Next Generation Controls(NGC) Moving towards a Robust Control Framework. August Risk

Similar documents
Procure to Pay (P2P) Risk Analytics. Risk Advisory

Data Explorer for Road Assets Risk Analytics

Cement Industry Risk Analytics For Private circulation only June Risk Advisory

Risk Management For and By the BOT. Secured BOT Series

Online Risk and Digital Reputation Management For private circulation only. Risk Advisory

Next Wave of Continuous Control Monitoring solution A Point of View. For Private circulation only

Grant effectiveness and efficiency. Impact through delivery

Online Risk and Digital Reputation Management. September Risk Advisory

CFO Perspectives CFO Speaks

Global In-House Centers Mitigating Risks. Enhancing Reputation. Optimizing Returns.

EU General Data Protection Regulation (GDPR) Point of View for ERP and HRMS Operations. For private circulation only.

CFO Perspectives India CFO Newsletter December 2017

EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.

CFO Perspectives CFO Speaks

EU General Data Protection Regulation (GDPR) A Point of View. For private circulation only. Risk Advisory

How prepared is Corporate India to tackle fraud? An analysis of responses to Deloitte Forensic India s Fraud Risk Score self-assessment tool.

Global Trade Advisory Trade Automation Innovation

Rethink your ERP Strategy with S/4HANA. Deloitte Consulting Switzerland

Audit quality Independent Audit

Due for a transformation Accounts payable optimization with machine learning

HR Metrics and Model for Modern Times

Software Asset Management Reducing costs, mitigating risk, gaining control. Ninety years in the Middle East

Utility of Analytics Analytics in India. Rajarshi Sengupta Deloitte Touche Tohmatsu December 10, 2014

Guide on AASB 16 Technology solutions AASB 16 Leases

The comments expressed in this letter are predicated on the following overall views:

Implementing Analytics in Internal Audit. Jordan Lloyd Senior Manager Ravindra Singh Manager

Global payroll management. February Tax

Business Partnership in Action A Case Study in the Automotive Sector

Reimagine everything Accelerate digital enterprise transformation

Global Trade Advisory M&A Deloitte Tax LLP

Managing tax Balancing current challenge with future promise The EYE, Amsterdam, 30 November 1 December 2016

Deloitte Consolidation & Close Transform your financial consolidation and close.

EMEA TMC client conference Developing a tax technology architecture. The Crystal, London 9-10 June 2015

ERP systems and operational transfer pricing: Relief is on the way Dbriefs Tax Operations series

Minimizing fraud exposure with effective ERP segregation of duties controls

The direct approach Finding new value with direct procurement

The digital fund lifecycle

Deloitte Leading Practices Solution for Utilities (DLeaPS-U) Empowering innovation at the core

Time to take action IFRS 16 Leases

MDM offers healthcare organizations an agile, affordable solution To deliver high quality patient care and better outcomes

Oracle Cloud ERP - Oil and Gas Industry Enabler for Digital Finance Transformation

EMEA TMC client conference Tax Operating Model defining your tax resourcing, governance and technology approach. The Crystal, London 9-10 June 2015

Barry Robinson. Forensic Accountant, Deloitte

Deloitte Shared Services Conference 2018 Focus 10: The benefits of next generation ERP: Deloitte's S4/HANA implementation Jolyon Hart, Deloitte

Blockchain: A revolutionary change or not?

Data Standards in Oil & Gas

Reimagine Collections and Disputes Proactively identify and manage issues with machine learning

Deloitte Accelerated Value: SaaS innovation for the digital core. Extending the potential of core systems, addressing tomorrow s needs

Digital Testing and Controls Automation A transformative approach to automating your control environment

Beyond EDI Unlocking new value with transactions enabled by SAP Ariba and the Ariba Network

It's your business Take control. Controlling services

Conquering complexity in the customer experience

IT Service Delivery And Support

Compliance control testing and monitoring

Create Experiences. Build Customers. Drive Sales.

