Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
A Tailored Oracle E-Business
Suite Doesn’t Need to Cost You
Using Preventive Controls Governor to close gaps
and save mone...
1PROTIVITI • A TAILORED ORACLE E-BUSINESS SUITE DOESN’T NEED TO COST YOU
Introduction
Enterprise resource planning (ERP) s...
2PROTIVITI • A TAILORED ORACLE E-BUSINESS SUITE DOESN’T NEED TO COST YOU
WHAT IS PREVENTIVE CONTROLS GOVERNOR (PCG)?
PCG i...
3PROTIVITI • A TAILORED ORACLE E-BUSINESS SUITE DOESN’T NEED TO COST YOU
Reporting on field value changes: Audit and Chang...
4PROTIVITI • A TAILORED ORACLE E-BUSINESS SUITE DOESN’T NEED TO COST YOU
Protiviti helped the organization implement a PCG...
5PROTIVITI • A TAILORED ORACLE E-BUSINESS SUITE DOESN’T NEED TO COST YOU
CONCLUSION
With PCG, organizations can bridge gap...
ASIA-PACIFIC
AUSTRALIA
Brisbane
Canberra
Melbourne
Perth
Sydney
CHINA
Beijing
Hong Kong
Shanghai
Shenzhen
INDIA*
Bangalore...
Upcoming SlideShare
Loading in …5
×

Maximizing Oracle: Using Preventive Controls Governor to close gaps and save money by configuring, not customizing

656 views

Published on

Enterprise resource planning (ERP) systems are not one-size-fits-all solutions – particularly when it comes to business processes steps and controls. While a certain process step or control may be in place as part of the ERP system’s standard functionality, it may not be the exact parameter the organization needs to have in place to avoid issues with transactions, master data integrity or segregation of functions. Organizations using Oracle E-Business Suite (Oracle EBS) often discover that applying the standard solution out of the box leaves critical gaps in their business processes and controls. These gaps can lead to process inefficiencies and pose an increased risk of human error and fraud. Thus, many companies find themselves having to invest additional time and money to customize their Oracle EBS application to better fit their needs – usually by engaging programmers to write custom code for the application. While this is one way to solve the problem, this approach is expensive and time-consuming and can present issues (such as corrupted programs) during system upgrades.
Fortunately, there is a way to close many of the gaps that can occur between process steps and controls in a standard Oracle EBS application, without the expensive customization process. Preventive Controls Governor (PCG) is a utility within the Oracle Advanced Controls suite that affords customers additional flexibility to shape the behavior of Oracle EBS, such as screen, field and user experience modifications. By deploying PCG, companies can improve operational controls and business processes as well as solve a wide range of compliance challenges, with no need to write custom code to close process or control gaps. As a result, many organizations that employ the PCG tool to tailor applications to their needs see an increase in the overall efficiency and ROI of their Oracle EBS platform.

Published in: Business
  • Be the first to comment

  • Be the first to like this

Maximizing Oracle: Using Preventive Controls Governor to close gaps and save money by configuring, not customizing

  1. 1. A Tailored Oracle E-Business Suite Doesn’t Need to Cost You Using Preventive Controls Governor to close gaps and save money by configuring, not customizing
  2. 2. 1PROTIVITI • A TAILORED ORACLE E-BUSINESS SUITE DOESN’T NEED TO COST YOU Introduction Enterprise resource planning (ERP) systems are not one-size-fits-all solutions – particularly when it comes to business processes steps and controls. While a certain process step or control may be in place as part of the ERP system’s standard functionality, it may not be the exact parameter the organization needs to have in place to avoid issues with transactions, master data integrity or segregation of functions. Organizations using Oracle E-Business Suite (Oracle EBS) often discover that applying the standard solution out of the box leaves critical gaps in their business processes and controls. These gaps can lead to process inefficiencies and pose an increased risk of human error and fraud. Thus, many companies find themselves having to invest additional time and money to customize their Oracle EBS application to better fit their needs – usually by engaging programmers to write custom code for the application. While this is one way to solve the problem, this approach is expensive and time-consuming and can present issues (such as corrupted programs) during system upgrades. Fortunately, there is a way to close many of the gaps that can occur between process steps and controls in a standard Oracle EBS application, without the expensive customization process. Preventive Controls Governor (PCG) is a utility within the Oracle Advanced Controls suite that affords customers additional flexibility to shape the behavior of Oracle EBS, such as screen, field and user experience modifications. These may include controls over displaying and editing master or transactional data, automation of approvals, limiting access to fields, auto-populating specific fields within forms, and many others. By deploying PCG, companies can improve operational controls and business processes as well as solve a wide range of compliance challenges, with no need to write custom code to close process or control gaps. As a result, many organizations that employ the PCG tool to tailor applications to their needs see an increase in the overall efficiency and ROI of their Oracle EBS platform.
  3. 3. 2PROTIVITI • A TAILORED ORACLE E-BUSINESS SUITE DOESN’T NEED TO COST YOU WHAT IS PREVENTIVE CONTROLS GOVERNOR (PCG)? PCG is a component of Oracle’s Advanced Controls application suite. It can be used to create and customize a significant number of process steps within Oracle EBS, as well as to enforce controls for specific users and/or events. Rules within the PCG tool can help organizations to: • Reduce inefficiencies and save users’ time by auto-populating certain form fields within Oracle EBS applications used to perform transactions • Protect sensitive application data by hiding or masking sensitive data from specific users or groups • Increase segregation-of-duties (SoD) controls by customizing or limiting access on the individual field level versus the form/screen level • Eliminate manual tasks by automating routine or repetitive processes, such as item creation or period open/close • Reduce data errors by setting up input controls, including customized drop-down lists • Increase IT productivity by providing a quick and easy way to modify forms and workflows, reducing dependency on IT for customization and maintenance. As a result, IT teams have more time to focus on value-adding activities for the business. USING PCG RULE TYPES TO CLOSE CONTROL GAPS Organizations can use PCG to enhance the efficiency and effectiveness of the control environment through techniques such as: Enforced business rules within forms: Form Rules provide the ability to implement an added layer of intelligent security restrictions and quality-enhancing validation checks with simple configuration techniques. Security restrictions may include suppressing data within forms, view-only options, setting validation requirements (e.g. numbers only, phone number format) and forced navigation within forms that employs “warning” messages (which can be bypassed by the user) or “hard stop” error messages (where the user has to correct the information before submitting the form). These types of restrictions can be implemented and adapted to the needs of the organization through simple rule configuration, avoiding coded customizations. Automated process and approval notifications: Flow Rules can be used to create a process flow for almost any triggering event (e.g., receipt of an invoice over a certain amount). Users are notified and/or required to take a specific action (e.g., provide two signatures of approval on the invoice from authorized personnel) prior to the next sequence within that event. Approval processes and notifications can be created directly from the PCG user interface. Sample PCG rules that can be created within Oracle EBS: • Procure to Pay: Restricting a user from entering and approving the same invoice • Order to Cash: Ensuring the right sales order types are selected according to a customer’s country • Hire to Retire: Establishing security rules related to new users or changes in job types or locations. For example, even if not technically using true HR position-based security, when an employee changes positions or responsibilities, an HR notification can be sent to the Oracle EBS Security group to modify the user’s access based on new responsibilities. • Project Accounting: Automated notification to key process owners when projects reach a certain percentage of budget expenses or cost • Reconcile to Report: Setting fine-grained restrictions around which users can open future accounting periods
