How High Tech & Telecom Companies Grow Quickly & Efficiently with eSignatures
Reduce Fraud Risk and Compliance Cost Using Oracle GRC
1. REMINDER
Check in on the
COLLABORATE mobile app
Reduce Fraud Risk and Compliance
Cost Using Oracle GRC
Prepared by:
William Littman – EBS Practice Director
Sam Monarch – GRC Solution Lead
Computer Science Corporation
Reduce Fraud risk
Reduce Compliance Cost
Continuous Monitoring
Session ID#: 14592
3. Industries
Solutions
Who is CSC?
Public
Sector
Energy
and Natural
Resources
Financial
Services
Travel
and
Transportation
INDUSTRY EXPERTISE
Healthcare Communicatio
ns and
High-Tech
Manufacturin
g
Cloud Cybersecurity
Big Data &
Analytics
Consulting
Software
and IP
Applications
Services
Business Process
Services and
Outsourcing
Infrastructure
Services
Leading Next-Gen Technology and Business Solutions
Consumer
and
Retail
10. P2P Cycle – Fraud Scenario
Conflciting functions Risk
Create PO / Maintain Buyers Unauthorized Buyer can create PO
Process Invoices / Create PO Erroneous or unauthorized payments to
vendors
Process Invoices / Maintain (Receive)
Goods
Erroneous or unauthorized payments to
vendors
Process Invoices / Maintain PO Erroneous or unauthorized payments to
vendors
Process Invoices / Process Payments Erroneous or unauthorized payments to
vendors
Receive Goods / Create or Maintain
POs
Unauthorized purchase or erroneous
recording of liability
Release Invoice Holds / Receive
Goods
Erroneous or unauthorized payments to
vendors
12. Order to Cash (O2C)cycle- Complexity
Invoices
Customers
Inventory
Receivables
/ Revenue/
Receipts
Inventory
Transactions
Cash
Management
Banks
Ledgers
Order Management
Receivables
/iReceivables
Requisitions
Inventory
Activity
Interorg/
Shipments,
Back to Back
Orders
General Ledger
Items
Purchasing/
iProcurement
13. Sales Process – WCGW?
Master
Data
Order Shipment Invoice Payment
Period
end
Credit
Limits
Valid
Data
Right
Price
COGS Cut off Everything
Invoice
Partial
payment
Period
Close
Partial
orders?
Approved
Shipment
Right Price Payments
Terms
Manual
Journal
vouchers
Cut off
Credit
Checks
14. Order Cash Cycle – Fraud Scenario
Conflciting functions Risk
Approve Invoice Adjustment / Maintain
Invoice Adjustment
Unauthorized write off of invoices
Create Customer / Enter Cash Receipts Fictitious customer; hide cash
receipt
Create Customer / Enter RMAs Unauthorized credit given to
customers
Create Customer / Enter Sales Orders Unauthorized sales order and
shipment of goods
Create Customer / Maintain Cash Receipts Hide cash receipt
Enter Cash Receipts / Approve Invoice
Adjustments
Unauthorized write off of invoices
Maintain Customer Profile / Enter Sales
Orders
Unauthorized sales order and
shipment of goods
Maintain Customer Profile / Maintain Misc
Cash Receipts
Hide cash receipt
15. GL/Financial Close – Fraud scenario
Conflciting functions Risk
Maintain Chart of Accounts
Monitor Suspense or Clearing Accounts Usage
If one individual has
responsibility for more than
one of these functions, that
individual could conceal
errors or fraudulent activity.
Journal Approval and Posting
Prepare Consolidation
Review and Approve Consolidation
Generate Internal Drafts of Financial
Statements
Review and Approve Financial Statements
Initiate Non-Routine Transactions
Review, Evaluate and Approve Non-Routine
Transactions
16. Integrated GRC Solution
SOX-404
C-SOX
J-SOX
ITAR
EAR
FOCI
PIPEDA
PCI/
OMB-123
IFRS
NERC
EUDP
AML/FDA
Integrated solution with support for multiple compliance mandates and ERP/Non-ERP
systems.