Infrastructure and Capital Projects

Risk Based Approach and Enterprise Wide Risk Assessment Edwin Somers / Inneke Geyskens-Borgions 26 September 2017

Taking labs to the next level with cloud and IoT VELP Scientifica tightens the customer connection

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

Day 2: Session 5 Invoice Management

Securing tomorrow today Getting more value out of your data. Jan De Clercq Deloitte Netherlands

Third Party Governance and Risk Management

Three dimensions of application management services automation After determining why automation is needed, consider the questions of what, how, and

Turn to Business Planning and Consolidation to Run Your Global Firm SAPPHIRE NOW

Deloitte Legal Department Health Review Approach to Strategic Planning

EMEA TMC client conference Realising the benefits of integrated process delivery. The Crystal, London 9-10 June 2015

Governance in a multidimensional environment

A View from the C-Suite: The Value Proposition of Shared and Global Business Services The Conference Board 20th Annual Global Business and Shared

CFO Perspectives India CFO Newsletter November 2017

Enterprise Risk Management in Health Care

HR and Business Collaboration for Leadership Development Why It Is Important and How to Make It Happen Andrea Derler, Ph.D.

Enterprise Risk Management Discussion American Gas Association Risk Management Committee Meeting

Annual Shared Services and BPO Conference 2013 Delivering value from your portal and tier 0 strategy. Aaron Alburey & Nico Orie

Internal Business Review The Deloitte methodology. Deloitte Malta Risk Advisory - Banking

The Robots Are Here! RPA Services in Greece

Employment law services in Kazakhstan

Enterprise. Service. Transformation. Deloitte driving your digital service excellence with ServiceNow

Indirect Tax Conference Developing your Customs Function

Integrating Oracle EBS R12 and Maximo EAM Using the Maximo Enterprise Adapter Michigan Oracle Users Summit (MOUS) November 8th, 2017

Funds in a Box Solutions Factsheets and on-line Fund Profiles. Funds in a Box Solutions Factsheets 2.0

The use of CAATS in Auditing Application Controls. Institute Of Internal Auditors Zambia/ISACA Zambia Chapter, 28 August 2014 Tricha Simon

Managing Tax. Balancing current challenge with future promise Session 5. The Grand Hyatt, Singapore 16 February 2017

Supplying the tools for a finance transformation MSC Industrial Supply Co. addresses complexity head on

How to build construction management processes

UK Indirect Tax Conference 2015 Power of data

2017 NASC Annual Conference SESSION G: Postmodern ERP: Back to The Future

Understanding employee engagement after a corporate acquisition A global communications company. EngagePath client spotlight

Global Trade Radar How to leverage what tax authorities and forward-looking companies are doing in customs and global trade. Global Trade Radar

Deloitte s High-Impact HR Operating Model: Business HR. Deloitte Consulting LLP

International Conference on Central Finance 2018 Central Finance Roadmap. September 13 th, 2018 Stefan Fischer, Head of Central Finance Development

Adding insight to audit Transforming Internal Audit through data analytics

Rich Mobile Content. by DigitalMIX. Dynamically publish content without changing a single line of code

Deloitte Shared Services Conference 2018 Lab: Analytics 101: A guide for beginners Natalie Williams, Christina Ablewhite and Stephanie Maru, Deloitte

Empower your field technicians. A smarter approach to managing field assets using mobile tools

5th CAE Annual Conference

End-To-End Processes in the Cloud - Integration Scenarios Giuseppe Lillo and Silvia Bagnaia, SAP S/4HANA Cloud Presales Specialists, SAP

Practical Suggestions/Tips for an Effective BSA/AML Compliance Function

Complex P2P processes are a thing of the past. NHS Shared Business Services

Global mobility shared service centres That s the bottom line

Global Manufacturing Industry Landscape

Transcription:

(NGC) Moving towards a Robust Control August 2016 Risk

Brochure / report title goes here Section title goes here Background Today, in an environment generally distrustful of businesses, regulatory and compliance requirements are on the rise. Organizations are building controls framework to meet various statutory and regulatory requirements, while trying to strike the right balance between complicated requirements and robustness. In many organizations, it can be observed that the complexity of the framework is spiraling out of control. To understand whether the controls framework is truly doing its job well, financial controllers have to ask themselves the following questions: Does the existing framework identify the controls within processes? Is there adequate process documentation to explain the control framework? Are there opportunities to optimize and rationalize the number of controls? Is there scope for control automation? Do we have the right mix of Preventive and Detective controls? Is the controls framework intelligent enough to address existing risks and predict future risks? Is there a next wave of controls? What is future of our existing controls? Will the controls still be relevant considering the environment changes? Next Generation (NGC) The NGC framework addresses business processes such as Purchase to Pay, Record to Report, Manufacturing/supply chain, Order to Cash, HR and Payroll, Sales, Procurement, travel and entertainment, and operations. The IT applications that support these business processes are also considered an integral part of the NGC framework. Figure A: Scope of NGC within the following process areas Record to Report Purchase to Pay Order to Cash All geographies in which Company operates and all global functions Treasury Travel & Entertainment HR & Payroll SAP Supply Chain (incl. manufacturing) Procurement Sales Global systems Oracle Salesforce Ariba These questions determine the need to have Next Generation (NGC) framework, which addresses the challenges Financial Controllers are facing with the traditional controls framework. The NGC provides a robust and lean control framework that will meet various regulatory and compliance requirements. The NGC s key objective is to help organizations look more towards controls automation and controls rationalization. It also brings in the flavor of controls monitoring, through data analytics, and helps in building intelligence around control monitoring. 02 03

