ERP IMPLEMENTATION RISK
|
|
- Henry Heath
- 6 years ago
- Views:
Transcription
1 ERP IMPLEMENTATION RISK Kari Sklenka-Gordon, Director at RSM National ERP Risk Advisory Leader March RSM US LLP. All Rights Reserved.
2 Speaker Kari Sklenka-Gordon National RSM ERP Risk Advisory Leader 18+ years working with SAP and other ERPs 16+ years in security, controls, risk & IT governance 10+ years in public accounting Team member of 35+ ERP implementations 2
3 Agenda ERP implementation success factors ERP implementation risk overview ERP implementation risk deep dive Risk assessment approaches Risk mitigation approaches Case studies Organizational accountability view of ERP implementation risk Summary 3
4 ERP IMPLEMENTATION SUCCESS FACTORS 4
5 ERP implementation success factors 5
6 What are ERP implementation success factors? ERP effectively designed to meet the needs of the business Future state technology landscape including interfaces Adequate infrastructure to meet performance demand Awareness of any new software functionality releases Business Continuity Planning/ Disaster Recovery Post go live support addresses needs 3rd party SLA s adequate to support new ERP Balancing of other company priorities that could impact project team members General project governance activities: Budget/ appropriate capitalization of costs/ timeline Pre planning activities such as: Resource strategy (vendor led/ or internal) ERP software selection ERP implementation vendor selection & contract signing Selection of ERP deployment methodology Accurate business requirements documented Accurate business requirement mapping to new ERP capabilities Testing of business requirements Effective communication between the project team and everyone else on the project or in the business End user training aligned to security model designed Correct data classification, cleansing, mapping, migration Regulatory requirements /controls (SOX, PCI, FDA, etc.) Data privacy / European union general data protection regulation Utilization of new ERP to support controls automation Security roles designed free of segregation of duties conflicts Cybersecurity related controls / COBIT controls
7 ERP IMPLEMENTATION RISK OVERVIEW 7
8 What went wrong? The implementation cost twice as much as the original budget We didn t see the realized value of the ERP implementation afterwards We failed our SOX controls, resulting in a material weakness Users didn t have the access to do their job after go-live Duplicative customers are found in the new ERP system We rushed through the implementation to meet initial goals, which resulted in a system with a lot of problems at go-live Inventory actual does not match what s in our new ERP ERP Implementation failure rate is 75% Gartner 8
9 What is ERP implementation risk? 9
10 Typical ERP Implementation project phases Planning Business case and purpose for new ERP Select ERP Determine budget & timeline Determine implementation strategy Design Build & validate Fit gap analysis Business requirements Data cleansing Future state IT landscape (interfaces) Controls Design Security role structure design Configure/Code system Perform testing (unit, system, integration, UAT, performance, controls, security) System role design End User Training Development Deployment System freeze Cut over activities (data migration, final configurations for go live, etc.) End user training Go live 10 Post go live Run state operational use of new ERP Regulatory controls testing
11 Impact of risk factors at each ERP implementation phase ERP Implementation Phases Planning Design Build & Validate Deployment Post go live Project governance X X X X X Business requirements X X X X X Data X X X X X Regulatory requirements, security, controls Organizational change management X X X X X X X X X X Operations X X X X X Risk occurs during each phase of an ERP implementation 11
12 Where do we find ERP implementation risk? 30% ERP Implementation Risk 25% 20% 15% 10% 5% 0% Project Governance Regulatory, Security & Controls Data Technology Business Requirements Organizational Change Management Operations 12
13 Assessing ERP implementation risk findings If possible, use your company s ERM risk score card If your company does not have an ERM practice, design a risk score card that works for your culture, regulatory requirements, company size, financial size, and nature of the implementation Most score cards use the 1-5 scoring system When issues are identified, risk should be viewed as impact to project and impact to COMPANY after go-live before assigning a risk rating Communication of issues are best illustrative using a heat map 13
14 ERP IMPLEMENTATION RISK DEEP DIVE 14
15 ERP implementation risk: Project governance 15
16 Case Study: Project governance risk Issue: Midway through the ERP implementation, COMPANY thought they were getting less than they signed up for from their implementation vendor. They sited communication issues, delays, and budget overages. 16
17 Case study: Project governance risk Risk identification method Vendor contract assessment Health check assessment Results COMPANY signed up for implementation tasks they shouldn t have been responsible for, because those responsibilities typically were vendor responsibilities. Vendor was not accountable for tasks it should have been responsible for. There was a lack of a project plan with dependencies. The project plan that existed was aggressive. COMPANY pushed go live out one quarter, renegotiated the remaining contract with the implementer, and go the project back on track. Possible risk mitigation strategies Implementation Strategy & Deployment Methodology Review Vendor Contract Review Project Plan Review 17
18 ERP implementation risk: Business requirements 18
19 Case study: Business requirements risk Issue: Significant amount of testing exceptions found during end-user testing just before go-live. Caused project go-live to be delayed. 19
