21. Since its founding by Henry Sherwin and Edward Williams in 1866,The Sherwin-Williams Company has not only grown to be the largest producer of paints and coatings in the United States, but is among the largest producers in the world.
23. Advanced Controls
CCG Version 5.5.1
Snapshots and Change Tracking in place
ACG Version 8.6.4.7159
Heavily used for User Access Models
TCG Version 8.6.4.7181
Minor usage to date. Development in process.
TPCG
Minor usage to date. Development in process.
25. Company OverviewA company of growth and expansion
25
Founded in 1932 by Lloyd Noble
Noble Energy is an S&P 500 public company with reserves of 1.4 billion barrels of oil equivalent and assets totaling over $19 billion at year-end 2013
Noble Energy's corporate purpose is "Energizing the World, BetteringPeople'sLives®”
Westrive to provide energy for the world through finding and producing hydrocarbons, while positively influencing the lives of our stakeholders. To us, the two responsibilities cannot exist separately.
27. Oracle EBS OverviewThe technology that aligns the businesses
27
Implemented Oracle EBS version 11.5.10 in Q4of 2007
Currently on Oracle EBS version 12.1.3
6instances including 1 Prod, 4 Test, 1 Dev; April 2014–Add 2 Test
Oracle EBS is hosted by Oracle Managed Cloud Services in Austin, TX
All employees and some contractors are users –~3000
EBS Modules:
General Ledger
Financial Reporting
Payables
Receivables
Fixed Assets
Projects
Asset Management
Inventory
Purchasing
iExpense
OTL Time Entry
Human Resources
Payroll
P2 Enterprise Upstream:
Revenue
Revenue Reporting
Division Orders
Joint Venture Accounting
Production Reporting
Report Centers
28. Oracle EBS OverviewUniquely Noble Operations
28
Noble does not “sell” consumer products or services, we find and extract and oil/gas in which ownership is transferred at meters or when arriving at a processing facility
We operate globally which causes challenges with managing banks, payments and reconciliations around the world
Financial procurement authorization is captured at the requisition, not the purchase order
Budgeting and forecasting take place in Hyperion, external to EBS
iRecruitment/HR creates candidate accounts in EBS
Currently over 300,000 “users” if unfiltered for candidates
Noble is currently working on a “Foundation 2020” project which will revamp how we use Oracle for several major processes
29. Moving ForwardThe Journey Continues
ACCESS GLOBAL CONDITIONS (ACG):
ACGs were setup and tested one-by-one (14 Total)
Exclude certain IT Service Accts (oracle managed, etc.)
Exclude if Menu and/or Sub-Menu Grant Flag = N; Menu Prompt = No Prompt
Exclude if Not Within the Same Set of Books
Exclude if Function is Query Only
Exclude if Responsibility and/or User is End Dated
ACG testing consisted of looking at both production and test environments
Result count for each test was tracked to determine if there was or was not a reduction in results
29
30. Moving ForwardThe Journey Continues
AACG:
Requirement-Re-validation of Seeded Content Access Points
Developed Custom Reports to help validate access points:
•Confirmed if access point is used by NBL / resides with a NOBL Responsibility
•ID unexpected responsibilities where access point exists
•Determine if other access points should be considered / included
30
31. Moving ForwardThe Journey Continues
Example of Value Added Validation:
Looked up the Seeded “Bank Account Reconciliation” access point
ID’edother access points that should be considered
Opened a responsibility with this in test and uncovered a Noble custom form / access point (undetected by IT Custom Report or GRC)
31
32. Moving ForwardThe Journey Continues
TCG:
Requirement-Validation of Seeded Content
Individually loaded, customized and refined each TCG model
Ran each Model Object (i.e. table) wide open to view exactly what populates and what does not
Refined each filter until only a complete and accurate set of data was returned
Used seeded content as starting place for additional models
Examples of New TCG Models:
Dormant User Accounts
Expense Report Expenses
Passwords Not Set to 90 Days
Person AddrXX% Similar to Payee Addr1, 2, 3
Person AddrXX% Similar to Customer Addr1, 2, 3
Person AddrXX% Similar to Supplier Site Location
Person Home Addrwithin the Paid to Addr
Supplier Name Contains XXXX, PmtNot Void & Exclude Employee Pmts
32
33. Moving ForwardThe Journey Continues
PCG:
Requirement–Internal Controls to drive the use of this module
Only 1 IT User has access to PCG in Production
Only 2 Internal Controls people have access in Test + 1 IT User
Internal Controls learning and building our own PCG Rules in Test
Developed a naming convention of all PCG Rules
Examples of PCG Controls:
Set Password Lifespan field default to 90 days
Restrict Financial DOA Administration
Restrict Procurement DOA Administration
Limit User update access to System Administration, etc. (in Test)
Restrict Inventory Transaction Types
Restrict Noble Journal Source and Categories
Restrict Noble Password Reset Responsibility
CCG: Will be utilized in late 2014 and early 2015
Intelligence: Linked into OBIEE, but dashboards will need to be built out
Manager: Noble utilizes a non-Oracle product solution in place of this
33
45. 45
ABOUT NAVILLUS PARTNERS
International professional services and solutions firm headquartered in Boston, Massachusetts
Established in2009, Navillus has experienced on average 40% growth year over year in Oracle Advanced Controls professional services
Oracle Gold Level Partner specializing in Oracle Advanced Controls & E-Business Suite / PeopleSoft professional implementation and advisory services
Recognized as the #1 Oracle Advanced Controls Partner in 2012 & 2014!
The first in the industry to hold Oracle Advanced Controls Specialization accreditation
Is an Oracle authorized training partner
Navillus is a privately held company that has been profitable consistentlyboth from a cash and accrual basis since the 4thmonth of operations with zero external debt outstanding.
Our team’s collective experience includes:
168 years working in the information technology industry
177 years implementing the Oracle e-Business Suite ERP package
76 years implementing the Oracle GRC applications
More than 512 GRC implementations to the team’s credit to date
46. 46
ABOUT NAVILLUS PARTNERS
Highly experienced resourceswith one of the strongest track records for delivery success in the North America & Europe.
Oracle Resource(s) have 13+ years dedicated to Oracle Implementations, Security Design, and Project / Program Management
Our team members average more than 8 years of Oracle Advanced Controls Experience
The majority or our team was involved in the development of the original versions of the Oracle Advanced Controls Applications
Proprietary accelerated delivery methodology, NAViGATE
Process Driven approach tailored specifically for Oracle Advanced Controls
‘Design In’ Approach for Oracle e-Business Suite & PeopleSoft implementations and upgrades
Developed and maintain our ACE Process & Controls Library
Process optimization and control accelerators
GRC & Business Process Controls Library for PCG, CCG, & TCG
Comprehensive extension to Oracle’s out of the box Access Controls Content
-
47. 47
NAVILLUS PARTNERS IS A WORLD LEADER
More than 500 combined Oracle Advanced controls implementations
34+ skilled and experienced Advanced Controls professional worldwide
Functional & technical experience across nearly all Oracle e-business applications (HRMS, Financials, Supply Chain Management, CRM, other)
Multiple consultants with Oracle accredited specializations
Experience
GlobalDelivery
Centers
of Excellence
Right-shore Delivery capabilities for Oracle Advanced Controls including utilization of our experienced Chennai, India team, well beyond installation & technical responsibilities
Navillus provides training to customers and other implementation partners worldwide
International experience in more than 10 countries
Navillus’ Center of Excellence (CoE) is a solution center that works closely with Oracle OAC Product & Product Strategy and promotes and trains the extended team on new product features and techniques
Provides new and innovative delivery techniques from in-field feedback and experience to continuously enhance our NAViGATE Methodology
Works with Oracle’s product group on new features and enhancements
Maintains and updates our internal development and demo labs
49. 49
NAVILLUS PARTNERS DEPLOYMENT INFORMATION
Library Prebuilt Transaction Control Models and Preventive Controls to provide immediate ROI
1 week for existing installs
2 weeks requiring installation of TCG and PCG
Recent Client Deployment Resulted in identifying:
$271K in Duplicate Spend
Over 150 Duplicate Suppliers
Rules designed to provide prevent controls and continuous oversight to specific process and system limitations resulting in duplicate spend
-
50. 50
ANALYSIS FOR IMMEDIATE ROI
Recent Deployment of Navillus TCG Controls focused on Cash Leakage
Deployed 7 Duplicate Invoice/Payment Monitors –Possible duplicate invoices based on attribute combinations (e.g. same invoice number and amount, same supplier, invoice amount and date)
•7 Variations of Supplier, Inv#, Invoice Amt., Inv. Date attribute review
•Duplicate Invoices -Same invoice number and amount
Deployed 4 Duplicate Supplier Monitors –different possibilities for review
•Similar name suppliers
•Suppliers with the same tax ID
•Combinations of Name, Address, etc.
Deployed 2 Missed Discount Monitors –identifying Suppliers offering discounts where no discount taken
51. 51
SUMMARY OF RECENT DEPLOYMENT
Review of one Duplicate Payment TCG Model looking for Invoices with the same invoice number and amount identified:
•Identified Results (20 month review): 175 incidents totaling ~$5 million USD = $2.5 million in possible overspend
•Likely Dups from Result Review Identified: 8 incidents representing ~$271k (11%) in possible overspend (see next slide)
Duplicate Supplier –Different possibilities for review
•Similar name suppliers -1745
•Suppliers with the same tax ID –165
Missed Discounts -Suppliers offering discounts with no discount taken on Invoice 61 invoices –totaling @97K, missed discount of @4.8K.
52. 52
LAYERED APPROACH FOR DUPLICATE INVOICES
Identified weaknesses with TCG lead to Preventive Controls design with PCG
Duplicate Issues identified and related PCG Control
•Duplicate payments across supplier site or OU
Rule designed to Prevent or Warn of duplicates across OU or Site at entry.
•One letter’s case or placement different in the invoice number
Rule to restrict invoices to all capitals and holds or warning of similar numbers
•Duplicate suppliers in system and two different suppliers paid
Rule warn or hold duplicate suppliers at entry