ERP Security and controls Management. If you are suffering from ERP Incident Management Fatigue take a few minutes to review this.

1. Suffering from ERP Incident Management Fatigue?
Segregation of Duty violations, Misconfigured setups,
Unauthorized Master Data Changes, Suspicious
Transactions, and Sensitive Data Vulnerabilities are
common risks that can lead to Fraud, Waste and
Regulatory Penalties.
Invigorate your business with SPA Treatment
Assess risk with access to leading Risk Advisors and
ERP Experts. Mitigate risk with rapid deployment ERP
Controls from our Smart Controls Cloud. Rapidly
Remediate control violations with ERP Security and
Control cloud services available to SPA members.
SPA is available to clients running: Oracle EBS, PeopleSoft, JD Edward, Oracle GRC Manager 7.8, Oracle GRC Controls Suite (AACG, CCG, PCG, TCG), Enterprise GRC
Manager, Oracle Internal Controls Manager (ICM), LogicalApps, Applimation Inegra. Additional applications and services may be added with Diamond SPA
membership for extra fees.
1.866.5.Fulcrum
www.fulcrumway.com
Risk Treatment SPA Silver Gold Platinum Diamond
Management Controls Concierge
Service hours Per Request 40 hrs./qtr. 80 hrs./qtr. 160 hrs./qtr.
Insight – Whitepapers, Educational Webinars Yes Yes Yes Yes
Training Sessions 4 hr. session/year 8 hr. sessions/yr. 16 hr. sessions/yr. 32 hr. sessions/yr.
Management Risk Assessment Option Annually Annually Semi-Annually
Controls Software Management Per Request Quarterly-QA +Critical Patch +Upgrade
Monitor User Access Option Quarterly Monthly Continuous
Monitor User Roles Option Quarterly Monthly Continuous
Monitor Master Data Option Option Continuous Continuous
Monitor Configurations Option Annually Quarterly Continuous
Monitor Transactions Option Annually Quarterly Continuous
Monitor Database Access Option Option Quarterly Continuous
Smart Controls Workbench™
DataProbe - Risk Discovery and Control Design Single User Five User Ten User Fifty User
Access Controls 50 100 100 100
Transaction Controls Option 5 10 20
Configuration Controls Option 5 50 50
Master Data Controls Option Option 3 5
Worklfow Controls Option Option Option 5
Service Levels
Response Time 5 business days 8 Hrs. 4 Hrs. 2 Hrs.
Service Window 8AM – 5PM 8AM – 5PM 6AM – 6PM 24x5
Supplemental Work Market Rate 10% discount 15% discount 20% discount
ERP Security and Controls Management
Service Preference Agreement (SPA) for Risk Treatment

2. Mangement Controls
Conceirge
Leading experts with Audit and Compliance experience at public companies. Accreted Professionals with CPA, CIA and CISA
Credentials. GRC experts with a combined experience at more than 200 enterprise clients in the past 10 years. Authored the first
book on Oracle GRC. Experts also include certified IT analysts, system administrators and DBAs.
Service Hours
Total hours available per period to perform Control Concierge services excluding training sessions. SPA Client Service
Manager is responsible for all work actions and effectively“owns”all aspects of SPA service delivery. The CSM works with the
client to schedule work based on requirements. To ensure that all issues are addressed, issues are tracked and monitored in the
Customer Portal – FulcrumACTS. Any member of the team can log an issue in FulcrumACTS. The SPA CSM will track and report
on all issues. Issues will be classified by priority, criticality, and resolution period. The SPA CSM and Client SPA Contact review
status of all issues on a periodic basis.
Insight – Whitepapers,
Peer Round tables
Learn from our real world experience with assisting clients across all major industries, company sizes and geographic regions.
Training
FulcrumWay experts deliver live two hour Web-based training courses on a wide variety of Governance, Risk and Compliance
management topics and systems. These essential training resources can help Internal Auditors, IT Managers, Financial
Managers, Business Control Owners and other professionals get up to speed on the latest knowledge and GRC best practices.
Management Risk
Assessment
Risk assessment includes Enterprise and IT assessment of risk based on FulcrumWay Risk Advisory Controls Catalog.
Enterprise assessment includes a survey of selected employees, a weighted risk rating and a control certification such
as SOX 302. The IT assessment includes segregation of duty, master data and change controls testing based on data
provide by the client through scripts and data extraction tools such as DataProbeTM
.
Controls Software
Management
Perform technical maintenance and system administration tasks based on the SPA service level to ensure that the controls
monitoring software and reports generate accurate and timely incidents for management actions.
Monitor Users,
Roles, Master Data,
Configurations,
Transactions, DB
Monitor segregation of duty (SOD) and access policy violations by user and application roles. Monitor changes to sensitive
attributes in master data objects such as supplier bank accounts, customer credit limits, etc. Monitor application configuration
settings that impact financial reporting and operations. Monitor suspicious transactions such as split PO, duplicate payments
to suppliers. Monitor users with access to database
Smart Controls
Workbench
Discover weak controls and unmitigated risks using Dataprobe, a Windows based application risk analytics tool. Add new
“smart”controls where the standard application controls are ineffective. For example, monitor all changes to the 3-way match
setting in Payables, or Journal Entries reversed over a threshold amount. Download control templates from FulcrumWay Smart
Cloud and enable business control managers to easily adjust them in controls workbench to fit their risk tolerance levels
Response Time
SPA clients use the FulcrumACTS (FACTs) system for issue management and tracking that immediately notifies the assigned
support analyst of the issue, with follow-ups scheduled according to the designated service level outlined in the agreement.
Service Window Service window is the time duration when the analysts are available to review and respond to client issues and tasks.
Supplemental Work
Supplemental work will be performed upon request for our SPA clients. A FulcrumWay Application Analyst will submit a
work order for the supplemental work that will outline the tasks and estimated time effort. Upon approval of the work order
by the client’s Application Manager, FulcrumWay will initiate the work effort in accordance with the business requirements.
Supplemental work will be billed at the following hourly rates subject to SPA level discounts.
Advanced Controls
Lab Access
FulcrumWay hosts and maintains ERP Applications, GRC Software, Controls Catalog and Risk Management Tools for our clients
to test drive each solution. Access to these services and software enable SPA clients to confirm the business case and the most
optimal approach for meeting the business needs before investing internal resources to implement the selected solution(s).
Industry Events Discount
Receive discounts on travel costs and registration fees to GRC, Audit, and IT events including: OAUG Client Dinner, Open World
GRC Round Table, IIA, ISACA, Gartner, Compliance Week, and others.
Annual Fees
Annual Fee is due upon signed agreement. Client has the option to change the services during the contract period. Client can
upgrade the SPA level by paying the difference. However, the fee is non-refundable if client downgrades the SPA. FulcrumWay
reserves the right to change its pricing from time to time, provided that no such change will be effective until at least thirty
(30) days after FulcrumWay has given the Customer written notice of such change.
One Time Setup Fee
The setup fee includes onsite review of client processes, controls, systems and audit issues to determine the scope of Service
Level Agreement (SLA). Clients that sign-up for the SPA services within 60 days of the initial deployment/engagement can
avoid the Setup Fee.
Description of Service Options