Weitere ähnliche Inhalte
Ähnlich wie Oracle Advance Controls (20)
Kürzlich hochgeladen (20)
Oracle Advance Controls
- 1. 1 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 2. The following is intended to outline our general product
direction. It is intended for information purposes only,
and may not be incorporated into any contract.
It is not a commitment to deliver any material, code, or
functionality, and should not be relied upon in making
purchasing decisions. The development, release, and
timing of any features or functionality described for
Oracle’s products remains at the sole discretion of
Oracle.
2 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 3. Fusion GRC Applications
Strategy and Roadmap
Sid Sinha
Senior Director, Product Development
Presenting with
3 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 4. Agenda
Introductions
Product Strategy
Customer Panel Discussion
4 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 5. RISK MANAGE
INTEGRATED BUSINESS PLANNIN
BETTER REPORTING
ATTRACT AND RETAIN TALENT
PRODUCTIVITY
5 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 6. FINANCIAL REPORTIN
RISK MANAGE
DRIVING GROWTH INTEGRATED BUSINESS PLANNIN
REDUCING COSTS
MANAGING RISK
BETTER REPORTINGPAYABLE
ACCOUNTS
ATTRACT AND RETAIN TALENT
PRODUCTIVITY
ACCOUNTS RECEIVABLE
6 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
INVESTOR RELATIONS
- 7. 7 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 8. Financial Impact
“[Most companies] expect
to find .1% of of a
company’s spend in $1,000,000 lost per year for
financial leakage” every billion in spend
“For a company with a
5% profit margin, $1
Each Incident of fraud costs
Million in recoveries $100,000 to $1,700,000*
equates to $20 Million in
incremental Sales”
Protiviti 2010 - Procurement Assessment
and AP Recovery Solutions
*Source: 2010 ACFE Report to the Nations on Occupational Fraud and Abuse
8 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 9. Strategic Priorities
Survey of 263 Finance Executives
BETTER CONTROLS AND EFFICIENCIES
Business Risk Analysis 48%
Improve Cash Flow and Working Capital 42%
Audit and Control of Procurement 33%
Understanding Payables Exposure 28%
Compliance 15%
Reaching New Heights: The Dividends of Collaboration between Finance and Procurement is published by CFO Publishing LLC, May 2012
9 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 10. Control Challenges
Survey of 425 companies TOP 10 CONTROL CHALLENGES*
Segregation of Duties
Duplicate Payments
Manual Processes
DRIVERS
Employee Reimbursements
• Lack of Staff
• False Positives Compliance with Policy
• Access to Data
• Visibility to Issues Automation
• Mergers & Acquisition
Checks
• Decentralized Operations
• Outsourcing Approvals
Standardization/Consistency
Signatures/Authority
10 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal *Accounts Payable Network Benchmark: AP Controls May 2011
- 11. Web of Control Issues
Missing Prices
Overpayments to Unauthorized
Vendors Credit
Invalid or Missing Credit
Duplicate Checks
Unauthorized Supplier Master
Billing Errors Journal Entries
Unapproved or
Illegal Suppliers
Duplicate
Inaccurate Payments
Inaccurate Manual Journal
Financial Reports Entries
Delayed Supplier
payments
Duplicate
Incorrect Spilt Purchase Invoices
Payment Terms Statutory Audit Orders
Findings
Unused Credit
Supplier Fraud Memos
Unauthorized Delayed
Unusual Returns
Access Collections
11 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 12. Performance Driven Controls
BUSINESS RISKS
ENTERPRISE PERSPECTIVE
Goals Process
Optimization Human Capital
CONTROL OBJECTIVES
Compliance Order Mgmt.
Working Capital Accounting
Leakage Procurement
CONTINUOUS MONITORS
12 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 13. Example – Financial Leakage
PERFORMANCE GOAL PREVENT LEAKAGE $
Unauthorized
BUSINESS RISKS Purchases
Overpayments
Valid Purchase Capture All Accurate Supplier
CONTROL OBJECTIVES Orders Discounts Information
Purchase of Purchase Orders Discounts Lost
Split Purchase
CONTINUOUS MONITORS Orders
Unauthorized to Blocked due to Delayed
Items Suppliers Payments
13 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 14. Integrated Risk and Controls Management
Steps
Assess Risk
Identification and Compliance
BUSINESS RISKS Analysis
Evaluate
Document
Detect and
CONTROL OBJECTIVES Assessments Fix Issues
Reviews
Author
CONTINUOUS MONITORS Execute
Continuous Improvement
Investigate
& Monitoring
14 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 15. Fusion GRC Product Strategy
One Enterprise Foundation
BUSINESS RISKS
Enterprise Risk & Controls Foundation
Dashboards, Reports and Alerts
CONTROL OBJECTIVES Risk, Controls & Compliance Management
Continuous Controls Monitoring
CONTINUOUS MONITORS
Custom or
Legacy
Applications
15 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 16. Fusion GRC Product Strategy
One Enterprise Foundation
Enterprise Risk & Controls Foundation
All Users
All Processes
Dashboards, Reports and Alerts
All Applications
Risk, Controls & Compliance Management
Continuous Controls Monitoring 100% of Transactions (Not Samples)
Advanced Detection Patterns
Manage by Exception
Business Application Business Application Business Application Independent Assurance
Roles and User Security Roles and User Security Roles and User Security
Strengthens ERP controls
Workflow Controls & Set Up Workflow Controls & Set Up Workflow Controls & Set Up
Masterdata Masterdata Masterdata
Does not sacrifice efficiency over
Transactions Transactions Transactions control
16 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 17. Fusion GRC Product Strategy
One Enterprise Foundation
Enterprise Risk & Controls Foundation • Manage Interdependent Risks,
Dashboards, Reports & Alerts
Compliance and Monitoring
Initiatives
Role Based Access Security
Worklists Notifications Email Search Perspectives
Setup and Administration
Risk, Controls & Compliance Management
• Closed-loop processes for
documentation, assessments,
Documentation Reviews Assessments Surveys Remediation
remediation and testing
Continuous Controls & Risk Monitoring
• Flexible, User-Defined Modules
Access Setups Master Data Transactions Audit Tests
and Control Monitors and
Data Connectors User Authored Controls Fraud & Error Patterns Audit Testing
Custom or Legacy
Applications
17 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 18. Customer Success
18 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 19. Fusion GRC Solutions
19 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 20. Enterprise SOD and Security Controls
Solution Capability
Document, assess and certify Application Security/SOD policies
Library of pre-built automated SOD controls for EBS, PSFT & Fusion
Author new controls, extend to any business application
Benefits
– Foundation for a strong application control environment
– Lower Cost of Compliance - Financial Reporting & Privacy
– Reduction of Fraud and Misuse
Detection Prevention
Define Access Access Remediation Preventive Compensating
Controls Analysis (Clean-up) Provisioning Policies
20 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 21. Technical Innovation
Complete User Access Path
RelateDoe
User: John Access to Actual Transactions
Role: Shipping Clerk
Function: Tracking POs
Connect to any provisioning engine
Extend to any authorization model
Role: Shipping Supervisor
Function: Purchase Orders
Form: Receiving
Tab: Review PO
Correlate Events and
Detect Policy Violation Action: Submit PO
Transaction: Order 123
Action: Signature Receipt
Vendor: Acme
21 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 22. New Connectors Pre-built
Extensible
Partner Pre-built
Continuous SOD Controls Monitoring CUSTOMER CARE
& BILLING
Custom or Legacy
Applications
22 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 23. 23 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 24. Advanced Financial Controls
Solution Capability
Conduct risk assessments across all processes
Comprehensive transaction data coverage
Author controls and manage Incidents
Benefits
– Prevent Financial Leakage
– Reduce Error, Waste, Misuse and Fraud
– Improve Cash-Flow
Detection Prevention
Perform Review and Preventive
Define Controls Transaction Address Transaction
Analysis Incidents Controls
24 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 25. Key Financial Control Issues
434 senior finance executives
51% make 10 to 30% of all payments too early**
64% make 10 to 30% of payments too late**
55% of companies are unable to collect 20 to 40% of total revenue
within contracted payment terms**
46% of AP departments have not reviewed AP policies for over a year*
*Accounts Payable Network Benchmark: AP Controls May 2011; 425 Companies
** Made to Measure CFOs on finance- and procurement-process improvement, CFO Research, May 2012
25 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 26. Procure to Pay - Example
Optimization Cash Flow Prevent Leakage
Business Risks Controls Objectives Continuous Monitors
Capture all Supplier and Invoices
Split purchase orders
Discounts Created by Same User
Unapproved or Incident !
Illegal Suppliers
Accurate Supplier Discounts Lost due to Multiple Suppliers with Incident !
Information Delays in Payment the similar email domain
Delayed Supplier
payments Incident !
Valid Purchase Multiple Suppliers with Purchase Orders issued
Orders the same Tax ID to Blocked Suppliers Incident !
Unauthorized
Purchases
Ensure Separation Multiple Suppliers with Monitor purchases of Investigate
of Duties in the same Bank Account unauthorized items,
Procurement Number such as contraband
Close
26 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 27. 27 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 28. 28 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 29. 29 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 30. 30 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 31. Comprehensive Coverage
6000+ Mapped
Data Fields!
31 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 32. Purchase Receive Issue
Requisition Invoice
Goods/Services Goods/Services Payments
Procure to Pay
32 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
- 33. ! Controls Dashboard - ×
Notifications Monitoring
User 2 Submitted Order Cash
Duplicate Invoices
#1016 & 1017
Procure to Pay
Error in Transaction
#1018 Travel & Expense
Potential Risk in
Transaction #1018 Reports
ID Invoices Value Order
Unapproved
Transaction #1019 Inst1 1015 11,548 0
Inst2 1016 14,234 0
Inst3 1017 14,094 0
Inst4 1018 22,124 0
33 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 34. C O M I N G S O O N
34 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 35. 35 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
- 36. Accounts Payable Recovery Audit
Example
Profile
UNINTENTIONAL ERRORS AND LEAKAGE Global Single Instance (EBS)
Global, Fortune 500 Firm, High-Tech Centralized Payables Operation
• Over 4 Audit Cycles, consultants found $17.5M in
Well Staffed
payment errors
Clean Sox Audit
Audit Recovery Findings
$17.5M Found
$8.3M Total Recovery
$4.8M After Fees
18 Month Cycle
36 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 37. Recovery Audit Controls
Solution Capability
Manage Recovery Audit Projects & Claims
Library of pre-built recovery control monitors
Author new controls, with advanced anomaly & pattern detection
Benefits
– Pre-audit preparation, secured access to data
– Expand recoveries
– Address root causes of leakage
Detection Prevention
Define Recovery Analyze Identify Recover Address Root
Controls Results Incidents Claims Causes
37 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
- 38. Recovery Audit - Example
Improve Cash flow Recover Leakage
Business Risks Controls Objectives Continuous Monitors
Minimize Identify vendors with debit Same Invoice Number
Uncollected Vendor balances and no Open paid in Different
Delayed Collections Balances Purchase Orders Orgs/Operating Units Incident !
and Uncollectable
Receivables Same charges paid on
Same Invoice Number Incident !
Valid Vendor different Invoice Nos. w/
paid twice
Invoices different Dates
Overpayments to Incident !
Vendors Same Invoice Number Invoice entered and paid
Invoice payments by paid to Multiple entities of to an incorrect/unrelated Incident !
customers with Same Supplier Supplier
correct discounts
Identify Customers Payments Investigate
that have taken Discounts
after the Discount Date Close
38 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 39. Advanced Detection Engine
Pareto Pattern (80-20 Rule)
– Identify top 20% of Suppliers that send 80% of duplicate invoices by amount value
Absolute Deviation Pattern
– Identify Invoices for disk drives that are in the top 10% in price deviation from the
average price for disk drives
Anomaly Detection Pattern
– Identify T&E reports where the hotel per day charges are much higher (normal
distribution) than all the other T&E reports
Clustering Pattern
– Identify groups of vendors based on uncollected vendor balances
39 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 40. PRGX - Recovery Audit Controls Partner
Global leader in recovery audit services industry
$1Billion yearly in recoveries on average, 1600 Employees
Transaction-intensive industries, Clients in over 30 countries
Recovered $ per year
Airline $700,000 - $1,250,000
Automotive $805,000 - $2,200,000
High Tech $400,000 - $1,100,000
Manufacturing $435,000 - $1,300,000
Transportation $385,000 - $830,000
Source: PRGX recovery audit findings
40 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 41. Deloitte - Recovery Audit Controls Partner
Global leader in contract compliance services
Broad range of revenue recovery services across multiple industries
(i.e., average ROI for revenue recovery services is 10 to 1)
Deep experience in the delivery of supplier and vendor management
services
Broad range of industry experience in Technology, Consumer
Business, Life Sciences, Energy, Federal Gov.
Global team of dedicated with personnel with specialized contract
compliance skills
41 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 42. Fusion GRC Product Strategy
Summary Functional Solutions Vertical Solutions
Enterprise SOD Retail Vendor Rebate
Controls Controls
Advanced Financial Retail Inventory
Controls Controls
Enterprise Risk & Controls Foundation
Dashboards, Reports and Alerts Recovery Audit Telecom Revenue
Controls Assurance
Risk, Controls & Compliance Management
Supplier Risk Govt. Fraud & Misuse
Management
Continuous Controls Monitoring Management
Oil & Gas Health &
Advanced T&E
Safety Monitoring
Controls
Custom or
Legacy Social Media Tax Revenue
Applications Compliance Controls
Management
Outsourced Process Insurance Claim
SLA Monitoring Controls
42 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 43. Fusion GRC Applications
Summary
Enterprise SOD and Advanced Financial Recovery Audit
Security Controls Controls Controls
Protect sensitive Ensure process Reclaim financial
ERP functions integrity and efficiency leakage
Lower Compliance Costs Prevent & Recover Leakage $$
USER ACCESS INTERNAL SYSTEMS EXTERNAL PRCESSES
Improve Cash Flow Process Optimization
43 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 44. Customer Panel
Discussion
44 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 45. Customer Discussion
Jaime Fox Steinar Modalslid-Meling Dennis Self
Senior Manager, Director, Seadrill CIO, Gilead Sciences
Deloitte
45 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 46. Learn more about Deloitte in the
Governance, Risk, and Compliance Track
Integrating GRC and Identity Management: Minimize
Risk Across Your Organization
Session ID: CON11738
Tuesday, 11:45-12:45
Moscone West, Room 3012
Governance, Risk, and ComplianceTrack Sponsor
46 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 46
- 47. GRC Demo Pods – Moscone West W-089; W-013
Monday & Tuesday, (10AM – 6PM); Wednesday (9:45AM – 4PM)
47 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 48. Learn More About GRC Applications
Monday
Optimize Oracle EBS Procure-to-Pay: Cut Inefficiencies/Fraud with Oracle GRC Apps
12:15PM InterContinental - Sutter
CON9401
Optimize Oracle EBS Order-to-Cash Process, Cutting Inefficiencies, Fraud Potential
3:15PM Westin San Francisco - Stanford
CON9042
Oracle Governance, Risk, and Compliance Controls Suite for PeopleSoft Applications
3:15PM Westin San Francisco - Franciscan I
CON9068
48 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 49. Learn More About GRC Applications
Tuesday
General Session: Oracle Fusion GRC Applications Strategy and Roadmap
10:15AM Moscone West - 3014
GEN9385
Advances in Oracle Enterprise Governance, Risk, and Compliance Manager
1:15PM Palace Hotel - Concert
CON9389
Exploring Oracle Preventive Controls Governor’s Features - Real-Life Examples
1:15PM Palace Hotel - Presidio
CON5843
49 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 50. Learn More About GRC Applications
Wednesday
Case Study: Reducing Upgrade Errors and Effort While Improving Business Performance
10:15AM Palace Hotel - Presidio
CON9400
Advances in Continuous Controls Monitoring with Oracle Fusion GRC
1:15PM Palace Hotel - Twin Peaks North
CON9387
Oracle Governance, Risk, and Compliance Controls Suite Extensibility: Technical Insight
3:30PM Palace Hotel - Pacific Heights
CON9046
50 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 51. Learn More About GRC Applications
Wednesday, Cont’d
Enforcing Access Controls in Oracle Fusion Applications
3:30PM Moscone West - 2007
CON9403
Enforce Segregation of Duties with Identity Management GRC Controls
5:00PM Palace Hotel - Twin Peaks North
CON9386
51 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 52. Learn More About GRC Applications
Thursday
Leveraging Oracle Fusion GRC Apps for Oracle Fusion Coexistence
11:15AM Palace Hotel - Twin Peaks North
CON9428
EBS User Panel: Reducing Upgrade Errors and Effort While Improving Compliance
12:45PM Palace Hotel - Presidio
CON9395
PSFT User Panel: Preventing Misuse and Waste While Improving Compliance
2:15PM Westin San Francisco - Franciscan I
CON9393
52 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 53. The preceding is intended to outline our general product
direction. It is intended for information purposes only,
and may not be incorporated into any contract.
It is not a commitment to deliver any material, code, or
functionality, and should not be relied upon in making
purchasing decisions. The development, release, and
timing of any features or functionality described for
Oracle’s products remains at the sole discretion of
Oracle.
53 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal
- 54. Graphic Section Divider
54 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal