Optimizing order to-cash (e-business suite) with GRC Advanced Controls

The following is intended to outline our general product
direction. It is intended for information purposes only,
and may not be incorporated into any contract.
It is not a commitment to deliver any material, code, or
functionality, and should not be relied upon in making
purchasing decisions. The development, release, and
timing of any features or functionality described for
Oracle’s products remains at the sole discretion of
Oracle.

@OracleAdvCntrls
Post Questions Before,
During and After

Optimizing Order-to-Cash
(E-Business Suite) with GRC
Advanced Controls
Mark Stebelton, CPA, CFE
Director, Product Management – Oracle
Daryl Geryol
SVP, Technology and Operations - Navillus

Program Agenda
 Twitter Topic Review – Session Flow
 Oracle Advanced Controls Overview - Mark
 Implementation Review, Tips and Tricks
 Order to Cash Examples
 Questions, Demo Pod and Other GRC Sessions

Advanced Controls Market
Info and Drivers

Strategic Priorities
Survey of 263 Finance Executives
BETTER CONTROLS AND EFFICIENCIES
Reaching New Heights: The Dividends of Collaboration between Finance and Procurement is published by CFO Publishing LLC, May 2012
Compliance
Understanding Payables Exposure
Audit and Control of Procurement
Business Risk Analysis

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.8 Confidential – Oracle Internal
Vulnerable Key Processes
Error, Waste, Misuse, Abuse and Fraud
Source: “2011 OAUG Governance, Risk & Compliance Best Practices Survey”, Unisphere Research, Feb 2011

Standard Controls
User Roles
3-Way
Match
Approval
Hierarchies
Standard
Controls
Social
Media
Policy
E-learning
Ethics
Policy

Standard + Advanced Controls
Sentiment
Analysis
Split
Purchase
Orders
Hide
Displays of
Sensitive
Data
Duplicate
Payments
Transaction
Threshold
Amounts
Duplicate
Vendors
Fine-
grained
User
Access
Configuration
Snapshots &
Audit Trial
Transaction
Pattern
Analysis
Fuzzy
Logic,
‘similar
values’
User Roles
3-Way
Match
Approval
Hierarchies
Advanced
Controls
Standard
Controls
Social
Media
Policy
E-learning
Ethics
Policy

Oracle Advance Controls
Product Slides

GRC Advanced Controls
One Enterprise Foundation
Enterprise Risk & Controls Foundation
Dashboards, Reports and Alerts
NotificationsWorklists Email PerspectivesSearch
Risk, Controls & Compliance Management
ReviewsDocumentation Assessments RemediationSurveys
Continuous Controls & Risk Monitoring
SetupsAccess Master Data Audit TestsTransactions
User Authored ControlsData Connectors Fraud & Error Patterns
RoleBasedAccessSecurity
WebServices&APIs
Custom or Legacy
Applications
Comprehensive
 Enterprise Risk Management
 Financial Governance
 Continuous Controls Monitoring
Flexible
• Business User Authoring
• Access, Transactions, Setups
• Extensible to Other Platforms
Data Driven (Big Data)
 100% of Transactions
 Manage by Exception
 Optimize Processes

Application Access Controls Governor (AACG)
 Complete user and entire path
analysis
 Removal of false-positives
 Library of pre-built automated SOD
controls for EBS and PSFT
 Author new controls, extend to any
business application
Advanced SOD and Security
Compensating
Policies
Preventive
Provisioning
Remediation
(Clean-up)
Access
Analysis
Define Access
Controls
Detection Prevention

• 100% Audit
• Continuously monitor accuracy of
transactions and mitigate exposure to fraud
• Test against thresholds
• Search for anomalies
• Focus on Exceptions
Pre-delivered
Transaction Controls
Suspect
Transactions
Pre-delivered
Transaction Controls
Suspect
Transactions
Review and
Address
Suspects
Enterprise Transaction Controls Governor (TCG)
Advanced Transaction Analysis
Preventive
Transactions
Controls
Identify &
Review
Suspects
Perform
Transaction
Analysis
Define
Transaction
Controls

Configuration Controls Governor (CCG)
Advanced Configuration Analysis
• Achieve consistent application setup and
operating standards across multiple
instances
• Track audit trails for changes to key
configurations
• Tightly control change management to
accelerate development and test time
Define
Configuration
Controls
Enforce
Change
Control
Manage
Data
Integrity
Manage Data
Integrity
Enforce Change
Control
Monitor
Configuration
Changes
Compare
Configuration
Deployed
Define
Configuration
Controls

