional services and solutions firm headquartered in Boston, Massachusetts
Established in2009, Navillus has experienced on average 40% growth year over year in Oracle Advanced Controls professional services
Oracle Gold Level Partner specializing in Oracle Advanced Controls & E-Business Suite / PeopleSoft professional implementation and advisory services
Recognized as the #1 Oracle Advanced Controls Partner in 2012 & 2014!
The first in the industry to hold Oracle Advanced Controls Specialization accreditation
Is an Oracle authorized training partner
Navillus is a privately held company that has been profitable consistentlyboth from a cash and accrual basis since the 4thmonth of operations with zero external debt outstanding.
Our team’s collective experience includes:
168 years working in the information technology industry
177 years implementing the Oracle e-Business Suite ERP package
76 years implementing the Oracle GRC applications
More than 512 GRC implementations to the team’s credit to date

46
ABOUT NAVILLUS PARTNERS
Highly experienced resourceswith one of the strongest track records for delivery success in the North America & Europe.
Oracle Resource(s) have 13+ years dedicated to Oracle Implementations, Security Design, and Project / Program Management
Our team members average more than 8 years of Oracle Advanced Controls Experience
The majority or our team was involved in the development of the original versions of the Oracle Advanced Controls Applications
Proprietary accelerated delivery methodology, NAViGATE
Process Driven approach tailored specifically for Oracle Advanced Controls
‘Design In’ Approach for Oracle e-Business Suite & PeopleSoft implementations and upgrades
Developed and maintain our ACE Process & Controls Library
Process optimization and control accelerators
GRC & Business Process Controls Library for PCG, CCG, & TCG
Comprehensive extension to Oracle’s out of the box Access Controls Content
-

47
NAVILLUS PARTNERS IS A WORLD LEADER
More than 500 combined Oracle Advanced controls implementations
34+ skilled and experienced Advanced Controls professional worldwide
Functional & technical experience across nearly all Oracle e-business applications (HRMS, Financials, Supply Chain Management, CRM, other)
Multiple consultants with Oracle accredited specializations
Experience
GlobalDelivery
Centers
of Excellence
Right-shore Delivery capabilities for Oracle Advanced Controls including utilization of our experienced Chennai, India team, well beyond installation & technical responsibilities
Navillus provides training to customers and other implementation partners worldwide
International experience in more than 10 countries
Navillus’ Center of Excellence (CoE) is a solution center that works closely with Oracle OAC Product & Product Strategy and promotes and trains the extended team on new product features and techniques
Provides new and innovative delivery techniques from in-field feedback and experience to continuously enhance our NAViGATE Methodology
Works with Oracle’s product group on new features and enhancements
Maintains and updates our internal development and demo labs

48
NAVILLUS ADVANCED CONTROLS CASH LEAKAGE USE CASE

49
NAVILLUS PARTNERS DEPLOYMENT INFORMATION
Library Prebuilt Transaction Control Models and Preventive Controls to provide immediate ROI
1 week for existing installs
2 weeks requiring installation of TCG and PCG
Recent Client Deployment Resulted in identifying:
$271K in Duplicate Spend
Over 150 Duplicate Suppliers
Rules designed to provide prevent controls and continuous oversight to specific process and system limitations resulting in duplicate spend
-

50
ANALYSIS FOR IMMEDIATE ROI
Recent Deployment of Navillus TCG Controls focused on Cash Leakage
Deployed 7 Duplicate Invoice/Payment Monitors –Possible duplicate invoices based on attribute combinations (e.g. same invoice number and amount, same supplier, invoice amount and date)
•7 Variations of Supplier, Inv#, Invoice Amt., Inv. Date attribute review
•Duplicate Invoices -Same invoice number and amount
Deployed 4 Duplicate Supplier Monitors –different possibilities for review
•Similar name suppliers
•Suppliers with the same tax ID
•Combinations of Name, Address, etc.
Deployed 2 Missed Discount Monitors –identifying Suppliers offering discounts where no discount taken

