Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright. Fulcrum Information Technology, Inc. Learn to improve Period-End Close Process with effective controls in Oracle E-Business Suite A Leader in Risk Based Enterprise Controls Management Solutions Risk and Compliance Financial Reporting Internal Audit Controls Catalog Application Security Advanced Analytics Educational Webinar January 28, 2016 Adil Khan Managing Director Leverage T echnology: Turn Risk into Opportunity
Agenda Learn to improve Period-End Close Process with effective controls Statements Introduction Oracle General Ledger Controls Overview Configurations that impact financial close Oracle EBS Controls Assessment Approach Oracle EBS Period-End Close Process - A Case Study Q&A Copyright FulcrumWay Page 2
Proven Expertise FulcrumWay Insight Thought Leadership Co-Authored GRC Book: First book on GRC for Oracle Applications FLOAUG Innovate 16 - February 12 th Orlando: Oracle Role Based Security and Oracle Cloud Educational Webinar February 23 rd Self Service User Provision Educational Webinar March 22 nd Procure to Pay Process Optimization with Controls Monitoring Collaborate 16 April 11 th, 2015 Las Vegas GRC Client Appreciation Dinner Educational Webinar May 24 th Hire to Retire Controls in Oracle Fusion HCM Oracle Open World Annual GRC Dinner on September 19 th, 2016 - San Francisco, CA LinkedIn FulcrumWay Risk, Compliance and Audit Software Group International GRC Round Tables Sydney, London, Johannesburg, Dubai See events page for details Copyright FulcrumWay Page 3
Successful Track Record Government Oil and Gas FulcrumWay Client Studies Financial Services Retail Communications Manufacturing Transportation Natural Resources Media/Entertainment Healthcare High Tech Life Sciences Copyright FulcrumWay Page 4
Agenda Oracle EBS R12 General Ledger Configurations to Ensure Reliable Financial Statements Introductions Oracle General Ledger Controls Overview Configurations that impact financial close Assessment Approach for Oracle EBS Controls Oracle EBS Period-End Close Process - A Case Study Q&A Copyright FulcrumWay Page 5
GL Controls Overview Oracle EBS R12 Period-End Close Controls Close Oracle Payables before you close Oracle Inventory and Oracle Assets. Close Oracle Payables before you close Oracle Purchasing to account for purchasing accruals at period end. Close Oracle Cash Management before you close Oracle Receivables, as bank reconciliation in cash management will create miscellaneous receipts in Oracle receivables. Finally, close all the subledgers before we close the General Ledger. Copyright FulcrumWay Page 6
EBS GL Controls Oracle EBS R12 Import Journals Copyright FulcrumWay Page 7
EBS GL Controls Oracle EBS R12 Concurrent Request: Period-End AP Trial Balance Copyright FulcrumWay Page 8
EBS GL Controls Period End Reports Copyright FulcrumWay Page 9
EBS GL Controls Oracle EBS R12 Concurrent Request: Create Accounting Check the Subledger Accounting rules that will be invoked by the process. Options Are: a) Create Final Accounting Post to GL b) Create Final Accounting c) Create Draft Accounting. Copyright FulcrumWay Page 10
EBS GL Controls Oracle EBS R12 Account Reconciliation Copyright FulcrumWay Page 11
Agenda Oracle EBS R12 General Ledger Configurations to Ensure Reliable Financial Statements Introductions Oracle General Ledger Controls Overview Configurations that impact financial close Assessment Approach for Oracle EBS Controls Oracle Advanced Controls A Case Study Q&A Copyright FulcrumWay Page 12
GL Configurations Configuration Checklist Item Configuration Control Risk 1 GLDI: Force Journals to Balance" profile option Set to Yes Inaccurate journal entries are posted to the GL, resulting in misstatements in account balances. 2 Freeze Flexfield Definition Set to Yes Changes in key flexfield definitions could cause inconsistent transaction accounting and data corruption issues, resulting in misstatements in account balances. 3 Enable Journal Approval Enable Invalid or incorrect journal entries could result in misstatements in account balances. 4 Require Journal Approval Enable Invalid or incorrect journal entries could result in misstatements in account balances. 5 Journal Authorization limits Valid Limits Invalid or incorrect journal entries could result in misstatements in account balances. 6 Freeze Journals Set to Yes Unreconciled journals between subledger and General Ledger may occur. 7 The "Method (Sequence Assignment) for Ledgers 8 Allow Dynamic Inserts Cross Validate Segments 9 Security Rule and Security Rule Elements A (Automatic) Journal entries might not be entered completely resulting in incomplete financial statement. Set to Yes Invalid account code combinations could result in journals being posted to incorrect general ledger accounts resulting in misstatements in account Set to Yes balances. Define Security Rule Transactions may be processed by users against account segments they are not Elements authorized to process in resulting in account misstatements. Copyright FulcrumWay Page 13
GL Configurations Configuration Checklist Item Configuration Control Risk 10 MRC: Maximum days to roll forward conversion. Define Currency conversion rates may become outdated and incorrect, resulting in misstatements in account balances. 11 Freeze Rollup Groups Yes Changes to Rollup Groups would affect how individual chart of account values, used within journal entries, are consolidated for financial statement reporting. 12 GL: Income Statement Accounts Revaluation Rule Define Income statement accounts may not be appropriately revalued each period, profile causing gain or loss amounts to be inaccurate. 13 Budgetary Control Enabled Yes Ledgers may not be included in the budget process causing budget monitoring to be non-existent. 14 GLDI: Converted Entry Threshold Define An Excessive Threshold amounts might lead to inaccurate postings to GL. 15 Flexfields:Validate On Server profile option Yes Inaccurate journal entries are posted to the GL, impacting the accuracy of financial reporting. 16 SLA: Enable Data Access Set Security in Subledger Yes Transactions could be processed resulting in potential misstatement of profile option. accounts. 17 GL: Number of formulas to validate for each MassAllocation batch" profile option "GL: Number of formulas to validate for each Recurring Journal batch" profile option Define Mass Allocations and Recurring Journals may not be processed accurately and inappropriate formulas may be used. Copyright FulcrumWay Page 14
GL Configurations Configuration Checklist Item Configuration Control Risk 18 SLA: Enable Subledger Transaction Security in GL" profile Set to Yes Subledger transactions can be accessed by unauthorized option was set to "No" at the site and organization levels. users through General Ledger responsibilities. 19 "Access Set Type" Full Inappropriate configuration and assignment of definition access sets may result to invalid journals being posted. 20 Default Average Rate Type and Default End Rate Type Define Adjustments from currency translation or revaluations may were not defined. not be appropriately accounted for, resulting in inaccurate financial reports. 21 GL Rollup Groups Define Inappropriately defined rollup groups may provide management with inaccurate summary information. 22 Super User Definition Access Set Define If definition access sets are not appropriately designed, inappropriate users may gain access to sensitive functionality. This could result in financial misstatement. 23 Segment Value Qualifiers Define If posting is not restricted, users can post journals direct to General Ledger accounts. This can lead to unreconciled 24 Period Status Open current period 25 Enable Security configuration for all accounting Set to Yes calendars, autopost criteria sets, COA mappings, and journal reversal criteria sets. 26 The Reversal Period for different journal reversal Define categories. differences between the subledger and the general ledger. All prior and future accounting periods (except the current period) should have a status of Closed. If definition access sets are not appropriately designed, inappropriate users may gain access to sensitive functionality. This could result in financial misstatement. Journal entries may be reversed in an inappropriate period affecting cut off in the financial statements. Copyright FulcrumWay Page 15
Agenda Oracle EBS R12 General Ledger Configurations to Ensure Reliable Financial Statements Introductions Oracle General Ledger Controls Overview Configurations that impact financial close Assessment Approach for Oracle EBS Controls Oracle EBS Period-End Close Process - A Case Study Q&A Copyright FulcrumWay Page 16
Process A Risk Based Approach to ERP Controls Scope Application Controls Manage Exceptions Setup Mitigating Controls Controls Catalog Assess Control Risks DataProbe Analyze Control Defects Analytics Prepare Remediation Plan Rules Manager Design Application Controls Controls Workbench Correct Control Defects Monitor Application Controls Controls Monitor Risk Advisors/ Control Owners Snapshot Application Data Source Control Experts/ ERP Managers/ Control Owners ERP Controls Experts/ ERP Managers Control Owners/ ERP Managers Copyright FulcrumWay Page 17
Risk Assessment People: Reconciliation requires clear communication and effective collaboration Executives Administrators Auditors Account Reconciliation Preparers & Reviewers
Risk Assessment People: Reconciliation requires clear communication and effective collaboration Lack of insight Are there any surprises during account reconciliation? Lack of real time status. Executives Administrators Auditors No standard definition for reconciled. Account Reconciliation Too much time for audit & review Missing work papers on key account balances Disconnected control testing redundant efforts Preparers & Reviewers Account Reconciliation not based on Risks such as potential for fraud or misstatement, turnover, account history, materiality, volume of transactions, significant judgment, need for regular manual posting or adjustments, etc Delinquent reconciliations No Action plan for Account owner to remediate delinquent reconciliations
Risk Assessment Process: Financial Close is Complex Close PO Close Project Billing and Costing Run post process for PO, Projects, etc Close AR sub ledger Close AP sub ledger Close Inventory sub ledger Close HCM sub ledger Close Assets sub ledger Run revaluation/re-measurement Run GL post process for AP,AR, FA, etc. Gather non actuals data from reporting (lease, credit line, headcount, plan, etc) Gather and validate complete data sets to support all financial reporting needs (i.e. Legal Entity, Segments, Management, Tax, Sustainability Metrics, Tax, etc Run period-end management reports Review reports for business performance and realignment Deliver XBRL/Edgar filings to the SEC Deliver statutory filings such Tax Sub Ledger Close General Ledger Close Data Assurance Consolidation Internal Reporting External Reporting Filling Reconcile sub ledgers to GL Reconcile Bank Accounts Reconcile all accounts Approve adjustments Clear suspense accounts Post accruals Run allocations Run summary allocations Run consolidation to summary ledgers Make Topside Entries Run reports for FASB Run reports for KPI s Run reports for FX Run reports for Retained Earnings Generate external reports Compile Disclosure Items Gather other financial information Monitor Financial Close Controls Copyright FulcrumWay Page 20
Risk Assessment Close PO Numerous ERP modules Close involved Project Billing (INV,OM, and Costing AP,AR,GL) Run post process for PO, Projects, etc Close AR Control sub ledger interdependencies Close AP between sub ledger applications and Close Inventory departments sub ledger Close HCM sub ledger Close Assets sub ledger Run revaluation/re-measurement Run GL post process for AP,AR, FA, etc. Process: Financial Close is Complex Large volume of incomplete Gather transactions non actuals in data interface from tables reporting must (lease, be manually credit line, resolved headcount, Lack of plan, issue etc) identification and remediation Gather and validate complete data sets to support all financial reporting needs (i.e. Legal Entity, Segments, Management, Tax, Sustainability Metrics, Tax, etc Difficult to see bottlenecks within critical Run period-end management reports Lack of time for internal Review reports due diligence for business performance and realignment Compressed reporting period Deliver XBRL/Edgar Penalties filings for to late the reporting SEC Deliver statutory filings such Tax Sub Ledger Close General Ledger Close Data Assurance Consolidation Internal Reporting External Reporting Filling Reconcile sub ledgers to GL Reconcile Bank Accounts Reconcile all accounts Interdependent processes that Approve must adjustments run in parallel Clear suspense accounts Post accruals Large volume of incomplete Run allocations transactions in interface tables must be manually resolved Coordination of key personnel Run summary allocations Run consolidation to summary ledgers Make Steps Topside must Entries be completed in the Run reports for FASB right order Run reports for KPI s Run reports for FX Run reports for Retained Earnings Generate external reports Compile Disclosure Items Gather other financial information Simultaneous audit of the close, during the close SOX certifications should precede financial reporting Monitor Financial Close Controls Copyright FulcrumWay Page 21
Risk Assessment Technology: Oracle EBS R12 Sub-ledger Transaction Controls Invalid Accounting errors exist; Fix Errors and re-run Create Accounting program Incomplete Transactions can t be accounted yet; Run Validation Program Unprocessed Transaction hasn t been accounted; Run Create Accounting Program Final Accounted in SLA but not transferred to GL; Run Transfer Journal Entries to GL
Agenda Oracle EBS R12 General Ledger Configurations to Ensure Reliable Financial Statements Introductions Oracle General Ledger Controls Overview Configurations that impact financial close Assessment Approach for Oracle EBS Controls Oracle EBS Period-End Close Process - A Case Study Q&A
