SlideShare a Scribd company logo

Oracle GRC Product Strategy Overview

Oracle
Oracle

Great information from the speakers in the Do You Really Know What Your Users Can Do session just now. Jaime Ramos, from Symantex explained how they implemented a comprehensive approach to securing and monitoring user access with the help of Oracle’s GRC Advanced Controls. You can learn more about this and the other speakers stories, including from Facebook and Navillus, by downloading the presentations from here.

Business
1 of 47
Download to read offline
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Do you really know what your users can do, or maybe have done? Session ID: CON8200 Mark Stebelton, CPA, CFE (Oracle) –Director of GRC Product Management Daryl Geryol (Navillus) -Partner David Claytor (Facebook) –IT Global Applications Jaime Ramos (Symantec) –IT Global Applications @OracleAdvCntrls Follow us on Twitter
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | MANAGE RISK | REDUCE COSTS | IMPROVE CONTROLS
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Strategic Priorities Survey ________________ Finance Executives SURVEYED 263 Reaching New Heights: The Dividends of Collaboration between Finance and Procurement is published by CFO Publishing LLC, May 2012 Survey question: Where does the procurement function need to get stronger? SUMMARY: ________________________________ Better Controls & Efficiencies Needed #1 #2 #3 #4 #5 Audit/Control of Procurement Risk Analysis CashFlow PayableExposure Compliance
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | 6 BOTTOM LINE: Document/Email Approaches Challenge GRC 53% Spreadsheets, Documents & Email 17% Solutions Built In-house by IT 24% Commercial GRC Solution 6% 2+ CommercialGRC Solutions The lack in modern technology makes achieving goals challenging OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.orgHOW ORGANIZATIONS APPROACH AND ADAPT THEIR TECHNOLOGY STRATEGY FOR GRC The impact on FTE’s is particularly significant One financial services organization stated that 80%of their GRC staff resources were nothing more than document reconciles for reporting. […] A mess they are aggressively trying to correct. of GRC professionals reported that they use Spreadsheets, Emails, Custom reports apps. 70%
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | 7 Oracle GRC Product Strategy PLATFORM ENTERPRISE GRC COMPLETE One, UnifiedPlatform The #1 Platform With intelligence, advanced controls & management capabilities
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Comprehensive Risk & Controls Mgmt. Detect and Fix Issues Continuous Improvement and Monitoring Assess Risk & Compliance Close the LOOP Identification Analysis Evaluate 1. BUSINESS RISKS Document Assessments Reviews 2. CONTROL OBJECTIVES Author Execute Investigate 3. CONTINUOUS MONITORS
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Meeting Mission Critical Goals 1 One Unified Platform 2 Big Data Techniques for Advanced Analytics MASTER DATA 3 Embedded ControlsExtensive API Library FINISHED
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Enterprise Graph __________________ ALL USERS _____________ ALL SYSTEMS __________________ ALL TRANSACTIONS INTUITIVE | FLEXIBLE | COMPLETE SECURITY SETUP MASTERDATA TRANSACTIONS _______________________________________ __________________________________ BILLIONS OF NODES & RELATIONSHIPS
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | 11 Big Data Analytics USERS SYSTEMS TXN TXN ROLES SET UP ROLES USERS SETUP MASTER DATA
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Standard Controls User Roles 3-Way Match Approval Hierarchies StandardControls Social Media Policy E-learning Ethics Policy
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Standard + Advanced Controls Sentiment Analysis Split Purchase Orders Hide Displays of Sensitive Data Duplicate Payments Transaction Threshold Amounts Duplicate Vendors Fine-grained User Access ConfigurationSnapshots & Audit Trial Transaction Pattern Analysis Fuzzy Logic, ‘similar values’ User Roles 3-Way Match Approval Hierarchies Advanced Controls StandardControls Social Media Policy E-learning Ethics Policy
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Government/Education Technology/Services Retail Energy Communication Industrial Logistics Healthcare Services Mining/Exploration Customer By Industry
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Advanced Controls Partner Specialists Oracle recommends using partners and consultants who are Advanced Controls specialists: Specialized Partner Implementation Specialist Pre-Sales Specialist Sales Specialist •Can plan, design, deliver, support successful solutions •Has all specialists shown below •Demonstrated track record of success •Can design detailed solutions •Passed rigorous Oracle examination •Can describe introductory solutions •Completed ten hours of study and self-assessment •Can identify need for Advanced Controls •Completed ten hours of study and self-assessment Oracle Confidential – Internal/Restricted/Highly Restricted 16
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Specialized Partners Increase your Return On Investment •Get more from Advanced ControlsSpecialists address more of your needs with Advanced Controls’ many capabilities •Increase your organization’s effectiveness Specialists help you embed Advanced Controls in your business processes •Accelerate your implementationSpecialistsguide and support you during planning, implementation and go-live Oracle Confidential – Internal/Restricted/Highly Restricted 17
DO YOU REALLY KNOW WHAT YOUR USERS CAN DO, OR MAYBE HAVE DONE? Daryl Geryol –Partner www.navillusllc.com @NavillusLLC@DarylGeryol
19 About Navillus Partners International professional services and solutions firm headquartered in Boston, Massachusetts Established in2009, Navillus has experienced on average 40% growth year over year in Oracle Advanced Controls professional services Oracle Gold Level Partner specializing in Oracle Advanced Controls & E-Business Suite / PeopleSoft professional implementation and advisory services Recognized as the #1 Oracle Commercial and Federal Advanced Controls Partner The first in the industry to hold Oracle Advanced Controls Specialization accreditation Is an Oracle authorized training partner Navillus is a privately held company that has been profitable consistentlyboth from a cash and accrual basis since the 4thmonth of operations with zero external debt outstanding. Our team’s collective experience includes: 168 years working in the information technology industry 177 years implementing the Oracle e-Business Suite ERP package 76 years implementing the Oracle GRC applications More than 512 GRC implementations to the team’s credit to date
20 Navillus Partners is A World Leader More than 500 combined Oracle Advanced controls implementations 34+ skilled and experienced Advanced Controls professionals averaging more than 10 years of experience worldwide Functional & technical experience across nearly all Oracle e-business applications (HRMS, Financials, Supply Chain Management, CRM, other) Multiple consultants with Oracle accredited specializations Experience GlobalDelivery Centers of Excellence Right-shore Delivery capabilities for Oracle Advanced Controls including utilization of our experienced Chennai, India team, well beyond installation & technical responsibilities Navillus provides training to customers and other implementation partners worldwide International experience in more than 10 countries Navillus’ Center of Excellence (CoE) is a solution center that works closely with Oracle OAC Product & Product Strategy and promotes and trains the extended team on new product features and techniques Provides new and innovative delivery techniques from in-field feedback and experience to continuously enhance our NAViGATE Methodology Works with Oracle’s product group on new features and enhancements
21 Risk-Everything is related Access and Security--How do user’s gain access (Entrance, Accessible Areas, Exit) the ERP system? Provisioning and Deprovisioning Privileged Access Segregation of Duties Emergency Access Operational–How do they do it? Usability Security Optimization Automation Configuration --What did they change? Pre and Post Patching Change Control and Validation Critical Configurations Consistency Transactional –Is what happened within Policy? Within tolerance Fraudulent Correctness Access & Security Operational Configuration Transactional
22 Advanced Controls It’s a Journey-Controls will evolve Controls are related and typically work together with a focus on Increasing Value while Reducing Risk Controls may validate one another –such as a Transactional control reporting that Operational controls limiting certain transactions by amount are indeed effective Controls should have a balance and work together to help ensure a secure, sound, effective and efficient system E-Business Suite Access Controls E-Business Suite Preventive Controls E-Business Suite Transaction Controls
23 Advanced Controls Approaches
24 Navillus presents……Customers on the Journey Dave Claytor, IT Global Apps Jaime Ramos, IT Global Apps -DaVinci GRC Team
Do you really know what your users can do, or maybe have done? David Claytor, facebook IT Global Apps Atul Gupte, Navillus Partners-Advanced Controls Architect
1 ITGC Approach, Teaming with Navillus Partners 2 Self Service Application and DB User Requests, Preventative SOD 3 Quarterly User Audit Automation (Managers & BPO’s) 4 Utilizing CCG to shift CSA’s from Business to IT 5 Summary Background
Getting Serious about ITGC’s ▪With company mottos like ‘Move Fast and Break Things’, we knew we had to get serious about intelligent audit automation and detection ▪After managing ITGC CSA’s for a quarter, became obvious we needed to automate user provisioning, quarterly audit and SOD processes ▪Determined we needed help building an integrated solution. Met with various vendors based on Oracle’s recommendations, went with Navillus Partners ▪Went down a path of creating easy to use workflows for our end users ▪Then began to shift CSA’s from business to IT owned controls, via CCG. This also required out of the box thinking, to pinpoint the alerting.