GRC Intelligence
Dashboards Alerts
Key Risk & Control Indicator
Enterprise GRC Manager
Processes
Procedures
Risks
Remediation
Assessments
Policies
Issues
GRC Advanced Controls Suite
Application
Access Controls
Governor
Configuration
Controls
Governor
Transaction
Controls
Governor
Preventive Controls Governor
GRC Infrastructure Controls
Identity
Mgmt
Data
Security
Change
Mgmt
Records
Mgmt
Digital
Rights
Cross Industry Compliance
Requirements
Suppliers
Partners
Finance
HR
Oracle GRC Intelligence
• Enterprise wide Risk/Controls dashboard
highlighting potential trouble areas
Oracle EGRC Manager
• Enterprise Risk Management
• Financial Compliance Management
• System of record
Oracle GRC Advanced Control Suite
• Granular access, configuration and
transaction controls
• Pre-built controls library
• Reduce risk of fraud with continuous
monitoring
GRC Infrastructure Controls
• Integrated identity management
• Protect sensitive data
• Rights management
Complete, integrated, configurable, scalable
17. Security Model
Enter Data
Approve
Maintain
Inquiry
Pay
Responsibilities
Enter Invoices
Inquire Invoices, Payments, Accounting, Suppliers and Banks
Run Standard Reports
Approve Invoices
Update Accounting Entries
Payables Transfer to GL
Inquire Invoices, Payments, Accounting, Suppliers and Banks
Run Standard Reports
Create Payments / Payments Batches
Inquire Invoices, Payments, Accounting, Suppliers and Banks
Run Standard Reports
Create Suppliers / Enter Employees
Inquire Invoices, Payments, Accounting, Suppliers and Banks
Setup Banks / Setup Tax Codes
Open / Close AP Periods
Run Standard Reports
Inquire Invoices / Inquire Payments / Inquire Suppliers
View Employees
Run Standard Reports
Functions
20. Fraud Scenario #1
Transactions to watch
Vendor payments to an employee’s bank account or address
Payment terms on invoice different than terms on vendor record
Unusually large payments
Repeating payments to “one-time” vendors
23. GRC Business Value
Business Value Solution Components
1. Prevent occurrence of fraud and company
reputation
Advanced GRC Control suite
(AACG,PCG,TCG & CCG)
2. Track complete audit trails for changes to key
configurations
CCG
3. Increase business confidence in efficiency and
data integrity of the system
PCG
4. Reduce audit cost with automated controls Advanced GRC Control suite
(AACG,PCG,TCG & CCG)
5. Test 100% population of transactional activity Advanced GRC Control suite
(AACG,PCG,TCG & CCG)
6. Detect and deter fraud with automated
transaction controls
TCG
7. Save money – capture cost and spending
leakage
Advanced GRC Control suite
(AACG,PCG,TCG & CCG)
24. GRC Business Value
Business Value Solution Components
8. Reduce risk and exposure of inappropriate
access
AACG
9. Reduce risk of fraudulent transactions Advanced GRC Control suite
(AACG,PCG,TCG & CCG)
10. Provide greater visibility and assurance to
business owners
Advanced GRC Control suite
(AACG,PCG,TCG & CCG)
11. Monitor and report exceptions Advanced GRC Control suite
(AACG,PCG,TCG & CCG)
12. Mitigate risk of application changes with
approval workflow and audit trails
Advanced GRC Control suite
(AACG,PCG,TCG & CCG)
13. Activate effective data privacy with
restricted user views
PCG
14. Audit ready reporting and evidence to
reduce costs of internal and external
auditing of controls
Advanced GRC Control suite
EGRCM
25. FRAUD INDICATORS
1. Unethical activities
2. Weak internal controls
3. Promise of gain with little likelihood of
being caught
4. Missing or altered documents
5. Unexplained decisions and transactions
26. Fraud Monitoring
Business
Process
What to look for?
Procure to
pay
• Duplicate invoice
• Purchase order date
after invoice date
• Prepayments
• Employee and vendor
addresses are same
• Non-Standard payment
terms
• Duplicate payments
• Multiple checks to the same vendor in
short period
• Frequent change to vendor master file
Payroll • Duplicate paychecks
• Salary paid without tax
holdings
• Excessive overtime
• Under reporting vacation
• Payroll status active after termination
• Direct deposit after termination
27. Fraud Monitoring
Business
Process
What to look for?