20 Case study: Business requirements risk Risk identification method Performed a project Health Check Results Resources from the COMPANY didn t have a good understanding of COMPANY business requirements Resources from the implementation vendor, didn t have a good understanding of the ERP Fit Gap analysis, design documents, process flows, narratives, and other critical documents were not fully completed, but testing was being performed on the system. Although the timeline overall appeared to be on schedule, 90% of the completed tasks had serious quality issues that would directly impact the testing phase. Project go live date was reset for a future date Possible risk mitigation strategies Project documentation strategy assessment Project plan assessment Project implementation strategy assessment Project resource assessment 20
21 ERP implementation risk: Data 21
22 Case study: Data risk Issue: A material misstatement was found from inventory and sales being incorrectly under and over stated several years after an ERP implementation. 22
23 Case study: Data risk Risk identification method Results Possible risk mitigation strategies Key report controls testing for data accuracy and completeness Client data was incorrectly mapped from a non ERP system to ERP for an implementation No evidence was retained of the user signed off of the mapped data Data errors resulted in a material weakness Assessment of data cleansing, migration, testing strategies 23
24 ERP implementation risk: Regulatory requirements, security & controls 24
25 Case study: Regulatory requirements risk Issue: Data was deleted after an ERP go-live resulting in a material misstatement. 25
26 Case study: Regulatory requirements risk Risk identification method Results Possible risk mitigation strategies Post go live SOX controls assessment A critical setting in an ERP was not enabled after go live. Data deletion programs were run. Accountants had been running the data deletion programs to eliminate journal entries because of its easy of use. Resulted in a material misstatement Pre go live checklist of critical controls Immediate assessment of critical controls post go live 26
27 Case Study: Regulatory requirements risk Issue: FDA shut down a plant location after finding that users were not using the new ERP system as documented. 27
28 Case Study: Regulatory requirements risk Risk identification method Post go live FDA validation assessment performed by FDA Results Company upgraded their ERP system with all critical business tasks moved from manual excel/post it note based, to system based Change management and training was not clear to users in how they would do their job in ERP post go live. Users continued using manual outside the system processes even though training documentation supported new in system processes FDA performed a post go live audit and found tasks being performed out side the system, not inline with new training documentation resulting in fines and shut down of operations for a period of time Possible risk mitigation strategies FDA validation risk assessment prior to go live Project plan review for adequate time for end user training 28
29 Case Study: Controls risk Issue: After company went live with new ERP, it only leveraged automated system functionality for 10% of the business process controls. Industry comparison for the same industry and same ERP was more around 50-60%. 29
30 Case Study: Controls risk Risk identification method Post go live controls design assessment Results Upon further assessment of the automated process controls, it was noted that standard functionality was not enabled for the controls because they were not called out as business requirements COMPANY later improved controls automation landscape to 50%, but the cost was more significant than it would have been had the controls been designed during the project Possible risk mitigation strategies Business process risk assessment Controls design assessment during the project design phase Controls operation assessment during the project validation/testing phase 30
31 Case Study: Security controls risk Issue: COMPANY had several unmitigated security segregation of duties issues identified by their external auditors after go-live. COMPANY had a GRC tool installed and didn t think they had any segregation of duties issues not mitigated. 31
32 Case Study: Security controls risk Risk identification method Post go live security controls assessment by external auditors Rules Assessment Analysis by internal auditors Results COMPANY selected a new GRC tool AFTER the go live of their new ERP COMPANY did not perform a security rules assesmsent and just enabled the vendor s out of the box rules The rules assessment analysis reveled custom functions, over 150 missing standard functions, not added to the rules To resolve the new additional security issues, the security roles had to be redesigned on a newly implemented ERP after go live Possible risk mitigation strategies Implement GRC tool during the implementation before the security roles are built Perform a GRC tool security and SOD rules assessment to identify missing nonstandard security transactions 32
33 ERP implementation risk: Organizational change management 33
34 Case study: Organizational change management risk Issue: ERP was upgraded. After go-live, end-users were complaining the security in the system wasn t correct. The help desk was over loaded with requests for changes. 34
35 Case study: Organizational change management risk Risk identification method Post go live security assessment Results Several security changes occurred close to the time the end users were being trained. The end user training was not adequately updated to reflect those changes. So the end users were not aware of the security changes and the impact to their role as compared to how they performed their role in the old ERP system Upon further assessment, it was determined the security was designed appropriately, it was the end user training that needed to be enhanced, updated and the end users than retrained Possible risk mitigation strategies Project plan assessment End user training development strategy assessment Future state security model understanding and assessment 35
36 ERP Implementation Risk: Operations 36
37 Case Study: Operations risk Issue: IT environment was complex with lots of interfaces. A virus hit the entire system, 6 months after an ERP was implemented to support the financials. IT took the system off-line until virus was removed. When systems were brought back on-line, data was restored from the day prior to the virus hitting. Several weeks of financial data were overwritten and lost after the incident. 37
38 Case study: Operations risk Risk identification method Results Possible risk mitigation strategies Post security vulnerability assessment Client off shored most IT support to several 3 rd party vendors. Critical bath programs were never identified Batch program ownership was not clearly documented before offshoring the IT support responsibility. Investigation found that the back up batch programs stopped working properly the week before the virus had hit. When the new system was restored, the batch programs were pointing to empty folders of data that had been over written upon the restore. Data was unable to be retrieved since it was over written. Financial audit issues were a result of the incident Critical batch programs identified 3 rd party SLA s containing critical system ITGCs such as batch program monitoring 38
39 ERP Implementation Risk: Technology
40 Case Study: Technology risk Issue: Initial interface budget was for 10. Mid-way through the project, a total of 250 interfaces were identified. Building and testing the additional interfaces significantly increased the implementation cost, and reset the planned golive. 40
41 Case Study: Technology risk Risk identification method Assessment of the future state technology landscape compared to current state Review of business process flow charts identified the interfaces Results The future state technology landscape was missing a lot of interfaces because the current IT system landscape documents had not been kept up to date COMPANY incurred additional budget costs before go live to design and test the interfaces forgotten about The go live of the project was delayed Possible risk mitigation strategies Current state technology landscape review prior to signing new software contract Good business flow chart documentation prior to starting the implementation 41
42 Case Study: Technology risk Issue: Implemented ERP total project cost, was close to three times the initial budget and it was taking a significant amount of unplanned resources to keep the system up and running. 42
43 Case Study: Technology risk Risk identification method Postimplementation security & controls risk assessment Results A post implementation review conducted demonstrated that custom security t codes were twice as much as should have been there. Also the most basic automated controls were not enabled During the implementation the client was told often that standard functionality didn t exist to meet their requirements. This uncovered that the implementers either didn t have the skills or understanding of the standard system functionality and had falsely guided the client that they needed custom development to standard ERP functionality, or they guided the client to implement the custom functionality to increase their fees. Turned into a lawsuit with implementers Possible risk mitigation strategies Security & controls design assessment Security & controls operating assessment 43
44 ORGANIZATIONAL VIEW OF ERP IMPLEMENTATION RISK ACCOUNTABILITY 44
45 Typical organizational view of ERP implementation risk (governance, risk, controls and security) Business Process Risk Assessment to identify risk and key control objectives Regulatory (i.e. SOX, PCI, FDA) controls business process risk assessment Future State Controls (CFO/IA) Regulatory ITAC/ Automated Process Controls Non Regulatory ITAC/ Automated Process Controls Regulatory IT Sensitive Access and SODs Regulatory IT Dependent Manual Regulatory Manual Business Controls Regulatory ITGCs including Project Development ITGCs Operational ITGCs GRC Technology Optimizations (CFO/IA/ERM/CIO) ERP GRC tool usage Data analytics techniques and tools 45 Implementation Project Governance Risk (Project Leader/Business/ CIO) Software Vendor Contract Project Governance Implementation Success Factors Organizational Change Management Business Requirements Data Technology IT Security Governance Risk ERP Security, Cyber Security (CISO/CIO/CFO) Critical infrastructure cybersecurity controls and IT operations security controls Security Vulnerability Management Security design model alignment with new HR job titles
46 SUMMARY 46
47 In summary Project risk can happen at any point of an ERP implementation life cycle, including before the project starts Project risk cannot always be prevented but it can be identified, monitored, and mitigated before it results in significant post-go-live issues Project risk is real and can directly impact investment dollars before and after and implementation 47
48 RSM US LLP Address City Phone This document contains general information, may be based on authorities that are subject to change, and is not a substitute for professional advice or services. This document does not constitute audit, tax, consulting, business, financial, investment, legal or other professional advice, and you should consult a qualified professional advisor before taking any action based on the information herein. RSM US LLP, its affiliates and related entities are not responsible for any loss resulting from or relating to reliance on this document by any person. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. RSM and the RSM logo are registered trademarks of RSM International Association. The power of being understood is a registered trademark of RSM US LLP RSM US LLP. All Rights Reserved.
SAMPLING AND ERROR EVALUATION RSM US LLP. All Rights Reserved.
SAMPLING AND ERROR EVALUATION SAMPLING Sampling Factors to consider when sampling Population size and aggregate balance Tolerable misstatement Expected error Assurance factors Significant risk Reliance
More informationMinimizing fraud exposure with effective ERP segregation of duties controls
Minimizing fraud exposure with effective ERP segregation of duties controls Prepared by: Luke Leaon, Manager, RSM US LLP luke.leaon@rsmus.com, +1 612 629 9072 Adam Harpool, Manager, RSM US LLP adam.harpool@rsmus.com,
More informationEHR AND ERP INTEGRATION. January 25, 2018
EHR AND ERP INTEGRATION January 25, 2018 Your Instructor Agenda Introduction to EHR and ERP EHR and ERP integration opportunities Evaluating the potential impact of EHR and ERP integration to your organization
More informationPURCHASE ORDER SPEND CONTROL MICROSOFT DYNAMICS AX 2012 R3/ AND DYNAMICS 365
PURCHASE ORDER SPEND CONTROL MICROSOFT DYNAMICS AX 2012 R3/ AND DYNAMICS 365 2016 2016 RSM US RSM LLP. All US Rights LLP. Reserved. All Rights Reserved. Introduction Rachel Profitt, MCT, MVP Director,
More informationMICROSOFT DYNAMICS 365 FOR TALENT. Rachel Profitt, MVP, MCT Director, RSM Technology Academy November 30, 2017
MICROSOFT DYNAMICS 365 FOR TALENT Rachel Profitt, MVP, MCT Director, RSM Technology Academy November 30, 2017 2016 2016 RSM US RSM LLP. US All Rights LLP. Reserved. All Rights Reserved. Introductions Rachel
More informationThe importance of a solid data foundation
The importance of a solid data foundation Prepared by: Michael Faloney, Director, RSM US LLP michael.faloney@rsmus.com, +1 804 281 6805 February 2015 This is the first of a three-part series focused on
More informationGAMP5 Validation for Dynamics 365
GAMP5 Validation for Dynamics 365 Prepared by: Michael Webster, Business Development Director, RSM US LLP michael.webster@rsmus.com, +1 617 241 1544 Dynamics 365 is an ideal enterprise resource planning
More informationSERVICES AND CAPABILITIES. Technology and Management Consulting
SERVICES AND CAPABILITIES Technology and Management Consulting RSM overview Fifth largest audit, tax and consulting firm in the U.S. Over $1.6 billion in revenue 80 cities and more than 8,000 employees
More informationLOYALTY MANAGEMENT FOR RETAIL
RSM TECHNOLOGY ACADEMY elearning Syllabus and Agenda LOYALTY MANAGEMENT FOR RETAIL FOR MICROSOFT DYNAMICS AX Course Details 3 Audience 3 Continuing Professional Education 3 Registration and Payment 3 Refund
More informationTop 10 SAP audit and security risks
Top 10 SAP audit and security risks Securing your system and vital data Prepared by: Luke Leaon, Manager, RSM US LLP luke.leaon@rsmus.com, +1 612 629 9072 SAP is a functional enterprise resource planning
More informationThe need for optimization: Getting the most from Microsoft Dynamics GP
The need for optimization: Getting the most from Microsoft Dynamics GP Prepared by: Hans Wulczyn, Director, RSM US LLP hans.wulczyn@rsmus.com, +1 717 901 8413 July 2017 Microsoft Dynamics GP is a powerful,
More informationProactively Managing ERP Risks. January 7, 2010
Proactively Managing ERP Risks January 7, 2010 0 Introductions and Objectives Establish a structured model to demonstrate the variety of risks associated with an ERP environment Discuss control areas that
More informationCHART OF ACCOUNTS SETUP
RSM TECHNOLOGY ACADEMY elearning Syllabus and Agenda CHART OF ACCOUNTS SETUP FOR MICROSOFT DYNAMICS 365 FOR OPERATIONS Course Details 3 Audience 3 At Course Completion 3 Registration and Payment 3 Refund
More informationExternal Quality Assessment Review of University of Florida s Office of Internal Audit
External Quality Assessment Review of University of Florida s Office of Internal Audit May 30, 2017 TABLE OF CONTENTS Executive Summary... 1 Objectives, Scope and Methodology... 2 Summary of Results...
More informationNETSUITE USER GROUP WEBCAST
NETSUITE USER GROUP WEBCAST Saved Searches Tips & Tricks February 22 nd, 2018 Today s speaker Matt Bailey Director, Technology & Management Consulting Over 18 years of experience in ERP/CRM implementations
More informationOPTIMIZE YOUR BUSINESS WITH NETSUITE CRM. August 29, 2017
OPTIMIZE YOUR BUSINESS WITH NETSUITE CRM August 29, 2017 With you today Eric Myers Director Eric has 15+ years industry experience and currently works with many RSM/NetSuite clients in Distribution, Manufacturing,
More informationRSM TECHNOLOGY ACADEMY elearning Syllabus and Agenda RETAIL POS SETUP FOR MICROSOFT DYNAMICS AX
RSM TECHNOLOGY ACADEMY elearning Syllabus and Agenda RETAIL POS SETUP FOR MICROSOFT DYNAMICS AX Course Details 3 Audience 3 Registration and Payment 3 Refund Policy 3 Prerequisites 3 Participant Requirements
More informationRSM TECHNOLOGY ACADEMY elearning Syllabus and Agenda WAREHOUSE LAYOUT FOR MICROSOFT DYNAMICS 365 FOR FINANCE AND OPERATIONS
RSM TECHNOLOGY ACADEMY elearning Syllabus and Agenda WAREHOUSE LAYOUT FOR MICROSOFT DYNAMICS 365 FOR FINANCE AND OPERATIONS Course Details 3 Audience 3 At Course Completion 3 Registration and Payment 3
More informationTop 10 SAP audit and security risks: Securing your system and vital data
Top 10 SAP audit and security risks: Securing your system and vital data Prepared by: Luke Leaon, Manager, McGladrey LLP 612.629.9072, luke.leaon@mcgladrey.com Adam Harpool, Supervisor, McGladrey LLP 212.372.1773,
More informationHow to Maximize Your Internal Controls Program. June 15, 2017 Atlanta, GA
How to Maximize Your Internal Controls Program June 15, 2017 Atlanta, GA Sarbanes-Oxley Update June 15, 2017 Rick Warren Principal patrick.warren@pwc.com Andres Leal Director andres.m.leal@pwc.com 3 Agenda
More informationIs your ERP ready for COSO 2013?
Is your ERP ready for COSO 2013? Securing the ERP Webcast series February 26, 2015 Agenda COSO 2013 overview What is changing and what is not? Internal control definition Components and principles Transition
More informationMODERNIZING THE FINANCE FUNCTION
MODERNIZING THE FINANCE FUNCTION Transforming the finance function into a strategic business partner November 15, 2016 Presenters Mary Beth Jameson RSM US LLP Director, Technology and Management Consulting
More informationMICROSOFT DYNAMICS SL 2017 YEAR END PROCESSING AND CONSIDERATIONS. December 19, 2017
MICROSOFT DYNAMICS SL 2017 YEAR END PROCESSING AND CONSIDERATIONS December 19, 2017 2015 2017 RSM US LLP. All Rights Reserved. Presenter Randy Andrews, CPA Manager, Dynamics SL Support Randy.Andrews@rsmus.com
More informationENGAGE YOUR CUSTOMERS WITH SALES AND SERVICE FUNCTIONALITY
ENGAGE YOUR CUSTOMERS WITH SALES AND SERVICE FUNCTIONALITY Microsoft Dynamics 365 educational webcast series presented by RSM May 31, 2017 Today s presenters Mike Nafziger Principal and National Customer
More informationRETAIL POS AND STORE OPERATIONS
RSM TECHNOLOGY ACADEMY Syllabus and Agenda RETAIL POS AND STORE OPERATIONS FOR MICROSOFT DYNAMICS AX Course Details 3 Audience 3 At Course Completion 3 Course Cancellation Policy 4 Guaranteed to Run 4
More informationUsing ClarityTM for Application Portfolio Management
WHITE PAPER: Application Portfolio Management February 2012 Using CA PPM ClarityTM for Application Portfolio Management David Werner CA Service & Portfolio Management agility made possible table of contents
More informationSTRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES. September 2017
STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES September 2017 Your presenters Nancy Aubrey Partner Boston, MA Nancy.aubrey@rsmus.com Rick Shriner Principal McLean, VA Rick.shriner@rsmus.com 2 Agenda
More informationPROCURE-TO-PAY INVENTORY MANAGEMENT
RSM TECHNOLOGY ACADEMY Syllabus and Agenda PROCURE-TO-PAY INVENTORY MANAGEMENT FOR MICROSOFT DYNAMICS AX Course Details 3 Audience 3 At Course Completion 3 Course Cancellation Policy 5 Guaranteed to Run
More informationGAIT FOR BUSINESS AND IT RISK
GAIT FOR BUSINESS AND IT RISK (GAIT-R) The Institute of Internal Auditors March 2008 Table of Contents 1. Introduction...1 2. Executive Summary...2 3. Why GAIT-R?...4 4. The GAIT-R Principles...6 5. GAIT-R
More informationSegregation of Duties: Best Practices for Cybersecurity and More
WHITE PAPER Segregation of Duties: Best Practices for Cybersecurity and More The news is filled with stories of alarming cybersecurity breaches, networks being hacked, and malware running amok. However,
More informationRising to the challenge Delivering Internal Audit excellence
www.pwc.co.uk Rising to the challenge Delivering Internal Audit excellence Internal Audit. Expect More. November 2016 Welcome Lindsey Paterson Scotland Internal Audit Government and Public Sector Leader
More informationEmerging & disruptive technology risks
Emerging & disruptive technology risks Shawn W. Lafferty, KPMG Partner IT Internal Audit/Risk Assurance April 2018 Why IT internal audit? find ways to overcome resource and budgetary constraints. This
More informationInternal Audit Report - Contract Compliance Cycle Audit Department of Technology Services: SHI International Corporation Contract Number
Internal Audit Report - Contract Compliance Cycle Audit Department of Technology Services: SHI International Corporation Contract Number- 582-14 TABLE OF CONTENTS Transmittal Letter... 1 Executive Summary
More informationImproving the Patient Experience Across the Revenue Cycle
Improving the Patient Experience Across the Revenue Cycle A closer look at patient centered approach to scheduling, pre-arrival, point-ofservice functions, and move towards a single billing office November
More informationNETSUITE USER GROUP WEBCAST
NETSUITE USER GROUP WEBCAST Budgeting, Forecasting & Reporting March 14th, 2018 Today s speaker Matt Bailey Director, Technology & Management Consulting Over 18 years of experience in ERP/CRM implementations
More informationSarbanes-Oxley Act of 2002 Can private businesses benefit from it?
Sarbanes-Oxley Act of 2002 Can private businesses benefit from it? As used in this document, Deloitte means Deloitte Tax LLP, which provides tax services; Deloitte & Touche LLP, which provides assurance
More informationGOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.
GOVERNANCE 8.A.1 - Objective: Information Technology strategies, plans, personnel and budgets are consistent with AES' business and strategic requirements and goals. Objective Risk Statement(s): - IT Projects,
More informationLEVERAGING ERM BEYOND COMPLIANCE. July 25, 2017
LEVERAGING ERM BEYOND COMPLIANCE July 25, 2017 Presenters Steve Menaker Shawn Dahl Adam Marshall Assurance Partner, National Manufacturing Industry Lead Principal, Risk Advisory Services Director, Risk
More informationThe importance of the right reporting, analytics and information delivery
The importance of the right reporting, and information delivery Prepared by: Michael Faloney, Director, RSM US LLP michael.faloney@rsmus.com, +1 804 281 6805 Introduction This is the second of a three-part
More informationFastpath. Innovation in User Experience for Automated Controls SOLUTIONPERSPECTIVE EXPERIENCE. November 2017
November 2017 Fastpath Innovation in User Experience for Automated Controls EXPERIENCE 2017 SOLUTIONPERSPECTIVE Governance, Risk Management & Compliance Insight 2017 GRC 20/20 Research, LLC. All Rights
More informationExecutive Summary Provides the background, scope and objectives, and overall summary and highlights of the engagement
January 10, 2017 Mr. Jack Hutchinson Internal Audit Director, Executive Department Sound Transit 401 South Jackson Street Seattle, Washington 98104 600 University Street Suite 1100 Seattle, WA, 98101 O
More informationSecure Your ERP Environment with Automated Controls Naomi Iseri,Sr. GRC Solution Consultant
Secure Your ERP Environment with Automated Controls Naomi Iseri,Sr. GRC Solution Consultant Agenda Introductions & Objectives Why Automate Controls What types of Automation Controls Do I Need When to Implement
More informationInternal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)
Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR) Origin of IFC The first significant focus on internal control certification related to financial reporting
More informationORDER-TO-CASH INVENTORY MANAGEMENT
RSM TECHNOLOGY ACADEMY Syllabus and Agenda ORDER-TO-CASH INVENTORY MANAGEMENT FOR MICROSOFT DYNAMICS AX Course Details 3 Audience 3 At Course Completion 3 Course Cancellation Policy 4 Guaranteed to Run
More informationHow well does your procurement measure up?
How well does your procurement measure up? Find out how KPMG and Coupa can help you achieve smarter spend management. May 2017 kpmg.com/us/coupa How well does your procurement measure up? 1 Optimizing
More informationCompliance in Multiple Regulatory Settings. a Holistic Approach
Compliance in Multiple Regulatory Settings a Holistic Approach Vanessa Balogh Key Problems Compliance with multiple regulations FDA, SOX, HIPAA,GLBA,BASEL II, PCI, more Lack of transparency, ownership
More informationGRC300. SAP BusinessObjects Access Control Implementation and Configuration COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)
GRC300 SAP BusinessObjects Access Control 10.0 - Implementation and Configuration. COURSE OUTLINE Course Version: 15 Course Duration: 5 Day(s) SAP Copyrights and Trademarks 2017 SAP SE or an SAP affiliate
More informationInternal controls over financial reporting
Internal controls over financial reporting Outlining a program that meets stakeholder expectations kpmg.com After showing why a company s internal controls over financial reporting (ICOFR) program may
More informationInternal controls over financial reporting
Internal controls over financial reporting Outlining a program that meets stakeholder expectations kpmg.ca After showing why a company s internal controls over financial reporting (ICOFR) program may be
More informationA Financial Executive s Guide to Internal Controls & Fraud Prevention in the Cloud
A Financial Executive s Guide to Internal Controls & Fraud Prevention in the Cloud July 2018 Greenlight Technologies. All rights reserved. 1 Speakers James Rice Vice President of Customer Solutions Greenlight
More informationADMINISTRATION & SECURITY BOOTCAMP
RSM TECHNOLOGY ACADEMY Syllabus and Agenda ADMINISTRATION & SECURITY BOOTCAMP FOR MICROSOFT DYNAMICS AX Table of Contents Course Details 4 Key Data 4 Look and Feel 4 Audience 4 At Course Completion 5 Course
More informationWAREHOUSE AND TRANSPORTATION MANAGEMENT ESSENTIALS
RSM TECHNOLOGY ACADEMY Syllabus and Agenda WAREHOUSE AND TRANSPORTATION MANAGEMENT ESSENTIALS FOR MICROSOFT DYNAMICS AX Key Data 3 Look and Feel 3 Audience 3 Prerequisites 3 Students 3 Environment 3 Course
More informationThe shrinking treasury management system landscape TEXPO April 2017
The shrinking treasury management system landscape TEXPO 2017 April 2017 Disclaimer EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited,
More informationShort, engaging headline
Short, engaging headline Internal controls over financial reporting Designing a healthy program that evolves to meet changing needs kpmg.ca In this series of white papers, KPMG s Risk Consulting practice
More informationEffective Data Governance & GDPR Compliance for the Nonprofit CFP
Effective Data Governance & GDPR Compliance for the Nonprofit CFP March 22, 2018 BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited
More informationEnergy Trading Risk Management (ETRM) System Selection and Implementation Top Challenges
Energy Trading Risk Management (ETRM) System Selection and Implementation Top Challenges May 27, 2014 Energy Trading Risk Management Challenges Agenda Agenda Speaker Introduction Overview of Energy Trading
More informationKey BSA/AML takeaways from the 2015 FIBA conference
Key BSA/AML takeaways from the 2015 FIBA conference April 2015 This year s Florida International Bankers Association (FIBA) conference included a number of sessions that addressed Bank Secrecy Act and
More informationThe importance of the right reporting, analytics and information delivery
The importance of the right reporting, and Introduction This is the second of a three-part series focused on designing a business intelligence (BI) solution. In order to design a complete solution, there
More informationEnterprise Risk Management Discussion American Gas Association Risk Management Committee Meeting
Enterprise Risk Management Discussion American Gas Association Risk Management Committee Meeting July 17, 2017 Objectives Provide perspective on the evolution of Enterprise Risk Management (ERM) New 2017
More informationREPORTING AND BUSINESS INTELLIGENCE
RSM TECHNOLOGY ACADEMY Syllabus and Agenda REPORTING AND BUSINESS INTELLIGENCE For Microsoft Dynamics 365 for Operations Course Details 3 Audience 3 At Course Completion 3 Course Cancellation Policy 4
More informationRamifications of the New COSO Framework & Recent PCAOB Actions
Ramifications of the New COSO Framework & Recent PCAOB Actions Panelists Moderator Bob Meyer, Senior Vice President of Finance & Corporate Controller, American Tower Joann Cangelosi, Partner, Grant Thornton
More informationWorking better by working together
Working better by working together Deal Advisory / Germany We can help you Partner. / 1 A pragmatic approach to enhancing value through partnerships. Your vision. Our proven capabilities. Businesses thrive
More informationBENEFITS OF AN EFFECTIVE OUTSOURCING STRATEGY. March 1, 2017
BENEFITS OF AN EFFECTIVE OUTSOURCING STRATEGY March 1, 2017 RSM overview Fifth largest audit, tax and consulting firm in the U.S. Over $1.6 billion in revenue 80 cities and more than 8,000 employees in
More informationEY license compliance manager for SAP software. Forensic Technology & Discovery Services
EY license compliance manager for SAP software Forensic Technology & Discovery Services Overview In an increasingly complex world, where software deployment has become pervasive throughout business life,
More informationData analytics is a powerful tool to prevent fraud and manage risk
Data analytics is a powerful tool to prevent fraud and manage risk Identify risk of noncompliance with anti-corruption laws Prepared by: Victor Padilla, Director, RSM US LLP victor.padilla@rsmus.com, +1
More informationSpend visibility and shared services Strategies to address growing pains for long-term care organizations
Spend visibility and shared services Strategies to address growing pains for long-term care organizations Prepared by: Gerry Hodson, Director, Financial Advisory Practice, McGladrey LLP 816.751.4031, gerry.hodson@mcgladrey.com
More informationA Guide to IT Risk Assessment for Financial Institutions. March 2, 2011
A Guide to IT Risk Assessment for Financial Institutions March 2, 2011 Welcome! Housekeeping Control panel on the right side of your screen. Audio Telephone VoIP Submit Questions in the pane on the control
More informationREPORTING FUNDAMENTALS FOR PROGRAMMERS
RSM TECHNOLOGY ACADEMY Syllabus and Agenda REPORTING FUNDAMENTALS FOR PROGRAMMERS FOR MICROSOFT DYNAMICS AX Course Details 3 Audience 3 Course Cancellation Policy 3 Guaranteed to Run 4 Travel Guide 4 Hosted
More informationFINANCIAL MANAGEMENT FOR ACCOUNTS PAYABLE
RSM TECHNOLOGY ACADEMY Syllabus and Agenda FINANCIAL MANAGEMENT FOR ACCOUNTS PAYABLE IN MICROSOFT DYNAMICS AX Course Details 3 Audience 3 At Course Completion 3 Course Cancellation Policy 4 Guaranteed
More informationAn Oracle White Paper December Reducing the Pain of Account Reconciliations
An Oracle White Paper December 2012 Reducing the Pain of Account Reconciliations Introduction The finance department in most organizations is coming under increasing pressure to transform and streamline
More informationMETRO. Audit results. September 30, 2017
METRO Audit results September 30, 2017 This presentation to the Board of Directors is intended solely for the information and use of the Board of Directors and management and is not intended to be and
More informationCITY OF LAWRENCE. Commissioner s Meeting. December 19, RSM US LLP. All Rights Reserved.
CITY OF LAWRENCE Commissioner s Meeting December 19, 2017 PHASE 1 Rapid Assessment Project Overview Project Scope RSM was tasked to perform a Rapid Assessment of the Miscellaneous Billing and related Cash
More informationWorking better by working together
Working better by working together Deal Advisory We can help you Partner. kpmg.ch/dealadvisory A pragmatic approach to enhancing value through partnerships. / 1 Your vision. Our proven capabilities. Businesses
More informationCorporate Background and Experience: Financial Soundness: Project Staffing and Organization
A motion by Kentucky, on behalf of the Certification Committee, to adopt changes to the Governing Board Rules, Appendix C, Criteria and Minimum Standards for CSP Certification: Appendix C (04/07/2015)
More informationDeal Advisory / Australia WORKING BETTER BY WORKING TOGETHER. We can help you Partner.
Deal Advisory / Australia WORKING BETTER BY WORKING TOGETHER We can help you Partner. KPMG / Deal Advisory / Partner A PRAGMATIC APPROACH TO ENHANCING VALUE THROUGH PARTNERSHIPS. / 1 Your vision. Our proven
More informationRSM FOOD AND BEVERAGE INDUSTRY SURVEY
RSM FOOD AND BEVERAGE INDUSTRY SURVEY Top priorities among growers, manufacturers, processors, distributors and retailers ABOUT THE SURVEY Food and Beverage Industry Survey RSM US LLP is the leading U.S.
More informationManaging FTI Data Compliance. Addressing Publication 1075
Managing FTI Data Compliance Addressing Publication 1075 Introduction Daniel Gabriel, Manager, Security & Privacy Deloitte & Touche LLP Daniel has over nine years of experience providing ERP security and
More informationCrowe Consumer Compliance Consulting Services
Crowe Consumer Compliance Consulting Services How Well Is Your Organization Managing Regulatory Risk in Consumer Banking and Financial Services? Audit / Tax / Advisory / Risk / Performance Smart decisions.
More informationRSM US CODE OF CONDUCT GROUNDED IN OUR VALUES - RESPECT, INTEGRITY, TEAMWORK, EXCELLENCE AND STEWARDSHIP
RSM US CODE OF CONDUCT GROUNDED IN OUR VALUES - RESPECT, INTEGRITY, TEAMWORK, EXCELLENCE AND STEWARDSHIP MESSAGE FROM JOE ADAMS RSM US MANAGING PARTNER & CEO At RSM US LLP (RSM), we ve spent nearly 90
More informationEnterprise risk management for consumer products companies
Enterprise risk management for consumer products companies Prepared by: Bob Jacobson, Principal, Risk Advisory Services, McGladrey LLP 949.255.6648, bob.jacobson@mcgladrey.com Dharmesh Choksey, Director,
More informationThird Party Risk Management ( TPRM ) Transformation
Third Party Risk Management ( TPRM ) Transformation September 20, 2017 Internal use only An introduction to TPRM What is a Third Party relationship? A Third Party relationship is any business arrangement
More informationReview of Payment Controls
Review of Payment Controls June 12, 2009 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing Office of
More informationRisk Management For and By the BOT. Secured BOT Series
Secured BOT Series 2018 Contents Risk Management For and By the BOT Setting context for RPA Risk Management Deloitte's Risk Framework For RPA Risk Management For the BOT Risk Management By the BOT How
More informationPRODUCT INFORMATION MANAGEMENT
RSM TECHNOLOGY ACADEMY Syllabus and Agenda PRODUCT INFORMATION MANAGEMENT FOR MICROSOFT DYNAMICS AX Course Details 3 Audience 3 At Course Completion 3 Course Cancellation Policy 5 Guaranteed to Run 5 Travel
More informationBack to School for Business Services how to get it right?
Back to School for Business Services how to get it right? CORE conference November 8, 2016 1 Shared Services and Outsourcing Advisory WHO WE ARE KPMG s Shared Services and Outsourcing Advisory practice
More informationSAP Road Map for Governance, Risk, and Compliance Solutions
SAP Road Map for Governance, Risk, and Compliance Solutions Q4 2016 Customer Disclaimer The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the
More informationITIL Qualification: MANAGING ACROSS THE LIFECYCLE (MALC) CERTIFICATE. Sample Paper 2, version 5.1. To be used with Case Study 1 QUESTION BOOKLET
ITIL Qualification: MANAGING ACROSS THE LIFECYCLE (MALC) CERTIFICATE Sample Paper 2, version 5.1 To be used with Case Study 1 Gradient Style, Complex Multiple Choice QUESTION BOOKLET Gradient Style, Complex
More informationWhy Oracle GRC with every E-Business Suite Upgrade
Why Oracle GRC with every E-Business Suite Upgrade Kate Coughlin Principal Solution Consultant Why Preventive. Oracle Confidential - Do Not Distribute Why GRC for Every EBS Upgrade? Be compliant on Day
More informationGRC300. SAP Access Control Implementation and Configuration COURSE OUTLINE. Course Version: 16 Course Duration: 5 Day(s)
GRC300 SAP Access Control Implementation and Configuration. COURSE OUTLINE Course Version: 16 Course Duration: 5 Day(s) SAP Copyrights and Trademarks 2016 SAP SE or an SAP affiliate company. All rights
More informationWorking better by working together
Working better by working together Deal Advisory / Global We can help you Partner. A pragmatic approach to enhancing value through partnerships. / 1 Your vision. Our proven capabilities. Businesses thrive
More informationSource-to-pay: Delivering value beyond savings
Source-to-pay: Delivering value beyond savings Transforming the source-to-pay process Because the source-to-pay (S2P) process crosses three organizations procurement, finance, and IT an outdated and manual
More informationIT Service Delivery And Support
IT Service Delivery And Support Week Ten Auditing Application Control IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 Transactional Applications vs. Support Application Application Controls
More informationSpeed Business Performance, Lower Cost, and Simplify IT with Automated Archiving
SAP Brief SAP Extensions SAP Archiving and Document Access by OpenText Speed Business Performance, Lower Cost, and Simplify IT with Automated Archiving SAP Brief Store, manage, and access data and documents
More informationIntelligent automation and internal audit
Intelligent automation and internal audit Adding value through governance, risk management, and controls Second article in the series kpmg.ch Contents Governing intelligent automation across the enterprise
More informationData, Analytics and Your Audit
Data, Analytics and Your Audit What Financial Executives Need to Know By Roger O Donnell Partner, KPMG LLP Reprinted by permission from Financial Executive kpmg.com audit Perhaps no business trend has
More informationCOSO Framework Update Webcast. May 23, 2013
COSO Framework Update Webcast May 23, 2013 Today s presenters Rob Kastenschmidt National Leader - Risk Advisory Services Sara Lord Partner - National Professional Standards Group Agenda Topic Minutes The
More informationInformation Technology Risks in Today s Environment
Information Technology s in Today s Environment - Traci Mizoguchi Enterprise Services Senior Manager, Deloitte & Touche LLP Agenda Overview Top 10 Emerging IT s Summary Q&A 1 Overview Technology continues
More informationIntelligent automation controls and internal audit considerations. April 2018
Intelligent automation controls and internal audit considerations April 2018 What is intelligent automation? What you do is defined by your integrated business events You: Buy, make, ship, store and sell
More informationArlington County, Virginia
Arlington County, Virginia Purchase Card Cycle Audit: Human Resources Department 1 st Quarter of Fiscal Year 2016 (July 1, 2015 September 25, 2015) Table of Contents Transmittal Letter... 1 Executive Summary...
More informationIT Risk Advisory & Management Services
IT Advisory & Management Services The (Ever) Evolving IT Management Organizations today, view IT risk management as a necessity. As a consequence, organizations need to realign their IT risk management
More information