SlideShare ist ein Scribd-Unternehmen logo

Webinar mar 22 23 ccm contineous controls monitoring

Adil Khan
Adil Khan

Today more than ever, organizations need to transform risk management practices from manual controls to automated fine-grained controls that monitor business activities enabled by enterprise applications. We are rapidly moving into a digital universe where an increasing number of people are connected to enterprise applications online (cloud-computing), and “things” (smart devices) connected to the internet are unleashing new waves of opportunities. However, some of the same advances in technology also present the biggest business threats challenging management to reexamine internal controls, information security, fraud protection, and data privacy Is this session you will learn how Continuous controls monitoring (CCM) can prevent business losses and reduce the cost of audits through continuous auditing of the controls in financial and other transactional applications.

Software
1 von 47
Downloaden Sie, um offline zu lesen
Leverage Technology: Move Your Business Forward™ Risk and Compliance Financial Reporting Internal Audit Controls Catalog Application Security Advanced Analytics A Leader in Risk Based Enterprise Controls Management Solutions Copyright ©. Fulcrum Information Technology, Inc.Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Gain Actionable Business Insight with Continuous Controls Monitoring (CCM) Adil Khan, Managing Director Mar 23rd , 2017 – 12:00 NYC Time Mar 22, 2017 – 12:00 London Time
www.fulcrumway.comPage 2Copyright © FulcrumWay Gain Actionable Business Insight with CCM Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda
www.fulcrumway.comPage 3Copyright © FulcrumWay Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda Gain Actionable Business Insight with CCM
www.fulcrumway.comPage 4Copyright © FulcrumWay FulcrumWay™ Insight Global Thought Leadership Oracle Cloud – London – Feb 1-2 GRC Round Table, London, UK Educational Webinar – Mar 23rd – Continuous Controls Monitoring Collaborate 17 – April 2-6 Las Vegas GRC Open House Oracle Modern Finance Experience – April 11-13 Boston – FEMSA Oracle Risk Cloud Case Study Educational Webinar – April 20th – Internal Audit Management with Advanced Control Analytics Oracle Open World – October 1-5 – Mascone West, San Francisco, CA Gitex – October 8-12 – GRC Round Table, Dubai UAE Oracle UK Users Group – December – GRC Round Table, Birmingham, UK Oracle Connect Africa – October – GRC Round Table, South Africa Proven Expertise
www.fulcrumway.comPage 5Copyright © FulcrumWay FulcrumWay Client StudiesSuccessful Track Record Government Oil and Gas Healthcare Communications Financial Services Transportation Natural ResourcesManufacturing Retail High TechMedia/Entertainment Life Sciences
www.fulcrumway.comPage 6Copyright © FulcrumWay Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda Gain Actionable Business Insight with CCM
www.fulcrumway.comCopyright © FulcrumWay Continuous Controls MonitoringOverview Continuous controls monitoring (CCM) is a set of technologies to reduce business losses through continuous monitoring and reducing the cost of audits through continuous auditing of the controls in financial and other transactional applications.
www.fulcrumway.comCopyright © FulcrumWay Monitoring prevents unpleasant surprisesOverview Manual Controls Mostly detective Invasive, with little direct business benefit. Focus on what's visible Automated Controls Mostly preventive. Continuous, with direct performance benefits. Often inherent in the system
www.fulcrumway.comCopyright © FulcrumWay CCM Benefits Complete testing coverage …100% Improved timeliness of testing Consistent Results Remediation based on Trends Analysis Lower Risk with Faster Corrective Actions Overview
www.fulcrumway.comCopyright © FulcrumWay Return on Investment (ROI)Overview Continuous Controls Monitoring (CCM) Comprehensive Monitoring of Internal Controls • Provides most effective control baseline • Minimizes remediation re-work • Long-term cost is lower • Leverages existing controls matrix to automate Annual Controls Audit Annual Audits are reactive, untimely and obsolete • Less start-up cost • Little Monitoring of Controls • Significant Effort through audit period • Internal resources 5x external audit Time $ “Annual” Approach Higher Level of Detail Testing “CCM” Approach
www.fulcrumway.comCopyright © FulcrumWay Return on Investment (ROI)Overview Master Data Data Accuracy and Permissions Audit Trail Application Configuration Presence and Config. of Controls Transactions Working Capital Financial Governance Segregation of Duties Antifraud PII
www.fulcrumway.comCopyright © FulcrumWay Enterprise Governance Risk and Compliance Maturity Model Informal: ▪ Adhoc approach ▪ Compliant but at a high cost to business ▪ Manual control ▪ No best practices Reactive: ▪ Tactical approach ▪ Risks are documented ▪ Manual risk assessment ▪ After the fact reporting Proactive: ▪ Unified, standardized & strategic approach ▪ Policies are enforced ▪ Automated process ▪ Prevent policy Optimized: ▪ Control objectives embedded throughout the organization ▪ Analyze and trend ▪ Automated risk mitigation / Predictive risk assessments Financial Governance Enterprise Risk Management Continuous Monitoring IT Governance Internal Audit and Compliance Management SafePaaS
www.fulcrumway.comCopyright © FulcrumWay Governance Risk and Compliance (GRC) Management Platform Functional Overview MonitorPaaS ProcessPaaS Operations Management RiskPaaS Risk Library KRI ManagerPolicy Manager Financial Close Task Manager Close Controls Manager Reconciliation Manager Audit Manager Audit Planner Compliance Manager Master Data Monitor DataProbeIntegrationServices Risk Assessments RiskPaaS Transaction Monitor App Configuration Monitor Rules Repository Access Monitor SOD Policy Monitor Roles Manager AccessPaaS iAccess Policy based provisioning Issue Manager Survey Manager Enterprise Risk Management Continuous Controls Monitoring Financial Governance Audit and Compliance Automation IT Governance
www.fulcrumway.comCopyright © FulcrumWay Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Q&A Agenda Gain Actionable Business Insight with CCM
www.fulcrumway.comCopyright © FulcrumWay User SecurityStandard Control Oracle EBS User Password Policy User is assigned to the HR Record Active/Inactive User One or more responsibilities assigned to a User A Responsibility has many Menus and Sub-Menus Menu has many functions / forms
www.fulcrumway.comCopyright © FulcrumWay User: John Doe Responsibility: Payables Manager, US Menu: AP_Navigate_GUI12 Submenu: AP_Invoices_Entry Function: Invoice Batches User: Mike Jones Payables Users Responsibility: Payables Supervisor Responsibility: Payables User Menu: UK_AP_Navigate_GUI12 SubMenu: AP_Invoices_Entry SubMenu: AP_Invoices_GUI12_G Menu: AX_Payables_User Responsibility: Payables Supervisor Responsibility: Payables Manager, US Responsibility: Payables User Detect and Prevent Access Policy Violations Prevent SOD/Access Policy Violations by Monitoring User Access Requests Detect SOD/Access Policy Violations in ERP Security Model Continuous Monitoring
www.fulcrumway.comCopyright © FulcrumWay Access/SOD Policy Management Approach Detect SOD/Policy Violations Analyze Violations Correct Role Access Monitor Violation Incidents Application Security Model Application Security Snapshot Exceptions Correct User Access App Control Owners/ IS SecurityIS Security/ Audit/Compliance Control Owners/ IS Security Application Test Environment Access AnalyticsRules Manager Action Workflow Application Administrator Continuous Monitoring Violations ManagerDataProbe ETL Corrective Actions Dashboard Application Access Rules Roles Manager
www.fulcrumway.comCopyright © FulcrumWay A Risk Based Approach to User Provisioning User Registration Request Roles Add/ Update User Monitor Application Access Employee/ Manager List Network User List (AD) Test Access Policy Add/ Update Role Requesters / ApproversIS Security/ Audit/Compliance IS Security Active Employee Users iAccessRules Manager Workflow Application Administrator Rules ManagerDataProbe ETL Process Approval Request Dashboard Application Access Rules DataProbe ETL Continuous Monitoring
www.fulcrumway.comCopyright © FulcrumWay Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Q&A Agenda Gain Actionable Business Insight with CCM
www.fulcrumway.comPage 20Copyright © FulcrumWay  Business Process Models  Service Oriented Architecture  Corporate Performance Management  Collaboration Strategic Sourcing & Contract Mgmt Supplier Collaboration Spend Categories Indirect & MRO Direct Materials Services SWIFTNet Settlement Payment Processors Requisition Purchase Goods / Services Receive Goods / Services Invoice Issue Payments Banks Oracle Procure-to-Pay Control Points Transaction Controls
www.fulcrumway.comPage 21Copyright © FulcrumWay  Business Process Models  Service Oriented Architecture  Corporate Performance Management  Collaboration Supplier Collaboration Spend Categories Indirect & MRO Direct Materials Services SWIFTNet Settlement Payment Processors Requisi- tion Purchase Goods / Services Receive Goods / Services Invoice Issue Payments Banks Oracle Procure-to-Pay Are your vendors compliant with trade regulations? Are the vendors blacklisted? Do you have duplicate suppliers? Are there inappropriate associations between a vendor and an employee? Are there frequent changes to Supplier information? Are you missing critical supplier information? Is the information valid? Strategic Sourcing & Contract Mgmt CONTROLS Transaction Controls
www.fulcrumway.comPage 22Copyright © FulcrumWay  Business Process Models  Service Oriented Architecture  Corporate Performance Management  Collaboration Strategic Sourcing & Contract Mgmt Supplier Collaboration Spend Categories Indirect & MRO Direct Materials Services SWIFTNet Settlement Payment Processors Receive Goods / Services Invoice Issue Payments Banks Oracle Procure-to-Pay Do you have duplicate Purchase Orders? Are there purchases with non- preferred vendors? Are there split POs? Are POs created on the same day as goods arrive? Requisition Purchase Goods / Services CONTROLS Transaction Controls
www.fulcrumway.comPage 23Copyright © FulcrumWay  Business Process Models  Service Oriented Architecture  Corporate Performance Management  Collaboration Strategic Sourcing & Contract Mgmt Supplier Collaboration Spend Categories Indirect & MRO Direct Materials Services SWIFTNet Settlement Payment Processors Requisi- tion Purchase Goods / Services Banks Oracle Procure-to-Pay Are you making accurate and timely payments? Did the person making the payment create or modify the vendor? Are there discrepancies in freight charges? Receive Goods / Services Invoice Issue Payments CONTROLS Are payment term changes reviewed before payment? Are there duplicate invoice amounts being processed? Transaction Controls
www.fulcrumway.comPage 24Copyright © FulcrumWay Procure to PayStandard Controls Requisitions Require PO Approval
www.fulcrumway.comPage 25Copyright © FulcrumWay Procure to PayStandard Controls Purchase Orders can only be issues to valid suppliers and goods received at valid sites Purchase Orders Require Approval
www.fulcrumway.comPage 26Copyright © FulcrumWay Procure to PayStandard Controls Goods and Services are received based on control configurations
www.fulcrumway.comPage 27Copyright © FulcrumWay Procure to PayStandard Controls Duplicate Invoice numbers are prevented Invoice items are matched with PO and Receiving to ensure 3-Way match
www.fulcrumway.comPage 28Copyright © FulcrumWay Procure to PayStandard Controls Payments are released to valid suppliers and Invoices Payments Terms are enforced
www.fulcrumway.comCopyright © FulcrumWay Transaction Monitor – Metadata Continuous Monitoring
www.fulcrumway.comCopyright © FulcrumWay Transaction Monitor – Duplicate Invoices Continuous Monitoring
www.fulcrumway.comCopyright © FulcrumWay Application Security and Controls Monitoring Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda
www.fulcrumway.comPage 32Copyright © FulcrumWay Navigation: Purchasing Supper User > Setup > Purchasing > Document Types Purchase Order Approval Purchasing Configuration
www.fulcrumway.comCopyright © FulcrumWay Payables Configurations User Invoice Approval Workflow Navigation: Payable Manager--> Setup -->Options--> Payables Options Click on Approval Tab
www.fulcrumway.comCopyright © FulcrumWay Navigation: Payable Manager--> Setup -->Options--> Payables Options Click on Approval Tab Allow Force Approval Payables Configurations
www.fulcrumway.comCopyright © FulcrumWay Navigation: Payables Super User->Supplier ->Entry. Select Supplier, and then Click Invoice Management AP Invoice Payment Discounts Payables Configurations
www.fulcrumway.comPage 36Copyright © FulcrumWay Navigation: Purchasing Supper User ->Setup-> Organizations -> Receiving Options Receiving Tolerance Level Receiving Configurations
www.fulcrumway.comCopyright © FulcrumWay Navigation: Payables Super User->Setup->Options->Payables Options and then click on Invoice Tab. Payable Invoice Posting to GL GL Posting Configurations
www.fulcrumway.comCopyright © FulcrumWay Configuration Control - Deploy Payable Options
www.fulcrumway.comCopyright © FulcrumWay Configuration Control - Results Continuous Monitoring
www.fulcrumway.comCopyright © FulcrumWay Application Security and Controls Monitoring Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda
www.fulcrumway.comCopyright © FulcrumWay Procure to PayStandard Controls Prevent Duplicate Supplier Name and Sites
www.fulcrumway.comCopyright © FulcrumWay Master Data ObjectContinuous Monitoring
www.fulcrumway.comPage 43Copyright © FulcrumWay Continuous Monitoring
www.fulcrumway.comPage 44Copyright © FulcrumWay Application Security and Controls Monitoring Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda
www.fulcrumway.comPage 45Copyright © FulcrumWay Fiscal watchdog ensures tens of billions of dollars in payments are lawful and correct Our Client A state government agency responsible for safeguarding financial assets – more than $120 billion of public funds. Helps local governments and nonprofits invest their money with flexibility, security, and confidence. Challenges Replace fragmented legacy system for recovery audit department with a single incident management system Replace manual control checklists with a audit analytics system to identify suspicious vouchers submitted for payments by 28+ agencies across the state. Assign suspension transaction to auditors for final review and approval using a pattern matching system Solutions Transaction Monitoring Results: Reduce erroneous payment processing by 5% on millions of payments processed each day by consolidating all vouchers across 28 agencies into a single data hub. Improve incident investigation process by establishing business rules to assign incidents based upon risk level, investigation type, priority that match the auditor skills and job role Provide management visibility and independent oversight to monitor approved and rejected payments Eliminate inconsistent and contradictory actions by auditors by providing a structured investigation process based on approved investigation checklists based on type of the suspicious transaction. Optimize recover audit business process with integration to the ERP system for vendor management and payment processing Case Study
www.fulcrumway.comPage 46Copyright © FulcrumWay Risk Mitigation = Standard Controls + CCM User Roles 3-Way Match Track Payments Sentiment Analysis Split Purchase Orders SoD/ Access Policy Violations Duplicate Payments Transaction Threshold Amounts Duplicate Vendors Monitor Setup Changes Master Data Audit Trial Transaction Pattern Analysis Fuzzy Logic, ‘similar values’ Continuous Monitoring Standard Controls Approval Hierarchies Track Discounts Case Study
www.fulcrumway.comPage 47Copyright © FulcrumWay Sign-up for FREE 14 Days EvaluationQ & A Register online to try out SafePaaS

