Leverage T echnology: July 19 th, 2013 Adil Khan. Move Your Business Forward. Copyright. Fulcrum Information Technology, Inc.

Similar documents
Global car and heavy equipment rental company, improves employee productivity with ERP Role Designer/Monitor

Rapidly Reduce Segregation of Duty Violations in Oracle EBS R12 Responsibilities Session ID#: 15042

Rapidly Reduce Segrega/on of Duty Viola/ons in Oracle EBS R12 Responsibili/es

Leverage T echnology: Move Your Business Forward

Why Oracle GRC with every E-Business Suite Upgrade

Leverage T echnology: Turn Risk into Opportunity

Leverage T echnology: Turn Risk into Opportunity

Learn to streamline User Provisioning process in Oracle Applications with workflows

Agenda. Manage the Risk of Inefficiency and Occupational Fraud in Day-to-Day Business Processes

Leverage T echnology: Turn Risk into Opportunity

OAUG / DOAG SIG DAY Vienna Sept 27 th 2010 Oracle Governance Risk and Compliance OAUG. August 2010

ORACLE ADVANCED FINANCIAL CONTROLS CLOUD SERVICE

Managing Risk in Your P2P Process: 10 Ways that Automation Can Help Mitigate Risk

Oracle Risk Management Cloud. Release 13 (updates 18A 18C) What s New

ORACLE ADVANCED ACCESS CONTROLS CLOUD SERVICE

Secure Your ERP Environment with Automated Controls Naomi Iseri,Sr. GRC Solution Consultant

DRAFT. Fusion ERP Cloud Service October Oracle Fusion ERP Cloud Service. Magdalene Ritter

JD Edwards EnterpriseOne Financial Management Overview

HIDDEN BENEFITS OF ORACLE GRC

ORACLE FUSION FINANCIALS

Oracle Fusion Cloud Vs EBS Upgrade: What suits your business best

The Next Level of Controls Automation: How you can fully automate controls testing in financial systems by combining MetricStream and IRC

Leadership Insights: Productivitiy and Innovation. Karsten Roigk, Vice President Applications Strategy & Sales Support Budapest, November 2011

Infor Risk & Compliance Monitor and control risk across your business

Our Services. Staff Augmentation Provision of quality resources Long term, medium term and short term engagements

Leadership Insights: Productivitiy and Innovation

AP Invoice Automation 2017 FORCES

Managing complex services in SAP and Ariba from a client perspective. Ariba Live 2018

Managing complex services in SAP and Ariba from a client perspective. Ariba Live 2016

AGENDA USING CONTINUOUS CONTROLS MONITORING TO MAXIMIZE P2P CONTROLS & RISK PREVENTION. Welcome! 60-second FISCAL Overview. Change in Purchase-to-Pay

IT Service Delivery And Support

Detect. Resolve. Prevent. Assure.

Fixed Scope Offering for Oracle Fusion Procurement. Slide 1

<Insert Picture Here> Smart Reporting in E-Business Suite Financials Release 12.1

PeopleSoft Purchasing / Payables Accelerated Rel 9.2

Genpact Intelligent Operations SM

Leadership Insights: Productivitiy and Innovation. Folia Grace, VP Application Product Marketing November, 2011

Transforming Procurement with Oracle Business Intelligence Cloud Services (BICS)

SpearMC Consulting PeopleSoft Solutions

Managing Tax. Balancing current challenge with future promise Session 5. The Grand Hyatt, Singapore 16 February 2017

TABLE OF CONTENTS DOCUMENT HISTORY

Reining in Maverick Spend. 3 Ways to Save Costs and Improve Compliance with e-procurement

Safe Harbor Statement

<Insert Picture Here> JD Edwards EnterpriseOne Financial Management

Harness the power of ReQlogic

Program Overview and Course Offerings. EAM elearning. Instructor-led online Infor EAM software training

How to leverage Fusion Financials (New Implementation vs. Coexistence)

Application Security Best Practices in an Oracle E- Business Suite Environment

Securing Your Business in the Digital Age

A Modern Cloud is Complete By Design

SAP GRC Risk Identification and Remediation

ORACLE FUSION FINANCIALS CLOUD SERVICE

Abila MIP Fund Accounting

Change Management Best Practices for ERP Systems A Case Study from Audits of Oracle E-Business Suite Installations

LEADERSHIP INSIGHTS: PRODUCTIVITY AND INNOVATION

Oracle Business Intelligence Applications. Kostiantyn Stupak

Regain Control of Your Pricing

Proactively Managing ERP Risks. January 7, 2010

Continuous Controls Monitoring for Transactions: The Next Frontier for GRC Automation

Enterprise Performance Management

Page 1 of 18

Audit Trends & Framework for Improved Financial Reporting. Data Quality, Integrity, and Reliability

Enter Invoice. Invoice. No Holds. Approve Invoice. Pay Invoice. Reconcile Payments

Lecture 1 IBM Maximo Asset Management Overview

ACUMATICA CLOUD KEY BENEFITS ACCESS YOUR ERP ANYTIME FROM ANY DEVICE, EASILY SCALE RESOURCES, AND CHOOSE YOUR DEPLOYMENT OPTION WORK THE WAY YOU WANT

A Financial Executive s Guide to Internal Controls & Fraud Prevention in the Cloud

Electronic Requisition Approval and Workflow System for XA Users

New Building Blocks with EE. Lance LaCross, CPA, CPIM Senior Solutions Consultant March 10, 2014

Oracle GRC Controls Suite Fundamentals Ver. 8.5/7.3.1/5.5.1

Oracle Fusion Applications Overview

Taking a Global, Value Added Approach to Compliance: Designing, Automating and Implementing an Integrated Controls Management Process

U.S. Bank Access Online

Real-Life Examples: Oracle Advanced Controls (OAC) Benefits in Oracle EBS R12 Upgrades/Implementations

AVIATION MANAGEMENT SOFTWARE

End-to-end Business Management Solution for Small to Mid-sized Businesses

RouteONE Helping enhance the real value from SAP GRC Access Control

Distributed Order Orchestration Overview. Oracle Team

Trusted by more than 150 CSPs worldwide.

Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions

Oracle Human Resources includes local extensions for more than 19 countries contain legislative and cultural functionality for each country.

Oracle E-Business Suite Discrete Manufacturing Extensions for Oracle Endeca

TABLE OF CONTENTS DOCUMENT HISTORY

Designed to Deliver Value

ORACLE UPK PRE-BUILT CONTENT FOR: E-BUSINESS SUITE R12.1

Compass 9.2 Changes by Module

Dynamic Enterprise Performance Management

ARC System Upgrade. What s New with 9.2. Presentations: January & February 2017

Invu Purchasing Providing control to the purchase order process

Ariba Network Enabling Business Commerce in a Digital Economy

SAGE 300 ADD ONS. NON ARTIFICIAL INTELLIGENCE. 3 Way PO Matching Bulk Invoicing. Back to Back PO. General Ledger Utilities

Supplier Portals 101: What You Need for Effective Supplier Information Management Systems. Aloke Bhandia Sr. Director, Product Management, Lavante

Digitalizing Procurement for Midsize Companies: The First Step in Doing More with Less

CSI Authorization Auditor 2016

Procure to Pay (P2P) Risk Analytics. Risk Advisory

CHAPTER 3 ENTERPRISE SYSTEMS ARCHITECTURE

WNS Technology Services Product Demonstration

Quick to implement, simple to use business solution from Microsoft with the power to support your business ambitions

Contents. 1. Introduction Services Application Standards Real Estate Management ERP Solution Production Management 47

Step inside your new look business with SAP Business One. SAP Solution Brief SAP Solutions for Small Midsize Businesses

Transcription:

Life After ERP Go-Live: Navigating to Nirvana Learn how leading organizations are utilizing Advanced Controls to make systematic improvements in their ERP systems to achieve expected benefits of ERP systems July 19 th, 2013 Adil Khan Leverage T echnology: Move Your Business Forward Copyright. Fulcrum Information Technology, Inc.

Page 2 Agenda Life After ERP Go-Live: Navigating to Nirvana Introduction ERP Go-Live Opportunities and Risks Advanced Controls Overview Business Application Controls Access Controls Transaction Controls Configuration Controls Advanced Controls Examples Q&A

Page 3 Agenda Life After ERP Go-Live: Navigating to Nirvana Introduction ERP Go-Live Opportunities and Risks Advanced Controls Overview Business Application Controls Access Controls Transaction Controls Configuration Controls Advanced Controls Examples Q&A

Page 4 Introduction FulcrumWay Intelligent, Integrated Instant Risk Management FulcrumWay: is the #1 End-to-End Provider of Enterprise Risk Management Expertise, Solutions and Software Services for Oracle EBS, PeopleSoft and JDE customers with over 200 Fortune-500 to Middle Market clients. Since 2003, we have successfully assisted companies across all major industry segments. Expertise: Risk Advisory Services. Advanced Controls Design for Enterprise Business Applications. Best Practices for Risk Mitigation and Internal Controls Automation. Audit, Compliance, Financial, Enterprise and Operational Risk Assessments. Risk Remediation Services such as Segregation of Duties. Packaged Solutions: FulcrumWay is the #1 choice of Oracle customers for Oracle GRC Manager, GRC Controls and GRC Intelligence/OBIEE software implementation. Oracle has certified us as the only partner with Accelerators for Oracle GRC. We also provide Managed Services and Hosting for Oracle GRC applications. Software Services: Risk Management Tools: Enterprise Risk Manager, Financial Risk Manager, Risk Based Audit Manager, IT Risk Workbench, and Advanced Controls Catalog. Data Management Tools: Rules Repository, DataProbe and Data Hub for Intelligent, integrated, and Instant Risk Management USA Presence: Privately held Delaware Corporation with US offices in New York City, Dallas and San Francisco International Presence: in Chennai, Dubai, Kampala, London, Rome, Santiago, Singapore

Page 5 Our Experience FulcrumWay Clients Government Oil and Gas Financial Services Retail Communications Manufacturing Industrial Equipment Natural Resources Media and Entertainment Healthcare High Tech Life Sciences

Page 6 Our Experience FulcrumWay Insight Thought Leadership Co-Authored GRC Book: First book on GRC for Oracle Applications Executive Round Tables GRC Solutions for Energy Industry, Houston, November 2012 OAUG GRC Solution Lab - April 7 th 11 th Denver: GRC Case Studies and Best Practices IIA - Presentations - Top Five Reasons for Automating Application Controls Collaborate 13 GRC Client Appreciation Dinner April 9 th, 2013 Denver Webcasts GRC Best Practices, Trends and Expert Insight Oracle Open World Annual GRC Dinner on September 23 rd, 2013 W Hotel San Francisco LinkedIn FulcrumWay Risk, Compliance and Audit Software Group YouTube Podcasts FulcrumWay Instant Insight in 10 min or less

Intelligent Integrated Instant Copyright FulcrumWay Page 7 Overview FulcrumWay Enterprise Risk Management Services Enterprise Risk Monitors Risk Assessment Key Risk Indicators Enterprise Survey Compliance Certification Incident Monitor Financial Close Management Risk Based Operations Audit Management Task Monitor Enterprise Audit Manager Audit Planner Variance Analytics Reconciliation Analytics Controls Verification Control Analytics Financial Controls: (GL,AP,AR,FA,CM) Business Rules Repository - Advanced Application Controls HCM/HR Controls : (HR,PR) Distribution Controls: (OM,INV,WMS,PO) Supply Chain Controls : (ENG,QP,WIP,BOM) Access Monitor Configuration Monitor GRC Monitor Enterprise Data Security Incident Monitor Master Data Monitor Database Vulnerabilities FulcrumWay Core Technologies DataProbe DataHub Rules Repository Rules Engine Monitors Transmitters

