Advance controls 2013

Enhancing Process
Effectiveness with Advanced
Financial Controls
Zeeshan Khan
Oracle Sales

1 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.

Agenda

R12’s Core Financial Management

What do Advance Controls do?

Why Advance Controls?

How do we use Advance Controls?

Where do Advance Controls impact?

R12’s Core Financial Management
The New Standard for Finance Operations

• Centralized key business functions to support shared services
Increase Efficiency • Self-service collaboration of customers, employees, and
and Effectiveness suppliers
• Extensive spreadsheet and imaging integration

• Unified global platform
Meet Global
Requirements • Common, rules-based accounting infrastructure
• Support for multiple GAAPs

• Tightly integrated, complete end-to-end solution
Close Books • Centralized consolidation and close management
Faster
• Flexible reporting formats, such as XBRL


R12 Single Global Instance:
Continuous, Embedded, Framework
Performance Management
Planning, Budgeting, Profitability Role-Based
& Forecasting Management Scorecards

Continuous, Embedded: Advance Controls in Key Financial Processes
Multiple control types Financial Control
Credit-to-Cash Procure-to-Pay
& Reporting
to support each Cash & Treasury Travel & Expense Asset Lifecycle &
financial process Management Management Real Estate Mgmt

Governance, Risk and Compliance
GRC Processes GRC Infrastructure GRC Insight

Fusion Middleware
End-to-End Master Data Comprehensive Enterprise
Industry Processes Management Security Analytics


What do Advanced Controls do?

Augment Standard ERP Controls

Bridge GAP – Policy Creation and Transaction Systems

Automate Policy Enforcement

Deliver Business Process Efficiency across Systems
• Hyperion, Concur, Workday and other systems


Why Advance Controls?
Financial Controls -
Are Required

Ensure Data Integrity

Protect Against Error + Fraud

Provide Compliance


How do we use Advance Controls
Robust Types of Automated Controls

Monitor Control Effectiveness

What users What’s changed in What are the
have done the process execution patterns

Segregation of Application Transaction
Duties Configuration Monitoring

Preventive
What users How is the process How users execute
can do set up processes

Enforce Policies in Context


Where do Advanced Controls Impact –
Key processes
Financial Close & Reporting

Order to Cash

Procure to Pay

Travel & Expense

Extensibility - Hyperion, Concur and other systems
A well executed business process is run efficiently AND according to corporate policies


Financial Close Components
Financial Close Best Practices

CFO Dashboard
Governance, Risk & Compliance
Financial Close Workflow
Tax Tax
Calculations Filing
ERP: Data Financial
Oracle R12 Assurance Consolidation Financial & Document
Management
Mgmt. Reporting & Filing

Transactions Reporting


Oracle GRC Leveraged in Close Process
Hyperion Financial Close Management Dashboard

Using FCM
integration tasks,
GRC activities are
embedded into close
process


GRC Intelligence

GRC Monitor – Aligned with ERP Tasks GRC Manager
GRC Controls

Hyperion Financial Close Management Gantt View

FCM
automatically
runs GRC
monitors


Next Steps

Discovery meeting with EA Finance executives
Gaps in core processes
• Inappropriate Risk
• Compliance Risk
• Inefficiencies (high touch manually)

Demo for the Key Processes

A well executed business process is run efficiently AND according to corporate policies


Appendix


Preventive Controls
Embed Controls Natively in E-Business Suite

• Enforce preventive controls for
specific users and events natively
within enterprise application
• Initiate appropriate approval workflow
in response to proposed modifications

• Produce audit trail of change and
approval history

Prevention
Define Initiate Enforce
Prevent Read or Review Audit
Preventive Approval Field
Write Access Reports
Controls Workflow Validation


Transaction Controls
Identify Inaccurate or Fraudulent Transactions

Continuously monitor accuracy of
P r e -d e liv e r e d
T r a n s a c tio n C o n tro ls
transactions and mitigate exposure
to fraud
• Test against thresholds
Suspect
T r a n s a c tio n s

• Search for anomalies
• Perform transaction sampling

Detection Prevention
Define Perform Review and Preventive
Transaction Transaction Address Transaction
Controls Analysis Suspects Controls


Configuration Controls
Ensure Integrity of Critical Application Setups

• Achieve consistent application setup
and operating standards across
multiple instances
• Track complete audit trails for changes
to key configurations

• Tightly control change management to
accelerate development and test time

Define Document or Monitor
Enforce Change Manage Data
Configuration Compare Configuration
Control Integrity
Controls Configurations Changes


Segregation of Duties Controls
Comprehensive Policy Enforcement

• Simplify segregation of duties
enforcement with simulation and
remediation
• Mitigate risk of privileged user access
to enterprise applications with
approval workflow and audit trails
• Accelerate deployment and time to
value with pre-delivered controls library


Define Access Access Remediation Preventive Compensating
Controls Analysis (Clean-up) Provisioning Policies


ERP CONTROLS

FINANCIAL
PROCESSES

ADVANCED
CONTROLS


Risks and Advance Controls
Take Control of User Access
Risk ERP Control Advanced Control
Maintain vendor records, Assign users proper Alert management of users with
enter vendor invoices or access privileges incompatible duties
make payments
Same user can approve Do not assign same Monitor for users who have custody
PO they created user ability to create (create PO) and authorization duties.
and approve PO’s
User creates PO for Limit ability to create Enable rules for users to create PO’s
requisitions they created both PO’s and only for other user’s requisitions
requisitions


Ensure Policies and Procedures Followed
Make changes to Require workflow Audit capabilities to detect when the
payment terms (e.g. approval for these changes are made.
change from 30 to 60 changes
days)
Payment discounts not Define vendor record Flexibly apply discount rules with
applied to invoice to always take based on specific events
payment discounts
Unauthorized changes to Do not give users Utilize rules to prevent users from
vendor records access to the vendor making changes
records


Gain Insight Into Procurement Activities
Splitting PO’s to avoid PO’s over a certain Use sophisticated analyses to
approvals threshold require compare for same vendor if same
approvals goods or services are on multiple
PO’s for a given period of time
Purchases from non- Review PO reports to Require approval of the PO when
preferred vendors identify POs to non- non-preferred vendors are used
preferred vendors
Entering PO’s same day Review reports to Automatically compare PO date and
goods or services compare PO, entry date for anomalies
received receiving dates


Monitor Invoicing and Payments
Create duplicate Prevent same invoice Detect invoices for similar invoice
invoices number numbers and similar invoice amounts
for the same vendor
Submitting invoices for 3-way match Evaluate vendor and nature of items
fictitious goods or purchased with pattern / trend
services analysis and alert management when
unusual items are invoiced
Vendor check is Utilize electronic Evaluate invoices paid multiple times
intercepted, forged or payments by using pattern analysis
altered


Risk Advanced Control
Eliminate Duplicate payments •Check for potential duplicates and prevent payment records
without approval
•Transaction Control to report potential duplicates
•Intelligence Dashboards reporting control violations
Manage configuration settings •Preventive Controls enforce change control, initiate alerts
and audit data real-time
•Configuration Controls track changes and alert
•Transaction Controls to report historical changes

•Pricing & Discounts
•Approval levels
•Account codes
•Setups
•Bank accounts


Stopping Payments against • Preventive Controls enforce requirement to not allow
cancelled invoices payments against cancelled invoices
• Transaction Control to report payments against cancelled
invoices
• Intelligence Dashboards reporting control violations

Controlling Inventory Re-order • Preventive Controls enforce change controls on re-order
levels tightly points and min-max
• Transaction Control to report inventory turns outside of
given tolerance(by item)
• Transaction Control to report shelf life or lots past certain
age
• Dashboard view of inventory turns and aged inventory
controls



Reducing Unprocessed Credit •Preventive Controls enforce requirement for approval of
Memos manual credit memos
•Transaction Control to report credit memos over certain
threshold or those not associated to orders
•Transaction Control to report credit memos with suspicious
amounts
•Intelligence Dashboards reporting control violations and
credit memos approval process


ERP CONTROLS

Reference
Clients

ADVANCED
CONTROLS


CSX

After
Before

 Situation: CSX faced real-time reporting
Solution: Obtained increasingly
of controls environment
complex government regulations.
 Challenge: Fragmented and labor
Results: Quickly identify and resolve user
intensive issues in a decentralizedexternal
access processes. Reliance on
environment. Also provide management
consulting resources to perform
with information used for forward-looking
verifications of user access.
strategic planning.


USANA

After
Before

  Situation: USANA needed modern,
Solution:
standards-based solutions that could
– Provide more effective monitoring of
replace manually intensive controls,
segregation of duties
optimize key business processes, and
– Improve change management
support a major ERP upgrade.
during EBS upgrade
  Challenge: Their control structure was
Result: A proper controls environment
was manually intensive, they had improve
retained after their upgrade, and
inefficientmanagement
change processes, and they were
concerned about how their upgrade would
impact their control environment.


Oxbow

CUSTOMER PERSPECTIVE
After
Before “We are finding a tremendous time and
cost savings with Oracle Configuration
 Situation: Oxbow Carbon, focused on
Solution: Controls Governor, to say nothing of the
growth, has gonecontinuous monitoring of
– Automate through numerous problems we are avoiding,”
acquisitions controls during EBS
ERP in recent years. Patrick Palmer, Manager of Internal Audit
implementation
 Challenge: The company was running
– Detect and prevent inappropriate
13 distinct enterprise resource planning
(ERP) user access
systems, which limited visibility of
critical business information and created
Results: Increased visibility into controls
ITenvironment across multiple ERP
governance challenges.
systems. Instilled a preventive approach
regarding inappropriate user access.


Experian

Before
After
 Situation: Experian’smanual SOD
Solution: Replace IT environment
adheres to maximum controls and security
process
regulations due to the nature and
 Results: Reduce the time and effort
confidentiality requirements of their
spent managing user access and
business.
detecting and resolving inappropriate user
 Challenge: Experian had little visibility
access.
into user access within the Oracle E-
Business environment.


Advance controls 2013

More Related Content

What's hot

Viewers also liked

Similar to Advance controls 2013

Advance controls 2013

Editor's Notes