Case Study Our Client Founded in 1883, today a global supplier of paints, coatings, optical products, specialty materials, glass and fiber glass Employs more than 40,000 people worldwide Generated over $15B in revenue last year External Auditor PWC. Challenges Reduce costs and audit fatigue related to management controls Reduce risk associated with the current state highly manual, fragmented process Need Enterprise-wide visibility into the Financial Close Controls and Compliance processes Leverage investments in technology to provide a foundation for global management controls Global Fortune 500 Industrial Leader Ensures Reliable Financial Statement with Smart Controls Solutions Oracle EBS R12, FulcrumWay Smart Controls FulcrumWay Risk Advisory, Smart Controls and Dataprobe. Successes Reduced audit findings by 70% and remediation effort by 80% by configuring and testing ERP controls Improved management visibility into financial close controls by providing real time reporting on GL Controls across the regions. Reduced financial misstatement risk by replacing manual, spreadsheet based error-prone process with automated controls Streamlined financial close steps be ensuring period end tasks are performed according to journal dependencies checklist
Case Study Record to Report Process Flow
Product SafePaaS Application Controls Manager Application Controls Manager Segregation of Duty Monitor SOD / Security Analytics Manage SoD Rules Manage App Environment Manage SoD Test Access Manager Provision Users Manage User Access Self Service Request Certify User Access Roles Manager Design Roles & Responsibilities Analyze Role Configuration Simulate SOD Control Test Generate Role Configuration Control Ontology Manage data objects Manage configuration objects Manage Transaction objects Controls Workbench Manage Access Rules Manage Configuration Rules Manage Transaction Rules Manage Master Data Rules Control Monitor Control Analytics Monitor Setup Changes Monitor Transaction Errors Monitor Master Data Change Oracle E-Business Suite Setups Master Tables Forms/Pages Profile Options User Security
Smart Controls Standard + Smart Controls Financial Roles Approval Hierarchies Standard ERP Controls Sub-Ledger Accounting Journal Import Journal Sources Generate Close Tasks Prevent access to sensitive setups Manual Journal Entry Approvals Notify Account Fluctuations Smart Monitor Controls GL Transaction Threshold Fuzzy Logic, similar values Transaction Risks Finegrained User Access Risk Based Account Analysis Configuration Snapshots & Audit Trial
DataProbe RA Discover ERP Application Risks 1 MS Windows Install 2 Login with Licensed Credentials 3 Connect to EBS Database
Assess Risks Application Risk Factors INV INV PR HR AP FA PO GL OM List of Apps Primary Process Enabler Financial /Sensitive Data Custom Code Freq. of Changes Audit Logs Risk Rating GL 8 9 5 9 8 34 AP 7 7 6 8 9 32 AR 7 7 9 9 7 39 AR FA 5 5 5 5 5 25 PO 5 5 4 6 4 24 Risk Threshold AP AR GL Risk Scale: Highest 10 Risk Threshold: Over 30
Treat Risk High Medium Risk ERP Control Methods High Risk I M P A C T Mitigate Low Risk Remediate & Prevent Medium Risk Accept Monitor Controls Low PROBABILITY High
Control Risk Access Controls FulcrumWay Controls Catalog FulcrumWay SOD Monitor FulcrumWay DataProbe Access Control Risk Description Process ERP App Risk Type Risk Rating Enter Journal and Post Journal Can cause frauds or errors resulting in over or under stated financial statements R2R GL Fin High Create Suppliers and Create Invoices - R12 Can lead to an overstatement of liabilities if fictitious suppliers are created and invoiced. P2P AP Fin High Create Customer and Create Sales Order - R12 Can lead to an overstatement of revenues. O2C AR Fin High
Control Risk Configuration Controls FulcrumWay Controls Catalog FulcrumWay Data Monitor FulcrumWay DataProbe Configuration Control Risk Description Process ERP App Risk Type Risk Rating Journal Authorization Limits Authorization limits for employees. R2R GL Fin High Payment Adjustment Controls Adjustments made to invoice distributions after payment is issued can cause errors in reconciliation Define Credit Usage Rules In Credit Management, credit usage rule sets ensure that all transactions for the specified currencies are converted to the credit... P2P AP Fin High O2C AR Fin High
Control Risk ERP Transaction Controls FulcrumWay Controls Catalog FulcrumWay Data Monitor FulcrumWay DataProbe Transaction Control Risk Description Process ERP App Risk Type Risk Rating Exchange Rates AP Invoice Over PO AR Invoices Over Threshold Identify transactions after the fact monitoring of manual inputs of system exchange rates that are more than 10% +/- Invoice payments in excess of PO / user Invoice approval limit Control monitor returns a record of each customer invoice that is valued in excess of a specified threshold. R2R GL Fin High P2P AP Fin High O2C AR Fin High
Smart Controls Monitor Key Configurations in ERP
Smart Controls Transaction Controls Detect unusual Invoice Entries (duplicate invoices)
Smart Controls Close Monitor Dashboard
Case Study Results and Benefits
Agenda Leverage Advanced Controls for Oracle EBS R12 to streamline your Record to Report process Introductions Top Financial Close Challenges Overview of Financial Controls Advanced Controls for Record to Report Case Study Q&A
Q & A Download Dataprobe to assess your Period-End Risks Download Dataprobe for 30 days Free Evaluation