What is the Objective of NGC? Next generation controls framework is a risk based approach that aims to bring in the following: Connecting the dots: Clear linkage between processes and the controls that mitigate risk. More often than not the conventional controls framework does not distinguish process and controls. The NGC brings in a clear link between process and controls. For example, the activity of performing bank reconciliation is treated as control, whereas in reality, it is a process. As part of the NGC, a clear linkage will be built between process and the controls to mitigate risks. Simplicity: The NGC framework provides a clear and easy understanding of the risk and controls framework. It removes subjectivity and simplifies the documentation of framework, flowcharts and risk & controls matrix (RCM) through concise and clear articulation. Efficiency: automation, building more monitoring reports, and building preventive controls are a few ways in which efficiency is achieved. This will ultimately lead to lower operating costs and reliable controls. Effectiveness: It can protect a company s reputation through improved quality and consistency of control operations across markets. NGC aims to have a uniform control framework across the organization that will help in consistent and uniform results and improved quality. What are the key success factors for implementing Next Generation? The key success factors for implementing NGC include the following: 01. automation: The NGC framework will maximize the use of preventative and automated controls, and use of technology for control operation, monitoring, and assurance. 02. One control variant: Only one control variant will be designed; local variables must be approved by an exception process. 03. Control owner: Control ownership is identified early and ongoing validation and communication are retained. 04. Identification of Real controls: All controls must mitigate a real risk. 05. rationalization: Remove duplication and layering of controls. 06. Documentation: will be documented at a task level/activity. 07. Optimization: Embed a sustainable controls optimisation process. Sustainability: The NGC controls framework is easy to maintain and makes it simple to govern risk and control activities. Flexibility: The framework has the flexibility to adapt to future business change. Seamless monitoring: NGC aims at bringing in monitoring through analytics that helps in bringing real time effective monitoring. 04 05

Our approach The overall approach for implementing NGC is as follows: 01. Evaluation of existing framework: The existing control framework will be evaluated against industry practices to identify areas of controls rationalization and to ensure Real controls are identified. 02. automation/configuration: Evaluation of existing system configuration to identify the actual level of controls automation and current level of non-configured controls (utilizing Deloitte tools such as ACTT) 03. Continuous Monitoring (CCM) through GRC platform if available: Evaluation of the existing CCM configurations to identify the level of monitoring that is currently performed (utilizing Deloitte tools such as ACCEL) 04. Control monitoring through analytics (Beyond GRC): Evaluation of current set of controls monitoring through Non GRC platform The following is an illustrative deliverable of next generation controls framework Configuration Continuous Monitoring (CCM) Control Monitoring through Analytics Current state assessment Evaluation of the existing control framework against Deloitte SAP controls framework and Risks and knowledgebase (RACK) with specific focus on companies Evaluation of existing system configuration to identify the actual level of controls automation and current level of non-configured controls (utilising Deloitte tools such as ACTT) Evaluation of the existing CCM configurations to identify the level of monitoring that is currently performed Evaluation of current set of controls monitoring through Non GRC platform Deep-dive Configuration (More automation) Identify the manual controls which can be substituted with the configuration controls in SAP Determine cost of implementation and avenue of enablement of automated control Control Monitoring (More monitoring) Identify opportunities for automation in controls monitoring utilising the current technical infrastructure Identify opportunities for additional controls monitoring using advanced data analytics capabilities Explore opportunities for efficient and effective reporting of manual controls through other reporting platforms Determine cost and avenue of enablement of controls monitoring Next Generation controls Next Generation in Action We have provided an illustrative deliverable for a Vendor Master Management process. The deliverables are aligned to the approach mentioned in the previous section. Vendor Master Management Configuration Continuous Monitoring Control Monitoring through Analytics Preventive Access to create /modify vendor master is restricted to authorized individuals One time vendor flag is updated so that vendor gets deactivated after placing one PO Mandatory fields to the vendor master are configured. Monitoring vendor configuration changes through GRC tool Alerts configured in system to flag if vendor already exists Control Monitoring through Analytics Detective Periodical review of vendor mater changes Verify if all One Time Vendors were deactivated after one dealing Any changes to vendor master are reviewed for approvals from authorities Use of Invalid vendors in vendor master to perform unauthorized Transaction (1) Have business dealings with prohibited / blacklisted vendors (2) Supplier database information is not correct and up to date (3) Unauthorized changes to vendor master to facilitate illicit transactions(4) Inactive Vendors / Incompetent Vendors on board (5) Methodology 2016 Deloitte Touche Tohmatsu India LLP Key Deliverables Report on controls Review improvements of existing Using RACK controls benchmark Execution of ACTT Scripts Report on controls improvements Workshop with technology team and control owners Verification of configuration supporting infrastructure Proprietary tools of Deloitte Non GRC tools such as ACL, Qlikview, etc. Opportunities for Automation in SAP Opportunities for Monitoring using GRC platforms Technical infrastructure review Cost benefit analysis Vendor Name Duplicate 1 Vendor Address Duplicate Vendor Duplicity Vendor bank Account Duplicate Invalid Vendors in Vendor Master Suspicious vendors 2 Vendor match with FCPA List Vendor match with OFAC and SDN List Employee as vendor Blacklisted Vendor Analysis One time vendor analysis 3 Invalid/Missing entries in critical fields of vendor master Dormant vendor Analysis Vendor information change and chargeback Segregation of duties analysis Vendor Correlation Analysis Vendor Risk rating Vendor profiling basis risk coefficient Risk segmentation based on critical variables 5 4 Requirements for internal controls framework such as COSO 2013 will be embedded as part of the NGC framework. 06 07

Our Services Deloitte provides the following services as part of the framework: Assess Design Implement Monitor Providing assistance in performing a NGC Road Map Designing the configurations and Data monitoring reports Implement controls in the application, GRC and Data monitoring reports Providing ongoing support to test the controls on an ongoing basis Description To perform an AS-IS review of the controls framework, ERP configurations, Data analytics to complete. Designing controls: rationalization Configuration Monitoring through GRC tools Design of Data analytics reports for monitoring. Implementation of the controls in the ERP and GRC Platform Implementation of Data analytics reports. testing and continuous monitoring. Design Implement Operate 08 09

Contacts To learn more about how your organization can move towards having a Robust and more intelligent control framework, please contact Mr. Ramu N Partner Deloitte Touche Tohmatsu India LLP Hyderabad Mr. Maninder Bharadwaj Partner Deloitte Touche Tohmatsu India LLP Bangalore 10 11

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and its member firms. This material is prepared by Deloitte Touche Tohmatsu India LLP (DTTILLP). This material (including any information contained in it) is intended to provide general information on a particular subject(s) and is not an exhaustive treatment of such subject(s) or a substitute to obtaining professional services or advice. This material may contain information sourced from publicly available information or other third party sources. DTTILLP does not independently verify any such sources and is not responsible for any loss whatsoever caused due to reliance placed on information sourced from such sources. Without limiting the generality of this notice and terms of use, nothing in this material or information comprises legal advice or services (you should consult a legal practitioner for these). None of DTTILLP, Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the Deloitte Network ) is, by means of this material, rendering any kind of investment, legal or other professional advice or services. You should consult a relevant professional for these kind of services. This material or information is not intended to be relied upon as the sole basis for any decision which may affect you or your business. Before making any decision or taking any action that might affect your personal finances or business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person or entity by reason of access to, use of or reliance on, this material. By using this material or any information contained in it, the user accepts this entire notice and terms of use. 2016 Deloitte Touche Tohmatsu India LLP. Member of Deloitte Touche Tohmatsu Limited Deloitte Touche Tohmatsu India Private Limited (U74140MH199 5PTC093339) a private company limited by shares was converted into Deloitte Touche Tohmatsu India LLP, a limited liability partnership (LLP Identification No. AAE-8458) with effect from October 1, 2015.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback