advance controls (oracle grc)
DESCRIPTION
Very useful overview of how Oracle GRC platform is structured, implementation activities, segregation of duties and how Oracle EBS security can be achievedTRANSCRIPT
PowerPoint Presentation
GRC Information Session
Advance Controls (Oracle GRC)360 VisibilityGet GRC information from single sourceRespond to Key Result and performance Indicators issuesImplement faster with ready-made dashboards Centralized Oversight Standardize business controls Allow users to define risks to the companys business, define controls to mitigate the risks, and other objects, such as the business processes to which risks and controls apply.Audit and assess all controlsEmbedded ControlDetect and prevent unwanted behaviorAnalyze segregation of dutiesAutomate control tests before, during & after upgradeImplement faster with ready-made controls librarycaptures configuration snapshots and report on system setup changesExecutive DashboardsKRIs and KPIsAd-Hoc AnalysisGRC IntelligenceEGRC ManagerGRC ControlsEnterprise Risk ManagementCompliance ManagementRemediation ManagementSOD & Access (AACG)Application Configuration (CCG)Transaction Monitoring (ETCG)Preventive Controls (PCG)GRC Implementation ActivitiesAssess RiskRemediate IssuesAnalyze IssuesDetect ViolationsBest practice controlsEstablish GRC InstanceScope Application ControlsCorrective ActionsConfigure Preventive controlsManage ExceptionsMonitor ApplicationRisk and Compliance managersBusiness/IT control ownersApplication System AdminsControls & Compliance managers
UserEBS Access Security StructureUserTypical Areas of Focus - SampleKey ControlsMatching options of PO, Invoice and ReceiptDocument spending limits (authorization of PO)Security rules access to sensitive transactionsEmployee salariesChart of account valuesFinancial statement reports (FSGs)Price listsInventory attributes Action for late delivery of goodsInventory stocking rulesRules to create tax on sales ordersDepreciation methods
Setup DataApplication SecurityDocument ApprovalsChart of AccountsChart of accounts valuesProfile OptionsUsersApplication Setups
CustomersSuppliersEmployeesBuyersBanks
Operational DataSample Implementation ActivityObjectiveRiskControlOnly invoices accurately representing goods and services received are processed for payment.Invoices may be inappropriately posted by users, resulting in inappropriate payments to vendors or a misstatement of liabilities. The system is configured to automatically assign tolerance groups to enforce a users posting limits.Accounts Receivable policies governing credit management and the processing of receivable transactions are followed.Customers with overdue balances are not identified or notified in a timely manner.The system automatically creates dunning notices for overdue accounts based on configured rules. How we will work togetherBusiness Analysts will obtain the required trainingControls will be considered during workshop sessions. Controls will be documented as the Process Design Documents are created. The Business Analyst team will work with Bourntec team to help ensure that control documentation is:Complete (there are not significant control gaps / unmitigated risks)Appropriate (optimal mix of automated/manual and preventive/detective controls are in place)Best practice from an overall business perspectiveThe BA team will be available to answer all questions related to business process control design, development and documentation.