T &E • Duplicate T&E submissions
• Personal credit card use for corporate
travel
• T&E without receipts
• T&E requester matches with approver
• Expense under
system tolerance
limits
• Corporate card use
for personal use
Plan to
Consolidate
• Splitting of manual JEs
• Posting backdated JEs
• Unusual VS/P&L account fluctuation
• Entry reversal
• Manual JE > $1M
Acquire to
Retire
• Asset not properly transferred
• FA master file changed frequently
• Assets capitalized below corporate
threshold
• Premature retirement of assets
28. Process Documentations and Testing —
Cost Savings
Current State
■ Process Documentations
Risk and Control Matrix
Process Narratives/Process Flow Chart
Policy and Procedure/Test Plan
Remediation/ Corrective Action Plan (CAP)
■ Key Control Testing
Sample Size Varies Based on the Frequency
of the Control
Test Plans Are Maintained as Separate
Document
Delay Due to Manual Testing and Evidence
Delay Due to remediation/Corrective Action
Plan and Manual Re-testing
Post GRC
Centralized Repository
No Duplication or
Outdated Documents
Policy and Control
Templates
Easy to Track CAP
Reduce Testing Effort
with One Sample Size
Preventive Controls
Reduce Reliance on
Manual Documents for
Evidence
Process documentation and Control automation reduces the overall compliance cost
29. Control Automation — Return on Investment
Most clients are
here
Based on maturity level, clients can achieve ROI and reduce operational risk
with control automation
Number of
Controls
Cost
Year 1 and 2 Year 3 Year 4+
DEFINE RATIONALIZE
AUTOMATE,
MONITOR AND
VERIFY
MANUAL,
REDUNDANT
EFFORTS
REMEDIATION AND
STANDARDIZATION
EMBEDDED GRC AND
OPERATIONAL
EXCELLENCE
30. Tools
■ Data Capture Sheet Templates
WIP Accounting Class
Departments/Resources/Instances
Asset Group, Asset and Genealogy
Activity/Routings
Meters/Meter Readings
PMs
BOMs (Asset and Maintenance)
Work Orders
Attributes
Area
Routes
■ Automated Data Conversions
Category
Attribute Group/Value Set
Asset Group
Asset and Genealogy
Activity/Routings
PMs
BOMs
Accelerated Value Realization (AVR)
■ Demonstration:
Equipment
Manufacturing Integration
■ Support Documentation
Data Capture Sheets
Setup Up Documentation
Expertise
Industry Leading Practices
Implementation Experience
Practical Industry Experience
Industry Leading Methodology
Catalyst
Oracle Unified Methodology
Experienced Project Management
Tools, continued
■ Set Up Documentation Templates
Financials
Maintenance Management
Operations and Logistics
Procurement
Projects
Add On Applications
■ User Productivity Kit (UPK) enhanced content
Value Added Service Offerings
31. GRC Solution Value, Reduced Cost,
Improve Performance
Effective Governance, Risk
& Compliance management
with continuous monitoring
Timely and accurate
information helps better
decision making
Reduced audit cost with
automation
Protection of the confidential
information (e.g. SSN, PCI)
Better utilization of Audit, IT
and Business process
resources
Increased mutual
confidence between
Stakeholders, Customers
and Partners
Reduced cost ( Automation)
Improved business performance (low or no control deficiencies)
Improved risk intelligence and increased confidence in financial integrity( Eliminates surprises)
Most Clients Are
here With GRC
Continued cost escalation for clients who
continue with current silo approach
CSC’s Integrated Compliance Solution
Stabilizes Cost
Provides Sustainable Compliance
Improves Governance
GRCComplexityandCost
Governance, Risk and Compliance
32. PCG – Customization and Workflow
Provision users by implementing “preventive” enforcement,
applying access policies to each user as they are assigned
responsibilities in the User form of Oracle E-Business Suite.
Provisioning Access
Configure and develop Form Rules, that modify the security,
navigation, field and data properties of Oracle EBS forms.
Custom Business Requirements
33. TCG – Pre-built Controls
Monitor inappropriate vendor & employee association ( name, address, phone,
ITIN/SSN)
Monitor vendors with non-current Industry Certifications (Noncompliance
with trade regulations)
Monitor excess payments that may be due to duplicate invoices, POs or Vendors
Monitor vendors with missing data to improve the quality of sourcing decisions
Supplier Risk Controls
Monitor purchases of unauthorized items, such as competitor's products
Monitor holds that are not resolved within specified time
Monitor purchases that circumvent expenses thresholds by splitting the
purchase into multiple transactions ( Split Transactions)
Monitor cardholders that exceed spending thresholds by tracking
Monitor invoices without purchase orders, to prevent unaccounted & disputed
liabilities.
Monitor for transactions with discrepancies in freight charges
Procurement Controls
34. TCG – Pre-built Controls
Monitor orders with missing information or errors to avoid loss of
Revenue
Monitor orders shipped for value exceeding the credit limit
Monitor manual changes to invoices and verify that they have adequate
approval (Unauthorized Invoice Changes)
Monitor non-standard discounts and verify that they have adequate
approval
Monitor rebates and warranties to be recovered from OEMs
Order-to-Cash Controls
Monitor journal entries larger than stipulated amounts (Large Voucher
Amounts )
Monitor transactions posted to accounts with infrequent activities
Monitor write-offs that by-pass sub-ledgers and are posted directly to
General Ledger.
Monitor journal entries that are back-dated( Back-dated Journal Entries )
Financial Close Controls
36. Please complete the session
evaluation
We appreciate your feedback and insight
You may complete the session evaluation either
on paper or online via the mobile app