Self Service Access Management via OAF ▪Custom OAF pages for: ▪Users to request access, and on behalf of any user ▪Users to revoke their access ▪Managers to revoke their team’s access ▪Systematic quarterly application access review, for managers and business process owners ▪Integration with GRC AACG, to enforce preventative SOD ▪Lookup table determines: ▪If the access request is passed through GRC for SOD Audit ▪If the access is reviewed quarterly by Manager and / or BPO’s ▪If the max grant duration is enforced (all setup and admin related access is granted for 7 days or less)
Utilizing OAF for Self Service Access Requests
Automating Quarterly ITGC User Audits
Transitioning CSA’s to IT System Controls ▪CFO pushed to automate & transition business owned CSA’s to IT system controls. We will have moved 50 CSA’s by the end of 2014, in 2 primary ways: ▪Introduced second variant of systematic quarterly user audit, where BPO’s (also the access approvers) review and revoke access as needed, for key functions like Journal Entry, Receiving & AP Payments ▪Monitoring key application setups via CCG, and pairing up change alerts with valid change tasks
Summary ▪Once we built the user access pages in OAF, realized detective SOD was insufficient. Out of the box, GRC (AACG) only works with the java form based access request. This is where the Navillus Partners technical consultants were key, given their deep understanding of the product, as many of them came from LogicalApps. They also helped us systematically tackle managing GRC development instance refreshes, which presented it’s own challenges. ▪As we implemented CCG to shift CSA’s from business to IT owned, realized it only monitored core forms and even then we could not drill into specific areas of those forms for pin pointed monitoring. Again, the Navillus Partners team was a key partner in determining how to add content without introducing too much risk or upgrade headaches using their Navillus CCG content.
33 Do you really know what your users can do, or maybe have done? Jaime Ramos, Symantec IT Global Apps -DaVinci GRC team Project da Vinci – Symantec Richard Goddard, Navillus Partners -Director of Delivery
Agenda •History of GRC at Symantec •The DaVinciInitiative •Challenges •Approach •Managing SOD conflicts in an RBAC system •Go-Live Activities •Critical Success Factors, Lessons Learned. Project da Vinci – Symantec 34
History of GRC at Symantec •In 2008 Symantec implemented the LogicalAppsproducts, Form rules (PCG precursor) and AppsAccessfor Segregation of Duties •Symantec’s custom Self service responsibility provisioning system was integrated with the SOD system to prevent Users from requesting combinations of responsibilities deemed inappropriate. •In 2013 Symantec decided to use the GRC suite of Applications as part of its DaVinciinitiative to implement R12.1 EBS. Project da Vinci – Symantec 35
The DaVinciInitiative •EBS R12.1 for 30,000 worldwide Users •Customer Data Hub (CDH) and Product Data Hub PDH in their own instances •Five separate System environments -DEV, QA, Training, UAT and Production instances (5 GRC systems managing 5 x 3 EBS/CDH/PDH systems) •Full Oracle Advanced Controls GRC suite implementation (PCG, ACG, TCG, CCG, eGRCMand GRC Intelligence) •ACG 140+ SOD and Sensitive Access policies including Module configuration versus Module Transactions for each EBS of the 33 application •CCG was implemented for continuous monitoring of changes for 12 key controls in the EBS Financial applications •PCG / TCG were used to automate control testing for items such as identification of Journals > $5m, Workflow Approval of Recurring Journals, Enforce comments and attachments for Manual Journals per Symantec policy , Mask Project Rates derived from actual Salary information. Project da Vinci – Symantec 36
Challenges •Scalability -SOD rules tracking for more than 30,000 Users and 3000+ function combinations including custom and localization functions •RBAC role based security, more than 400 unique roles •Cross Platform SOD for Users with accounts in the EBS, Product Data Hub and Customer Data Hub systems. Each GRC system had 3 data sources using email address as the identifier of the same •AACG reports don’t contain RBAC role information, only responsibility names –How can we determine SOD conflicts within a role? Project da Vinci – Symantec 37
Approach •SOD rules definition and analysis was prioritized to ensure Security design was as effective as possible before go-live. AACG rules were defined to implement SOD policies and track which roles/responsibilities had access to critical system functions – Add User, Modify responsibility, Close GL Period etc. •PCG and TCG were used to solve specific requirements for identifying unusual activity. •CCG configuration monitoring was deployed in a limited way to support SOX key controls where module configurations have significant impact to Oracle Financials •eGRCMimplementation was deferred to allow Internal Audit to define EBS R12 specific Processes, Risks and Controls-eGRCMis now currently in process •OIM –ACG integration to enforce SOD policies when User’s request system access was deferred to after go –live. Project da Vinci – Symantec 38
Managing SOD for each Role •We created 400 test users and assigned them each 1 role using UMX •We completed Access analysis using only our “Test User Accounts” by setting global conditions •We used the Access Incident detail report to identify Conflicts within a single responsibility and within a single role (Intra and Inter Responsibility Conflicts) •We consolidated a list of ‘unique’ role violations for a management decision •We held a series of meetings for Business Process Owners and module SMEs to make decisions where roles violate SOD policy. After the changes were made the Access was re-analyzed and the residual problems analyzed and presented Project da Vinci – Symantec 39
Go-Live Activities •User Accounts were loaded via OIM into a pre-production environment for SOD pre- check before cutover, Internal Audit reviewed and accepted go-live SOD violations. •The go–live cutover support teams were provided access with future end dated access for the initial Hyper-Care support period. •On going SOD reviews are conducted in AACG •CCG controls are used to identify all changes to Security definitions -roles, responsibilities, menus, functions Etc. Project da Vinci – Confidential … GRC Overview for Phase 2 40
Critical Success Factors / Lessons Learned •Without the Advanced Controls applications it would not have been possible to design SOD compliant roles and responsibilities within the project timeline. •Involve Internal Audit, External Audit and Module SME’s in SOD policy design •Review SOD results and eliminate noise, identify and present unique access decisions for decision makers •Start early! Security design often happens late in the project timeline and final UAT may be the first attempt to test Security roles and responsibilities. It is an iterative process! •EBS Security, Module SMEs and GRC teams need to work closely together. •Last minute Security change requests must be evaluated for SOD impact before they are accepted and implemented. Project da Vinci – Symantec 41
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Oracle GRC –Enterprise Risk and Controls Foundation A Unified Platform Enterprise Risk & Controls Foundation Dashboards, Reports and Alerts Notifications Worklists Email Perspectives Search Risk, Controls & Compliance Management Reviews Documentation Assessments Remediation Surveys Continuous Controls & Risk Monitoring Setups Access Master Data Audit Tests Transactions User Authored Controls Data Connectors Fraud & Error Patterns Role Based Access Security Web Services & APIs Flexible •Graphical Authoring •Detect and Prevent •Access, Transactions, Setups Data Driven •100% of Transactions •Manage by Exception •Pattern Analysis Comprehensive •Multiple GRC Projects •From Documentation to Test •Closed Loop Approach
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Roadmap: Investment Areas Enterprise Risk & Controls Foundation Dashboards, Reports and Alerts Notifications Worklists Email Perspectives Search Risk, Controls & Compliance Management Reviews Documentation Assessments Remediation Surveys Continuous Controls & Risk Monitoring Setups Access Master Data Audit Tests Transactions User Authored Controls Data Connectors Fraud & Error Patterns Role Based Access Security Web Services & APIs Pre-Built Controls Pre-Built Business Objects Investment Areas Pre-Built Integrations Platform Features Extensibility
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Oracle GRC Advanced Controls -Sessions ID Westin 3rd & Market Speakers Achieve a Quicker and Compliant Financial Close with Oracle Governance, Risk, Compliance 8208 Thu, 10:15 Olympic text text text Controlling for Multiple ERP Systems with Oracle Advanced Controls 8154 Thu, 12:45 Olympic text text How Your Vendor Master File is Critical to Governance, Risk Management and Compliance 8213 Thu, 2:45 Olympic ---- 44
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Oracle GRC Advanced Controls -MTE and Demo Grounds ID Day, Time Location Host Meet the Governance, Risk, and Compliance Experts MTE 8487 Wed, 5:00 Westin at 3rd& MarketSt Metropolitan III Demo Station: Oracle Fusion Governance, Risk, and Compliance Advanced Controls 4250 Mon 9:45 –6:00 Tue9:45 –6:00 Wed 9:30 –3:45 MosconeWest Station WCL-003 45
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | DEMOgrounds: MosconeWest Station ID WCL-003 46
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | @OracleAdvCntrls Oracle GRC Advanced Controls Join Our Linkedin Group Follow us on Twitter
Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | 48