51
SUMMARY OF RECENT DEPLOYMENT
Review of one Duplicate Payment TCG Model looking for Invoices with the same invoice number and amount identified:
•Identified Results (20 month review): 175 incidents totaling ~$5 million USD = $2.5 million in possible overspend
•Likely Dups from Result Review Identified: 8 incidents representing ~$271k (11%) in possible overspend (see next slide)
Duplicate Supplier –Different possibilities for review
•Similar name suppliers -1745
•Suppliers with the same tax ID –165
Missed Discounts -Suppliers offering discounts with no discount taken on Invoice 61 invoices –totaling @97K, missed discount of @4.8K.

52
LAYERED APPROACH FOR DUPLICATE INVOICES
Identified weaknesses with TCG lead to Preventive Controls design with PCG
Duplicate Issues identified and related PCG Control
•Duplicate payments across supplier site or OU
Rule designed to Prevent or Warn of duplicates across OU or Site at entry.
•One letter’s case or placement different in the invoice number
Rule to restrict invoices to all capitals and holds or warning of similar numbers
•Duplicate suppliers in system and two different suppliers paid
Rule warn or hold duplicate suppliers at entry

53
DUPLICATE INVOICES SUMMARY
4755
1142
1712
175
6
118
0
500
1000
1500
2000
2500
3000
3500
4000
4500
5000
Dup Invoice 1
Dup Invoice 2
Dup Invoice 3
Dup Invoice 4
Dup Invoice 5
Dup Invoice 6
Dup Invoice 7
Number of Incidents
Control Name
Incident Violation Counts

54
DUPLICATE INVOICES SUMMARY
$42.0
$28.6
$37.3
$2.5
$0.009
$0.0
$2.0
$0.0
$5.0
$10.0
$15.0
$20.0
$25.0
$30.0
$35.0
$40.0
$45.0
Dup Invoice 1
Dup Invoice 2
Dup Invoice 3
Dup Invoice 4
Dup Invoice 5
Dup Invoice 6
Dup Invoice 7
Dollar Amount ($US mil)
Control Name
Dollar Amount of Duplicate Invoice incidents

Background and Supplemental InformationOracle

…by Continuously Monitoring Your Financial Applications
Advanced Controls
Give you the means to:
Make Processes More Effective, Efficient
Reduce Operational Risk
Improve Bottom Line

Make Processes More Effective, Efficient
Improve Bottom Line
Advanced Controls
Detect unwanted transactions
Detect settings that cause loss
Detect problematic exceptions
Automate policy management

Improve Bottom Line
Advanced Control
•Detect Unwanted Transaction
Business Review
•Determine Response
Financial Application
•New Business Rule

Replace Manual Management of Policies
…with Automated Workflows & Repositories
Reduce Manual Effort & Expense
More Timely & Complete Results
Replace Manual Sampling
…with Linked Continuous Monitors
Reduce Manual Effort & Expense
More Complete & Accurate Results

Do I Need Advanced Controls?
Experience unwanted transactions?
Experience adverse events?
Depend on process exceptions?
Find compliance expensive?
Experience audit findings?
Does your organization…

Grown through acquisition
Many operating units
Publicly traded stock
Highly regulated industry
Multi-state or multi-national
Experience unwanted transactions?
Experience adverse events?
Depend on process exceptions?
Find compliance expensive?
Experience audit findings?
Does your business…
Do you struggle with complexity?

Preparing to use an Oracle Application?
Upgrading an Oracle Application?
Changing its business processes?
Is your organization…

Advanced Controls Are Used in High-Risk EBS & PSFT Processes
•EXAMPLE:Find questionable invoices that can’t be found by other solutions
Provide insight intotransactions & setups
•EXAMPLE:Put questionable invoices on hold for disposition
Process owners leverage insight
•EXAMPLE:Avoid paying invalid invoices
Process owners maximize benefit of insight
63

Embedding Advanced Controls Accelerates Processes, Increases Accuracy, Reduces Risk
64
Pre-Built TCG Control for EBS/PSFT
Embedded in EBS/PSFT Process
1
Prevent payment of duplicate invoicesand payment requests
1.Inspect potential duplicates(incl. fuzzy matches on vendor names, amounts, dates, vendor addresses, invoice numbers)
2.Put selected duplicates on hold
2
Prevent duplicate vendors
1.Inspect potential duplicates (incl. fuzzy matches on names, address, phone numbers, email domains, bank accts, tax IDs, etc.)
2.Inactivate selected duplicates
3
Prevent employees from acting as suppliers
1.Inspect potential violators (incl. employees whose payroll bank accounts or tax IDs matchsuppliers’ accounts/IDsor invoice/payment requests’ accounts/IDs)
2.Put selected invoices/requestson hold, notify employees’ managers
4
Prevent split POs
1.Inspect potentialsplit items
2.Put selected splits on hold
5
Prevent improper steering of purchases to vendors
1.Inspect top amounts awarded to vendors by buyer
2.Inactivateselected vendors, notify buyers’ managers
6
Prevent purchase/sales transactionswith restricted entities
1.Inspect POs, payment requestsandsales orders to restricted vendorsand customers
2.Put selected transactions on hold

Solutions for Embedding Advanced Controls
Typical solution:
1.Review Advanced Controls data
2.Research context in ERP
3.Take action in ERP
4.Update Advanced Controls accordingly
One-click solution:
Use single user interface* to:
a.Review Advanced Controls and ERP data EXAMPLE: Duplicate invoices
b.Trigger ERP action and update Advanced ControlsEXAMPLE: Put selected invoices on hold
*Provided by Specialized partners
65

Partner Case Study: PeopleSoft
Business Requirement:
•Review ~5,000 potentially erroneous payment requests each week (worth ~$60 million)
•For each request: hold for investigation, or release for payment
One-Click Solution:
•TCG controls detect requests that require review
•Dashboard lets users review requests and route them appropriately in PeopleSoft Financials
•Provided by FulcrumWay
Outcome: Prevents an average of $100 million in erroneous payments annually
66
Agencies Payment Requests
PeopleSoft Financials (New Payment System)
Auto Payments on Hold
Payment
Requests
PeopleSoft
GRC
SQL/Legacy
E-Business
Release Payments on Hold
not selected for audit

Built by Specialized Partner
Concept Visualization: One-Click Solution for E-Business Suite
67
User Views TCG Incidents…
One-Click
…and EBS Invoices
Selected Invoices are Put on Hold in EBS, Incidents are marked “Processed” in TCG

Recommended Integration Architecture for One-Click Solutions
•Specialized Partners plan, develop and support one-click solutions
•Recommended integration architecture:
68
Oracle
E-Business Suite
or
PeopleSoft
Specialized
Partner’s
One-Click
Solution
Oracle
Transaction
Controls
Governor
Pre-Built Services
Pre-Built Services

Recommended User Experience for One-Click Solutions
•Specialized Partners plan, develop and support one-click solutions
•Recommended one-click user experience options:
69
Oracle E-Business Suite
or PeopleSoft
Specialized
Partner’s
One-Click
Solution
…or…
UI Embedded in ERP
…or…
Specialized
Partner’s
One-Click
Solution
Standalone UI
Portal
Specialized
Partner’s
One-Click
Solution
UI Embedded in Portal

Guidance to Customers
•The preceding slides illustrate a one-click solution that can be provided by Specialized Partners
•If you’d like to consider the solution further, start by ensuring:
–Your intended use is described by the preceding slides
SUMMARY:You plan to embed a TCG control in an EBS or PeopleSoft process
–You already use your TCG controls as continuous control monitors
Provides incident management experience needed for successful planning
–A Specialized Partner is helping you plan, develop, deploy and support your solution
70

GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, Sherwin William

GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, Sherwin William

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, Sherwin William

Similar to GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, Sherwin William (20)

More from Oracle

More from Oracle (7)

GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, Sherwin William