Preventive Controls Governor (PCG)
•Configure advanced controls in Oracle EBS
•Replace Forms customizations for easier
support and upgrades
•Change-track critical fields for auditing
•Require approval for changes to critical
data
Oracle E-Business Suite In-line Controls
Notification of
Changes
Logged Changes
to Critical Data
Required
Approvals
Blocked Access
to Sensitive Data
Mask Sensitive
Data

-
Optimizing Order-to-Cash (E Business Suite)
with Oracle Advanced Controls

18
AGENDA
Navillus Partners
Presenter Bio
Project Introduction
Accomplishments
Business Case examples
What is Next?
Q & A

19
NAVILLUS PARTNERS
An international consulting firm headquartered in Boston, MA
An Oracle Gold Level Partner specializing in Oracle Governance, Risk & Compliance & E-Business
Suite professional implementation and advisory services
Recognized as the #1 Oracle GRC Partner in 2012
Highly experienced resources with one of the strongest track records for delivery success in the North
America & Europe.
Oracle Resource(s) have 13+ years dedicated to Oracle Implementations, Security Design, and Project /
Program Management
Our team members average more than 8 years of Oracle Advanced Controls Experience
The majority or our team developed core Oracle Advanced Controls Applications
Proprietary accelerated delivery methodology, NAViGATE
Process Driven approach tailored specifically for Advanced Process & Controls and Governance, Risk, and
Compliance
‘Design In’ Approach for Oracle e-Business Suite & PeopleSoft implementations and upgrades
Developed and maintain and Advanced Process & Controls Library
Solution set process optimization and control accelerators
GRC & Business Process Controls Library for PCG, CCG, & TCG
Comprehensive extension to Oracle’s out of the box Access Controls Content
Application Modules File System APPLTOP
-

20
PRESENTER BIO
Daryl Geryol-
As Partner and Senior Vice President of Technology and Operations for Navillus Partners, Daryl
brings more than 15 years of Oracle system integration, GRC leadership and implementation
experience across various organizations and industries worldwide.
He has successfully led numerous Oracle GRC related engagements helping clients achieve a
greater level of compliance security, an automation of complex regulatory requirements
including SOX 404, 302, OMB A-123, HIPAA, PCI DSS, PII and SSI.
Daryl is well known for his innovative application of Oracle GRC’s Controls Suite technology in
helping clients optimize complex or time consuming business processes across the enterprise.
He is a published author/co-author of such books as, “Shining the Light on the Release 12
World” as well as a presenter on various topics covering Oracle applications, GRC and industry
best practices for upgrades, implementation and business process controls automation.
-

21
PROJECT INTRODUCTION
Company Information: Fortune 100 Company implementing Oracle R12 covering all business processes
Objectives: Implement Oracle Advanced Controls to address not only regulatory requirements but
eliminate customization, address data entry and transaction efficiency and accuracy per corporate policy.
Policies dictated the reduced usage of DFFs, support of centralized processes such as Supplier Vendor
master and optimization of application functionality. These controls addressed the P2P, O2C and R2R
processes with 54 controls moved to production
Solution: Implement Oracle Advanced controls and leverage each application throughout the
organization.
Oracle Access Controls manages Segregation of Duties and Sensitive Access reporting
Oracle Configuration Controls manages key configurations across the numerous environments
Oracle Preventive Controls supports corporate audit policies and IT analysts. These controls
addressed the P2P, O2C and R2R processes with 54 controls in production
- Focus

22
ACCESS CONTROLS SUMMARY
-
Core Financials 18 controls
• Covering sensitive access functions (cross validation, account setup, Periods, FSGs)
• Focus on major functions(COA, Journal Entry, Posting, FSGs
• Controls added for Project and Billing functions (expenditures, draft invoices, budgets)
Procure to Pay 20 controls
• Covering sensitive access functions (approval setup, buyer, terms)
• Focus on major transactions (invoices, payments, purchasing, receipts)
Order to Cash 25 controls
• Covering sensitive access functions (customer, receivable setups, holds, discounts, pricing)
• Focus on major transactions (Order, shipment, AR Transaction)
IT Controls (system, Security and Administration) 10 controls
• Covering sensitive access functions (User, Responsibility, Menu, Function, Concurrent Managers)

23
ADVANCED CONTROLS (FOR EBS) PRODUCTION SUMMARY
-
Core Financials 11 controls
• Corporate wide push to eliminate descriptive flexfields, personalizations and custom code wherever
possible.
• Place audit trails on key value fields.
• Enforce expenditure orgs, data entry standards
Procure to Pay 18 controls
• Approval and audit of changes to payment terms, use of extension forms to provide reasons for
updates and approval history/comments.
• Application of additional form security for data created through 3rd party.
• Enforce expenditure orgs, data entry standards
Order to Cash 25 controls
• Contract security, disallowing entry or copy of contracts with incorrect characters, required contracts
field updates based on contract line type, security of contract fields based on client specific criteria.
• Notification of Order lines with revenue past due.
• Credit Memo Approval process
• Order entry controls (order types, freeze lines….)

24
DEFERRED ENGINEERING BILLING FROM CONTRACTS
Business Problem- Billing was deferred until engineering billing was at 50% or more.
At this time the other project items could be billed in full. This was a manual process,
which inherently had delays in billing and prone to errors. This simple act of updating
a project required contracts and coordination to ensure billing was done correctly.
Solution
Using Advanced Controls, a process flow was created that would assess the deferred billing
progress of all items, and then remove the deferred billing status, allowing that contract to bill.
Benefits
No human intervention is saving upfront time and research when billing was incorrect
No delays in revenue recognition
No customization
Happy users -

25
DEFERRED BILLING PROCESS FLOW
-

26
EXAMPLE OF CONTRACT EXCLUSION
-
Exclude from
invoicing

27
DERIVE ORDER TYPES
Business Problem- It is imperative that the correct order line types are selected
during order entry due to complexity in line type mapping to receivables transaction
types. The AR transaction types require their own sequence thus setting up an order
incorrectly would result in incorrect receivables and other reconciliation issues.
Solution
Advanced controls was used to default the correct order line type on orders based on factors such
as project code, project line type, customer address and item removing possibility of AR interface
errors.
Benefits
Removed human errors that were being introduced in order management during order type
selection
Improved receivables accuracy and reconciliation
No customization
-

29
DRAFT INVOICES APPROVAL
Business Problem- Invoices require approval prior to actual invoice print. Draft
invoices are provided to support this process- but required a way to manage what
lines had been approved from the draft.
Solution
Using both Advanced Controls form and flow rules, order lines were frozen (secured from update)
producing a draft invoice and an approval process to remove the freeze and allow final invoicing.
Benefits
Elimination of invoice errors and reversal resubmission of invoices.
No customization
-

30
EXAMPLE OF DRAFT INVOICE LINE FREEZE

31
WHAT IS NEXT?
Access Controls
Incorporate single sign on with the GRC application
Move to a preventive provisioning process
Fraud Analysis
Provide analysis models and controls to address monitor for fraud in the following areas
• Payables
 Invoicing (Duplication, out of tolerance, aging, terms)
 Payments ( Duplication, Void/Reissue, out of tolerance, aging)
• Receivables
 Credit memo analaysis, credit holds, customer changes
• General Ledger
 Posting irregularities
 High risk accounts
Further Optimization
Preventive Controls will continue to be the GO TO development tool onshore and offshore to
eliminate custom coding and inflexible customization
-

Advanced Controls Approach

Fusion Platform with Dashboards,
Alerts & Drilldowns

• Embedded intelligence provides visibility into multiple control and process areas.
Advanced Controls – Embedded Dashboards

• Move away from silo’d information
• Multiple ERPs monitored from a single application.
Advanced Controls – Embedded Dashboards

• Automatic alerts notify appropriate personnel for action
• Actionable Insight to drive the business forward
Advanced Controls – Business Process Monitoring

Sophisticated Controls Monitoring
and Enforcement Engine

Access Analysis
Create
Conflict
Conditions
Remove
False
Positives

Access Hierarchy Example – Oracle EBS
Role
Responsibility
Menu
Sub - Menu
Function:
Create
Invoice
Function:
Create
Customer
Other important attributes:
Operating Units, Data Groups, Set of Books etc
Access Points

Interpreting Access Conflicts
 User
Role
Permission List
 Menu
 Panel Component
 Page Definition
Finding the Right Path to Resolution
U
R
M
C
D
L
Remove
Menu
Path
Conflicts

Elevated Productivity –
Optimize Process & Empower
Users
• Library of pre-
definedAdvanced Controls
(and extensible)
• Ability to build new
controls by business owners
(no coding)
• 100% Transaction
coverage (no more sampling)
Transaction Controls – Author, Deploy, & Monitor

Manage
Setups
Manage
Customers
Manage
Order /
Invoice
Dispatch
Items
Manage
Revenue
Manage
Receivables
Advanced Controls Business Objects (Example)
Sample OTC Semantic Library
Business Objects
•Customer
• Customer
Account (Site)
Contact
• Customer
Account Sites
• Order
Management
Transaction
Type
Business Objects
• Receivable
Accounting
Rules
• Receivable
Activities
• Receivable
Aging Buckets
• Receivables
Approval Limits
• Receivable
Auto-Cash Rule
Set
• Receivables
Location
• Receivable
Receipt Class
• Receivable
Receipt Source
Business Objects
• Sales Order
• Sales Order
Payment
• Receivables
Invoice
Business Objects
• Ship Customer
Goods
• Shipping
Deliveries
Business Objects
• Receivables
Payment
Schedule
Business Objects
• Subledger
Journal Entry:
Accounts
Receivable
• Receivables
Receipt Batch

Business Logic Filters
String, Integer NumericDateFunctions
ANDOR

Advanced Pattern Analysis
• Pattern analysis identifies outlying incidents that may not be apparent

Advanced Control Extensibility
Custom or Legacy
Applications
Continuous SOD Controls Monitoring
Pre-built
Extensible
Partner Pre-built
CUSTOMER CARE
& BILLING

in the
Order To Cash Process

Example Order to Cash Controls
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.47
Access (SOD): Who Can
Perform
Transaction: What HAS Happened
Create Customer and
Create Order
Created/edited a customer and
created/edited an order
Create Customer and
Perform Write-Off
Edited a customer and performed a write-off
Modify Customer and
Create Order
Orders created in a period that exceeded
the customer’s credit limit
View an Order and
Receive an Order
Micro-orders for a customer to avoid
approvals

TXN
SYSTEMS
USERS
ROLES
USERS
SETUPS
MASTER
DATA
ROLES
TXN
SYSTEMS
TXN
ROLES
TXNUSERS
SETUPS
TXN
ROLES
SYSTEMS
MASTER
DATA
ROLES
TXN
TXN
SETUPS
Enterprise Risk Graph

Enterprise Risk Graph
EBS
EMEA
SYSTEM
JOHN
USER
Receivables
ADMIN
ROLE
CUSTOMER
MENU
CUSTOMER
ENTRY
SUBMENU
QUICK
UPDATE
SUBMENU
EDIT
CUSTOMER
FUNCTION
ORDER
MGT
MENU
ORDER
ERNTRY
SUBMENU
ORDER
RELEASE
FUNCTION
JOHN
CHANGES
CUSTOMER SHIPTO
FOR ACME
AND
PROCESSES ORDER
FOR ACME

Cut Order to Cash Inefficiency & Risk
• Determine if product master
data is accurate
• Find & remediate users with
privileges to enter & modify
master data
• Add data entry rules to
validate sales order ship-to
destination against localized
product configuration
• Find sales order transaction
exceptions
• Find revenue and COGS
mismatches
• Validate customer invoice
aging, thresholds

Wrapup Questions of O2C Optimization
 What is YOUR organization’s overall risk exposure in the O2C
process?
– Ex. Duplicate customers exist to get around single customer credit limits, thus
exposing the organization to material bad debts.
 Who in YOUR organization can create at-risk transactions?
– SOD: Create/Modify a Customer and a Sales Order
 Who in YOUR organization has already created at-risk transactions?

OOW2013 Sessions &
Demo Pod

Demo Workstation
Moscone West 1st Floor #W-013
Monday Tuesday Wednesday
Demo ID 3532
Workstation #: W--013
9:45 – 6:00 9:45 – 6:00 9:45 – 4:00

Demo Workstation
Moscone West 1st Floor #W-013

Reducing Risk for Oracle E-Business Suite Upgrades and Implementations
 1:15PM Moscone West – 3018
 CON8830
Panel Discussion: Intelligent Controls for Key Business Processes and Upgrades
 3:30PM Moscone West – 2002 / 2004
 CON8832
Learn More About Oracle Advance Controls
Wednesday

Advanced Access and User Security for Oracle E-Business Suite and Fusion Applications
 2:00PM Moscone West – 3018
 CON8824
Meet the Governance, Risk, and Compliance Experts
 12:30PM Moscone West 2001A
 MTE9412
Learn More About Oracle Advance Controls
Thursday

@OracleAdvCntrls
Oracle GRC Advanced Controls
Join Our Linkedin Group
Follow us on Twitter

?’s

The preceding is intended to outline our general product direction. It is
intended for information purposes only, and may not be incorporated into
any contract.
It is not a commitment to deliver any material, code, or functionality, and
should not be relied upon in making purchasing decisions. The
development, release, and timing of any features or functionality
described for Oracle’s products remains at the sole discretion of Oracle.

Optimizing order to-cash (e-business suite) with GRC Advanced Controls

More Related Content

What's hot

Viewers also liked

Similar to Optimizing order to-cash (e-business suite) with GRC Advanced Controls

Recently uploaded

Optimizing order to-cash (e-business suite) with GRC Advanced Controls