Recommended

Con8208 achieve a quicker and compliant financial close
Con8208 achieve a quicker and compliant financial closeCon8208 achieve a quicker and compliant financial close
Con8208 achieve a quicker and compliant financial closeOracle
 
Oracle I Stories
Oracle I StoriesOracle I Stories
Oracle I StoriesSuresh Kolichalam
 
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & ImplementationsThousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & ImplementationsOracle
 
Shield Watch IT & Web Services - Company overview (2016)
Shield Watch IT & Web Services - Company overview (2016)Shield Watch IT & Web Services - Company overview (2016)
Shield Watch IT & Web Services - Company overview (2016)Shield Watch IT & Web Services
 
IGI - Solution presentation-DP
IGI - Solution presentation-DPIGI - Solution presentation-DP
IGI - Solution presentation-DPNeetu Gupta
 
Challenges of Software Testing in the Life Sciences
Challenges of Software Testing in the Life SciencesChallenges of Software Testing in the Life Sciences
Challenges of Software Testing in the Life SciencesAdam Sandman
 
Enhancing QA Strategy to Achieve Agile Quality Engineering
Enhancing QA Strategy to Achieve Agile Quality Engineering Enhancing QA Strategy to Achieve Agile Quality Engineering
Enhancing QA Strategy to Achieve Agile Quality Engineering Aspire Systems
 
SpiraTest Overview Presentation (2022)
SpiraTest Overview Presentation (2022)SpiraTest Overview Presentation (2022)
SpiraTest Overview Presentation (2022)Inflectra
 

Recommended

Con8208 achieve a quicker and compliant financial close
Con8208 achieve a quicker and compliant financial closeCon8208 achieve a quicker and compliant financial close
Con8208 achieve a quicker and compliant financial closeOracle
 
Oracle I Stories
Oracle I StoriesOracle I Stories
Oracle I StoriesSuresh Kolichalam
 
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & ImplementationsThousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & ImplementationsOracle
 
Shield Watch IT & Web Services - Company overview (2016)
Shield Watch IT & Web Services - Company overview (2016)Shield Watch IT & Web Services - Company overview (2016)
Shield Watch IT & Web Services - Company overview (2016)Shield Watch IT & Web Services
 
IGI - Solution presentation-DP
IGI - Solution presentation-DPIGI - Solution presentation-DP
IGI - Solution presentation-DPNeetu Gupta
 
Challenges of Software Testing in the Life Sciences
Challenges of Software Testing in the Life SciencesChallenges of Software Testing in the Life Sciences
Challenges of Software Testing in the Life SciencesAdam Sandman
 
Enhancing QA Strategy to Achieve Agile Quality Engineering
Enhancing QA Strategy to Achieve Agile Quality Engineering Enhancing QA Strategy to Achieve Agile Quality Engineering
Enhancing QA Strategy to Achieve Agile Quality Engineering Aspire Systems
 
SpiraTest Overview Presentation (2022)
SpiraTest Overview Presentation (2022)SpiraTest Overview Presentation (2022)
SpiraTest Overview Presentation (2022)Inflectra
 
Cool Functionality and Workarounds to Make Your Life Easier - JD Edwards World
Cool Functionality and Workarounds to Make Your Life Easier - JD Edwards WorldCool Functionality and Workarounds to Make Your Life Easier - JD Edwards World
Cool Functionality and Workarounds to Make Your Life Easier - JD Edwards WorldNERUG
 
Ensuring Success in the Cloud (1)
Ensuring Success in the Cloud (1)Ensuring Success in the Cloud (1)
Ensuring Success in the Cloud (1)Sarkis Kerkezian, PMP
 
Aequor technologies - Fastest growing IT Company
Aequor technologies - Fastest growing IT Company Aequor technologies - Fastest growing IT Company
Aequor technologies - Fastest growing IT Company Aequor Technologies
 
Inflectra Overview Presentation (2022)
Inflectra Overview Presentation (2022)Inflectra Overview Presentation (2022)
Inflectra Overview Presentation (2022)Inflectra
 
7 flavours of devops implementation
7 flavours of devops implementation7 flavours of devops implementation
7 flavours of devops implementationAspire Systems
 
The Business Case for Hosting JD Edwards in the Cloud
The Business Case for Hosting JD Edwards in the CloudThe Business Case for Hosting JD Edwards in the Cloud
The Business Case for Hosting JD Edwards in the CloudNERUG
 
Moving Up the PVC Maturity Curve in Industrial Manufacturing
Moving Up the PVC Maturity Curve in Industrial ManufacturingMoving Up the PVC Maturity Curve in Industrial Manufacturing
Moving Up the PVC Maturity Curve in Industrial ManufacturingZero Wait-State
 
Primavera P6 Enterprise Project Portfolio Management 8 Essentials (1Z0-567) ...
Primavera P6 Enterprise Project Portfolio Management 8 Essentials (1Z0-567) ...Primavera P6 Enterprise Project Portfolio Management 8 Essentials (1Z0-567) ...
Primavera P6 Enterprise Project Portfolio Management 8 Essentials (1Z0-567) ...p6academy
 
Compasso Eo Testing 2012
Compasso Eo Testing 2012Compasso Eo Testing 2012
Compasso Eo Testing 2012emolinaro
 
Erp Selection, Design, And Implementation Support
Erp Selection, Design, And Implementation SupportErp Selection, Design, And Implementation Support
Erp Selection, Design, And Implementation SupportChuck Papageorgiou
 
Continuous Performance Monitoring of a Distributed Application [CON4730]
Continuous Performance Monitoring of a Distributed Application [CON4730]Continuous Performance Monitoring of a Distributed Application [CON4730]
Continuous Performance Monitoring of a Distributed Application [CON4730]Ashish Srivastava
 
SmartERP Oracle Cloud Capabilities Presentation 2018
SmartERP Oracle Cloud Capabilities Presentation 2018SmartERP Oracle Cloud Capabilities Presentation 2018
SmartERP Oracle Cloud Capabilities Presentation 2018Dave Reik
 
Inflectra Enterprise Agile Planning Briefing 2016
Inflectra Enterprise Agile Planning Briefing 2016Inflectra Enterprise Agile Planning Briefing 2016
Inflectra Enterprise Agile Planning Briefing 2016Adam Sandman
 
Ensuring Project Success with SpiraTeam and Rapise from Inflectra pta - short
Ensuring Project Success with SpiraTeam and Rapise from Inflectra pta - shortEnsuring Project Success with SpiraTeam and Rapise from Inflectra pta - short
Ensuring Project Success with SpiraTeam and Rapise from Inflectra pta - shortAdam Sandman
 
Jd edwards upgrade roundtable at innovate15 empire merchants case study
Jd edwards upgrade roundtable at innovate15 empire merchants case studyJd edwards upgrade roundtable at innovate15 empire merchants case study
Jd edwards upgrade roundtable at innovate15 empire merchants case studyNERUG
 
Flexera Software Application Discovery and Normalization Services
Flexera Software Application Discovery and Normalization ServicesFlexera Software Application Discovery and Normalization Services
Flexera Software Application Discovery and Normalization ServicesFlexera
 
Career Planning in Agile Arena
Career Planning in Agile ArenaCareer Planning in Agile Arena
Career Planning in Agile ArenaSriram Rajagopalan
 
Good IT Project Management
Good IT Project Management Good IT Project Management
Good IT Project Management William Francis
 
SpiraTeam Overview Presentation (2022)
SpiraTeam Overview Presentation (2022)SpiraTeam Overview Presentation (2022)
SpiraTeam Overview Presentation (2022)Inflectra
 
Methodologies 2: Scaling Agile
Methodologies 2: Scaling AgileMethodologies 2: Scaling Agile
Methodologies 2: Scaling AgileInflectra
 
Navigating HCM Compliance Through Managed Services Part 2
Navigating HCM Compliance Through Managed Services Part 2Navigating HCM Compliance Through Managed Services Part 2
Navigating HCM Compliance Through Managed Services Part 2Smart ERP Solutions, Inc.
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsOracle
 

More Related Content

What's hot

Cool Functionality and Workarounds to Make Your Life Easier - JD Edwards World
Cool Functionality and Workarounds to Make Your Life Easier - JD Edwards WorldCool Functionality and Workarounds to Make Your Life Easier - JD Edwards World
Cool Functionality and Workarounds to Make Your Life Easier - JD Edwards WorldNERUG
 
Aequor technologies - Fastest growing IT Company
Aequor technologies - Fastest growing IT Company Aequor technologies - Fastest growing IT Company
Aequor technologies - Fastest growing IT Company Aequor Technologies
 
Inflectra Overview Presentation (2022)
Inflectra Overview Presentation (2022)Inflectra Overview Presentation (2022)
Inflectra Overview Presentation (2022)Inflectra
 
7 flavours of devops implementation
7 flavours of devops implementation7 flavours of devops implementation
7 flavours of devops implementationAspire Systems
 
The Business Case for Hosting JD Edwards in the Cloud
The Business Case for Hosting JD Edwards in the CloudThe Business Case for Hosting JD Edwards in the Cloud
The Business Case for Hosting JD Edwards in the CloudNERUG
 
Moving Up the PVC Maturity Curve in Industrial Manufacturing
Moving Up the PVC Maturity Curve in Industrial ManufacturingMoving Up the PVC Maturity Curve in Industrial Manufacturing
Moving Up the PVC Maturity Curve in Industrial ManufacturingZero Wait-State
 
Primavera P6 Enterprise Project Portfolio Management 8 Essentials (1Z0-567) ...
Primavera P6 Enterprise Project Portfolio Management 8 Essentials (1Z0-567) ...Primavera P6 Enterprise Project Portfolio Management 8 Essentials (1Z0-567) ...
Primavera P6 Enterprise Project Portfolio Management 8 Essentials (1Z0-567) ...p6academy
 
Compasso Eo Testing 2012
Compasso Eo Testing 2012Compasso Eo Testing 2012
Compasso Eo Testing 2012emolinaro
 
Erp Selection, Design, And Implementation Support
Erp Selection, Design, And Implementation SupportErp Selection, Design, And Implementation Support
Erp Selection, Design, And Implementation SupportChuck Papageorgiou
 
Continuous Performance Monitoring of a Distributed Application [CON4730]
Continuous Performance Monitoring of a Distributed Application [CON4730]Continuous Performance Monitoring of a Distributed Application [CON4730]
Continuous Performance Monitoring of a Distributed Application [CON4730]Ashish Srivastava
 
SmartERP Oracle Cloud Capabilities Presentation 2018
SmartERP Oracle Cloud Capabilities Presentation 2018SmartERP Oracle Cloud Capabilities Presentation 2018
SmartERP Oracle Cloud Capabilities Presentation 2018Dave Reik
 
Inflectra Enterprise Agile Planning Briefing 2016
Inflectra Enterprise Agile Planning Briefing 2016Inflectra Enterprise Agile Planning Briefing 2016
Inflectra Enterprise Agile Planning Briefing 2016Adam Sandman
 
Ensuring Project Success with SpiraTeam and Rapise from Inflectra pta - short
Ensuring Project Success with SpiraTeam and Rapise from Inflectra pta - shortEnsuring Project Success with SpiraTeam and Rapise from Inflectra pta - short
Ensuring Project Success with SpiraTeam and Rapise from Inflectra pta - shortAdam Sandman
 
Jd edwards upgrade roundtable at innovate15 empire merchants case study
Jd edwards upgrade roundtable at innovate15 empire merchants case studyJd edwards upgrade roundtable at innovate15 empire merchants case study
Jd edwards upgrade roundtable at innovate15 empire merchants case studyNERUG
 
Flexera Software Application Discovery and Normalization Services
Flexera Software Application Discovery and Normalization ServicesFlexera Software Application Discovery and Normalization Services
Flexera Software Application Discovery and Normalization ServicesFlexera
 
Career Planning in Agile Arena
Career Planning in Agile ArenaCareer Planning in Agile Arena
Career Planning in Agile ArenaSriram Rajagopalan
 
Good IT Project Management
Good IT Project Management Good IT Project Management
Good IT Project Management William Francis
 
SpiraTeam Overview Presentation (2022)
SpiraTeam Overview Presentation (2022)SpiraTeam Overview Presentation (2022)
SpiraTeam Overview Presentation (2022)Inflectra
 
Methodologies 2: Scaling Agile
Methodologies 2: Scaling AgileMethodologies 2: Scaling Agile
Methodologies 2: Scaling AgileInflectra
 

What's hot (20)

Cool Functionality and Workarounds to Make Your Life Easier - JD Edwards World
Cool Functionality and Workarounds to Make Your Life Easier - JD Edwards WorldCool Functionality and Workarounds to Make Your Life Easier - JD Edwards World
Cool Functionality and Workarounds to Make Your Life Easier - JD Edwards World
 
Ensuring Success in the Cloud (1)
Ensuring Success in the Cloud (1)Ensuring Success in the Cloud (1)
Ensuring Success in the Cloud (1)
 
Aequor technologies - Fastest growing IT Company
Aequor technologies - Fastest growing IT Company Aequor technologies - Fastest growing IT Company
Aequor technologies - Fastest growing IT Company
 
Inflectra Overview Presentation (2022)
Inflectra Overview Presentation (2022)Inflectra Overview Presentation (2022)
Inflectra Overview Presentation (2022)
 
7 flavours of devops implementation
7 flavours of devops implementation7 flavours of devops implementation
7 flavours of devops implementation
 
The Business Case for Hosting JD Edwards in the Cloud
The Business Case for Hosting JD Edwards in the CloudThe Business Case for Hosting JD Edwards in the Cloud
The Business Case for Hosting JD Edwards in the Cloud
 
Moving Up the PVC Maturity Curve in Industrial Manufacturing
Moving Up the PVC Maturity Curve in Industrial ManufacturingMoving Up the PVC Maturity Curve in Industrial Manufacturing
Moving Up the PVC Maturity Curve in Industrial Manufacturing
 
Primavera P6 Enterprise Project Portfolio Management 8 Essentials (1Z0-567) ...
Primavera P6 Enterprise Project Portfolio Management 8 Essentials (1Z0-567) ...Primavera P6 Enterprise Project Portfolio Management 8 Essentials (1Z0-567) ...
Primavera P6 Enterprise Project Portfolio Management 8 Essentials (1Z0-567) ...
 
Compasso Eo Testing 2012
Compasso Eo Testing 2012Compasso Eo Testing 2012
Compasso Eo Testing 2012
 
Erp Selection, Design, And Implementation Support
Erp Selection, Design, And Implementation SupportErp Selection, Design, And Implementation Support
Erp Selection, Design, And Implementation Support
 
Continuous Performance Monitoring of a Distributed Application [CON4730]
Continuous Performance Monitoring of a Distributed Application [CON4730]Continuous Performance Monitoring of a Distributed Application [CON4730]
Continuous Performance Monitoring of a Distributed Application [CON4730]
 
SmartERP Oracle Cloud Capabilities Presentation 2018
SmartERP Oracle Cloud Capabilities Presentation 2018SmartERP Oracle Cloud Capabilities Presentation 2018
SmartERP Oracle Cloud Capabilities Presentation 2018
 
Inflectra Enterprise Agile Planning Briefing 2016
Inflectra Enterprise Agile Planning Briefing 2016Inflectra Enterprise Agile Planning Briefing 2016
Inflectra Enterprise Agile Planning Briefing 2016
 
Ensuring Project Success with SpiraTeam and Rapise from Inflectra pta - short
Ensuring Project Success with SpiraTeam and Rapise from Inflectra pta - shortEnsuring Project Success with SpiraTeam and Rapise from Inflectra pta - short
Ensuring Project Success with SpiraTeam and Rapise from Inflectra pta - short
 
Jd edwards upgrade roundtable at innovate15 empire merchants case study
Jd edwards upgrade roundtable at innovate15 empire merchants case studyJd edwards upgrade roundtable at innovate15 empire merchants case study
Jd edwards upgrade roundtable at innovate15 empire merchants case study
 
Flexera Software Application Discovery and Normalization Services
Flexera Software Application Discovery and Normalization ServicesFlexera Software Application Discovery and Normalization Services
Flexera Software Application Discovery and Normalization Services
 
Career Planning in Agile Arena
Career Planning in Agile ArenaCareer Planning in Agile Arena
Career Planning in Agile Arena
 
Good IT Project Management
Good IT Project Management Good IT Project Management
Good IT Project Management
 
SpiraTeam Overview Presentation (2022)
SpiraTeam Overview Presentation (2022)SpiraTeam Overview Presentation (2022)
SpiraTeam Overview Presentation (2022)
 
Methodologies 2: Scaling Agile
Methodologies 2: Scaling AgileMethodologies 2: Scaling Agile
Methodologies 2: Scaling Agile
 

Similar to Oracle GRC Product Strategy Overview

Navigating HCM Compliance Through Managed Services Part 2
Navigating HCM Compliance Through Managed Services Part 2Navigating HCM Compliance Through Managed Services Part 2
Navigating HCM Compliance Through Managed Services Part 2Smart ERP Solutions, Inc.
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsOracle
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Oracle
 
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOptimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOracle
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringEmma Kelly
 
Cómo terminar tu Planeación Financiera antes de las 6PM
Cómo terminar tu Planeación Financiera antes de las 6PMCómo terminar tu Planeación Financiera antes de las 6PM
Cómo terminar tu Planeación Financiera antes de las 6PMOracleOfficeOfFinance
 
OOW15 - case study: oracle application management suite for oracle e-business...
OOW15 - case study: oracle application management suite for oracle e-business...OOW15 - case study: oracle application management suite for oracle e-business...
OOW15 - case study: oracle application management suite for oracle e-business...vasuballa
 
Mann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRCMann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRCMann-India
 
DF14-So Many Features Dreamforce ’14 Presentation FINAL-Monday-13OCT2014
DF14-So Many Features Dreamforce ’14 Presentation FINAL-Monday-13OCT2014DF14-So Many Features Dreamforce ’14 Presentation FINAL-Monday-13OCT2014
DF14-So Many Features Dreamforce ’14 Presentation FINAL-Monday-13OCT2014Mudit Agarwal
 
Df14 so many features dreamforce ’14
Df14 so many features dreamforce ’14Df14 so many features dreamforce ’14
Df14 so many features dreamforce ’14Mudit Agarwal
 
Guilford group capabilities
Guilford group capabilitiesGuilford group capabilities
Guilford group capabilitiesBMI
 
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...Oracle
 
Agile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsAgile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsWorksoft
 
Maximize your Oracle Cloud Investment and Drive Innovation
Maximize your Oracle Cloud Investment and Drive Innovation Maximize your Oracle Cloud Investment and Drive Innovation
Maximize your Oracle Cloud Investment and Drive InnovationSmart ERP Solutions, Inc.
 
Abey_Thomas_Resume
Abey_Thomas_ResumeAbey_Thomas_Resume
Abey_Thomas_ResumeAbey Thomas
 
PCSG Corporate Overview
PCSG Corporate OverviewPCSG Corporate Overview
PCSG Corporate Overviewjayallen77
 
How to Drive a Successful Modern Sales Organization
How to Drive a Successful Modern Sales OrganizationHow to Drive a Successful Modern Sales Organization
How to Drive a Successful Modern Sales OrganizationPerficient, Inc.
 

Similar to Oracle GRC Product Strategy Overview (20)

Navigating HCM Compliance Through Managed Services Part 2
Navigating HCM Compliance Through Managed Services Part 2Navigating HCM Compliance Through Managed Services Part 2
Navigating HCM Compliance Through Managed Services Part 2
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controls
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...
 
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOptimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
 
Cómo terminar tu Planeación Financiera antes de las 6PM
Cómo terminar tu Planeación Financiera antes de las 6PMCómo terminar tu Planeación Financiera antes de las 6PM
Cómo terminar tu Planeación Financiera antes de las 6PM
 
OOW15 - case study: oracle application management suite for oracle e-business...
OOW15 - case study: oracle application management suite for oracle e-business...OOW15 - case study: oracle application management suite for oracle e-business...
OOW15 - case study: oracle application management suite for oracle e-business...
 
Mann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRCMann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRC
 
Software Performance Engineering Services
Software Performance Engineering ServicesSoftware Performance Engineering Services
Software Performance Engineering Services
 
Kiran_CV
Kiran_CVKiran_CV
Kiran_CV
 
DF14-So Many Features Dreamforce ’14 Presentation FINAL-Monday-13OCT2014
DF14-So Many Features Dreamforce ’14 Presentation FINAL-Monday-13OCT2014DF14-So Many Features Dreamforce ’14 Presentation FINAL-Monday-13OCT2014
DF14-So Many Features Dreamforce ’14 Presentation FINAL-Monday-13OCT2014
 
Df14 so many features dreamforce ’14
Df14 so many features dreamforce ’14Df14 so many features dreamforce ’14
Df14 so many features dreamforce ’14
 
Guilford group capabilities
Guilford group capabilitiesGuilford group capabilities
Guilford group capabilities
 
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
 
Agile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsAgile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged Applications
 
Maximize your Oracle Cloud Investment and Drive Innovation
Maximize your Oracle Cloud Investment and Drive Innovation Maximize your Oracle Cloud Investment and Drive Innovation
Maximize your Oracle Cloud Investment and Drive Innovation
 
Abey_Thomas_Resume
Abey_Thomas_ResumeAbey_Thomas_Resume
Abey_Thomas_Resume
 
Planning
PlanningPlanning
Planning
 
PCSG Corporate Overview
PCSG Corporate OverviewPCSG Corporate Overview
PCSG Corporate Overview
 
How to Drive a Successful Modern Sales Organization
How to Drive a Successful Modern Sales OrganizationHow to Drive a Successful Modern Sales Organization
How to Drive a Successful Modern Sales Organization
 

More from Oracle

How your vendor master file is critical to governance, risk management and co...
How your vendor master file is critical to governance, risk management and co...How your vendor master file is critical to governance, risk management and co...
How your vendor master file is critical to governance, risk management and co...Oracle
 
Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...
Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...
Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...Oracle
 
GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, ...
GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, ...GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, ...
GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, ...Oracle
 
Oracle OpenWorld 2014 GRC events and sessions
Oracle OpenWorld 2014 GRC events and sessionsOracle OpenWorld 2014 GRC events and sessions
Oracle OpenWorld 2014 GRC events and sessionsOracle
 
Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824Oracle
 
Integrate Oracle Identity Management and Advanced Controls for maximum effici...
Integrate Oracle Identity Management and Advanced Controls for maximum effici...Integrate Oracle Identity Management and Advanced Controls for maximum effici...
Integrate Oracle Identity Management and Advanced Controls for maximum effici...Oracle
 
Top 10 P2P Advanced Controls to improve your bottom line!
Top 10 P2P Advanced Controls to improve your bottom line!Top 10 P2P Advanced Controls to improve your bottom line!
Top 10 P2P Advanced Controls to improve your bottom line!Oracle
 
CFO.Com and Oracle - Improving Bottom Line with Advanced Controls
CFO.Com and Oracle - Improving Bottom Line with Advanced ControlsCFO.Com and Oracle - Improving Bottom Line with Advanced Controls
CFO.Com and Oracle - Improving Bottom Line with Advanced ControlsOracle
 
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...Oracle
 

More from Oracle (9)

How your vendor master file is critical to governance, risk management and co...
How your vendor master file is critical to governance, risk management and co...How your vendor master file is critical to governance, risk management and co...
How your vendor master file is critical to governance, risk management and co...
 
Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...
Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...
Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...
 
GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, ...
GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, ...GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, ...
GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, ...
 
Oracle OpenWorld 2014 GRC events and sessions
Oracle OpenWorld 2014 GRC events and sessionsOracle OpenWorld 2014 GRC events and sessions
Oracle OpenWorld 2014 GRC events and sessions
 
Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824
 
Integrate Oracle Identity Management and Advanced Controls for maximum effici...
Integrate Oracle Identity Management and Advanced Controls for maximum effici...Integrate Oracle Identity Management and Advanced Controls for maximum effici...
Integrate Oracle Identity Management and Advanced Controls for maximum effici...
 
Top 10 P2P Advanced Controls to improve your bottom line!
Top 10 P2P Advanced Controls to improve your bottom line!Top 10 P2P Advanced Controls to improve your bottom line!
Top 10 P2P Advanced Controls to improve your bottom line!
 
CFO.Com and Oracle - Improving Bottom Line with Advanced Controls
CFO.Com and Oracle - Improving Bottom Line with Advanced ControlsCFO.Com and Oracle - Improving Bottom Line with Advanced Controls
CFO.Com and Oracle - Improving Bottom Line with Advanced Controls
 
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
 

Recently uploaded

Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurSuhani Kapoor
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...lizamodels9
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfmuskan1121w
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
/:Call Girls In Jaypee Siddharth - 5 Star Hotel New Delhi ➥9990211544 Top Esc...
/:Call Girls In Jaypee Siddharth - 5 Star Hotel New Delhi ➥9990211544 Top Esc.../:Call Girls In Jaypee Siddharth - 5 Star Hotel New Delhi ➥9990211544 Top Esc...
/:Call Girls In Jaypee Siddharth - 5 Star Hotel New Delhi ➥9990211544 Top Esc...lizamodels9
 

Recently uploaded (20)

Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdf
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 
/:Call Girls In Jaypee Siddharth - 5 Star Hotel New Delhi ➥9990211544 Top Esc...
/:Call Girls In Jaypee Siddharth - 5 Star Hotel New Delhi ➥9990211544 Top Esc.../:Call Girls In Jaypee Siddharth - 5 Star Hotel New Delhi ➥9990211544 Top Esc...
/:Call Girls In Jaypee Siddharth - 5 Star Hotel New Delhi ➥9990211544 Top Esc...
 

Oracle GRC Product Strategy Overview

  • 1.
  • 2. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
  • 3. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Do you really know what your users can do, or maybe have done? Session ID: CON8200 Mark Stebelton, CPA, CFE (Oracle) –Director of GRC Product Management Daryl Geryol (Navillus) -Partner David Claytor (Facebook) –IT Global Applications Jaime Ramos (Symantec) –IT Global Applications @OracleAdvCntrls Follow us on Twitter
  • 4. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | MANAGE RISK | REDUCE COSTS | IMPROVE CONTROLS
  • 5. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Strategic Priorities Survey ________________ Finance Executives SURVEYED 263 Reaching New Heights: The Dividends of Collaboration between Finance and Procurement is published by CFO Publishing LLC, May 2012 Survey question: Where does the procurement function need to get stronger? SUMMARY: ________________________________ Better Controls & Efficiencies Needed #1 #2 #3 #4 #5 Audit/Control of Procurement Risk Analysis CashFlow PayableExposure Compliance
  • 6. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | 6 BOTTOM LINE: Document/Email Approaches Challenge GRC 53% Spreadsheets, Documents & Email 17% Solutions Built In-house by IT 24% Commercial GRC Solution 6% 2+ CommercialGRC Solutions The lack in modern technology makes achieving goals challenging OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.orgHOW ORGANIZATIONS APPROACH AND ADAPT THEIR TECHNOLOGY STRATEGY FOR GRC The impact on FTE’s is particularly significant One financial services organization stated that 80%of their GRC staff resources were nothing more than document reconciles for reporting. […] A mess they are aggressively trying to correct. of GRC professionals reported that they use Spreadsheets, Emails, Custom reports apps. 70%
  • 7. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | 7 Oracle GRC Product Strategy PLATFORM ENTERPRISE GRC COMPLETE One, UnifiedPlatform The #1 Platform With intelligence, advanced controls & management capabilities
  • 8. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Comprehensive Risk & Controls Mgmt. Detect and Fix Issues Continuous Improvement and Monitoring Assess Risk & Compliance Close the LOOP Identification Analysis Evaluate 1. BUSINESS RISKS Document Assessments Reviews 2. CONTROL OBJECTIVES Author Execute Investigate 3. CONTINUOUS MONITORS
  • 9. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Meeting Mission Critical Goals 1 One Unified Platform 2 Big Data Techniques for Advanced Analytics MASTER DATA 3 Embedded ControlsExtensive API Library FINISHED
  • 10. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Enterprise Graph __________________ ALL USERS _____________ ALL SYSTEMS __________________ ALL TRANSACTIONS INTUITIVE | FLEXIBLE | COMPLETE SECURITY SETUP MASTERDATA TRANSACTIONS _______________________________________ __________________________________ BILLIONS OF NODES & RELATIONSHIPS
  • 11. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | 11 Big Data Analytics USERS SYSTEMS TXN TXN ROLES SET UP ROLES USERS SETUP MASTER DATA
  • 12. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Standard Controls User Roles 3-Way Match Approval Hierarchies StandardControls Social Media Policy E-learning Ethics Policy
  • 13. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Standard + Advanced Controls Sentiment Analysis Split Purchase Orders Hide Displays of Sensitive Data Duplicate Payments Transaction Threshold Amounts Duplicate Vendors Fine-grained User Access ConfigurationSnapshots & Audit Trial Transaction Pattern Analysis Fuzzy Logic, ‘similar values’ User Roles 3-Way Match Approval Hierarchies Advanced Controls StandardControls Social Media Policy E-learning Ethics Policy
  • 14. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Government/Education Technology/Services Retail Energy Communication Industrial Logistics Healthcare Services Mining/Exploration Customer By Industry
  • 15. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Advanced Controls Partner Specialists Oracle recommends using partners and consultants who are Advanced Controls specialists: Specialized Partner Implementation Specialist Pre-Sales Specialist Sales Specialist •Can plan, design, deliver, support successful solutions •Has all specialists shown below •Demonstrated track record of success •Can design detailed solutions •Passed rigorous Oracle examination •Can describe introductory solutions •Completed ten hours of study and self-assessment •Can identify need for Advanced Controls •Completed ten hours of study and self-assessment Oracle Confidential – Internal/Restricted/Highly Restricted 16
  • 16. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Specialized Partners Increase your Return On Investment •Get more from Advanced ControlsSpecialists address more of your needs with Advanced Controls’ many capabilities •Increase your organization’s effectiveness Specialists help you embed Advanced Controls in your business processes •Accelerate your implementationSpecialistsguide and support you during planning, implementation and go-live Oracle Confidential – Internal/Restricted/Highly Restricted 17
  • 17. DO YOU REALLY KNOW WHAT YOUR USERS CAN DO, OR MAYBE HAVE DONE? Daryl Geryol –Partner www.navillusllc.com @NavillusLLC@DarylGeryol
  • 18. 19 About Navillus Partners International professional services and solutions firm headquartered in Boston, Massachusetts Established in2009, Navillus has experienced on average 40% growth year over year in Oracle Advanced Controls professional services Oracle Gold Level Partner specializing in Oracle Advanced Controls & E-Business Suite / PeopleSoft professional implementation and advisory services Recognized as the #1 Oracle Commercial and Federal Advanced Controls Partner The first in the industry to hold Oracle Advanced Controls Specialization accreditation Is an Oracle authorized training partner Navillus is a privately held company that has been profitable consistentlyboth from a cash and accrual basis since the 4thmonth of operations with zero external debt outstanding. Our team’s collective experience includes: 168 years working in the information technology industry 177 years implementing the Oracle e-Business Suite ERP package 76 years implementing the Oracle GRC applications More than 512 GRC implementations to the team’s credit to date
  • 19. 20 Navillus Partners is A World Leader More than 500 combined Oracle Advanced controls implementations 34+ skilled and experienced Advanced Controls professionals averaging more than 10 years of experience worldwide Functional & technical experience across nearly all Oracle e-business applications (HRMS, Financials, Supply Chain Management, CRM, other) Multiple consultants with Oracle accredited specializations Experience GlobalDelivery Centers of Excellence Right-shore Delivery capabilities for Oracle Advanced Controls including utilization of our experienced Chennai, India team, well beyond installation & technical responsibilities Navillus provides training to customers and other implementation partners worldwide International experience in more than 10 countries Navillus’ Center of Excellence (CoE) is a solution center that works closely with Oracle OAC Product & Product Strategy and promotes and trains the extended team on new product features and techniques Provides new and innovative delivery techniques from in-field feedback and experience to continuously enhance our NAViGATE Methodology Works with Oracle’s product group on new features and enhancements
  • 20. 21 Risk-Everything is related Access and Security--How do user’s gain access (Entrance, Accessible Areas, Exit) the ERP system? Provisioning and Deprovisioning Privileged Access Segregation of Duties Emergency Access Operational–How do they do it? Usability Security Optimization Automation Configuration --What did they change? Pre and Post Patching Change Control and Validation Critical Configurations Consistency Transactional –Is what happened within Policy? Within tolerance Fraudulent Correctness Access & Security Operational Configuration Transactional
  • 21. 22 Advanced Controls It’s a Journey-Controls will evolve Controls are related and typically work together with a focus on Increasing Value while Reducing Risk Controls may validate one another –such as a Transactional control reporting that Operational controls limiting certain transactions by amount are indeed effective Controls should have a balance and work together to help ensure a secure, sound, effective and efficient system E-Business Suite Access Controls E-Business Suite Preventive Controls E-Business Suite Transaction Controls
  • 22. 23 Advanced Controls Approaches
  • 23. 24 Navillus presents……Customers on the Journey Dave Claytor, IT Global Apps Jaime Ramos, IT Global Apps -DaVinci GRC Team
  • 24. Do you really know what your users can do, or maybe have done? David Claytor, facebook IT Global Apps Atul Gupte, Navillus Partners-Advanced Controls Architect
  • 25. 1 ITGC Approach, Teaming with Navillus Partners 2 Self Service Application and DB User Requests, Preventative SOD 3 Quarterly User Audit Automation (Managers & BPO’s) 4 Utilizing CCG to shift CSA’s from Business to IT 5 Summary Background
  • 26. Getting Serious about ITGC’s ▪With company mottos like ‘Move Fast and Break Things’, we knew we had to get serious about intelligent audit automation and detection ▪After managing ITGC CSA’s for a quarter, became obvious we needed to automate user provisioning, quarterly audit and SOD processes ▪Determined we needed help building an integrated solution. Met with various vendors based on Oracle’s recommendations, went with Navillus Partners ▪Went down a path of creating easy to use workflows for our end users ▪Then began to shift CSA’s from business to IT owned controls, via CCG. This also required out of the box thinking, to pinpoint the alerting.
  • 27. Self Service Access Management via OAF ▪Custom OAF pages for: ▪Users to request access, and on behalf of any user ▪Users to revoke their access ▪Managers to revoke their team’s access ▪Systematic quarterly application access review, for managers and business process owners ▪Integration with GRC AACG, to enforce preventative SOD ▪Lookup table determines: ▪If the access request is passed through GRC for SOD Audit ▪If the access is reviewed quarterly by Manager and / or BPO’s ▪If the max grant duration is enforced (all setup and admin related access is granted for 7 days or less)
  • 28. Utilizing OAF for Self Service Access Requests
  • 30. Transitioning CSA’s to IT System Controls ▪CFO pushed to automate & transition business owned CSA’s to IT system controls. We will have moved 50 CSA’s by the end of 2014, in 2 primary ways: ▪Introduced second variant of systematic quarterly user audit, where BPO’s (also the access approvers) review and revoke access as needed, for key functions like Journal Entry, Receiving & AP Payments ▪Monitoring key application setups via CCG, and pairing up change alerts with valid change tasks
  • 31. Summary ▪Once we built the user access pages in OAF, realized detective SOD was insufficient. Out of the box, GRC (AACG) only works with the java form based access request. This is where the Navillus Partners technical consultants were key, given their deep understanding of the product, as many of them came from LogicalApps. They also helped us systematically tackle managing GRC development instance refreshes, which presented it’s own challenges. ▪As we implemented CCG to shift CSA’s from business to IT owned, realized it only monitored core forms and even then we could not drill into specific areas of those forms for pin pointed monitoring. Again, the Navillus Partners team was a key partner in determining how to add content without introducing too much risk or upgrade headaches using their Navillus CCG content.
  • 32. 33 Do you really know what your users can do, or maybe have done? Jaime Ramos, Symantec IT Global Apps -DaVinci GRC team Project da Vinci – Symantec Richard Goddard, Navillus Partners -Director of Delivery
  • 33. Agenda •History of GRC at Symantec •The DaVinciInitiative •Challenges •Approach •Managing SOD conflicts in an RBAC system •Go-Live Activities •Critical Success Factors, Lessons Learned. Project da Vinci – Symantec 34
  • 34. History of GRC at Symantec •In 2008 Symantec implemented the LogicalAppsproducts, Form rules (PCG precursor) and AppsAccessfor Segregation of Duties •Symantec’s custom Self service responsibility provisioning system was integrated with the SOD system to prevent Users from requesting combinations of responsibilities deemed inappropriate. •In 2013 Symantec decided to use the GRC suite of Applications as part of its DaVinciinitiative to implement R12.1 EBS. Project da Vinci – Symantec 35
  • 35. The DaVinciInitiative •EBS R12.1 for 30,000 worldwide Users •Customer Data Hub (CDH) and Product Data Hub PDH in their own instances •Five separate System environments -DEV, QA, Training, UAT and Production instances (5 GRC systems managing 5 x 3 EBS/CDH/PDH systems) •Full Oracle Advanced Controls GRC suite implementation (PCG, ACG, TCG, CCG, eGRCMand GRC Intelligence) •ACG 140+ SOD and Sensitive Access policies including Module configuration versus Module Transactions for each EBS of the 33 application •CCG was implemented for continuous monitoring of changes for 12 key controls in the EBS Financial applications •PCG / TCG were used to automate control testing for items such as identification of Journals > $5m, Workflow Approval of Recurring Journals, Enforce comments and attachments for Manual Journals per Symantec policy , Mask Project Rates derived from actual Salary information. Project da Vinci – Symantec 36
  • 36. Challenges •Scalability -SOD rules tracking for more than 30,000 Users and 3000+ function combinations including custom and localization functions •RBAC role based security, more than 400 unique roles •Cross Platform SOD for Users with accounts in the EBS, Product Data Hub and Customer Data Hub systems. Each GRC system had 3 data sources using email address as the identifier of the same •AACG reports don’t contain RBAC role information, only responsibility names –How can we determine SOD conflicts within a role? Project da Vinci – Symantec 37
  • 37. Approach •SOD rules definition and analysis was prioritized to ensure Security design was as effective as possible before go-live. AACG rules were defined to implement SOD policies and track which roles/responsibilities had access to critical system functions – Add User, Modify responsibility, Close GL Period etc. •PCG and TCG were used to solve specific requirements for identifying unusual activity. •CCG configuration monitoring was deployed in a limited way to support SOX key controls where module configurations have significant impact to Oracle Financials •eGRCMimplementation was deferred to allow Internal Audit to define EBS R12 specific Processes, Risks and Controls-eGRCMis now currently in process •OIM –ACG integration to enforce SOD policies when User’s request system access was deferred to after go –live. Project da Vinci – Symantec 38
  • 38. Managing SOD for each Role •We created 400 test users and assigned them each 1 role using UMX •We completed Access analysis using only our “Test User Accounts” by setting global conditions •We used the Access Incident detail report to identify Conflicts within a single responsibility and within a single role (Intra and Inter Responsibility Conflicts) •We consolidated a list of ‘unique’ role violations for a management decision •We held a series of meetings for Business Process Owners and module SMEs to make decisions where roles violate SOD policy. After the changes were made the Access was re-analyzed and the residual problems analyzed and presented Project da Vinci – Symantec 39
  • 39. Go-Live Activities •User Accounts were loaded via OIM into a pre-production environment for SOD pre- check before cutover, Internal Audit reviewed and accepted go-live SOD violations. •The go–live cutover support teams were provided access with future end dated access for the initial Hyper-Care support period. •On going SOD reviews are conducted in AACG •CCG controls are used to identify all changes to Security definitions -roles, responsibilities, menus, functions Etc. Project da Vinci – Confidential … GRC Overview for Phase 2 40
  • 40. Critical Success Factors / Lessons Learned •Without the Advanced Controls applications it would not have been possible to design SOD compliant roles and responsibilities within the project timeline. •Involve Internal Audit, External Audit and Module SME’s in SOD policy design •Review SOD results and eliminate noise, identify and present unique access decisions for decision makers •Start early! Security design often happens late in the project timeline and final UAT may be the first attempt to test Security roles and responsibilities. It is an iterative process! •EBS Security, Module SMEs and GRC teams need to work closely together. •Last minute Security change requests must be evaluated for SOD impact before they are accepted and implemented. Project da Vinci – Symantec 41
  • 41. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Oracle GRC –Enterprise Risk and Controls Foundation A Unified Platform Enterprise Risk & Controls Foundation Dashboards, Reports and Alerts Notifications Worklists Email Perspectives Search Risk, Controls & Compliance Management Reviews Documentation Assessments Remediation Surveys Continuous Controls & Risk Monitoring Setups Access Master Data Audit Tests Transactions User Authored Controls Data Connectors Fraud & Error Patterns Role Based Access Security Web Services & APIs Flexible •Graphical Authoring •Detect and Prevent •Access, Transactions, Setups Data Driven •100% of Transactions •Manage by Exception •Pattern Analysis Comprehensive •Multiple GRC Projects •From Documentation to Test •Closed Loop Approach
  • 42. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Roadmap: Investment Areas Enterprise Risk & Controls Foundation Dashboards, Reports and Alerts Notifications Worklists Email Perspectives Search Risk, Controls & Compliance Management Reviews Documentation Assessments Remediation Surveys Continuous Controls & Risk Monitoring Setups Access Master Data Audit Tests Transactions User Authored Controls Data Connectors Fraud & Error Patterns Role Based Access Security Web Services & APIs Pre-Built Controls Pre-Built Business Objects Investment Areas Pre-Built Integrations Platform Features Extensibility
  • 43. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Oracle GRC Advanced Controls -Sessions ID Westin 3rd & Market Speakers Achieve a Quicker and Compliant Financial Close with Oracle Governance, Risk, Compliance 8208 Thu, 10:15 Olympic text text text Controlling for Multiple ERP Systems with Oracle Advanced Controls 8154 Thu, 12:45 Olympic text text How Your Vendor Master File is Critical to Governance, Risk Management and Compliance 8213 Thu, 2:45 Olympic ---- 44
  • 44. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | Oracle GRC Advanced Controls -MTE and Demo Grounds ID Day, Time Location Host Meet the Governance, Risk, and Compliance Experts MTE 8487 Wed, 5:00 Westin at 3rd& MarketSt Metropolitan III Demo Station: Oracle Fusion Governance, Risk, and Compliance Advanced Controls 4250 Mon 9:45 –6:00 Tue9:45 –6:00 Wed 9:30 –3:45 MosconeWest Station WCL-003 45
  • 45. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | DEMOgrounds: MosconeWest Station ID WCL-003 46
  • 46. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | @OracleAdvCntrls Oracle GRC Advanced Controls Join Our Linkedin Group Follow us on Twitter
  • 47. Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | 48