Why Oracle GRC with every E-Business Suite Upgrade

Similar documents
Secure Your ERP Environment with Automated Controls Naomi Iseri,Sr. GRC Solution Consultant

Leverage T echnology: July 19 th, 2013 Adil Khan. Move Your Business Forward. Copyright. Fulcrum Information Technology, Inc.

ORACLE ADVANCED ACCESS CONTROLS CLOUD SERVICE

Rapidly Reduce Segregation of Duty Violations in Oracle EBS R12 Responsibilities Session ID#: 15042

HIDDEN BENEFITS OF ORACLE GRC

Managing Risk in Your P2P Process: 10 Ways that Automation Can Help Mitigate Risk

Agenda. Manage the Risk of Inefficiency and Occupational Fraud in Day-to-Day Business Processes

OAUG / DOAG SIG DAY Vienna Sept 27 th 2010 Oracle Governance Risk and Compliance OAUG. August 2010

IT Service Delivery And Support

ORACLE ADVANCED FINANCIAL CONTROLS CLOUD SERVICE

Securing Your Business in the Digital Age

Learn to streamline User Provisioning process in Oracle Applications with workflows

Continuous Controls Monitoring for Transactions: The Next Frontier for GRC Automation

DRAFT. Fusion ERP Cloud Service October Oracle Fusion ERP Cloud Service. Magdalene Ritter

SAP Road Map for Governance, Risk, and Compliance Solutions

Detect. Resolve. Prevent. Assure.

JD Edwards EnterpriseOne Financial Management Overview

Leverage T echnology: Turn Risk into Opportunity

A Financial Executive s Guide to Internal Controls & Fraud Prevention in the Cloud

Infor Risk & Compliance Monitor and control risk across your business

Electronic Requisition Approval and Workflow System for XA Users

Oracle Fusion Cloud Vs EBS Upgrade: What suits your business best

ACL ESSENTIALS. Get insight into your ERP process health, compliance & financial exposure PURCHASE ORDER MANAGEMENT

SAP GRC Risk Identification and Remediation

Leverage T echnology: Move Your Business Forward

Certified Identity Governance Expert (CIGE) Overview & Curriculum

Fastpath. Innovation in User Experience for Automated Controls SOLUTIONPERSPECTIVE EXPERIENCE. November 2017

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Taking a Global, Value Added Approach to Compliance: Designing, Automating and Implementing an Integrated Controls Management Process

Application Security Best Practices in an Oracle E- Business Suite Environment

Real-Life Examples: Oracle Advanced Controls (OAC) Benefits in Oracle EBS R12 Upgrades/Implementations

ACUMATICA CLOUD KEY BENEFITS ACCESS YOUR ERP ANYTIME FROM ANY DEVICE, EASILY SCALE RESOURCES, AND CHOOSE YOUR DEPLOYMENT OPTION WORK THE WAY YOU WANT

Proactively Managing ERP Risks. January 7, 2010

Rapidly Reduce Segrega/on of Duty Viola/ons in Oracle EBS R12 Responsibili/es

Ariba Network Enabling Business Commerce in a Digital Economy

An Oracle White Paper March Access Certification: Addressing and Building On a Critical Security Control

Towards continuous monitoring of segregation of duties

Segregation of Duties: Best Practices for Cybersecurity and More

Electronic accounts payable: increasing compliance, control and security

General Government and Gainesville Regional Utilities Vendor Master File Audit

Minimizing fraud exposure with effective ERP segregation of duties controls

The Next Level of Controls Automation: How you can fully automate controls testing in financial systems by combining MetricStream and IRC

NetSuite for Locksmiths

Oracle Risk Management Cloud. Release 13 (updates 18A 18C) What s New

Digitalizing Procurement for Midsize Companies: The First Step in Doing More with Less

Procure to Pay (P2P) Risk Analytics. Risk Advisory

Workday Financial Management

Plugging the Gaps in Financial Controls Monitoring

Automatically Find and Fix Insecure Database settings with Oracle Management Cloud PRO4284

Configure Innovate Automate Streamline. For a Best-in-Class Enterprise. smarterp.com smartonboarding.com analytics.smarterp.com

Leverage T echnology: Turn Risk into Opportunity

Harness the power of ReQlogic

Oracle Supply Chain Management Cloud: Plan to Produce

Oracle E-Business Suite: Eliminate Promotional Fund Management Headaches with Channel Revenue Management

DOAG 2012 Applications. Using a KPI driven approach

Configure Innovate Automate Streamline. For a Best-in-Class Enterprise. smarterp.com smartonboarding.com analytics.smarterp.com

NCR Passport for Commercial. Part of NCR s enterprise hub for remote deposit capture

Best of Breed Automation September 2014

Leveraging Purchasing in a Multi-Org Environment

Integrated IT Management Solutions. Overview

RouteONE Helping enhance the real value from SAP GRC Access Control

Streamline sourcing and procurement with a full source-to-settle solution

Infor CloudSuite Business

CITY OF CORPUS CHRISTI

Take Identity and Access Management to the Next Level Securely. Matthew Pecorelli

ORACLE FUSION FINANCIALS

Oracle Cloud ERP - Oil and Gas Industry Enabler for Digital Finance Transformation

U.S. Bank Access Online

Fulfilling CDM Phase II with Identity Governance and Provisioning

Audit Trends & Framework for Improved Financial Reporting. Data Quality, Integrity, and Reliability

AGENDA USING CONTINUOUS CONTROLS MONITORING TO MAXIMIZE P2P CONTROLS & RISK PREVENTION. Welcome! 60-second FISCAL Overview. Change in Purchase-to-Pay

TABLE OF CONTENTS DOCUMENT HISTORY

PeopleSoft Purchasing / Payables Accelerated Rel 9.2

<Insert Picture Here> Smart Reporting in E-Business Suite Financials Release 12.1

Streamline Chargebacks to Engage a More Empowered Customer

BlackLine Smart Close

A Modern Cloud is Complete By Design

The PremierConnect ROI Calculator referred to in this document is provided to you subject to the Dell Software License Agreement terms located here:

TABLE OF CONTENTS DOCUMENT HISTORY

Risk-based Assessment of User Access Controls and Segregation of Running Oracle Applications Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars

SpearMC Consulting PeopleSoft Solutions

Improving Internal Controls While Saving Time & Money. A CaoSys White Paper August 2010

New Building Blocks with EE. Lance LaCross, CPA, CPIM Senior Solutions Consultant March 10, 2014

Oracle Product Hub Cloud

One Software to manage your entire bakery business.

Global at the Core. The Workday Approach to Global Financial Management

Deltek Costpoint Manufacturing Solutions

Smart strategies for difficult times - Oracle roadmap to management excellence

SOLUTION BRIEF IDENTITY AND ACCESS GOVERNANCE. Simplify Identity Governance and Reduce Risk With the CA Identity Suite

Getting Started with SAP Access Control pre-assembled rapid-deployment Solution. October 2015

NorthClark Computing, Inc. Buyer s Workbench Queries User Guide

QAD FINANCIALS BENEFITS

Ready for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements

Company Info: Based in Stamford, CT, USA Thousands of users world wide Holds patent on API Wizard dynamic technology

Dynamic Enterprise Performance Management

SEGREGATION OF DUTIES: THE INCREASING BURDEN OF PROOF

Reining in Maverick Spend. 3 Ways to Save Costs and Improve Compliance with e-procurement

Designed to Deliver Value

PURCHASE- TO- PAY WHAT S NEW? Catherine Dupuy- Holdich / Howie Hahn

Transcription:

Why Oracle GRC with every E-Business Suite Upgrade Kate Coughlin Principal Solution Consultant

Why Preventive. Oracle Confidential - Do Not Distribute

Why GRC for Every EBS Upgrade? Be compliant on Day 1 Sustainability Continuous Compliance Reduce the risk and maximize i the ERP ROI Reduce the cost of Compliance associated with the ERP Implementation Modify the behavior of Oracle EBS quickly & with fewer customizations Accelerate the design of segregation of duties around role design Remove the wildcard of segregation of duties as a potential for material weakness and a bottleneck of go live Embedded real time enforcement and prevention allows limited staff to meet security compliance requirements do more with less Automate and Error-proof the set-up of: Items, Customers, Suppliers Ensure that critical setups conform to best practices and follow robust change management procedures

Automate Internal Controls Oracle GRC Controls Suite Monitor Control Effectiveness What users have done Detective Controls What s changed in the process What are the execution patterns ACCESS Controls CONFIGURATION Controls TRANSACTION Controls What users can do How is the process setup Preventive Controls Enforce Policies in Context How users execute processes

EBS Doesn t Address Segregation of Duties No automated, continuous way to detect, remediate and prevent SOD violations. No auditable evidentiary reports to support the controls environment. Not sustainable - point and time audits are expensive and not reliable. Can t prevent SOD violations at the point of access. Time consuming and costly to implement form customizations to detect, mitigate and prevent SOD Violations. Managing false positives is difficult because proprietary detection engines don t pick up preventative forms customization controls.

Oracle Application Access Controls Governor Enforce proper segregation of duties Policy Library Conflict Paths Simplify segregation of duties enforcement with simulation and remediation Mitigate risk of privileged user access to enterprise applications with approval workflow and audit trails Accelerate deployment and time to value with pre-delivered controls library Detection Prevention Define Access Controls Access Analysis Remediation (Clean-up) Preventive Provisioning Compensating Policies

Manual SOD

E Business Suite Access & SOD Challenges User Responsibility Evaluate User Access Test by Responsibility and User Test by Function Menu SbM Sub-Menu Manage Segregation of Duties Identify incompatible Privileges (i.e. Function) Function Form Function

ERP Oracle GRC is a true cross-platform solution allowing cross platform or instance SOD analysis. SOD Control It provides Library a single point of reference for all SOD 216 policies* i and controls throughout the organization. Oracle 11.5.10 10 216 li i * Oracle R12 232 policies* *N t E h li i i d f l b li i d t l *Note: Each policy is comprised of several sub-policies and controls based on its complexity, the sum total of these sub-policies and controls is over 3,000, per ERP

Online Conflict Analysis Use visualization feature to view conflict paths in a graphical format and easily identify inter- and intra- role conflicts

Contextual reporting with full-path conflict details.

Multi-Platform and Cross-Platform Support Multi-Platform Support Cross-Platform Support User3 User1 User2 User1 User2 3 rd Party App FIN User access within different, multiple platforms ltf User access across different instances, platforms, ltf applications, etc.

EBS does NOT Address Configuration Change Management Don t have the desired level of visibility into the management of the critical set-ups that drive the Oracle EBS environment. Don t have an automated t way to detect t or record changes to sensitive set up data across instances, locations, or points in time. Difficult to prevent changes to critical set ups from occurring repeatedly Need a better way to enforce change control, insure data integrity, identify fraud. No automated way to document and compare setups in business terms Difficult and time consuming to generate reports that provide the auditable evidentiary support of your controls environment that supports your critical set-ups that auditors demand. Data privacy and protection of sensitive data requires extensive application customization

Stronger Application Controls Ensure integrity of critical application setups Achieve consistent application setup and operating standards across multiple instances Track complete audit trails for changes to key configurations Tightly control change management to accelerate development and test time Detection Prevention Define Configuration Controls Document or Compare Configurations Monitor Configuration Changes Enforce Change Control Manage Data Integrity

Example of Setups and Key Key Controls Controls Setup Data Application Security Document Approvals Chart of Accounts Profile Options Users Application Setups MRP rules Operational Data Customers Suppliers Employees Setups = Key Controls Buyers y Items Chart of Account Values Category Codes 3-way matching of PO, Invoice and Receipt Document spending limits (authorization of PO) Security rules access to sensitive transactions o Employee salaries o Chart of account values o Financial i statement reports (FSGs) o Price lists o Inventory attributes Action for late delivery of goods Inventory stocking rules Rules to create tax on sales orders Depreciation methods

Monitor Configuration Changes When? Who? Where? What?

Oracle Configuration Controls Governor Enforce integrity of critical application setups Standard Oracle With Preventive Controls Who last updated and when No defendable audit trail No preventive change controls Who/what/when/why/who authorized Preventive AND Detective Change Controls Reports w/ Reason Codes and Approvals Seeded Content for at-risk setups

Oracle Transaction Controls Governor Identify inaccurate or fraudulent transactions Pre-delivered Transaction Controls Suspect Transactions Continuously monitor accuracy of transactions and mitigate exposure to fraud Test against thresholds Search for anomalies Perform transaction sampling Detection Prevention Define Transaction Controls Perform Transaction Analysis Review and Address Suspects Preventive Transaction Controls

Project Manager REQ Limit $200K Jan1 Transaction Monitoring Controls: Split PO Example Native Oracle Controls Requisitions $180K Jan8 $195K Submitted Transaction Monitoring Multiple REQ over $200k limit to same vendor! in 15 days Financial Controller PO Limit Buyer $2M Jan2 $180K Purchase Orders Jan9 $195K Approved $180K $375K Order To Supplier

Transaction Real World Examples: Test against Material Thresholds JE > $ threshold Employee Checks (individual & sum) > $ threshold Search for Anomalies PO terms differ from vendor Sales orders > acceptable $ range Detect Fraudulent Behavior PO changes after approval Duplicate suppliers with same address Embed Preventive / Automated Compensating Controls Alert on customer transactions ti over $ threshold h Prevent journals from being entered and posted by same individual

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback