Weitere ähnliche Inhalte Ähnlich wie Top 10 P2P Advanced Controls to improve your bottom line! (20) Kürzlich hochgeladen (20) Top 10 P2P Advanced Controls to improve your bottom line!1. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal1
Top 10 Advanced Controls
for Procure to Pay to
Improve the Bottom-Line
Mary Schaeffer
Publisher & Editorial Director, AP Now
Vital Nattuva
IT Manager, CISCO Systems
Swarnali Bag
Product Strategy, Oracle Corporation
2. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal2
The following is intended to outline our general product
direction. It is intended for information purposes only,
and may not be incorporated into any contract.
It is not a commitment to deliver any material, code, or
functionality, and should not be relied upon in making
purchasing decisions. The development, release, and
timing of any features or functionality described for
Oracle’s products remains at the sole discretion of
Oracle.
3. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal3
Program Agenda
Introduction
Top 10 P2P Issues that Impact the Bottom-Line
Oracle Advanced Controls Solution
Case Study: CISCO
Q & A
4. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal4
About Mary Schaeffer
Editorial Director & Publisher
CRYSTALLUS, Inc. publisher Accounts Payable Now & Tomorrow newsletter
Nationally recognized accounts payable expert and consultant
Write free weekly ezine on AP issues read by over 7,500 professionals
Creator of Institute of Financial Operations Accounts Payable Innovation
Certificate program
Editor-at-Large CFO Publishing’s Learning Pro: AP Edition
Frequent speaker at seminars, conferences and online events
Creator of half a dozen CPE courses for CPAs
Writes a free weekly e-zine, e-AP News
Author 18 business books including 101 Best Practices for Accounts Payable
BS in Math from York College (CUNY) and a MBA in Finance from New York Univ
She can be reached at marys@ap-now.com
5. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal5
About Vital Nattuva
IT Manager, Cisco Systems Inc
IT Manager in Finance IT
IT Service Owner for Payable & Expenses, Corporate Accounting and
Procurement Services
Has been part of the transformational efforts at Cisco to consolidate multiple
geographically aligned Finance instances into Single Global Instance on R12
Before Cisco, he has played an instrumental role in Implementing Oracle
financials at various renowned companies across the Globe.
6. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal6
Program Agenda
Introduction
Top 10 P2P Issues that Impact the Bottom-Line
Oracle GRC Advanced Control Solution
Case Study: CISCO
Q & A
7. What Do We Mean by Control ‘Issues’
The processes that ensure:
Efficient and effective operations
Reliable and accurate reporting
Fraud resistant operation
Internal
External
Regulatory compliant
(c) 2013 Mary S. Schaeffer7
8. Financial Impact
Duplicate pays – often not huge amounts of $$
individually
What’s the big deal?
1)They add up!
2)Impact on sales
3)Impact on EPS
4)Fraud and the honest mistake
(c) 2013 Mary S. Schaeffer8
9. Impact on Sales
$1000 – right off the bottom line
1% margin = $100,000 in sales
5% margin = $20,000 in sales
$1,000,000
1% margin = $100,000,000 in sales
5% margin = $20,000,000 in sales
(c) 2013 Mary S. Schaeffer9
10. Earnings Per Share (EPS)
A= Total amount of duplicate and erroneous payments
B = Total number of shares of stock
A/B
Number should be small – like half a cent
Hypothetical example, a big company with a $10
million excess might have a hit on EPS of half a cent
(c) 2013 Mary S. Schaeffer10
11. Issue #1: Duplicate Payments – Two invoices
Late payments
Payment stretching
Discrepant invoices
Unresolved
Poor processes
Invoices to AP late
(c) 2013 Mary S. Schaeffer11
12. Issue #2: Duplicate Payments – Two Payment
Vehicles
Most Common
Invoice and p-cards
Expense report and petty cash
Statements
Best Practice Takeaways
Never pay invoices on expense reports
Get rid of petty cash
Limit payments to one vehicle per vendor
(c) 2013 Mary S. Schaeffer12
13. Issue #3: Erroneous Charges on Invoices
Who pays freight, insurance etc.
Complete POs
Special deals
(c) 2013 Mary S. Schaeffer13
14. Issue #4: Paying before Due Date
The clean desk syndrome
Due date setting in system
Real Life Example
Companies with problems who automate and forget they have
due date set to pay on receipt
When was the last time you checked the due date settings in
your ERP system?
(c) 2013 Mary S. Schaeffer14
15. Issue #5: Late fees
“We never pay late fees”
Open vendor credits
Best Practice Takeaways
Avoid the issue completely
Pay on time
(c) 2013 Mary S. Schaeffer15
16. Issue #6: Duplicate Vendors in Master Vendor File
Potential duplicate payments
Correspondence issues
Internal control issue
If processors enter data
Segregation of duties concern
Rigid coding standards/naming convention
(c) 2013 Mary S. Schaeffer16
17. © 2013 Mary S. Schaeffer
Issue #7: Inappropriate T&E Expense
T&E = Travel & Entertainment
The Alcohol Issue
The IRS factor
The morale issue
The bottom line factor
17
18. © 2013 Mary S. Schaeffer
Make Managers Responsible
Look before they sign!!!
Consequences
Firing - rare
Part of annual review
18
19. Issue #8: Not Earning all Early Pay Discounts
Best financial return for any company
2/10 net 30 36%
Efficient processing
Best Practice Takeaways
Track discounts lost
Investigate why
Fix root causes wherever possible
(c) 2013 Mary S. Schaeffer19
20. Tracking Discrepant Invoices, Lost Early Pay
Discounts etc.
Why
Duplicates etc.
Fraud
In Excel or system
Regular Follow up and reporting
The list no one wants to be on
Analyze
(c) 2013 Mary S. Schaeffer20
21. Issue #9: Tax Errors: Sales and Use Tax, VAT
Wrong amounts
Proper jurisdiction
Proper documentation
VAT Reclaim
(c) 2013 Mary S. Schaeffer21
22. Issue #10:Purchase Order (PO) Problems
Split POs
Blanket POs
After-the-fact POs
Real Life Example
Is anyone really monitoring ?
Does the PO ever get extinguished?
POs necessary to ensure proper payment
Best bet: All POs done before the fact
(c) 2013 Mary S. Schaeffer22
23. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal23
Program Agenda
Introduction
Top 10 P2P Issues that Impact the Bottom-Line
Oracle Advanced Controls Solution
Use Case – CISCO Systems
Q & A
24. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal24
Advanced Controls
Layer of automated controls over ERP controls
Continuously monitor key controls
Detect and Report issues as they occur
Prevent issues from occurring
Quickly see high risk issues with exception based dashboards
Address issues that affect the bottom line
Reduces operational risk and process effectiveness
What is it?
25. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal25
Standard + Advanced Controls
User Roles
3-Way
Match
Track
Payments
Sentiment
Analysis
Split
Purchase
Orders
Hide
Displays of
Sensitive
Data
Duplicate
Payments
Transaction
Threshold
Amounts
Duplicate
Vendors
Fine-
grained
User
Access
Configuration
Snapshots &
Audit Trial
Transaction
Pattern
Analysis
Fuzzy
Logic,
‘similar
values’
Advanced
Controls
Standard
Controls
Approval
Hierarchies
Track
Discounts
26. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal26
Business Risks Bottom Line Impact
Incorrect Vendor Payment • Cash leakage
• P/L Impact
ERP Control
Prevent the same invoice number from being entered for the same supplier and same supplier site
Advanced Control
Detective:
Detect invoices with “Similar” invoice number, same amount to the same supplier
Detect invoices made to the same suppliers but in different business unit
Detect invoices made to incorrect vendor with very similar names
Preventive:
• Put duplicate invoices on hold until proper investigation is complete
Duplicate Vendor Payments
27. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal27
GRC Advanced Controls
One Enterprise Foundation
Enterprise Risk & Controls Foundation
Dashboards, Reports and Alerts
NotificationsWorklists Email PerspectivesSearch
Risk, Controls & Compliance Management
ReviewsDocumentation Assessments RemediationSurveys
Continuous Controls & Risk Monitoring
SetupsAccess Master Data Audit TestsTransactions
User Authored ControlsData Connectors Fraud & Error Patterns
RoleBasedAccessSecurity
WebServices&APIs
Custom or Legacy
Applications
Risk & Controls Repository
Assess and Certify
Detect Policy Violations
All Users & Applications
100% of Transactions
All Processes
̶ Procure to Pay
̶ Order to Cash
̶ Financial Reporting
̶ User Access
Manage by Exception
Optimize Processes
28. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal28
Comprehensive Risk & Controls Mgmt.
Identification
Analysis
Evaluate
Document
Assessments
Reviews
Author
Execute
Investigate
Steps
BUSINESS RISKS
CONTROL OBJECTIVES
CONTINUOUS MONITORS
Assess Risk
and Compliance
Detect and
Fix Issues
Continuous Improvement
& Monitoring
29. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal29
Optimization Cash Flow Prevent Leakage
Business Risks Controls Objectives Continuous Monitors
Unapproved or
Illegal Suppliers
Delayed Supplier
payments
Incorrect Vendor
Payment
Capture all
Discounts
Accurate Supplier
Information
Valid Invoice
Payments
Valid Purchase
Orders
Duplicate Invoice
Payments
Incident !
Incident !
Incident !
Investigate
Close
Incident !
ERP Transaction Payment Hold
Supplier and Invoices
Created by Same User
Discounts Lost due to
Delays in Payment
Multiple Suppliers with
the similar email domain
Erroneous Payment Purchase Orders
created after Invoice
Duplicate vendor in
vendor master file Split Purchase Order
Oracle Advance Control Process Overview
30. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal30
Exception Based Dashboard
31. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal31
Continuous Monitor – Duplicate Invoices
32. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal32
Control Definition
33. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal33
Incident Management
34. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal34
Incident Management
35. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal35
Preventive Measure
36. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal36
Preventive Measure
• Enforce controls & policy within the ERP systems
37. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal37
…by
Continuously
Monitoring
Your
ERP
Applications
Advanced Controls
Enables you to:
Improve Bottom-Line
Reduce Operational Risk
Increase Process Effectiveness
38. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal38
Advanced Controls
Make Processes More Effective, Efficient
Reduce Operational Risk
Improve Bottom Line
Detect unwanted transactions
Detect settings that cause loss
Detect problematic exceptions
Automate policy management
39. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal39
Program Agenda
Introduction
Top 10 P2P Issues that Impact Bottom-Line
GRC Advanced Control Solution
Use Case – CISCO Systems
Q & A
40. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 40
Oracle Advanced Controls –
Customer Experience
Vital Nattuva
IT Manager
41. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Company Overview
Need for Compliance
GRC Advanced Control Use Cases
Implementation Approach
Lessons Learned
42. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Our Vision and Strategy
Strategy
Solve our customers’ most important business challenges
by delivering intelligent networks and technology
architectures built on integrated products, services and
software platforms
Vision
Change the way the world
works, lives, plays and
learns
Quick Facts
Founded in 1984
FY 2013 Revenue: $48.6 billion
FY 2013 Earnings per Share: $1.86 GAAP; $2.02 non-GAAP
Q4 FY'13 Employee Count: 75,049
43. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Business Opportunity in an Evolving World
The Internet of Everything
Deeper Insights for
Greater Decision Making
Empower People/
Increase Efficiency
Create and Expand New Markets
and Services
Create Better Experiences to Build
Better Relationships
44. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Our Priorities Align to Solve your Business Challenges
Mobile | Social | Visual | Virtual
Video CollaborationData Center/
Virtualization/
Cloud
Architectures
for Business
Transformation
Intelligent Network
• Routing
• Switching
• Services
Leadership
in the Core…
Strategic Building Blocks
Mobility | Security | Any to Any
45. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Purchasing
iProcurement
iExpenses
General
Ledger
Fixed Assets
Accounts
Payable
Core
Financials
Employee
Self-Service
R12.1.3
Travel
46. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46Cisco Confidential 46© 2010 Cisco and/or its affiliates. All rights reserved.
Increased quantity and complexity of:
compliance requirement from internal/external audits
global country regulations
acquisitions and new Cisco entities
Need for automation is required for:
solution compliance validation
capability to monitor 100% of data
scalability for Oracle and non-Oracle integration
Utilize a Policy Maturity Model to
measure how effectively a policy:
• Identifies policy owner
• Dictates requirements
• Determines violations
• States remediation
• Is able to control
Current process for policy
violation detection and
remediation:
• Manual audit/sampling
• Manual process
design/implementation
• Manual communication
Majority of systems/tools requiring
compliance enforcement are not
integrated, and require:
• Invasive tool development
• Scripts to extract data
• Manual validation across multiple
tools/systems
• Leveraging current capabilities
Policy Process System
47. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47Cisco Confidential 47© 2010 Cisco and/or its affiliates. All rights reserved.
Policy
Evaluate policy for requirements and remediation;
increase “policy maturity” when required
Control Rules
Translate policy requirements into data level logic to identify
violations
Data Integration
Environment to consolidate transactions, and apply
logic rules to identify violations
Remediation & Tracking
Track violations, execute and track remediation
Policy
CCM
Create compliance
rules in TCG
Publish reports for operations
Track and manage history
Compliance rules in TCG
Compliance Tx
Reports from TCG
Transactions
Compliance assessment through
Incident and Remediation management
Process
48. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Duplicate vendors
Identify creation of
duplicate vendor sites
Duplicate payments by
vendor
Identify duplicate invoice
processing by vendor
Maverick buying
PO date should be
prior to the invoice
date
Duplicate payments by
invoice
Identify duplicate invoices by
similar invoice and by vendor
Accounts
Payable
(Phase I)
$
Duplicate invoice
Duplicate invoice
Duplicate vendor in
vendor master file
PO related problems
49. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
Withholding Tax (APAC)
Identify the suppliers/ invoices
where the incorrect rate of
WHT was applied
Identifying erroneous
high value payments
Payments more than 30%
increase of the last rolling 6
months payment to the vendor
VAT rate
Identify different VAT rates
applied by the same vendor, for
same goods/services, for same
bill to entity
Accounts
Payable
(Phase II)
$
Tax errors
Tax errors
Erroneous payment
50. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Collusion – analysis of
attendees
Analysis of attendees to highlight the
pattern of interrelationship with co-
workers related to suspicious ER activity
Amex/cash surfing
Verify if same expense has
been claimed both as Amex
and cash
Forensic repeat offenders
Identify expenses claimed in
iExpenses instead of booking
through approved channels
Expense splitting
Identify expenses that were split
to avoid policy violation
iExpense
(Phase II)
$
Key word search in category
Identify the expenses claimed using unapproved
channels, and by wrong categorization to avoid
activating the report for audit
File attachment on Expense Reports (ER)
Identify ERs with supporting documents in un-
acceptable formats (like editable attachments like .txt)
Noncompliant expenses
Inappropriate T&E claim
Duplicate expenses
Inappropriate T&E claim
Inappropriate T&E claim
Inappropriate T&E claim
51. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
Implementation Approach
Phase IIPhase I
Understand
GRC
capabilities
Identify gaps
and issues
Stress test
application
performance
Enable GRC
platform
Rollout AP use
cases
Stabilize GRC
platform
Rollout
iExpense use
cases
Achieve
adoption
Phase III
Expand rollout
to other
functions
52. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
For One (1) YearDate Analyzed
Approximately 150+No. of Entities
Four use cases in Accounts PayablesNo. of Use Cases
Graph Initial Build 130M records processed
1.3M records processed
Graph
Incremental Build
53. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
Hardware
Configuration
• TCG analyzes millions of
transactions so it needs
enough resources (disk
space and memory)
• Follow Oracle
recommended h/w and
s/w and make
adjustments based on
the volume of
transactions
Model & Control
Analysis Assessment
• Optimize the design of
models
• Replicate read-only
schema instead of using
apps schema of EBS
• Implement control data
level security (by region)
so incidents can only be
viewed by the right user
for that region
Fit/Gap Analysis
• Verify the availability of
business objects for the
use cases
• Validate the model
results first before
running the controls
• If you don’t need to
secure your incidents,
then do not use
perspective for security
Oracle Support
• Early engagement with
Oracle
• Tight collaboration and
partnership with Oracle
ETL Performance
Assessment
• Perform multiple
iterations of graph build.
Monitor sys resources
• Analyze transaction
volume of each business
object used in models
• Understand the ETL
design and Data
Extraction criterion
54. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
Expense Management Forensic Strategy Automation
Potential Cost savings through increased compliance in hotel
bookings (10% increase in compliance may Yield ~ 2/3 M $/Yr savings)
Potential savings through Procurement spend Channel
alignment (realize higher discounts thru P-card program)
Reduced internal and External Audit costs
Cost avoidance of Operations in Audit remediation
55. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
Thank you.
56. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal56
Program Agenda
Introduction
Top 10 P2P Issues that Impact Bottom-Line
GRC Advanced Control Solution
Use Case – CISCO Systems
Q & A
58. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal58
Oracle Advance Controls
OOW2013 Sessions &
Demo Pod Slides
59. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal59
Demo Workstation
Moscone West 1st Floor #W-013
Monday Tuesday Wednesday
Demo ID 3532
Workstation #: W--013
9:45 – 6:00 9:45 – 6:00 9:45 – 4:00
60. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal60
Demo Workstation
Moscone West 1st Floor #W-013
61. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal61
General Session: Empowering Modern Governance, Risk, and Compliance
12:15PM Moscone West – 2006/2008
GEN8812
Automate Robust User Access and Security Controls for PeopleSoft
10:45AM Moscone West - 2009
CON8820
Panel Discussion: Intelligent Controls for Key Business Processes & Upgrades in PeopleSoft
3:15PM Moscone West - 3020
CON8822
Deloitte: Leveraging Oracle GRC Technology to Reduce Revenue Loss, Cost Leakage & Fraud
3:15PM Moscone West - 2000
CON8822
Learn More About Oracle Advance Controls
Monday
62. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal62
Top 10 Advanced Controls for Procure-to-Pay to Improve the Bottom Line
10:30AM Moscone West – 2003
CON8814
Center for Medicare & Medicaid Services Automates Internal Controls with Oracle GRC
3:45PM St Francis – Elizabethan C/D
CON9346
Enforce Segregation of Duties with Identity Management and Oracle Advanced Controls
5:15PM Moscone West – 3018
CON8827
Learn More About Oracle Advance Controls
Tuesday
63. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal63
Optimizing Order-to-Cash with Oracle Advanced Controls for Oracle E-Business Suite
10:15AM Moscone West – 3018
CON8816
Reducing Risk for Oracle E-Business Suite Upgrades and Implementations
1:15PM Moscone West – 3018
CON8830
Panel Discussion: Intelligent Controls for Key Business Processes and Upgrades
3:30PM Moscone West – 2002 / 2004
CON8832
Learn More About Oracle Advance Controls
Wednesday
64. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal64
Advanced Access and User Security for Oracle E-Business Suite and Fusion Applications
2:00PM Moscone West – 3018
CON8824
Meet the Governance, Risk, and Compliance Experts
12:30PM Moscone West 2001A
MTE9412
Learn More About Oracle Advance Controls
Thursday
65. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal65
The preceding is intended to outline our general product direction. It is
intended for information purposes only, and may not be incorporated into
any contract.
It is not a commitment to deliver any material, code, or functionality, and
should not be relied upon in making purchasing decisions. The
development, release, and timing of any features or functionality
described for Oracle’s products remains at the sole discretion of Oracle.
66. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal66
@OracleAdvCntrls
67. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal67
Appendix
68. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal68
Business Risks Bottom Line Impact
Invalid entry of supplier invoices Cash leakage
ERP Control
Prevent same invoice number from being entered for the same supplier and same supplier site
Advanced Control
Detective:
Detect invoices with “Similar” invoice number, same amount to the one supplier
Detect invoices made to the same suppliers but in different business unit
Detect invoices made to different vendor with very similar names
Detect payment made by procurement card and checks
Preventive:
• Put duplicate invoices on hold until proper investigation is complete
Duplicate Vendor Payments
69. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal69
Business Risks Bottom Line Impact
Overpayment to suppliers Cash leakage
ERP Control
Track scheduled payments so that it never goes over the invoice total
3-way match will compare the purchase order, receipt of goods and invoice if the above two are correct
Advanced Control
Detective:
Detect invoices where freight was charged when in PO it was supposed to be pre-paid by the
vendor
Detect invoices where freight was charged and warehouse charged freight separately
Detect invoices billed for quantities than what was actually shipped
Preventive:
• Put suspect invoices on hold until proper investigation is complete
Erroneous Charges to Invoice
70. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal70
Business Risks Bottom Line Impact
Untimely payment to supplier
Negative Credit Rating
Late payment fines causes negative cash flow
Lose out on opportunity to take early payment discounts
ERP Control
Invoice ageing report show invoices due payment
Advanced Collections flags delinquent or pre-delinquent transactions
Invoice get paid based on payment term after it is validated and approved
Advanced Control
Detective:
Detect invoices that are approaching due date base on supplier/ PO payment term
Identify users who have consistently not paid vendors on time
Detect payments to vendors that are consistently late
Preventive:
• Send alerts on upcoming payments that are approaching due dates
Late Payments
71. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal71
Business Risks Bottom Line Impact
Risk of audit/ fines and penalty (regulatory risk) Cash leakage
ERP Control
Can mandate original employee receipts for foreign trip to reclaim VAT
Tax module calculates applicable taxes which provides a check on amounts stated by the supplier
Advanced Control
Detective:
Detect sales tax invoices by vendors for non-taxable items
Identifies use tax in error on non-taxable goods and services
Identify all VAT invoices that are approaching due date of the calendar year
Detect if sales tax goes over a threshold value
Identify supplier invoices where VAT is charged based on supplier location vs where the service is
rendered
Tax Errors: Sales/ Use/ VAT
72. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal72
Business Risks Bottom Line Impact
Inaccurate vendor master Cash leakage
ERP Control
Prevents user from entering duplicate supplier names
When entering a new supplier, it shows you existing suppliers with similar names
Advanced Control
Detective:
Duplicate payment made to multiple entities of the same supplier
Identify purchases made from unapproved vendors
Identify users having supplier creation privileges and purchase order/ Invoice creation privilege
Identify suppliers with similar or different names but with same Tax ID Number or address
Identify suppliers who exists in the “Do not do business with” suppliers
Preventive:
Make supplier Tax ID Number field mandatory
Prevent POs to be created with unapproved vendors
Master Vendor Management
73. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal73
Business Risks Bottom Line Impact
Financial fraud and misuse Cash Leakage
ERP Control
No good native controls
Advanced Control
Detective:
Detect Split PO to work around approval threshold
Detect standard PO issued to a supplier where a blanket PO exists
Preventive:
POs over a certain threshold require approvals
Good receipts cannot take place without an approved PO
Mandate PO number during invoice creation
Purchase Order Problems
74. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal74
Business Risks Bottom Line Impact
Costly Payment to Vendor Negative Cash Flow
ERP Control
Populates payment term of the supplier or the PO during invoice creation
Based on supplier master configuration, system will force a discount even if discount date has passed
Advanced Control
Detective:
Identifies special rebate from the PO contract that the invoice failed to mention
Track invoices that missed discount date by a little margin
Preventive:
• Send alerts on upcoming discounts available for payments above a threshold
• Prevent vendors from deducting late fees from open vendor credit
Missed Discounts
75. Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal75
Business Risks Bottom Line Impact
Untimely payment to supplier Negative Flow Impact
ERP Control
Automatically displays payment term during invoice creation
Payment on receipt option can be disabled
Advanced Control
Detective:
Detect payments made earlier than supplier payment term
Alerts a user if payment term setup is changed
Preventive:
• Set up an approval process if payment term is changed
• Prevent payment term to be changed
• Ensures segregation of duties between invoice creation and supplier creation
Early Payment