Empfohlen

Enterprise mobility -- Clinching future of business
Enterprise mobility -- Clinching future of businessEnterprise mobility -- Clinching future of business
Enterprise mobility -- Clinching future of businessNisha Patel
 
Don’t forget the UX (when developing a product)
Don’t forget the UX (when developing a product)Don’t forget the UX (when developing a product)
Don’t forget the UX (when developing a product)eulenherr
 
¿Sabemos identificar el riesgo?
¿Sabemos identificar el riesgo?¿Sabemos identificar el riesgo?
¿Sabemos identificar el riesgo?BESTINVER
 
Announcements- Friday, March 24, 2017
Announcements- Friday, March 24, 2017Announcements- Friday, March 24, 2017
Announcements- Friday, March 24, 2017Ken Stayner
 
Tools to Help *You* Rewire Music: OMI & COALA IP | IPDB | BigchainDB
Tools to Help *You* Rewire Music: OMI & COALA IP | IPDB | BigchainDBTools to Help *You* Rewire Music: OMI & COALA IP | IPDB | BigchainDB
Tools to Help *You* Rewire Music: OMI & COALA IP | IPDB | BigchainDBTrent McConaghy
 
email transaction network analysis
email transaction network analysisemail transaction network analysis
email transaction network analysiskeithpjolley
 
10 facts about the indian realty sector that
10 facts about the indian realty sector that10 facts about the indian realty sector that
10 facts about the indian realty sector thatArun Dev Builders LTD
 
45 Beautiful Horse Breed
45 Beautiful Horse Breed45 Beautiful Horse Breed
45 Beautiful Horse BreedJustin Pits
 

Empfohlen

Enterprise mobility -- Clinching future of business
Enterprise mobility -- Clinching future of businessEnterprise mobility -- Clinching future of business
Enterprise mobility -- Clinching future of businessNisha Patel
 
Don’t forget the UX (when developing a product)
Don’t forget the UX (when developing a product)Don’t forget the UX (when developing a product)
Don’t forget the UX (when developing a product)eulenherr
 
¿Sabemos identificar el riesgo?
¿Sabemos identificar el riesgo?¿Sabemos identificar el riesgo?
¿Sabemos identificar el riesgo?BESTINVER
 
Announcements- Friday, March 24, 2017
Announcements- Friday, March 24, 2017Announcements- Friday, March 24, 2017
Announcements- Friday, March 24, 2017Ken Stayner
 
Tools to Help *You* Rewire Music: OMI & COALA IP | IPDB | BigchainDB
Tools to Help *You* Rewire Music: OMI & COALA IP | IPDB | BigchainDBTools to Help *You* Rewire Music: OMI & COALA IP | IPDB | BigchainDB
Tools to Help *You* Rewire Music: OMI & COALA IP | IPDB | BigchainDBTrent McConaghy
 
email transaction network analysis
email transaction network analysisemail transaction network analysis
email transaction network analysiskeithpjolley
 
10 facts about the indian realty sector that
10 facts about the indian realty sector that10 facts about the indian realty sector that
10 facts about the indian realty sector thatArun Dev Builders LTD
 
45 Beautiful Horse Breed
45 Beautiful Horse Breed45 Beautiful Horse Breed
45 Beautiful Horse BreedJustin Pits
 
Introduction to relays
Introduction to relaysIntroduction to relays
Introduction to relaysArmin Maghami
 
El macrismo y la destrucción de la educación pública
El macrismo y la destrucción de la educación públicaEl macrismo y la destrucción de la educación pública
El macrismo y la destrucción de la educación públicaRamón Copa
 
WordPressで電子書籍
WordPressで電子書籍WordPressで電子書籍
WordPressで電子書籍Takayuki Miyauchi
 
DC JAIN REAL ESTATE SERVICES
DC JAIN REAL ESTATE SERVICESDC JAIN REAL ESTATE SERVICES
DC JAIN REAL ESTATE SERVICESDC JAIN
 
Shibuya.rb0921 / ただRubyで使われていないメソッドを削除したい人生だった
Shibuya.rb0921 / ただRubyで使われていないメソッドを削除したい人生だったShibuya.rb0921 / ただRubyで使われていないメソッドを削除したい人生だった
Shibuya.rb0921 / ただRubyで使われていないメソッドを削除したい人生だったYasuhiro Matsumura
 
ITU 07/2017
ITU 07/2017ITU 07/2017
ITU 07/2017Graham Brearley
 
¿ Habra un Colapso electrico en el 2016 En Venezuela
¿ Habra un Colapso electrico en el 2016 En Venezuela¿ Habra un Colapso electrico en el 2016 En Venezuela
¿ Habra un Colapso electrico en el 2016 En VenezuelaGerardo Rojas
 
Salient features of the notarial law
Salient features of the notarial lawSalient features of the notarial law
Salient features of the notarial lawFayeRisonar
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 

Weitere ähnliche Inhalte

Andere mochten auch

Introduction to relays
Introduction to relaysIntroduction to relays
Introduction to relaysArmin Maghami
 
El macrismo y la destrucción de la educación pública
El macrismo y la destrucción de la educación públicaEl macrismo y la destrucción de la educación pública
El macrismo y la destrucción de la educación públicaRamón Copa
 
DC JAIN REAL ESTATE SERVICES
DC JAIN REAL ESTATE SERVICESDC JAIN REAL ESTATE SERVICES
DC JAIN REAL ESTATE SERVICESDC JAIN
 
Shibuya.rb0921 / ただRubyで使われていないメソッドを削除したい人生だった
Shibuya.rb0921 / ただRubyで使われていないメソッドを削除したい人生だったShibuya.rb0921 / ただRubyで使われていないメソッドを削除したい人生だった
Shibuya.rb0921 / ただRubyで使われていないメソッドを削除したい人生だったYasuhiro Matsumura
 
¿ Habra un Colapso electrico en el 2016 En Venezuela
¿ Habra un Colapso electrico en el 2016 En Venezuela¿ Habra un Colapso electrico en el 2016 En Venezuela
¿ Habra un Colapso electrico en el 2016 En VenezuelaGerardo Rojas
 
Salient features of the notarial law
Salient features of the notarial lawSalient features of the notarial law
Salient features of the notarial lawFayeRisonar
 

Andere mochten auch (8)

Introduction to relays
Introduction to relaysIntroduction to relays
Introduction to relays
 
El macrismo y la destrucción de la educación pública
El macrismo y la destrucción de la educación públicaEl macrismo y la destrucción de la educación pública
El macrismo y la destrucción de la educación pública
 
WordPressで電子書籍
WordPressで電子書籍WordPressで電子書籍
WordPressで電子書籍
 
DC JAIN REAL ESTATE SERVICES
DC JAIN REAL ESTATE SERVICESDC JAIN REAL ESTATE SERVICES
DC JAIN REAL ESTATE SERVICES
 
Shibuya.rb0921 / ただRubyで使われていないメソッドを削除したい人生だった
Shibuya.rb0921 / ただRubyで使われていないメソッドを削除したい人生だったShibuya.rb0921 / ただRubyで使われていないメソッドを削除したい人生だった
Shibuya.rb0921 / ただRubyで使われていないメソッドを削除したい人生だった
 
ITU 07/2017
ITU 07/2017ITU 07/2017
ITU 07/2017
 
¿ Habra un Colapso electrico en el 2016 En Venezuela
¿ Habra un Colapso electrico en el 2016 En Venezuela¿ Habra un Colapso electrico en el 2016 En Venezuela
¿ Habra un Colapso electrico en el 2016 En Venezuela
 
Salient features of the notarial law
Salient features of the notarial lawSalient features of the notarial law
Salient features of the notarial law
 

Kürzlich hochgeladen

%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 

Kürzlich hochgeladen (20)

%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 

Webinar mar 22 23 ccm contineous controls monitoring

  • 1. Leverage Technology: Move Your Business Forward™ Risk and Compliance Financial Reporting Internal Audit Controls Catalog Application Security Advanced Analytics A Leader in Risk Based Enterprise Controls Management Solutions Copyright ©. Fulcrum Information Technology, Inc.Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Gain Actionable Business Insight with Continuous Controls Monitoring (CCM) Adil Khan, Managing Director Mar 23rd , 2017 – 12:00 NYC Time Mar 22, 2017 – 12:00 London Time
  • 2. www.fulcrumway.comPage 2Copyright © FulcrumWay Gain Actionable Business Insight with CCM Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda
  • 3. www.fulcrumway.comPage 3Copyright © FulcrumWay Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda Gain Actionable Business Insight with CCM
  • 4. www.fulcrumway.comPage 4Copyright © FulcrumWay FulcrumWay™ Insight Global Thought Leadership Oracle Cloud – London – Feb 1-2 GRC Round Table, London, UK Educational Webinar – Mar 23rd – Continuous Controls Monitoring Collaborate 17 – April 2-6 Las Vegas GRC Open House Oracle Modern Finance Experience – April 11-13 Boston – FEMSA Oracle Risk Cloud Case Study Educational Webinar – April 20th – Internal Audit Management with Advanced Control Analytics Oracle Open World – October 1-5 – Mascone West, San Francisco, CA Gitex – October 8-12 – GRC Round Table, Dubai UAE Oracle UK Users Group – December – GRC Round Table, Birmingham, UK Oracle Connect Africa – October – GRC Round Table, South Africa Proven Expertise
  • 5. www.fulcrumway.comPage 5Copyright © FulcrumWay FulcrumWay Client StudiesSuccessful Track Record Government Oil and Gas Healthcare Communications Financial Services Transportation Natural ResourcesManufacturing Retail High TechMedia/Entertainment Life Sciences
  • 6. www.fulcrumway.comPage 6Copyright © FulcrumWay Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda Gain Actionable Business Insight with CCM
  • 7. www.fulcrumway.comCopyright © FulcrumWay Continuous Controls MonitoringOverview Continuous controls monitoring (CCM) is a set of technologies to reduce business losses through continuous monitoring and reducing the cost of audits through continuous auditing of the controls in financial and other transactional applications.
  • 8. www.fulcrumway.comCopyright © FulcrumWay Monitoring prevents unpleasant surprisesOverview Manual Controls Mostly detective Invasive, with little direct business benefit. Focus on what's visible Automated Controls Mostly preventive. Continuous, with direct performance benefits. Often inherent in the system
  • 9. www.fulcrumway.comCopyright © FulcrumWay CCM Benefits Complete testing coverage …100% Improved timeliness of testing Consistent Results Remediation based on Trends Analysis Lower Risk with Faster Corrective Actions Overview
  • 10. www.fulcrumway.comCopyright © FulcrumWay Return on Investment (ROI)Overview Continuous Controls Monitoring (CCM) Comprehensive Monitoring of Internal Controls • Provides most effective control baseline • Minimizes remediation re-work • Long-term cost is lower • Leverages existing controls matrix to automate Annual Controls Audit Annual Audits are reactive, untimely and obsolete • Less start-up cost • Little Monitoring of Controls • Significant Effort through audit period • Internal resources 5x external audit Time $ “Annual” Approach Higher Level of Detail Testing “CCM” Approach
  • 11. www.fulcrumway.comCopyright © FulcrumWay Return on Investment (ROI)Overview Master Data Data Accuracy and Permissions Audit Trail Application Configuration Presence and Config. of Controls Transactions Working Capital Financial Governance Segregation of Duties Antifraud PII
  • 12. www.fulcrumway.comCopyright © FulcrumWay Enterprise Governance Risk and Compliance Maturity Model Informal: ▪ Adhoc approach ▪ Compliant but at a high cost to business ▪ Manual control ▪ No best practices Reactive: ▪ Tactical approach ▪ Risks are documented ▪ Manual risk assessment ▪ After the fact reporting Proactive: ▪ Unified, standardized & strategic approach ▪ Policies are enforced ▪ Automated process ▪ Prevent policy Optimized: ▪ Control objectives embedded throughout the organization ▪ Analyze and trend ▪ Automated risk mitigation / Predictive risk assessments Financial Governance Enterprise Risk Management Continuous Monitoring IT Governance Internal Audit and Compliance Management SafePaaS
  • 13. www.fulcrumway.comCopyright © FulcrumWay Governance Risk and Compliance (GRC) Management Platform Functional Overview MonitorPaaS ProcessPaaS Operations Management RiskPaaS Risk Library KRI ManagerPolicy Manager Financial Close Task Manager Close Controls Manager Reconciliation Manager Audit Manager Audit Planner Compliance Manager Master Data Monitor DataProbeIntegrationServices Risk Assessments RiskPaaS Transaction Monitor App Configuration Monitor Rules Repository Access Monitor SOD Policy Monitor Roles Manager AccessPaaS iAccess Policy based provisioning Issue Manager Survey Manager Enterprise Risk Management Continuous Controls Monitoring Financial Governance Audit and Compliance Automation IT Governance
  • 14. www.fulcrumway.comCopyright © FulcrumWay Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Q&A Agenda Gain Actionable Business Insight with CCM
  • 15. www.fulcrumway.comCopyright © FulcrumWay User SecurityStandard Control Oracle EBS User Password Policy User is assigned to the HR Record Active/Inactive User One or more responsibilities assigned to a User A Responsibility has many Menus and Sub-Menus Menu has many functions / forms
  • 16. www.fulcrumway.comCopyright © FulcrumWay User: John Doe Responsibility: Payables Manager, US Menu: AP_Navigate_GUI12 Submenu: AP_Invoices_Entry Function: Invoice Batches User: Mike Jones Payables Users Responsibility: Payables Supervisor Responsibility: Payables User Menu: UK_AP_Navigate_GUI12 SubMenu: AP_Invoices_Entry SubMenu: AP_Invoices_GUI12_G Menu: AX_Payables_User Responsibility: Payables Supervisor Responsibility: Payables Manager, US Responsibility: Payables User Detect and Prevent Access Policy Violations Prevent SOD/Access Policy Violations by Monitoring User Access Requests Detect SOD/Access Policy Violations in ERP Security Model Continuous Monitoring
  • 17. www.fulcrumway.comCopyright © FulcrumWay Access/SOD Policy Management Approach Detect SOD/Policy Violations Analyze Violations Correct Role Access Monitor Violation Incidents Application Security Model Application Security Snapshot Exceptions Correct User Access App Control Owners/ IS SecurityIS Security/ Audit/Compliance Control Owners/ IS Security Application Test Environment Access AnalyticsRules Manager Action Workflow Application Administrator Continuous Monitoring Violations ManagerDataProbe ETL Corrective Actions Dashboard Application Access Rules Roles Manager
  • 18. www.fulcrumway.comCopyright © FulcrumWay A Risk Based Approach to User Provisioning User Registration Request Roles Add/ Update User Monitor Application Access Employee/ Manager List Network User List (AD) Test Access Policy Add/ Update Role Requesters / ApproversIS Security/ Audit/Compliance IS Security Active Employee Users iAccessRules Manager Workflow Application Administrator Rules ManagerDataProbe ETL Process Approval Request Dashboard Application Access Rules DataProbe ETL Continuous Monitoring
  • 19. www.fulcrumway.comCopyright © FulcrumWay Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Q&A Agenda Gain Actionable Business Insight with CCM
  • 20. www.fulcrumway.comPage 20Copyright © FulcrumWay  Business Process Models  Service Oriented Architecture  Corporate Performance Management  Collaboration Strategic Sourcing & Contract Mgmt Supplier Collaboration Spend Categories Indirect & MRO Direct Materials Services SWIFTNet Settlement Payment Processors Requisition Purchase Goods / Services Receive Goods / Services Invoice Issue Payments Banks Oracle Procure-to-Pay Control Points Transaction Controls
  • 21. www.fulcrumway.comPage 21Copyright © FulcrumWay  Business Process Models  Service Oriented Architecture  Corporate Performance Management  Collaboration Supplier Collaboration Spend Categories Indirect & MRO Direct Materials Services SWIFTNet Settlement Payment Processors Requisi- tion Purchase Goods / Services Receive Goods / Services Invoice Issue Payments Banks Oracle Procure-to-Pay Are your vendors compliant with trade regulations? Are the vendors blacklisted? Do you have duplicate suppliers? Are there inappropriate associations between a vendor and an employee? Are there frequent changes to Supplier information? Are you missing critical supplier information? Is the information valid? Strategic Sourcing & Contract Mgmt CONTROLS Transaction Controls
  • 22. www.fulcrumway.comPage 22Copyright © FulcrumWay  Business Process Models  Service Oriented Architecture  Corporate Performance Management  Collaboration Strategic Sourcing & Contract Mgmt Supplier Collaboration Spend Categories Indirect & MRO Direct Materials Services SWIFTNet Settlement Payment Processors Receive Goods / Services Invoice Issue Payments Banks Oracle Procure-to-Pay Do you have duplicate Purchase Orders? Are there purchases with non- preferred vendors? Are there split POs? Are POs created on the same day as goods arrive? Requisition Purchase Goods / Services CONTROLS Transaction Controls
  • 23. www.fulcrumway.comPage 23Copyright © FulcrumWay  Business Process Models  Service Oriented Architecture  Corporate Performance Management  Collaboration Strategic Sourcing & Contract Mgmt Supplier Collaboration Spend Categories Indirect & MRO Direct Materials Services SWIFTNet Settlement Payment Processors Requisi- tion Purchase Goods / Services Banks Oracle Procure-to-Pay Are you making accurate and timely payments? Did the person making the payment create or modify the vendor? Are there discrepancies in freight charges? Receive Goods / Services Invoice Issue Payments CONTROLS Are payment term changes reviewed before payment? Are there duplicate invoice amounts being processed? Transaction Controls
  • 24. www.fulcrumway.comPage 24Copyright © FulcrumWay Procure to PayStandard Controls Requisitions Require PO Approval
  • 25. www.fulcrumway.comPage 25Copyright © FulcrumWay Procure to PayStandard Controls Purchase Orders can only be issues to valid suppliers and goods received at valid sites Purchase Orders Require Approval
  • 26. www.fulcrumway.comPage 26Copyright © FulcrumWay Procure to PayStandard Controls Goods and Services are received based on control configurations
  • 27. www.fulcrumway.comPage 27Copyright © FulcrumWay Procure to PayStandard Controls Duplicate Invoice numbers are prevented Invoice items are matched with PO and Receiving to ensure 3-Way match
  • 28. www.fulcrumway.comPage 28Copyright © FulcrumWay Procure to PayStandard Controls Payments are released to valid suppliers and Invoices Payments Terms are enforced
  • 29. www.fulcrumway.comCopyright © FulcrumWay Transaction Monitor – Metadata Continuous Monitoring
  • 30. www.fulcrumway.comCopyright © FulcrumWay Transaction Monitor – Duplicate Invoices Continuous Monitoring
  • 31. www.fulcrumway.comCopyright © FulcrumWay Application Security and Controls Monitoring Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda
  • 32. www.fulcrumway.comPage 32Copyright © FulcrumWay Navigation: Purchasing Supper User > Setup > Purchasing > Document Types Purchase Order Approval Purchasing Configuration
  • 33. www.fulcrumway.comCopyright © FulcrumWay Payables Configurations User Invoice Approval Workflow Navigation: Payable Manager--> Setup -->Options--> Payables Options Click on Approval Tab
  • 34. www.fulcrumway.comCopyright © FulcrumWay Navigation: Payable Manager--> Setup -->Options--> Payables Options Click on Approval Tab Allow Force Approval Payables Configurations
  • 35. www.fulcrumway.comCopyright © FulcrumWay Navigation: Payables Super User->Supplier ->Entry. Select Supplier, and then Click Invoice Management AP Invoice Payment Discounts Payables Configurations
  • 36. www.fulcrumway.comPage 36Copyright © FulcrumWay Navigation: Purchasing Supper User ->Setup-> Organizations -> Receiving Options Receiving Tolerance Level Receiving Configurations
  • 37. www.fulcrumway.comCopyright © FulcrumWay Navigation: Payables Super User->Setup->Options->Payables Options and then click on Invoice Tab. Payable Invoice Posting to GL GL Posting Configurations
  • 39. www.fulcrumway.comCopyright © FulcrumWay Configuration Control - Results Continuous Monitoring
  • 40. www.fulcrumway.comCopyright © FulcrumWay Application Security and Controls Monitoring Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda
  • 41. www.fulcrumway.comCopyright © FulcrumWay Procure to PayStandard Controls Prevent Duplicate Supplier Name and Sites
  • 42. www.fulcrumway.comCopyright © FulcrumWay Master Data ObjectContinuous Monitoring
  • 43. www.fulcrumway.comPage 43Copyright © FulcrumWay Continuous Monitoring
  • 44. www.fulcrumway.comPage 44Copyright © FulcrumWay Application Security and Controls Monitoring Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda
  • 45. www.fulcrumway.comPage 45Copyright © FulcrumWay Fiscal watchdog ensures tens of billions of dollars in payments are lawful and correct Our Client A state government agency responsible for safeguarding financial assets – more than $120 billion of public funds. Helps local governments and nonprofits invest their money with flexibility, security, and confidence. Challenges Replace fragmented legacy system for recovery audit department with a single incident management system Replace manual control checklists with a audit analytics system to identify suspicious vouchers submitted for payments by 28+ agencies across the state. Assign suspension transaction to auditors for final review and approval using a pattern matching system Solutions Transaction Monitoring Results: Reduce erroneous payment processing by 5% on millions of payments processed each day by consolidating all vouchers across 28 agencies into a single data hub. Improve incident investigation process by establishing business rules to assign incidents based upon risk level, investigation type, priority that match the auditor skills and job role Provide management visibility and independent oversight to monitor approved and rejected payments Eliminate inconsistent and contradictory actions by auditors by providing a structured investigation process based on approved investigation checklists based on type of the suspicious transaction. Optimize recover audit business process with integration to the ERP system for vendor management and payment processing Case Study
  • 46. www.fulcrumway.comPage 46Copyright © FulcrumWay Risk Mitigation = Standard Controls + CCM User Roles 3-Way Match Track Payments Sentiment Analysis Split Purchase Orders SoD/ Access Policy Violations Duplicate Payments Transaction Threshold Amounts Duplicate Vendors Monitor Setup Changes Master Data Audit Trial Transaction Pattern Analysis Fuzzy Logic, ‘similar values’ Continuous Monitoring Standard Controls Approval Hierarchies Track Discounts Case Study
  • 47. www.fulcrumway.comPage 47Copyright © FulcrumWay Sign-up for FREE 14 Days EvaluationQ & A Register online to try out SafePaaS