Leverage T echnology: Move Your Business Forward

Size: px

Start display at page:

Download "Leverage T echnology: Move Your Business Forward"

Bonnie Parsons
5 years ago
Views:

Give me a lever long enough and a fulcrum on

Mitigate Risk of Losses, Waste and Fraud in

Controls for Oracle A Leader in Risk Based

and Compliance Financial Reporting Internal

Advanced Analytics Educational Webinar Series

1 Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright. Fulcrum Information Technology, Inc. Mitigate Risk of Losses, Waste and Fraud in your Procure-to-Pay Process with Smart Controls for Oracle A Leader in Risk Based Enterprise Controls Management Solutions Risk and Compliance Financial Reporting Internal Audit Controls Catalog Application Security Advanced Analytics Educational Webinar Series Adil Khan, Managing Director March 29 th, 2016 Leverage T echnology: Move Your Business Forward

2 Agenda Oracle EBS R12 Procure to Pay Introductions Oracle Payables and Procurement Overview Procure to Pay Controls Check List Oracle EBS Configurations that Mitigate Risks Smart Controls A Case Study Q&A Page 2

3 Agenda Oracle EBS R12 Procure to Pay Introductions Oracle Payables and Procurement Overview Procure to Pay Controls Check List Oracle EBS Configurations that Mitigate Risks Smart Controls A Case Study Q&A Page 3

Proven Expertise FulcrumWay Insight Thought Leadership Co-Authored GRC

February 12 th Orlando: Oracle Role Based Security and Oracle Cloud

Webinar March 22 nd Procure to Pay Process Optimization with Controls

Appreciation Dinner Educational Webinar May 24 th Hire to Retire Controls

th, 2016 - San Francisco, CA LinkedIn FulcrumWay Risk, Compliance and Audit

4 Proven Expertise FulcrumWay Insight Thought Leadership Co-Authored GRC Book: First book on GRC for Oracle Applications FLOAUG Innovate 16 - February 12 th Orlando: Oracle Role Based Security and Oracle Cloud Educational Webinar February 25 rd Self Service User Provision Educational Webinar March 22 nd Procure to Pay Process Optimization with Controls Monitoring Collaborate 16 April 11 th, 2015 Las Vegas GRC Client Appreciation Dinner Educational Webinar May 24 th Hire to Retire Controls in Oracle Fusion HCM Oracle Open World Annual GRC Dinner on September 19 th, San Francisco, CA LinkedIn FulcrumWay Risk, Compliance and Audit Software Group International GRC Round Tables Sydney, London, Johannesburg, Dubai See events page for details Page 4

5 Successful Track Record Government Oil and Gas FulcrumWay Client Studies Financial Services Retail Communications Manufacturing Transportation Natural Resources Media/Entertainment Healthcare High Tech Life Sciences Page 5

6 Agenda Oracle EBS R12 Procure to Pay Introductions Oracle Payables and Procurement Overview Procure to Pay Controls Check List Oracle EBS Configurations that Mitigate Risks Smart Controls A Case Study Q&A Page 6

7 Process Controls Oracle Procure-to-Pay Control Points Spend Categories Corporate Performance Management Collaboration Settlement Strategic Sourcing & Contract Mgmt Indirect & MRO Banks Direct Materials Requisition Purchase Goods / Services Receive Goods / Services Invoice Issue Payments Payment Processors Supplier Collaboration Services Business Process Models Service Oriented Architecture SWIFTNet Page 7

Process Controls Oracle Procure-to-Pay Spend Categories Corporate

there inappropriate associations between Requisi- a vendor and an

Services Strategic Sourcing & Contract Mgmt CONTROLS Purchase Goods /

your vendors compliant with trade regulations?

Service Oriented Architecture Banks Are there frequent changes to

8 Process Controls Oracle Procure-to-Pay Spend Categories Corporate Performance Management Collaboration Settlement Indirect & MRO Are there inappropriate associations between Requisi- a vendor and an employee? tion Direct Materials Do you have duplicate suppliers? Services Strategic Sourcing & Contract Mgmt CONTROLS Purchase Goods / Services Business Process Models Receive Goods / Services Invoice Are your vendors compliant with trade regulations? Supplier Collaboration Are the vendors blacklisted? Service Oriented Architecture Banks Are there frequent changes to Supplier Issue information? Payments Payment Processors Are you missing critical supplier information? Is the information valid? SWIFTNet Page 8

Strategic Sourcing & Contract Mgmt Settlement Indirect & MRO Direct Materials Requisition

same day as goods arrive? Issue Payments Are there split POs?

9 Process Controls Oracle Procure-to-Pay Spend Categories Corporate Performance Management Collaboration Do you have duplicate Purchase Orders? Strategic Sourcing & Contract Mgmt Settlement Indirect & MRO Direct Materials Requisition CONTROLS Purchase Goods / Services Receive Goods / Services Invoice Are POs created on the same day as goods arrive? Issue Payments Are there split POs? Banks Payment Processors Services Business Process Models Supplier Collaboration Are there purchases with nonpreferred vendors? Service Oriented Architecture SWIFTNet Page 9

Corporate accurate Performance and Management

Are payment term changes reviewed before

Are there duplicate invoice Requisiamounts

Goods / Invoice Payments Services Services

CONTROLS payment create or modify the vendor?

10 Process Controls Oracle Procure-to-Pay Spend Categories Indirect & MRO Are you making Corporate accurate Performance and Management timely payments? Are payment term changes reviewed before payment? Are there duplicate invoice Requisiamounts being processed? tion Strategic Sourcing & Contract Mgmt Collaboration Purchase Receive Issue Goods / Goods / Invoice Payments Services Services Direct Did Materials the person making the CONTROLS payment create or modify the vendor? Supplier Collaboration Services Are there discrepancies in freight charges? Business Process Models Service Oriented Architecture Settlement Banks Payment Processors SWIFTNet Page 10

11 Agenda Oracle EBS R12 Procure to Pay Introductions Oracle Payables and Procurement Overview Procure to Pay Controls Check List Oracle EBS Configurations that Mitigate Risks Smart Controls A Case Study Q&A Page 11

Approach Process Risk Management Scope Application Controls

Detect/ Analyze Findings Implement Corrective Actions Monitor

Control Owners Sample ERP Data Risk Advisors/ ERP Managers/

12 Approach Process Risk Management Scope Application Controls Manage Exceptions Implement Controls Establish Test Environment Detect/ Analyze Findings Implement Corrective Actions Monitor Controls Identify Risk Assess Risk Design Controls Risk Advisors/ Control Owners Sample ERP Data Risk Advisors/ ERP Managers/ Control Owners Advanced Controls Experts/ ERP Managers Control Owners/ ERP Managers

13 Procure to Pay Oracle Controls Checklist Item Configuration Control Risk 1 Allow Address Change (Single Payment) Set to No Check payments are sent to an incorrect or invalid address, which could increase Automatically Create Employee as Supplier Define the risk of unauthorized payments. Unauthorized supplier records are created for unauthorized employees, which may result in invalid reimbursement of employee expenses. 2 Allow Pre-Date (Single Payment) Set to No Payments may be recorded on dates preceding invoice dates, resulting in an understatement of the AP liability account. 3 Use Invoice Approval Set to Yes Unapproved or invalid invoices are created and paid. Allow Force Approval 4 Hold Unmatched Invoice Set to Yes Supplier may over-bill and invalid or inaccurate invoices may be paid that could increase the risk of unauthorized transactions and misstatement in accounts. 5 HR: Expand Role of Contingent Worker Set to No Unauthorized commitments and orders could be made by contingent workers, profile option outside of the corporate policy. 6 Purchasing approval groups Define Approval groups and assignments may not be appropriately defined, resulting in invalid or unauthorized approval of transactions. 7 Owner Can Approve Set to No Unauthorized changes to transactions may occur resulting in unauthorized orders, requisitions or other transactions. 8 Approver Can Modify Set to No 9 Use Approval Hierarchies Set to Yes Documents may be authorized by the incorrect authority.

14 Procure to Pay Oracle Controls Checklist Item Configuration Control Risk 10 GL Date Basis S (system)/i (Invoice) Liabilities are not recorded in the correct period. 11 Employee Signing Limits Define Employees may be allocated greater signing limits than planned, resulting in employee expenses outside of company policy. 12 Exchange Rate Amount" tolerance Define Inconsistent exchange rates may be used resulting in inaccurate and invalid configuration valuation of accruals and liabilities. 13 The "Shipment Amount" tolerance Define Liabilities may be misstated if invoice amounts are more than what was ordered configuration and received; or vice versa. 14 Allow Distribution Level Matching Set to Yes Invoices can only be matched to shipment lines, potentially resulting in invalid accounting of the invoice. 15 Over Receipt Tolerance Verify Values Goods may be received and paid for which were not ordered, or payments may be Over Receipt Action made for services which were not actually rendered. 16 Receipt Required Set to Yes. Verify for Invoices are paid without receiving goods/services outside processing, rate based temp labor, fixed price temp labor and fixed price services 17 ebtax: Allow Override of Tax Recovery Rate profile option Set to No The tax recovery rate could be overridden by unauthorized individuals, resulting in inaccurate tax calculations.

15 Agenda Oracle EBS R12 Procure to Pay Introductions Oracle Payables and Procurement Overview Procure to Pay Controls Check List Oracle EBS Configurations that Mitigate Risks Smart Controls A Case Study Q&A Page 15

16 Purchasing Configuration Purchase Order Approval Navigation: Purchasing Supper User > Setup > Purchasing > Document Types Page 16

17 Payables Configurations User Invoice Approval Workflow Navigation: Payable Manager--> Setup -->Options--> Payables Options Click on Approval Tab

18 Payables Configurations Allow Force Approval Navigation: Payable Manager--> Setup -->Options--> Payables Options Click on Approval Tab

19 Payables Configurations AP Invoice Payment Discounts Navigation: Payables Super User->Supplier ->Entry. Select Supplier, and then Click Invoice Management

20 Receiving Configurations Receiving Tolerance Level Navigation: Purchasing Supper User ->Setup-> Organizations -> Receiving Options Page 20

21 GL Posting Configurations Payable Invoice Posting to GL Navigation: Payables Super User->Setup->Options->Payables Options and then click on Invoice Tab.

22 Agenda Oracle EBS R12 Payables and Purchasing Configurations Introductions Oracle Payables and Procurement Overview Procure to Pay Controls Check List Oracle EBS Configurations that Mitigate Risks Smart Controls A Case Study Q&A Page 22

23 Case Study Our Client A state government agency responsible for safeguarding financial assets more than $120 billion of public funds. Helps local governments and nonprofits invest their money with flexibility, security, and confidence. Challenges Replace fragmented legacy system for recovery audit department with a single incident management system Replace manual control checklists with a audit analytics system to identify suspicious vouchers submitted for payments by 28+ agencies across the state. Assign suspension transaction to auditors for final review and approval using a pattern matching system Solutions Oracle GRC Advanced Controls Fiscal watchdog ensures tens of billions of dollars in payments are lawful and correct Results: Reduce erroneous payment processing by 5% on millions of payments processed each day by consolidating all vouchers across 28 agencies into a single data hub. Improve incident investigation process by establishing business rules to assign incidents based upon risk level, investigation type, priority that match the auditor skills and job role Provide management visibility and independent oversight to monitor approved and rejected payments Eliminate inconsistent and contradictory actions by auditors by providing a structured investigation process based on approved investigation checklists based on type of the suspicious transaction. Optimize recover audit business process with integration to the ERP system for vendor management and payment processing Page 23

24 Our Client Designs, develops, markets, and distributes footwear for men, women, and children The company operates through four segments: Domestic Wholesale Sales, International Wholesale Sales, Retail Sales, and E-commerce Sales. Operates 122 stores, 131 factory outlets, and 71 warehouse stores in the United States; and 44 stores and 26 factory outlets internationally. Challenges Control cash leakage in Procure to Pay Process. Assess Vendor Risks based on internal and external data sources Streamline internal audit of Fright costs, Media fees Ensure Contract compliance Solutions Case Study Oracle Transaction Controls FulcrumWay OAT Analytics A global leader in the lifestyle footwear controls cost with Transaction Analytics Page 24 Results: Enabled AP payment tracking, and prevented over 200K in future losses by catching them earlier. Enabled comprehensive vendor risk analysis using all available data - from fraud and conflicts of interest to lapsed business licenses and liability concerns. Safeguarded freight-related disbursements by identifying payment errors and analyzing whether vendors and carriers have complied with your shipping guidelines Enabled Agency and media invoices match up. Identify duplicates and overpayments, review contracts, media plans, insertion orders, print orders and billing statements, and accurately determine whether there have been mistakes and under-achieving performance. Improved contract compliance combines using automated techniques with focused strategic buyer dashboards to identify the causes behind overpayments, and developed prevention techniques for minimizing future exposure.

25 Smart Controls What are Smart Controls? Layer of automated controls over ERP controls Continuously monitor key controls Detect and Report issues as they occur Prevent issues from occurring Quickly see high risk issues with exception based dashboards Address issues that affect the bottom line Reduces operational risk and improve process effectiveness Page 25

26 Standard Controls Procure to Pay Prevent Duplicate Supplier Name and Sites Page 26

27 Standard Controls Procure to Pay Requisitions Require PO Approval Page 27

28 Standard Controls Procure to Pay Purchase Orders can only be issues to valid suppliers and goods received at valid sites Purchase Orders Require Approval Page 28

29 Standard Controls Procure to Pay Goods and Services are received based on control configurations Page 29

30 Standard Controls Procure to Pay Duplicate Invoice numbers are prevented Invoice items are matched with PO and Receiving to ensure 3-Way match Page 30

31 Standard Controls Procure to Pay Payments are released to valid suppliers and Invoices Payments Terms are enforced Page 31

Purchase Orders Duplicate Payments Smart Controls Transaction Threshold Amounts Fuzzy Logic, similar

32 Case Study Smart Business = Standard + Smart Controls User Roles Approval Hierarchies Standard Controls 3-Way Match Track Payments Track Discounts Sentiment Analysis Hide Displays of Sensitive Data Split Purchase Orders Duplicate Payments Smart Controls Transaction Threshold Amounts Fuzzy Logic, similar values Duplicate Vendors Finegrained User Access Transaction Pattern Analysis Configuration Snapshots & Audit Trial Page 32

33 Smart Controls Transaction Monitor Duplicate Invoices

34 Page 34

35 Smart Controls Definition Control Model Logic

36 Smart Controls Incident Management

37 Smart Controls Preventive Controls

38 Smart Controls Preventive Controls

39 Smart Controls Procure to Pay with Smart Controls Page 39

40 Case Study Over 1000 Smart Controls for ERP Select Configuration, Master Data and Transaction Controls Detect control weaknesses across ERP system to identify business process optimization opportunities

41 Q & A Sign-up for FREE 14 Days Evaluation Register online and download Dataprobe to identify P2P Risks in EBS