  4. 4. 3PROTIVITI • A TAILORED ORACLE E-BUSINESS SUITE DOESN’T NEED TO COST YOU Reporting on field value changes: Audit and Change Control Rules provide organizations the ability to audit at the “field level” by tracking and reporting on specific field value changes, usually for fairly static or high-impact master data. Audit and Change Control Rules can also be used in conjunction with Flow Rules to trigger a notification and an additional approval process before a change is applied to the database. These rules can also be used to enforce “reason controls” – for example, requiring users to enter their rationale for making a change to a particular field value. CASE STUDY: IMPLEMENTING CONTROLS AND PROCESS ENHANCEMENTS WITHIN ORACLE EBS USING PCG RULES In this case study, Protiviti helped a large publicly traded oil and gas exploration and production company deploy the PCG tool, in concert with the company’s EBS R12 implementation, to implement tailored controls and optimized transaction cycles in several business processes without having to customize the application. In the initial business process design meetings with the Oracle EBS system integrator and business process owners, the company presented a “wish list” of process steps they wanted to automate as well as operational and compliance controls that they wanted to include in the Oracle EBS application. One of the options offered by the system implementers was to write customized code to address the list items. However, the cost and time that would be required to create these custom solutions outweighed their benefits to the company. There was also a concern about the impact of this customization on future Oracle EBS upgrades. Protiviti’s Oracle team, however, noticed that some business process areas could benefit from a PCG rule implementation: Automation of Invoice Validation One of the “wish list” controls the company wanted to implement was related to invoice processing. Historically, the company had been able to process a large number of invoices with a limited number of accounts payable (AP) staff, by allowing AP clerks to enter and approve invoices – provided they did not enter and approve the same invoice. The company wanted to continue this practice after switching to Oracle EBS; also, for efficiency purposes, the company wanted its AP staff to be able to validate invoices in batches. However, while native Oracle EBS functionality could allow a user to enter and validate invoices, there was no automated mechanism to ensure the same user was not entering and validating the same invoice. Protiviti’s Oracle team addressed the problem by configuring a PCG Form Rule to compare the user entering the invoice to the user validating the batch. If the same user performed both functions, an error message would display and the batch would not be validated. This solution allowed the company to continue with its current practice and close the control gaps in the simplest way possible, with no additional code. Segmentation of Cash Receipts and Cash Application The company also needed to segment cash receipt and cash application job duties, both of which were available on the same screen within the native Oracle Accounts Receivable (AR) module. Cash receivers were not only able to enter receipts, but also apply the receipts to the customer balances after entering them. Key Questions to Help Scope Your PCG Implementation: 1. In which business processes do manual errors occur most frequently? 2. Could you reduce errors by setting up data validation on forms? 3. Are there business process areas where you can increase efficiency by auto-populating fields? 4. Where do you have opportunities to reduce keystrokes? 5. What processes and forms frustrate users the most? 6. What processes are delayed by manual approvals? 7. What key transactional fields or configuration settings do you need to monitor and report on easily? 8. Are there areas where you need to segregate functions (areas not addressed by native Oracle EBS security)?
  5. 5. 4PROTIVITI • A TAILORED ORACLE E-BUSINESS SUITE DOESN’T NEED TO COST YOU Protiviti helped the organization implement a PCG Form Rule that would prevent cash receivers from applying cash, and cash appliers from entering receipts. The team used the PCG tool to prevent the cash applier from modifying the receipt details (including amounts and dates) before applying the cash. This ensured that cash was applied as it was entered by the cash receiver. The application of PCG rules in these two areas helped our client to improve its transaction and data integrity and minimize manual errors, as well as improve process efficiency and reduce the risk of fraud. The client also achieved an additional benefit: Because the native Oracle EBS forms were greatly simplified by the PCG rules, users needed less training to learn the new Oracle EBS system and felt more comfortable using it. By introducing PCG as an innovative path in the blueprint phase of the project, Protiviti’s Oracle team helped the client not only to incorporate controls on the company’s wish list quickly and cost-effectively but to see future possibilities of using PCG to improve its controls and processes. As a result, the company engaged Protiviti to assist in the implementation of approximately 40 additional controls and process improvements in a subsequent phase of the project. OTHER AREAS WHERE ORACLE EBS CUSTOMIZATION CAN BE MINIMIZED BY USING THE PCG TOOL Following are some additional examples of PCG-enabled control and process improvements that can be applied to everyday business activities supported by Oracle EBS: • Adding approval workflows on accounts payable (AP), general ledger (GL) and inventory transactions: Organizations can use the PCG tool to create mitigating controls in conjunction with access controls to reduce the potential for loss, erroneous transactions and fraud. For example, journal entries could require dual approval over certain amounts, or the same user could be prevented from creating and approving the same journal entry. • Defaulting data, altering navigation and automating entries: Using PCG to default as much data as possible related to customer entry, vendor entry, orders and items can help reduce manual errors. We have found that order entry time can be reduced by more than 30 percent when organizations employ the PCG tool. • Automating GL account maintenance to disable unused GL accounts: PCG rules can be created to suppress unused accounts from drop-down menus, so users cannot select them to post financial transactions. We have seen organizations using the PCG tool in this way reduce their account maintenance time by more than four hours per month. • Sensitive data management: Organizations can use the PCG tool to ensure sensitive data is visible only to authorized parties. For example, controls can be set to filter sensitive data from form queries or lists of values, or to mask sensitive fields, such as personally identifiable information and Social Security information. Additionally, notifications can be sent automatically to the security teams when sensitive data is viewed. By using PCG in this way, companies can improve their security compliance without a significant customization effort.
  6. 6. 5PROTIVITI • A TAILORED ORACLE E-BUSINESS SUITE DOESN’T NEED TO COST YOU CONCLUSION With PCG, organizations can bridge gaps between their Oracle EBS applications and business processes through configuration, not customization. This can help save time and reduce costs, especially during Oracle EBS system implementations and upgrades, by reducing the need for specialized resources to customize the system. The key with Oracle PCG initiatives is to start small and build on that success. Not every control or process in the organization can be automated – but many can and should be. Many customers are not taking full advantage of available native EBS controls. With the addition of PCG technology, organizations have the opportunity to achieve real gains in control, efficiency and system utilization. A strategic and measured approach to controls automation can help organizations reduce the risk of fraud and loss, increase efficiencies, preserve transaction and data integrity, uncover new revenue opportunities, optimize the user experience for personnel who use Oracle EBS every day, and help the organization reach a state of continuous compliance. ABOUT PROTIVITI Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 40 percent of FORTUNE 1000® and FORTUNE Global 500® companies. Protiviti and its independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index. Our Enterprise Resource Planning (ERP) Solutions Practice We partner with chief information officers, chief financial officers and other executives to ensure their organizations maximize the return on information systems investments while minimizing risks. Using strong IT governance to ensure alignment of ERP systems and business strategies, we drive excellence through the IT infrastructure and into the supporting applications, data analytics and security. We facilitate the selection and design of ERP solutions, manage the risk of implementation, implement configurable controls, design and optimize application security, and implement governance, risk and compliance (GRC) software applications, such as Oracle’s Advanced Controls suite. Contacts Carol Raimo John Harrison +1.212.603.8371 +1.713.314.4996 carol.raimo@protiviti.com john.harrison@protiviti.com Ronan O'Shea Ashley Cuevas +1.415.402.3639 +1.713.314.5178 ronan.oshea@protiviti.com ashley.cuevas@protiviti.com
  7. 7. ASIA-PACIFIC AUSTRALIA Brisbane Canberra Melbourne Perth Sydney CHINA Beijing Hong Kong Shanghai Shenzhen INDIA* Bangalore Mumbai New Delhi INDONESIA** Jakarta JAPAN Osaka Tokyo SINGAPORE Singapore SOUTH KOREA Seoul * Protiviti Member Firm ** Protiviti Alliance Member THE AMERICAS UNITED STATES Alexandria Atlanta Baltimore Boston Charlotte Chicago Cincinnati Cleveland Dallas Denver Fort Lauderdale Houston Kansas City Los Angeles Milwaukee Minneapolis New York Orlando Philadelphia Phoenix Pittsburgh Portland Richmond Sacramento Salt Lake City San Francisco San Jose Seattle Stamford St. Louis Tampa Washington, D.C. Winchester Woodbridge ARGENTINA* Buenos Aires BRAZIL* Rio de Janeiro São Paulo CANADA Kitchener-Waterloo Toronto CHILE* Santiago MEXICO* Mexico City Monterrey PERU* Lima VENEZUELA* Caracas SOUTH AFRICA* Johannesburg EUROPE/MIDDLE EAST/AFRICA FRANCE Paris GERMANY Frankfurt Munich ITALY Milan Rome Turin THE NETHERLANDS Amsterdam UNITED KINGDOM London BAHRAIN* Manama KUWAIT* Kuwait City OMAN* Muscat QATAR* Doha UNITED ARAB EMIRATES* Abu Dhabi Dubai © 2014 Protiviti Inc. An Equal Opportunity Employer M/F/D/V. PRO-0914-103056 Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.

×