Page 8 Agenda Life After ERP Go-Live: Navigating to Nirvana Introduction ERP Go-Live Opportunities and Risks Advanced Controls Overview Business Application Controls Access Controls Transaction Controls Configuration Controls Advanced Controls Examples Q&A

Page 9 ERP Go-Live Opportunities vs. Risks Source: The Conference Board Survey interviewed executives at 117 companies that attempted ERP implementations:

ERP Go-Live Opportunities vs. Risks ERP collects, manages and distributes information across functional boundaries and helps break down information silos those barriers that stand in the way of full cooperation between production, materials, planning, engineering, finance and sales/marketing. The ERP application was implemented successfully. Unfortunately, desired benefits are not being realized! The resulting higher quality, reduced time-tomarket, shortened lead times, higher productivity and lowered costs can help improve customer service and increase sales and market share as well as margins. Inventory and expenses are increasing while customer service and productivity are dropping due to new bottlenecks. Too many work-arounds. Users not fully trained and working outside the system. Auditors Findings on Segregation-of-Duties and Application Controls require a remediation plan. We don t have the resources for it. Need to build custom BI dashboard and reports to alert management of master data changes and transactions outside the tolerance levels. Top management wants to see the ROI promised to the board. Copyright FulcrumWay Page 10 Source: APICS The Association for Operations Management, 2011

Page 11 ERP Go-Live Opportunities vs. Risks Reality of ERP Implementation: Get it In Get it Working Get Alignment Change the Game

Page 12 Agenda Life After ERP Go-Live: Navigating to Nirvana Introduction ERP Go-Live Opportunities and Risks Advanced Controls Overview Business Application Controls Access Controls Transaction Controls Configuration Controls Advanced Controls Examples Q&A

Page 13 ERP Go-Live Mitigate and Control Risks GRC Intelligence GRC Manager GRC Controls Preventive SOD & Access Application Configuration Transaction Monitoring Monitor Control Effectiveness What users can do How is the process set up How users execute processes Preventive SOD & Access Application Configuration Transaction Monitoring What users have done What s changed in the process What are the execution patterns Enforce Policies in Context

Page 14 Agenda Life After ERP Go-Live: Navigating to Nirvana Introduction ERP Go-Live Opportunities and Risks Advanced Controls Overview Business Application Controls Access Controls Transaction Controls Configuration Controls Advanced Controls Examples Q&A

Page 15 Preventive Controls Embed Controls Natively in Enterprise Apps GRC Intelligence GRC Manager GRC Controls Preventive SOD & Access Application Configuration Transaction Monitoring Enforce preventive controls for specific users and events natively within enterprise application Initiate appropriate approval workflow in response to proposed modifications Produce audit trail of change and approval history Prevention Define Preventive Controls Prevent Read or Write Access Initiate Approval Workflow Enforce Field Validation Review Audit Reports

Page 16 Agenda Life After ERP Go-Live: Navigating to Nirvana Introduction ERP Go-Live Opportunities and Risks Advanced Controls Overview Business Application Controls Access Controls Transaction Controls Configuration Controls Advanced Controls Examples Q&A

Page 17 Access Controls Enforce Proper Segregation of Duties in Applications GRC Intelligence GRC Manager GRC Controls Preventive SOD & Access Application Configuration Transaction Monitoring Simplify segregation of duties enforcement with simulation and remediation Mitigate risk of privileged user access to enterprise applications with approval workflow and audit trails Accelerate deployment and time to value with pre-delivered controls library Detection Prevention Define Access Controls Access Analysis Remediation (Clean-up) Preventive Provisioning Compensating Policies

Page 18 Agenda Life After ERP Go-Live: Navigating to Nirvana Introduction ERP Go-Live Opportunities and Risks Advanced Controls Overview Business Application Controls Access Controls Transaction Controls Configuration Controls Advanced Controls Examples Q&A

Page 19 Transaction Controls Test integrity of transactions and controls across business processes GRC Intelligence GRC Manager GRC Controls Preventive SOD & Access Application Configuration Transaction Monitoring Continuous Monitoring of Controls and Transactions Apply Advanced Forensic and Pattern Analysis Identify anomalies missed by traditional audit and controls Detection Prevention Define Transaction Controls Transaction Analytics Investigate Incidents Enforce Transaction Controls Prevent Suspicious Transactions

Page 20 Agenda Life After ERP Go-Live: Navigating to Nirvana Introduction ERP Go-Live Opportunities and Risks Advanced Controls Overview Business Application Controls Access Controls Transaction Controls Configuration Controls Advanced Controls Examples Q&A

Page 21 Configuration Controls Ensure Integrity of Critical Application Setups GRC Intelligence GRC Manager GRC Controls Preventive SOD & Access Application Configuration Transaction Monitoring Achieve consistent application setup and operating standards across multiple instances Track complete audit trails for changes to key configurations Tightly control change management to accelerate development and test time Detection Prevention Define Configuration Controls Document or Compare Configurations Monitor Configuration Changes Enforce Change Control Manage Data Integrity

Page 22 Agenda Life After ERP Go-Live: Navigating to Nirvana Introduction ERP Go-Live Opportunities and Risks Advanced Controls Overview Business Application Controls Access Controls Transaction Controls Configuration Controls Advanced Controls Examples Q&A

Select ERP Controls Copyright FulcrumWay FW Controls Catalog with over 1,000 advance controls Page 23 Select SOD, Master Data, Setup, and Transaction Controls Risk Assessment Detect control weaknesses across ERP system to identify business process optimization opportunities

Establish Test Environment Copyright FulcrumWay ERP Test environment consists of ERP configurations and data objects Page 24 Selected security, setup and data objects are included in the environment ERP Configuration such as 3-way match in payable options, master data such as Users, Responsibilities, Customers, Invoices, Suppliers, Assets and Payments records are analyzed for control failure risks

Advanced Controls Example - Oracle Procure-to-Pay Procure-to Pay Controls are Required Page 25 Spend Categories Corporate Performance Management Collaboration Control Points Settlement Strategic Sourcing & Contract Mgmt Indirect & MRO Banks Requisition Purchase Goods / Services Receive Goods / Services Invoice Issue Payments Direct Materials Payment Processors Supplier Collaboration Services SWIFTNet Business Process Models Service Oriented Architecture

Page 26 Advanced Controls Spend Categories Example - Oracle Procure-to-Pay Automated Controls for Strategic Sourcing & Contract Mgmt Corporate Performance Management Collaboration Settlement Indirect & MRO Are there inappropriate associations between Requisi- a vendor and an employee? tion Direct Materials Strategic Sourcing & Contract Mgmt Purchase Goods / Services CONTROLS Receive Goods / Services Invoice Banks Are there frequent changes to Supplier Issue information? Payments Payment Processors Do you have duplicate suppliers? Services Business Process Models Are your vendors compliant with trade regulations? Supplier Collaboration Are the vendors blacklisted? Service Oriented Architecture Are you missing critical supplier information? Is the information valid? SWIFTNet

Advanced Controls Building an Optimized Control Environment Preventive Controls Set of applications that run within Oracle EBS as a component of the GRC Application Suite Prevent Out of Policy activity from occurring, notify & alert key personnel with variances Form Rules Modifies security, navigation, field and data properties Flow Rules Defines & implements business processes Audit Rules Tracks changes to the values of fields in database tables Change Control Regulates changes to the values of fields in EBS forms. Copyright FulcrumWay Page 27

Advanced Controls EBS Form Rule Capabilities Defines what actions the element performs Empowers the user to make changes to EBS forms and processes Set security attributes Establish navigation paths Display messages Define default values for fields Compile lists of values (LOV) Set field attributes Run SQL statements Execute Flow Rule process 28 Copyright FulcrumWay Page 28

Page 30 Advanced Controls Audit Rules Highlights Document changes to database field values Old vs. New Values Transaction Type (Insert, Update or Delete) User Responsible for Change Timestamp Audit Report

Advanced Controls Change Control Highlights Ensure Data Integrity Regulate changes to fields in EBS forms Set approval and reason code requirements for enforced management Enable visual attributes to identify controlled fields Build reason codes to clarify why a change occurred Copyright FulcrumWay Page 31

Advanced Controls Embedded Controls Prevent Incidents and Escalation Page 32 Real-time, automated controls and alerts prevent fraud and errors before it occurs Controls installed directly into applications and without technical expertise Prevent Fraud and Errors Before it Occurs Risk of fraudulent data and application changes reduced with approval workflow and audit trails

ERP Roles Manager Overview Eliminate Root Cause of Access Control Violations in ERP: Improve Segregation of Duty controls within mission critical applications Reduce ERP implementation and upgrade costs with pre-configured roles Lower ERP Total Cost of Ownership by assigning pre-approved Roles We enable ERP Administrators: Select pre-configured ERP roles from a roles catalog Update, Review and Approve Role design changes. Identify SOD conflicts before the Roles are assigned to Users. Copyright FulcrumWay Page 34

ERP Roles Manager Features Role Manager is an ERP security design tool Contains a pre-configured catalog of roles which comply with segregation of duty (SOD) policies. Roles by ERP module and typical access requirements for those modules such as Manager, Supervisor, Clerk, Inquiry, Business Setup and IT Setup. You can use this tool to view existing role templates and design new roles by easily selecting or deselecting ERP functions/transaction. Once you complete the roles design, you can send it, using workflows, to pre-assigned reviewers and approvers to finalize the roles. The role preparers, reviewers and approvers can also assess the SOD control risks before finalizing the roles. Leverage FW DataProbe/Scripts to load current Roles Secure Access from fulcrumway.com portal Copyright FulcrumWay Page 35

Page 36 Roles Manager Access to Roles Manager Sign in at fulcrumway.com

Page 37 Roles Manager Access to Roles Manager Select the Access Monitor Icon. Then click on the Maintain Access Roles Tab

Page 38 Roles Manager Access to Roles Manager Use a source role to create a new target role. View existing SOD issues with the source role. Assign Reviewers and Approvers for the role

Page 39 Business Case Comprehensive Transaction Monitors Detect patterns of heightened risk in business activity Test against Material Thresholds Journal Entry > $ threshold Employee Checks (individual & sum) > $ threshold Search for Anomalies PO terms differ from vendor Sales orders > acceptable $ range Test Segregation of Duties at Transaction Level Find invoices and POs entered by same user Find Invoices entered & approved by same user Sampling of Transactions 4th quarter invoices Days sales outstanding balances Detect Fraudulent Behavior PO changes after approval Duplicate suppliers with same address Stop Cash Leakage Find duplicate payments Payments against cancelled invoices Embed Contextual / Automated Compensating Controls Alert on customer transactions over $ threshold Prevent journals from being entered and posted by same individual

Page 40 Business Rules, written in Plain English, by Business People No Coding/Scripting

Advanced Controls Configuration Controls Functionality Snapshots What it does for us: Automate time-stamped documentation of key controls across all Oracle Applications modules. Comparison Difference Analysis: determine what s different when problems occur, verify what s changed after project activity. Monitor consistency of controls across Instances, Versions, Points in Time, Operating Units, and Sets of Books. Change Tracking Automate real-time monitoring of key controls in Oracle. Ensure visibility and integrity of controls over a period of time. Copyright FulcrumWay Page 41

Advanced Controls Snapshots Take Snapshots of Configuration Setups Data is pulled from Oracle Application Tables Retrieve Configuration Setup Data Specify constraints to focus on certain tables Export Values into HTML, PDF, or Excel Formats Copyright FulcrumWay Page 42 42

Advanced Controls Page 43 Comparison

Page 44 Advanced Controls Change Tracking Query a change tracker to identify changes across multiple instances. Select multiple applications to monitor Query requires Change Tracking Transfer program to run before any data can be collected. (This program transfers change tracking data from the ERP instances to CCG.)

DataProbe Copyright FulcrumWay Next Steps: Assess ERP Risks with Analytics Page 46

Page 47 Summary and Q&A Thank You! Join us on LinkedIn to view webinar and discussion

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback