Are you prepared to deal with the exposures associated with an Oracle ERP related breach?
|
|
- Hilda Berry
- 5 years ago
- Views:
Transcription
1 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with Overview
2 Are you prepared to deal with the exposures associated with an Oracle ERP related breach? KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 1
3 Is your current Oracle ERP security & controls solution impeding the performance of your organization? KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 2
4 Does your legacy Oracle ERP security & controls solution support today s dynamic, global operational requirements? KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 3
5 Does your Oracle ERP security & controls solution provide a cost effective platform to support regulatory compliance requirements? KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 4
6 Oracle ERP Security & Controls Challenge How do you effectively and efficiently balance user enablement with transaction & data protection? Mobile Cloud Web Employees Client Server ERP Mainframe Key Business Drivers Increased Cyber Threats Burdensome Regulatory Requirements Operational Complexities Need to Empower Employees Unrelenting Technology Changes 5
7 Risk Compliance Controls Security Traditionally, Oracle ERP project teams are focused on core ERP functionality, prioritizing implementation activities to align with timeline limitations and budget constraints. This tactical approach commonly results in risk and control compromises not fully appreciated, until after go-live. Once the ERP solution is live and operational, organizations begin to realize the significance of their oversights and compromises and are forced to initiate post go-live remediation projects to make the necessary corrections. These projects are disruptive, exponentially more expensive and time consuming. The primary function of our Oracle Risk Consulting practice is to provide experienced resources to proactively assist ERP implementations through a focus on the Securing the ERP principles to help minimize the threat of costly rework after the ERP solution is operational. 6
8 Securing the ERP KPMG s Securing the ERP approach is a 360 degree view of ERP security and controls positioned to help industry leading organizations effectively balance the divergent tasks of empowering ERP business users while simultaneously protecting sensitive data and transactions. Oracle ERP Advanced Controls 7
9 Advanced Controls Oracle ERP Advanced Controls Key Business Drivers Revenue leakage ERP centric business processes complexities and inefficiencies Fraud and errors High ERP configuration costs Complex regulatory compliance requirements Greater transparency required for sensitive transactions Key Capabilities for Advanced Controls Business Process Controls Framework to organize manual controls, ERP application controls and automated controls Preventative Controls to mitigate process risks Detective Controls to monitor sensitive transactions and data changes Configuration Controls to track/monitor configuration changes and compare Oracle ERP instances Conversion & Interface Controls Fine grain Segregation of Duties Realized Value Automated controls Effective configuration management program Effective regulatory compliance program 8
10 Application Security Key Business Drivers Employees access to ERP applications Sensitive ERP transactions and data Fraud and error Complex regulatory compliance requirements Key Capabilities for Application Security Oracle ERP Authentication : Oracle ERP authentication/single sign-on Role Based Access Controls (RBAC) based on specific job functions Access Permissions Architecture based on specific requirements such as job role or geographic location Function Security restricts user access to individual menus of ERP functions, such as forms, HTML pages, or widgets Data Security to restrict the access to the individual data that is shown once a user has selected a menu or menu option. Operational Segregation of duties(sod) framework Realized Value Enabled ERP users aligned with job functions Reduced user administration costs Effective regulatory compliance program 9
11 Data and Infrastructure Key Business Drivers Data & Infrastructure Security External threats Internal threats Technology vulnerabilities Complex regulatory compliance requirements High availability Key Capabilities for Data & Infrastructure Oracle ERP Information protection to protect data at rest and data at motion, database security, data masking, vulnerability management Infrastructure Security harden operating system and hardware Cyber Security program to minimize the impact of cyber security attacks by proactively monitoring transactions & leveraging an incident response program Business and Technology Resilience to provide business continuity planning & management, disaster recovery, crisis management, high availability capabilities, performance monitoring Privilege user management program to manage administration and system to-system user accounts Realized Value Effective, risk-based information security program to protect ERP solution Effective regulatory compliance program 10
12 User Access Administration Key Business Drivers Ongoing user administration and control governance High user administration and Controls cost Complex regulatory compliance requirements Greater need to understand user activities and usage trends Oracle ERP Key Capabilities for User Access Administration ERP Security Operations and Controls Governance Organizational design & operational processes Policies and procedures Controls Governance & reporting ERP Controls enablement and remediation processes Segregation of Duties process User Access Administration Functions and Tools Registration / Approval Self Service Delegation User Provisioning : Add, Change, Inactive Password Management Certification User Analytics Realized Value Efficient ERP user administration program Reduced user administration cost Effective regulatory compliance program 11
13 Securing the ERP Roadmap 12
14 Roadmap Securing the ERP Works ho /8 Securing the ERP 'fiialj Journey Jumpstart Project Advanced Controls User Access Administration St rate gyt_ Assess 1fXesig'ti1= =~=- 1 il_@j Data Security cy \OJ\ ~t===-- Infrastructure Security ERP Project 13
15 Methodology Our KPMG Securing the ERP framework uses a risk-based phased approach to create more manageable and measurable engagements. Each phase logically leads to the next phase and leverages work performed in all prior phases, while managing the project closely with the client in each phase. Securing the ERP Securing the ERP Services Strategy, business requirements and business case development Facts to Value current state assessments Oracle ERP Security and Advanced Controls design and implementation Automated Controls implementation Preventative & Detective Application Security Advanced Controls Data & Infrastructure Security User Access Administration User Access Administration design and operational realization Data and Infrastructure security design an implementation Configuration controls implementation 14
16 Methodology Plan Design Build Implement Monitor Current State Assessment Advanced Controls Risk & Controls Matrix Review & Update Manual Controls Design EBS Controls Design Oracle Advanced Controls Design EBS Configuration OAC Install & Configuration Testing Cycles Validate Process Controls Blue Sky Strategy Workshop Application Security EBS Application Security Design RBAC Design Build & Validate EBS Roles & Responsibilities Testing Cycles ERP Application Security Convert & Validate Test Users Convert & Validate End Users Securing the ERP Strategy Securing the ERP Project Plan Data & Infrastructure Security User Access Administration SOD Design EBS Data Security Design EBS Infrastructure security Design Update User Administration Build Data Security Architecture Build Infrastructure Security Architecture KPMG International Cooperative ( KPMG International ), a Swiss entity. All Program rights reserved. SOD Review Permission SOD Review Users Testing Cycle Validate Data & Infrastructure Review User Administration Program Execute User Administration 15 Program
17 KPMG Security and Controls Practice 16
18 Practice Overview KPMG brings a depth and breadth of security and controls expertise to today s ERP security challenges. Our Oracle Security & Controls resources know the business advantages of a well-managed ERP system, and they know how to implement the right security & control solutions in a given context to not just foster a company s growth and efficiency, but help ensure that its assets and data are protected. KPMG s Oracle Security & Controls Practice Highlights 20 years of Oracle security and controls experience Global delivery team with 100+ Oracle security & controls resources Oracle Security & Controls implementations have included EBS, PeopleSoft, and integrations with Siebel, Hyperion, BRM, PIM, and OIM 100+ Securing the ERP engagements delivered by the team members Long standing relationships with Oracle Advanced Controls product development, and product support organization Thought Leadership Profit Magazine Securing the ERP Interview August 2014 Real-Life Examples: Oracle Advanced Controls (OAC) Benefits in Oracle EBSR12 Upgrades/Implementations March 2014 Record to Report (R2R) White Paper April
19 Tools and Accelerators Securing the ERP Methodology Risk & Controls Catalog Implementation Tools & Accelerators Role Designer Role Uploader Deliverable Process Analysis Templates Flowcharts Tools 18
20 Securing the ERP Maturity Model 19
21 Maturity Model Securing the ERP Maturity Model Security Individual Defined user RBAC UMX - User Identity User self service integration Permission Approach request and approval process Single Sign-on HR position based permissions Adaptive authentication Level Initial Repeatable Defined Managed Optimized Ad Hoc Reactive Automated Manual ERP Automated Detective Control driven Controls configurable SOD Controls Business Controls No SOD controls management Preventative Process Controls Optimization Controls matrix Configuration controls 20
22 Client Use Case Examples 21
23 Client Use Case Examples Oracle ERP Application Security Business Driver: The client was in the middle of an R12 Upgrade when leadership became aware of a significant user access issue. Specifically, the organization had a limited understanding of which employees had access to critical transactions. ERP Users: 6,500 Responsibilities: 4,873 Solution: KPMG leveraged our Securing the ERP Role Based Access controls design accelerators to standardize functional roles and help our client realign user access to better enable the business processes. ERP Users: 6,500 Responsibilities: < 500 Oracle ERP 22
24 Client Use Case Example Oracle ERP Application Security Employee HR Position Role Responsibilities Job Position Role Role Role 23
25 Use Case Example User Access Administration Business Driver: The client s user management processes were inadequately supporting the user community. Client leadership was concerned with their auditor feedback related to user administration, certification and segregation of duties. Solution: Leveraged Oracle Identity Management products to streamline user management and automate the certification processes. In addition, the solution integrated Oracle Identity Management products with Oracle Advanced Controls AACG to address SOD challenges. Oracle ERP 24
26 Client Use Case Example User Access Administration Certification 25
27 Client Use Case Example Order to Cash Scrap Controls Business Driver: To support a business process improvement initiative the client s leadership wanted greater transparency of their order to cash processes. Specifically, leadership wanted to make the reason code mandatory when scrap transactions where processed by the business. Solution: Leverage Oracle Advanced Controls Preventative Controls Governor to make the reason code mandatory. Standard Oracle EBS functionality does not require this. Oracle ERP Advanced Controls 26
28 Client Use Case Example Order to Cash Scrap Controls Standard functionality of Miscellaneous Transactions form: Reason field optional. 27
29 Client Use Case Example Order to Cash Scrap Controls Leveraged Oracle Advanced Controls Preventative Controls Governor to make this field required. 28
30 Facts to Value 29
31 Facts 2 Value KPMG: Facts 2 Value A data analytics solution that is positioned to help our clients to identify irregularities and opportunities for improving efficiency and effectiveness in ERP operational and financial processes.. Risk & Control Focus Process Improvement Cost Savings Improving audits Full volume testing vs. sampling Using transactional data for testing application controls Central testing of automated controls Improving risk management Identify problem areas in processes Focus on issues instead of generic risks Improving internal control Determine customized control settings Verify master data reliability Scan authorizations including actual usage Identify key areas for control improvement Process effectiveness Full insight into actual flows (buckets) including number of documents and value Process efficiency Insight into document processing time Number and value of parked and blocked documents Benchmarking Internal between e.g. Organizations External with anonymous industry data Project reviews Pre-go-live scans Post-implementation reviews Working capital Days sales outstanding Evaluation of rebate agreements Days payables outstanding Evaluation of payment terms Stock analyses (dead, safety, etc.) Interest earnings Asset analyses Tax improvements Used tax determination scenarios Inaccurate use of tax code derivations Possible tax savings (reduce possible fines, apply lower tax schemes) 30
32 Facts 2 Value Business Process Controls Area of Focus Purchase to Pay Possible duplicate vendor invoices Display actual usage of 3-way match invoices Detect parked or held incoming logistic invoices Display use of invoice verification tolerance limits Display all changes to vendor master data Display outstanding parked invoices Detect goods receipt without a purchase order Display actual usage of 2-way and 3-way match invoices Detect incomplete foreign trade data for vendors Display incomplete vendor master data Order to Cash Detect blocked sales orders Detect invoices in Sales but not processed in Finance Sales orders delivered but not yet invoiced Display customers with exceeded credit limits Detect incomplete foreign trade data for customers Detect customers without credit limit Detect deliveries without goods issue Display all changes to customer bank account data Overview of created credit notes Detect incomplete customer master data Order to Cash Days Sales Outstanding DSO per customer DSO per country Early/late payments Used payment terms Frequency of invoicing Credit memo / invoice ratio Customer consignment orders Orders per user Invoices per user Frequency of dunning Used payment methods Contract compliance Order cancellations 31
33 Facts 2 Value Business Process Controls Area of Focus Purchase to Pay Days Payable Outstanding DPO per vendor DPO per country Early/late payments Used payment terms TAX reclaim analysis Contract compliance Orders per user Invoices per user Vendor return orders One-time vendor payments Vendor consignment orders Early payment rebates Frequency of invoicing Finance to Report Detect GL accounts allowed for manual postings Changes to GL account settings Display all changes to asset master data Display all open posting periods Display all open items per GL account Detect all FI postings not processed Detect unposted assets Manual customer payments Manual vendor payments Reconciliation Finance-Manufacturing Inventory Management Days Inventory Outstanding DIO per plant DIO per customer Material movement analysis raw materials Material movement analysis finished products Safety stock analysis minimum stock levels Safety stock analysis delivery reliability Vendor delivery quantity reliability Vendor delivery time reliability Quality lead time analysis raw materials Quality lead time analysis finished products Dead stock analysis 32
34 Facts 2 Value Business Process Controls Area of Focus - HR Personnel Master Data Employment & Absence Time Reporting Benefits & Salary Non-registered staff using actions Duplicate employee data Employees with no addresses Incomplete personnel members Duplicate personnel members Employees with multiple Oracle ERP account names Active employees without an Oracle-user Manual change of the contract without changes in leave Temporary employments Overtime for specific functions Untimely sickness reporting Untimely or incorrect registration of leave More than 8 hours a day More than 40 hours a week Total hours per week Timeliness of timesheet entering Timeliness of timesheet approval Hours not yet approved Hours booked per week Hours transferred to other project or WBS element Additional payments (wages) inconveniences Requested move expenses without address change Work at home costs without changed commuting compensation Ratio variable and fixed income Changes in salaries Changed own salary Manual changes of leave without a contract change Personnel with a contract but not in the organization chart Hours entered and approved Approve own hours 33
35 Facts 2 Value Business Process Controls Purchase to Pay Visualization Purchase order Processed Orders with receipt $ 554m 163,882 orders Receipt Processed Receipts $ 559m 669,532 receipts Invoice (inc. VAT) Processed Invoices 3-way match invoices $ 499m (48%) 331,426 invoices (34%) Matched $ 187m (37%) 196,417 invoices Manual release $ 312m (63%) 135,009 invoices Payment (AP) (inc. VAT) Processed AP Items Regular AP payments (payment run) $ 772m 58,111 items without receipt $ 283m 475,710 orders Processed Receipts Receipts without orders $ 0 0 receipts 2-way match invoices $ 248m (24%) 450,440 invoices (46%) Matched Manual release $ 208m (84%) $ 40m (16%) 373,559 invoices 76,881 invoices Direct invoices (without PO) $ 296m (28%) 189,699 invoices (20%) Auto. release $ 231m (78%) 142,594 invoices Manual release $ 65m (22%) 47,105 invoices Manual AP payments $ 3m 267 items Other AP postings Not analyzed Open AP Items Legend System controlled process Processed Credit Memos Credit memos $ 98m (9%) 14,576 credit memos $ 185m (193,636 items) Due for payment: 0 60 days: $ 183m (192,066) days: $ 590k (620) >120 days: $ 1.8m (950) Manually controlled process Open / parked documents Open orders (> 3 months) Not analyzed Invoices not processed in AP $ 1m 695 invoices Possible duplicate invoices $ 0 0 invoices 34
36 Securing the ERP Workshop 35
37 Securing the ERP Workshop Goal Review KPMG s Securing the ERP areas of focus and understand how this program can be used to strategically align Oracle ERP Security & Controls related spend and operational priorities 9:00 to 11am Review Securing the ERP Areas of Focus - Controls Enabled Business Process Optimization and Performance Analytics - ERP Advanced Controls (Automated, Detective, User, Configuration) - ERP Application Security (Users, Permissions, Role Based Access Controls, SOD) - User Access Administration (User Operations, Business Processes & Analytics) - Data & Infrastructure Security ( Data in Motion/Data at Rest, Cyber Risk, ) Agenda 11:00 to 12 noon Lunch and Real-Life Example / Use Case Discussion Strategy & Planning Deep Dive - Strategic Planning Considerations 1:00 to 3pm - Prioritization & Budgeting - Current State White Board Assessment - Strategic Roadmap Deep Dive 24 Month Output - Current State White Board Assessment - Prioritized Strategic Roadmap KPMG LLP, a Delaware limited liability p artnershi p and the U.S. member firm of the KPMG network of indep endent member firms affiliated with
38 Securing the ERP Workshop Chief Information Officer Director of Internal Audit Controls Leader Finance ERP Project Leader Chief Risk Officer Human Resources Chief Information Security Officer 37
39 Laeeq Ahmed (818) Brian Jensen (817) KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International.
Is your ERP ready for COSO 2013?
Is your ERP ready for COSO 2013? Securing the ERP Webcast series February 26, 2015 Agenda COSO 2013 overview What is changing and what is not? Internal control definition Components and principles Transition
More informationHow well does your procurement measure up?
How well does your procurement measure up? Find out how KPMG and Coupa can help you achieve smarter spend management. May 2017 kpmg.com/us/coupa How well does your procurement measure up? 1 Optimizing
More informationEmerging & disruptive technology risks
Emerging & disruptive technology risks Shawn W. Lafferty, KPMG Partner IT Internal Audit/Risk Assurance April 2018 Why IT internal audit? find ways to overcome resource and budgetary constraints. This
More informationReal-Life Examples: Oracle Advanced Controls (OAC) Benefits in Oracle EBS R12 Upgrades/Implementations
Real-Life Examples: Oracle Advanced Controls (OAC) Benefits in Oracle EBS R12 Upgrades/Implementations TIM MURPHY, Director Governance risk & Compliance kpmg.com Introduction Implementing or upgrading
More informationORACLE ADVANCED ACCESS CONTROLS CLOUD SERVICE
ORACLE ADVANCED ACCESS CONTROLS CLOUD SERVICE Advanced Access Controls (AAC) Cloud Service enables continuous monitoring of all access policies in Oracle ERP, potential violations, insider threats and
More informationInfor Risk & Compliance Monitor and control risk across your business
Infor Risk & Compliance Monitor and control risk across your business Automate the detection, prevention, and remediation of fraud, waste, and abuse Make informed, actionable decisions Navigating risk
More informationORACLE ADVANCED FINANCIAL CONTROLS CLOUD SERVICE
ORACLE ADVANCED FINANCIAL CONTROLS CLOUD SERVICE Advanced Financial Controls (AFC) Cloud Service enables continuous monitoring of all expense and payables transactions in Oracle ERP Cloud, for potential
More informationManaging Risk in Your P2P Process: 10 Ways that Automation Can Help Mitigate Risk
Managing Risk in Your P2P Process: 10 Ways that Automation Can Help Mitigate Risk Chris Doxey, CAPP, CCSA, CICA, CPC President, Doxey, Inc. chris@chrisdoxey.com 571-267-9107 Agenda Introduction to Risk
More informationOracle Fusion Cloud Vs EBS Upgrade: What suits your business best
Oracle Fusion Cloud Vs EBS 12.2.7 Upgrade: What suits your business best Process/Functionality - Similarities and differences, Key Consideration before making the choice, How oracle fusion suits to your
More informationThird Party Risk Management ( TPRM ) Transformation
Third Party Risk Management ( TPRM ) Transformation September 20, 2017 Internal use only An introduction to TPRM What is a Third Party relationship? A Third Party relationship is any business arrangement
More informationLeverage T echnology: July 19 th, 2013 Adil Khan. Move Your Business Forward. Copyright. Fulcrum Information Technology, Inc.
Life After ERP Go-Live: Navigating to Nirvana Learn how leading organizations are utilizing Advanced Controls to make systematic improvements in their ERP systems to achieve expected benefits of ERP systems
More informationGFMIS. MIS MIS - BW SEM Operating System SAP R/3 (GFMIS) FI CO. e-payroll, e-pension AFMIS. ก ก (e-catalog,e-shopping list
ก GFMIS: ก. 1 GFMIS MIS ( ) MIS - BW SEM Operating System SAP R/3 (GFMIS) FM PO HR ก FI ก ก RP AP ก CM FA GL ก CO BIS. DPIS ก. e-procurement ก ก (e-catalog,e-shopping list e-auction) e-payroll, e-pension
More informationSource-to-pay: Delivering value beyond savings
Source-to-pay: Delivering value beyond savings Transforming the source-to-pay process Because the source-to-pay (S2P) process crosses three organizations procurement, finance, and IT an outdated and manual
More informationMinimizing fraud exposure with effective ERP segregation of duties controls
Minimizing fraud exposure with effective ERP segregation of duties controls Prepared by: Luke Leaon, Manager, RSM US LLP luke.leaon@rsmus.com, +1 612 629 9072 Adam Harpool, Manager, RSM US LLP adam.harpool@rsmus.com,
More informationCity of Markham. Report of the Auditor General Human Resources Information System ( HRIS ) Implementation Audit. Presented to:
City of Markham Report of the Auditor General Human Resources Information System ( HRIS ) Implementation Audit Presented to: General Committee of Council, City of Markham Date: June 18, 2018 AGENDA Background
More informationIT Service Delivery And Support
IT Service Delivery And Support Week Ten Auditing Application Control IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 Transactional Applications vs. Support Application Application Controls
More informationMaxim Chuprunov. Auditing and. GRC Automation. in SAP. ^ Springer
Maxim Chuprunov Auditing and GRC Automation in SAP ^ Springer Contents List ofabbreviations xxix I From Legislation to Concept: ICS and Compliance in the ERP Environment 1 Legal Requirements in ICS Compliance
More informationRapidly Reduce Segregation of Duty Violations in Oracle EBS R12 Responsibilities Session ID#: 15042
Rapidly Reduce Segregation of Duty Violations in Oracle EBS R12 Responsibilities Session ID#: 15042 Responsibility templates from a catalog of pre-configured ERP roles. Workflow to update, review as well
More informationData, Analytics and Your Audit
Data, Analytics and Your Audit What Financial Executives Need to Know By Roger O Donnell Partner, KPMG LLP Reprinted by permission from Financial Executive kpmg.com audit Perhaps no business trend has
More informationLeverage T echnology: Move Your Business Forward
Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright. Fulcrum Information Technology, Inc. Mitigate Risk of Losses, Waste and Fraud in your
More informationTechnology Assurance: A Challenge for RAFM in an Evolving Market. Jerusa Verasamy
Technology Assurance: A Challenge for RAFM in an Evolving Market Jerusa Verasamy Agenda 1. Revenue Assurance and Fraud Management Definition Explanation of Leakage Positioning of RAFM in an organization
More informationWhy Oracle GRC with every E-Business Suite Upgrade
Why Oracle GRC with every E-Business Suite Upgrade Kate Coughlin Principal Solution Consultant Why Preventive. Oracle Confidential - Do Not Distribute Why GRC for Every EBS Upgrade? Be compliant on Day
More informationBest of Breed Automation September 2014
www.pwc.com Best of Breed Automation September 2014 Tom Torlone Managing Director, US Leader Shared Services and Outsourcing Advisory Tom is a Managing Director at and is the U.S. Leader of the firm s
More informationA Financial Executive s Guide to Internal Controls & Fraud Prevention in the Cloud
A Financial Executive s Guide to Internal Controls & Fraud Prevention in the Cloud July 2018 Greenlight Technologies. All rights reserved. 1 Speakers James Rice Vice President of Customer Solutions Greenlight
More informationBENEFITS OF AN EFFECTIVE OUTSOURCING STRATEGY. March 1, 2017
BENEFITS OF AN EFFECTIVE OUTSOURCING STRATEGY March 1, 2017 RSM overview Fifth largest audit, tax and consulting firm in the U.S. Over $1.6 billion in revenue 80 cities and more than 8,000 employees in
More informationEnterprise Command Center
Enterprise Command Center Empowering the Oracle E-Business Suite User Experience: Data Discovery and Visualization Muhannad Obeidat VP of Development E-Business Suite October, 2018 Copyright 2018, Oracle
More informationProactively Managing ERP Risks. January 7, 2010
Proactively Managing ERP Risks January 7, 2010 0 Introductions and Objectives Establish a structured model to demonstrate the variety of risks associated with an ERP environment Discuss control areas that
More informationSecure Your ERP Environment with Automated Controls Naomi Iseri,Sr. GRC Solution Consultant
Secure Your ERP Environment with Automated Controls Naomi Iseri,Sr. GRC Solution Consultant Agenda Introductions & Objectives Why Automate Controls What types of Automation Controls Do I Need When to Implement
More informationINTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/057 Audit of the Omgeo system in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results relating to the effective and efficient
More informationKPMG s Advisory Services for Oracle. kpmg.com
KPMG s Advisory Services for Oracle kpmg.com b KPMG s Advisory Services for Oracle Business Transformation enabled by Oracle technology KPMG s Advisory Services for Oracle 1 KPMG LLP s (KPMG) focus on
More informationSource-to-pay: Delivering value beyond savings
Source-to-pay: Delivering value beyond savings December 2016 kpmg.com Transforming the source-to-pay process Because the source-to-pay (S2P) process crosses three organizations procurement, finance, and
More informationERP IMPLEMENTATION RISK
ERP IMPLEMENTATION RISK Kari Sklenka-Gordon, Director at RSM National ERP Risk Advisory Leader March 2017 2015 2016 RSM US LLP. All Rights Reserved. Speaker Kari Sklenka-Gordon National RSM ERP Risk Advisory
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationContents. 1. Introduction Services Application Standards Real Estate Management ERP Solution Production Management 47
ERP Application Contents 1. Introduction 3 7. Services 42 2. Application Standards 5 8. Real Estate 44 3. ERP Solution 10 9. Production 47 4. Accounts 11 5. Inventory 30 10. Car Rentals 49 11. HRMS & Payroll
More informationIntelligent automation and internal audit
Intelligent automation and internal audit Adding value through governance, risk management, and controls Second article in the series kpmg.ch Contents Governing intelligent automation across the enterprise
More informationLeverage T echnology: Turn Risk into Opportunity
Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright. Fulcrum Information Technology, Inc. Learn to improve Period-End Close Process with effective
More informationFGFOA 2017 Focus on the Future
IT Modernization: Bringing Government from Obsolete to Cutting Edge FGFOA 2017 Focus on the Future Christine Horrocks, CPA/CFF, CGMA Brent Pruim, CPA Topics Covered State of the industry with respect to
More informationSAP S/4HANA. James Wade March 20, 2017
SAP S/4HANA James Wade March 20, 2017 Agenda Introduction to S/4HANA Introduction to Central Finance Demonstration Benefits 2 Digital Finance: What Digitalization Means Digitalization is transforming your
More informationINFORMATION SERVICES FY 2018 FY 2020
INFORMATION SERVICES FY 2018 FY 2020 3-Year Strategic Plan Technology Roadmap Page 0 of 14 Table of Contents Strategic Plan Executive Summary... 2 Mission, Vision & Values... 3 Strategic Planning Process...
More informationU.S. Bank Access Online
U.S. Bank Access Online Overview U.S. Bank Access Online provides organizations with real time access to their commercial card programs anywhere, anytime, within a secured environment. This powerful proprietary
More informationSpotlight: Robotic Process Automation (RPA) What Tax needs to know now
May 2017 Spotlight: Robotic Process Automation (RPA) What Tax needs to know now The emergence of smart robotic process automation changes the game: Intelligent Automation in the Digital Age Business process
More informationPresentation for INCC LUMS 2008 May 2, 2008 Presented by Shahed Latif, KPMG LLP, Silicon Valley
MAINTAINING A SECURE GLOBAL ENTERPRISE : Challenges and Emerging Solutions Presentation for INCC LUMS 2008 May 2, 2008 Presented by Shahed Latif, KPMG LLP, Silicon Valley The 2008 Chief Information Security
More informationWho Does What, When, and How for a Divestiture?
Who Does What, When, and How for a Divestiture? Session ID: #10813 Prepared by: Ihtesham Uddin Sr. Director, Product Development eprentise, LLC @eprentise Learning Objectives Objective 1: Understand key
More informationORACLE FUSION FINANCIALS
ORACLE FUSION FINANCIALS THE NEW STANDARD FOR FINANCE KEY FEATURES Innovative embedded multi-dimensional reporting platform Simultaneous accounting of multiple reporting requirements Role-based dashboards
More informationAchieve Continuous Compliance via Business Service Management (BSM)
Achieve Continuous Compliance via Business Service (BSM) Brian Holmes, CISA Solutions Consultant BMC Software Agenda Introduction Compliance: The Business Driver Challenges of IT Compliance Business Service
More informationThe Value- Driven CFO. kpmg.com
The Value- Driven CFO kpmg.com 2 Leading the Way in a Data-Driven Enterprise Several years of global uncertainty have made even the toughest executives flinch, and that s certainly true for chief financial
More informationQuality Assessments what you need to know
Quality Assessments what you need to know Patty Miller, Partner Deloitte & Touche LLP Cavell Alexander, VP-Internal Audit Intermountain Healthcare Overview of requirements Scope of assessment Approaches
More informationAGENDA USING CONTINUOUS CONTROLS MONITORING TO MAXIMIZE P2P CONTROLS & RISK PREVENTION. Welcome! 60-second FISCAL Overview. Change in Purchase-to-Pay
USING CONTINUOUS CONTROLS MONITORING TO MAXIMIZE P2P CONTROLS & RISK PREVENTION Welcome! Mike LaDuke AGENDA 60-second FISCAL Overview Change in Purchase-to-Pay Escalation of Fraud Incidences What is Continuous
More informationJD Edwards EnterpriseOne Financial Management Overview
JD Edwards EnterpriseOne Financial Overview Karen L. Brown Senior Principal Product Manager Program Agenda 1 JD Edwards EnterpriseOne Overview 2 3 EnterpriseOne Financial Overview
More informationGlobal at the Core. The Workday Approach to Global Financial Management
Global at the Core The Workday Approach to Global Financial Management Global at the Core The Workday Approach to Global Financial Management Contributing Author Sylvain Nguyen, Accenture DayNine As a
More informationIT HUNTER SOLUTIONS SAP FICO
IT HUNTER SOLUTIONS Contact No - +1 9099998808 Email ID ithuntersolutions@gmail.com SAP FICO Introduction to SAP R/3 Introduction to ERP, and S.A.P What is S.A.P / R/2-R/3 ARCHITECTURE S.A.P Server landscape
More informationCity of Markham. Human Resource Information System ( HRIS ) Implementation Audit. June 18, Richmond Street West Toronto, ON M5H 2G4
City of Markham Human Resource Information System ( HRIS ) Implementation Audit June 18, 2018 PREPARED BY: MNP LLP 300-111 Richmond Street West Toronto, ON M5H 2G4 MNP CONTACT: Geoff Rodrigues, CPA, CA,
More informationAn Overview of the 2013 COSO Framework. August 2013
An Overview of the 2013 COSO Framework August 2013 Introduction Dean Geesler, KPMG Senior Manager Course Objectives Summarize the key changes from the 1992 Framework to the 2013 Framework including the
More informationKPMG s financial management practice
KPMG s financial management practice kpmg.com KPMG LLP s (KPMG) Financial Management (FM) practice supports the growing agenda and increased responsibilities of the CFO. We work with our clients with passion
More informationTaking a Global, Value Added Approach to Compliance: Designing, Automating and Implementing an Integrated Controls Management Process
Taking a Global, Value Added Approach to Compliance: Designing, Automating and Implementing an Integrated Controls Management Process November 7, 2006 Webcast Today s Speakers Peter Paul Brouwers Partner,
More informationCyber Security. & GRC Metrics That Tell a Story! Presented by: Swarnika Mehta Manager, KPMG Cyber Security Services
Cyber Security & GRC Metrics That Tell a Story! Presented by: Swarnika Mehta Manager, KPMG Cyber Security Services Eva Benn Senior Associate, KPMG Cyber Security Services Contents 2 Introduction In the
More informationLetosys Computer Systems LLC UAE INDIA
Letosys Computer Systems LLC UAE INDIA +971 4 44 26 190 info@letosys.com 1 LetoERP Share+ Contractor LetoERP is the start of the Software Application System that has diverse modules, developed by Leto
More informationaudit typology 115 audit universe 101 data and information pool 103 definition 101 structure and content 101
F Subject Index A ABAP 411 ABAP report for IT audit 412 ABAP workbench 417 accruals 319 for contingent losses 323 for legal and consulting costs 324 accrued liabilities audit 318 accruals for contingent
More informationUSDA Shared Services Journey
USDA Shared Services Journey USDA was named as an SAP Federal Financial Shared Services Provider in May 2014, able to offer financial system services within the federal government. This was in response
More informationAccenture Profit Recovery and Analytics
Business Process Outsourcing Accenture Profit Recovery and Analytics Delivering High Performance through Profit Recovery Accenture: Delivering high performance through profit recovery Are you leaving money
More informationLeverage T echnology: Turn Risk into Opportunity
Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright. Fulcrum Information Technology, Inc. Is Your ERP Leaking Cash? Monitor PO and AP transac/ons
More informationSAP FICO Course Content
Introduction to SAP R/3 Introduction to ERP, Advantages of SAP over other ERP Packages Introduction to SAP R/3 FICO Financial Accounting Basic Settings: Definition of company Definition of company code
More informationMaking intelligent decisions about identities and their access
Making intelligent decisions about identities and their access Provision users and mitigate risks with Identity Governance and Intelligence Highlights Provide a business-centric approach to risk-based
More informationGCC VAT implementation roadmap are you ready?
GCC VAT implementation roadmap are you ready? www.kpmg.com/qa A brief introduction to VAT in the GCC The GCC states have worked together to develop a broad framework to introduce Value-Added Tax (VAT).
More informationHow to Maximize Your Internal Controls Program. June 15, 2017 Atlanta, GA
How to Maximize Your Internal Controls Program June 15, 2017 Atlanta, GA Sarbanes-Oxley Update June 15, 2017 Rick Warren Principal patrick.warren@pwc.com Andres Leal Director andres.m.leal@pwc.com 3 Agenda
More informationFinance disrupted. Future of finance in healthcare: As the industry adjusts to continuous disruption, the finance function has an opportunity to lead
Future of finance in healthcare: Finance disrupted As the industry adjusts to continuous disruption, the finance function has an opportunity to lead kpmg.com/us/futurefinance Finance disrupted Amid continuous
More informationSAP FICO Syllabus SAP TRAINING DIVISION. SAP ECC 6.0 FICO Contents. SAP Overview
SAP TRAINING DIVISION SAP FICO Syllabus SAP ECC 6.0 FICO Contents SAP Overview Ø Introduction to ERP And SAP Ø History of SAP Ø Organization Ø Technology Ø Implementation Tools (Asap and Solution Manager)
More informationQAD FINANCIALS BENEFITS
QAD FINANCIALS CFOs, finance managers and controllers of manufacturing companies deal with a wide variety of strategic and operational challenges. CFOs constantly balance risk with the need for strategic
More informationAP Automation: Struggles, Strategies and Solutions
AP Automation: Struggles, Strategies and Solutions Gateway OAUG Presented by: Howard McKinney, AP Express Product Manager May 12, 2017 2017 Nivo1 LLC. All rights reserved. AFFORDABLE, WORKFLOW-DRIVEN AP
More informationThe need for optimization: Getting the most from Microsoft Dynamics GP
The need for optimization: Getting the most from Microsoft Dynamics GP Prepared by: Hans Wulczyn, Director, RSM US LLP hans.wulczyn@rsmus.com, +1 717 901 8413 July 2017 Microsoft Dynamics GP is a powerful,
More informationCement Industry Risk Analytics For Private circulation only June Risk Advisory
Cement Industry Risk Analytics For Private circulation only June 2018 Risk Advisory Finance Cement in Industry the Digital Risk age Analytics 02 02 Cement Industry Risk Analytics Overview Overview Introduction
More informationSAP Business One. A Single System to Streamline Your Entire Business
SAP Business One A Single System to Streamline Your Entire Business LBSi Whistle Stop Tour Regional SAP User Group Meeting 1. Welcome Introductions 2. Kick-off to SAP Business One User Group is Whistle
More informationEXECUTIVE ERP. EVALUATION AND INVESTMENT ROADMAP Developed for the Modern Business
EXECUTIVE ERP EVALUATION AND INVESTMENT ROADMAP Developed for the Modern Business TABLE OF CONTENTS Executive ERP Evaluation and Investment Roadmap Developed for the Modern Business Read Time: 17 minutes
More informationRisk Management For and By the BOT. Secured BOT Series
Secured BOT Series 2018 Contents Risk Management For and By the BOT Setting context for RPA Risk Management Deloitte's Risk Framework For RPA Risk Management For the BOT Risk Management By the BOT How
More informationPerfect Financial & Accounting Management System
Perfect Financial & Accounting Management System Perfect is a comprehensive financial management System(Bi-lingual) Arabic & English that performs the fundamental financial of the ERP system. It includes
More information<Insert Picture Here> JD Edwards EnterpriseOne Financial Management
JD Edwards EnterpriseOne Financial Program Agenda Financial Integration General Accounting Advanced Cost Accounting Accounts Payable Environmental Accounting and Reporting Accounts
More information41880 Introduction to Hyperion Financial Management. Mike Malwitz Director Product Strategy Oracle Enterprise Performance Management
41880 Introduction to Hyperion Financial Management Mike Malwitz Director Product Strategy Oracle Enterprise Performance Management Agenda Customer needs Solving financial consolidation and reporting issues
More informationSolutions. Cash & Logistics Intelligent and Integrated Solutions to Optimize Currency Levels, Reduce Expenses and Improve Control
Solutions Cash & Logistics Intelligent and Integrated Solutions to Optimize Currency Levels, Reduce Expenses and Improve Control Solutions The financial services industry faces a number of new challenges
More informationEmployee Management Training Guide. P130 Employee Management: Basic
Employee Management Training Guide P130 Employee Management: Basic Certification Course Prerequisites This course consists of a hands- on guide that will walk you through the specifics of Acumatica s Employee
More informationService Business Plan
Service Business Plan Service Name Information Technology Service Type Internal Service Owner Name Christine Swenor Budget Year 2017 Service Owner Title Service Description Director of IT Services An internal
More informationORACLE TUTOR MODEL PROCESS CONTENT
ORACLE TUTOR DATA SHEET ORACLE TUTOR MODEL PROCESS CONTENT WHY IS PROCESS DOCUMENTATION SO IMPORTANT? TUTOR PROCESS DOCUMENTS (POLICIES AND PROCEDURES): Help solve critical software implementation issues
More informationThe importance of a solid data foundation
The importance of a solid data foundation Prepared by: Michael Faloney, Director, RSM US LLP michael.faloney@rsmus.com, +1 804 281 6805 February 2015 This is the first of a three-part series focused on
More informationFINANCIAL MANAGEMENT FOR ACCOUNTS PAYABLE
RSM TECHNOLOGY ACADEMY Syllabus and Agenda FINANCIAL MANAGEMENT FOR ACCOUNTS PAYABLE IN MICROSOFT DYNAMICS AX Course Details 3 Audience 3 At Course Completion 3 Course Cancellation Policy 4 Guaranteed
More informationAgainst all Odds Detroit adopts Oracle Cloud ERP
Against all Odds Detroit adopts Oracle Cloud ERP Usha Vargas Sr. Project Manager, AST Corporation uvargas@astcorporation.com Feb 10, 2017 1 Agenda Introduction About the City of Detroit Oracle Cloud ERP
More informationRisk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance
Risk Advisory SERVICES A holistic approach to implementing effective governance, managing risk and maintaining compliance Contents Weaver's Risk Advisory Services 1 Enterprise Risk Management 4 Assessing
More informationCGI Business Process Outsourcing. for oil and gas companies
CGI Business Process Outsourcing for oil and gas companies Improving efficiency and outcomes With low oil prices driving cost reductions and performance improvement programs, many companies are moving
More informationIdentity & Access Management Unlocking the Business Value
Identity & Management Unlocking the Business Value Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Unlocking the Value of Identity and Management Defining the IAM challenge
More informationReview of Payment Controls
Review of Payment Controls June 12, 2009 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing Office of
More informationDRAFT. Fusion ERP Cloud Service October Oracle Fusion ERP Cloud Service. Magdalene Ritter
DRAFT Oracle Fusion ERP Cloud Service Fusion ERP Cloud Service October 2013 Magdalene Ritter 1 Copyright 2013, Oracle and/or its affiliates. All rights reserved. The following is intended to outline our
More informationSAP Fieldglass White Paper ESSENTIAL QUESTIONS TO INCLUDE IN A VENDOR MANAGEMENT SYSTEM RFP
SAP Fieldglass White Paper ESSENTIAL QUESTIONS TO INCLUDE IN A VENDOR MANAGEMENT SYSTEM RFP UNDERSTANDING EACH PHASE OF THE PROCESS Evaluating a Vendor Management System (VMS) can be an overwhelming process
More informationTake Identity and Access Management to the Next Level Securely. Matthew Pecorelli
Take Identity and Access Management to the Next Level Securely Matthew Pecorelli 0 In This Session You will understand the key drivers behind Accenture s decision to migrate to the SAP NetWeaver Identity
More informationREPORT 2014/014. Audit of the implementation of the Murex system in the Investment Management Division of the United Nations Joint Staff Pension Fund
INTERNAL AUDIT DIVISION REPORT 2014/014 Audit of the implementation of the Murex system in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results relating to
More informationWho Does What, When, and How for a Divestiture?
Who Does What, When, and How for a Divestiture? Anil Kukreja Chief Operating Officer, eprentise PVT Ihtesham Uddin Sr. Director, Product Development, eprentise Webinar Mechanics Submit text questions.
More informationCHAPTER 3 ENTERPRISE SYSTEMS ARCHITECTURE
CHAPTER 3 ENTERPRISE SYSTEMS ARCHITECTURE 1 Learning Objectives Examine in detail the enterprise systems modules and architecture. Understand the effects of a well-designed architecture on ERP implementation.
More informationTREASURY. INTEGRITY SaaS
TREASURY INTEGRITY SaaS Integrity SaaS B Integrity SaaS: A simple, yet functionally powerful, fully cloud-based treasury management solution 3 Integrity SaaS Integrity SaaS Treasurers worldwide are looking
More informationUNFPA. This policy applies to all UNFPA personnel, particularly those involved in the purchasing and payment of goods and services.
Policy Title Previous title (if any) Policy objective Target audience Risk Matrix Policy and Procedures for Accounts Payable n/a The Policy and Procedures for Accounts Payable policy establishes the procedures
More informationThe SAM Optimization Model. Control. Optimize. Grow SAM SOFTWARE ASSET MANAGEMENT
The Optimization Model Control. Optimize. Grow The Optimization Model In an ever-changing global marketplace, your company is looking for every opportunity to gain a competitive advantage and simultaneously
More informationSmarter Reporting Built from the Ground Up: Carr Properties
Smarter Reporting Built from the Ground Up: Carr Properties Session ID#: 103660 Prepared by: Ilan Zachar Name: Ilan Zachar Title: Chief Technology Officer Company: Carr Properties @ILANZACHAR Agenda Introduction
More informationSAP Simple Finance The Future of Finance. Angélica Bedoya, Center of Excellence, SAP LAC Abril, 2015
SAP Simple Finance The Future of Finance Angélica Bedoya, Center of Excellence, SAP LAC Abril, 2015 Today s Volatile World Needs Strong CFOs How profitable is our new global business unit? The balance
More information