Agenda. Manage the Risk of Inefficiency and Occupational Fraud in Day-to-Day Business Processes

Transcription

1 Manage the Risk of Inefficiency and Occupational Fraud in Day-to-Day Business Processes July 12, :00 3:00pm ET Stephanie Maziol, Product Marketing Director, GRC Applications, Oracle 1 Agenda Welcome & Introductions Under-the-Radar Process Inefficiency and Vulnerability Inefficiency and Internal Fraud Reduction with Oracle Fusion GRC Applications Automated Controls Applied to Process Risks 2 <Insert Picture Here> Under-the-Radar Process Inefficiency and Vulnerability 3

2 4 Increasing Opportunity for Fraud, Waste and Errors GLOBAL CORPORATE FRAUD REACHING ALL TIME HIGHS Organizations Suffering from Fraud Worldwide UNINTENTIONAL ERRORS AND LEAKAGE Global, Fortune 500 Firm, High-Tech 20% % North America 87% Europe 83% Asia 92% Over 4 audit cycles, consultants found $17.5M in payment errors Latin America 90% Middle East/Africa 87% $0 $2.5M $5M Source: Kroll Global Fraud Report, Annual Edition 2010/2011 and Quarterly Corporate Fraud Index Network, Q Multiple Financial Systems and Business Process Complexity Increase Risk of Errors Even world-class firms average 27 different financial systems per $1B of revenue - The Hackett Group End-to-End Business Process Multiple, and Heterogeneous ERP, Legacy, Custom Systems 5 Cost of Errors is Underestimated No Executive Concern Dealt as One-Offs Offs by LOB Labor Intensive Only 30% of companies consider error management to be a major business problem Handling errors is seen as the responsibility of the line of business Cost implications of managing exceptions are therefore hefty, but ignored 6

3 Polling Question 1 7 Greatest Improvement Gains in Operational Processes Operational inefficiency and risk, often the least scrutinized and optimized Financial Processes Ledger/Period Close Payables/Receivables Orders/Sales Payroll/T&E HR Processes Health & Safety Hire-to-Retire Production Processes Concept-to-Product Sales Processes Market-to-Prospect Opportunity for transparency, automation and improvement gains are the greatest 8 Mitigating Inefficiency and Risk Processes become too complex and unruly Controls are implemented reactively to comply with regulations and mandates Stakeholders too busy, not involved Manual control too cumbersome Haven t found the right automation Controls are defined Automation enforces controls Controls support performance goals Process must complete in n hours Errors must occur in <n% of transactions Personnel must spend <n% of time performing redundant activities Financial loss due to error/waste/fraud/theft must be <n% of revenue 9

4 10 What Can Be Done? 1 Show Stakeholders What They Have To Gain Increase Profit, Reduce Damage 2 Define Better Controls Start with Low Effort, High Yield Controls 3 Enforce These Controls Automate Where Pragmatic Polling Question 2 11 <Insert Picture Here> Inefficiency and Internal Fraud Reduction with Oracle Fusion GRC Applications 12

5 13 Detect More and Faster with Continuous Monitoring and Advanced Pattern Analysis Continuous Monitoring of Controls and Transactions Monitor 100% of transactions and controls in real time Apply Advanced Forensic and Pattern Analysis Visually identify suspect transactions using Benford Pattern analysis Invoice Accounts Payables Duplicate POs Duplicate/ Overpayment Suppliers Test integrity of transactions and controls across business processes Identify anomalies missed by traditional audit and controls Business Users Easily Build Controls and Reports Quickly Build and Adapt Controls Business rules and a drag-and-drop workbench makes even the most complex rules easy to build. Self-Service Dashboard Reports Business users can create interactive dashboards and personalized reporting on the fly. 14 Remediate High Impact Violations with Integrated Risk Prioritization and Incident Management Risk Prioritization Consolidated controls mgmt. and dashboard reporting automatically maps higher impact risks. Incident Management Integrated workflow efficiently resolves identified incidents and tracks status. 15

6 16 Embedded Controls Prevent Incidents and Escalation Real-time, automated controls and alerts prevent fraud and errors before it occurs Controls installed directly into applications and without technical expertise Prevent Fraud and Errors Before it Occurs Risk of fraudulent data and application changes reduced with approval workflow and audit trails Oracle s Governance, Risk, & Compliance Solutions Executive Dashboards Enterprise Risk Management SOD & Access GRC Intelligence KRIs and KPIs GRC Manager Compliance Management GRC Controls Application Configuration Preventive Controls Ad-Hoc Analysis Remediation Management Transaction Monitoring 360º Visibility Single source of GRC Information Pre-built dashboards Respond to KRI and issues Centralized GRC Oversight Common Repository for GRC Audit and Assessment of Controls Integrated remediation management Embedded Controls Detective, Preventive, Contextual Automated controls testing Pre-built controls library Custom or Legacy Applications 17 <Insert Picture Here> Automated Controls Applied to Process Risks 18

7 Polling Question 3 19 Key Processes Vulnerable to Abuse & Inadvertent Error Source: 2011 OAUG Governance, Risk & Compliance Best Practices Survey, Unisphere Research, Feb Cut Procure to Pay Inefficiency & Risk Determine if supplier master data has changed Find & remediate users with privileges to enter & modify supplier master data Add data entry rules approving certain changes to supplier data Identify cash disbursements not processed but completed Validate supplier invoice aging, thresholds, lost discounts 21

8 Parexel Leading global bio/pharmaceutical services organization with revenues of $1.3 B and 9,700 employees[, S&P 600 with 71 locations around 52 countries Requirements Needed solutions to expose inter-role conflicts and enforce access security SOD monitoring done manually thru documentation & check lists Ensure OFAC compliance and validate suppliers against watchlist. Monitor P2P transactions more effectively than looking at cash payments comparisons Results Identified riskiest policies and conflicts controls and SOD rules were implemented. Automated OFAC compliance by tracking transactions against SDN listing. Eliminated cash payment comparisons Improved P2P process health and confidence Key Processes Vulnerable to Abuse & Inadvertent Error Source: 2011 OAUG Governance, Risk & Compliance Best Practices Survey, Unisphere Research, Feb 2011 Cut Order to Cash Ineffciency & Risk Determine if product master data is accurate Find & remediate users with privileges to enter & modify master data Add data entry rules to validate sales order ship-to destination against localized product configuration Find sales order transaction exceptions Find revenue and COGS mismatches Validate customer invoice aging, thresholds 24

9 A.M. Castle A.M. Castle, metal distributor with 55 offices in US, Europe and Asia, revenues of $1.5 B and 1,500 employees. Growth through acquisition and global expansion. Requirements Inefficient, error prone quote & order entry process causing service issues Extensive exception reporting to correct order entry exceptions Numerous manual and custom audits were required to catch errors Many fields required additional keystrokes and navigation Results Reduced order entry time by 20% Automated audits/reports of order entry issues Automated exception s to notify Sales of order issue Removed errors causing invoice/shipping issues Improved the overall order system health & end user confidence Key Processes Vulnerable to Abuse & Inadvertent Error Source: 2011 OAUG Governance, Risk & Compliance Best Practices Survey, Unisphere Research, Feb 2011 Cut Financial Close Inefficiency & Risk Control access to ledger, ERP, consolidation, disclosure applications Prevent journal entries for which debit does not equal credit Validate that transactions are recorded according to GAAP/IFRS Identify changes to master data with significant impact to financial accounting or reporting implications Prompt users to add notes after work item is completed 27

10 FedEx FedEx, the world's #1 express transportation provider with 200,000 employees and $37 billion in revenues, offers access to the global marketplace through a network of supply chain, transportation, business and related information services. Requirements 6 ledgers currently close in 6-7 hrs but are moving to 92 ledgers Going from 175 to 400 users Are expanding from US-centric close to one involving Canada and other regions Need to maintain an auditable yet efficient close Results Close 92 legal entities, centrally, in less than a day All existing controls are maintained or strengthened Allow for status monitoring from a single workbench Build better notifications and alerts What Can Be Done? 1 Show Stakeholders What They Have To Gain Increase Profit, Reduce Damage 2 Define Better Controls Start with Low Effort, High Yield Controls 3 Enforce These Controls Automate Where Pragmatic 29 Oracle Fusion GRC Applications Suite Reduce Errors and Leakage Proactively prevent transaction & processing errors Improve cash management & reduce AP violations Identify exceptions missed by traditional controls and audit Minimize Fraud and Abuse Detect frauds faster to minimize duration & impact Deter fraudsters with continuous monitoring & audit trails Identify and remediate key control deficiencies across systems and business processes Improve Audit Efficiency Analyze 100% of transactions for improved confidence and reporting Maximize ROI of continuous monitoring by eliminating false positives and risk prioritization Reduce post audit recovery and collections costs 30

11 Additional Resources Virtual Briefing Center: Oracle GRC Applications: