Download - NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010
<Insert Picture Here>
NASACTGrants Management: Are States Ready to Manage More Federal Grant Funds?
March 2, 2010
Agenda
• Oracle: Did you know?
• What is “G-R-C”?
• GRC Offering
• Benefits
• Key Take-Aways
Oracle
Did you know?
• #1 in North America• #1 in HR• #1 in Public Sector Globally• Project “Oracle”, 1977• Longest running relationship with government of any software
vendor
Scale
• $22.4 in revenue for FY 08• 320,000 customers in 145 countries• 92,000 employees (1 in 3 joined from acquisitions)
Innovation and Investment
• Over 3,000 products with over 2,000 patents
• $3b R&D• 20,000+ developers, running over
300,000 test scripts nightly• 6,500 customer-driven
enhancements yearly• 1 million students supported• 7,500 customer support specialists
speaking 27 languages• 20,000+ implementation
consultants
What is “G-R-C”?
Creating Public TrustGRC in the Public Sector
IntegrityIntegrity
GovernanceGovernance
Risk
Risk
Com
plia
nce
Com
plia
nce
Governance + Risk Management + Compliance = Integrityequates to
Structures + Threat Mitigation + Proofing = Public Trust
Motivation
Rationalization Opportunity
Fraud Triangle Reducing Fraud in Government
• As much as 7% of annual budget*
•That is $70m per billion of budget
Pednault, S. (2009). Fraud 101: Techniques and Strategies for Understanding Fraud, 3rd ed. Hoboken, NJ: John Wiley & Sons, p. xi.
• Need to break one leg of the triangle
• Motivation and Opportunity easiest to address
• Rationalization may be impossible to manage
FRAUD
Human Perform
ance Improvement
Kohlberg Moral S
tagesGRC
Risk-Controls Relationships
Correct Outcome
Correct Outcome
Risk
Controls
No
Yes
NoYes
Possible Loss
Possible Waste
Oracle’s GRC Offering
10
GRC Controls Management
Access Controls
Configuration Controls
Transaction Controls
GRC Manager
Risks AssessmentsIssuesProcesses
PoliciesProcedures Remediation
GRC Intelligence
ReportsDashboards Alerts
Key Risk & Control Indicators
Applications
Infrastructure
Finan
cial
Com
pliance
IT G
overn
ance
Regula
tory
Polic
y M
gmt
Info
rmat
ion P
rivac
y
Enviro
nmenta
l
Product
Qual
ity &
Saf
ety
Global
Tra
de Mgm
t
Finan
cial
Ser
vice
s
GRC Intelligence “If only we had a dash board that could
highlight real time application access and / or transactional risk…”
• Pre-built role-based Dashboards & KPI's
• Tailored diagnostics for all GRC initiatives
• Processes / Controls
• Documents
• Certification
• Assessments & Test Results
• Single source of GRC information across orgs and locations
Oracle GRC Applications Suite Benefits
GRC Manager
Risks Assessments IssuesProcesses
PoliciesProcedures Remediation
Customers
Suppliers
Sales
Legal
HR
Finance
Customers
Suppliers
Sales
Legal
CustomersCustomers
SuppliersSuppliers
SalesSales
LegalLegal
HRHR
FinanceFinance
Preventive Controls
13
GRC Manager
Risks AssessmentsIssuesProcesses
PoliciesProcedures Remediation
GRC Intelligence
ReportsDashboards Alerts
Key Risk & Control Indicators
Finan
cial
Com
pliance
IT G
overn
ance
Regula
tory
Polic
y M
gmt
Info
rmat
ion P
rivac
y
Enviro
nmenta
l
Product
Qual
ity &
Saf
ety
Global
Tra
de Mgm
t
Finan
cial
Ser
vice
s
Oracle GRC Applications Suite Benefits
GRC Manager
RisRisks Assessments IssuesProcesses
PoliciesProcedures Remediation
Customers
Suppliers
Sales
Legal
HR
Finance
Customers
Suppliers
Sales
Legal
CustomersCustomers
SuppliersSuppliers
SalesSales
LegalLegal
HRHR
FinanceFinance
GRC Manager “We can’t manage nor have the visibility of all
the GRC initiatives across the enterprise….
• End-to-End GRC business process
• Reduce cost and complexity by managing multiple global mandates with one system
• Rely on tamper proof chain of evidence for all financial compliance processes
• Align policies and processes with best practice risk and control frameworks
GRC Controls Management
Access Controls
Configuration Controls
Transaction Controls
Applications
Infrastructure
Preventive Controls
Multiple hierarchies exist to represent frameworks, business models and financial structures.
Relationships are managed from the hierarchy down to the objectives, risks and controls in a many to many structure.
Oracle GRC workflow automatically generates emails to compliance staff of action items.
These emails link the user directly back to Oracle GRC Manager with a single mouse click.
Easy to Use testing screens allow conclusions and supporting comments.
TrackIssues until they are closed with immediate access to who is currently tasked and how long they have been working on it.
19
GRC Manager
Risks AssessmentsIssuesProcesses
PoliciesProcedures Remediation
GRC Intelligence
ReportsDashboards Alerts
Key Risk & Control Indicators
Finan
cial
Com
pliance
IT G
overn
ance
Regula
tory
Polic
y M
gmt
Info
rmat
ion P
rivac
y
Enviro
nmenta
l
Product
Qual
ity &
Saf
ety
Global
Tra
de Mgm
t
Finan
cial
Ser
vice
s
Access Controls “The SOD process is very manually intensive
and only covers a fraction of the application landscape”
• Best practice SOD Library
• Cross Application SOD Enablement
• Real-time Simulation & Remediation
• Preventive User Provisioning
• Library of prepackaged reports
• Accelerates role design and implementation
Oracle GRC Applications Suite Benefits
GRC Manager
Risks Assessments IssuesProcesses
PoliciesProcedures Remediation
Customers
Suppliers
Sales
Legal
HR
Finance
Customers
Suppliers
Sales
Legal
CustomersCustomers
SuppliersSuppliers
SalesSales
LegalLegal
HRHR
FinanceFinance
GRC Controls Management
Access Controls
Configuration Controls
Transaction Controls
Applications
Infrastructure
Preventive Controls
20
GRC Manager
Risks AssessmentsIssuesProcesses
PoliciesProcedures Remediation
GRC Intelligence
ReportsDashboards Alerts
Key Risk & Control Indicators
Finan
cial
Com
pliance
IT G
overn
ance
Regula
tory
Polic
y M
gmt
Info
rmat
ion P
rivac
y
Enviro
nmenta
l
Product
Qual
ity &
Saf
ety
Global
Tra
de Mgm
t
Finan
cial
Ser
vice
s
Configuration Controls “If only we had a dash board that could
highlight real time application access and / or transactional risk…”
• Ease of deploying change management controls
• Enable risk management controls by enforcing policy procedures within the application
• Increase confidence in the management of data integrity.
• Repository of audit trails in change management reports
• Increase business confidence in efficiency and data integrity of the system.
Oracle GRC Applications Suite Benefits
GRC Manager
Risks IAssessments Issuesssues
Processes
PoliciesProcedures Remediation
Customers
Suppliers
Sales
Legal
HR
Finance
Customers
Suppliers
Sales
Legal
CustomersCustomers
SuppliersSuppliers
SalesSales
LegalLegal
HRHR
FinanceFinance
GRC Controls ManagementAccess Controls
Configuration Controls
Transaction Controls
Applications
Infrastructure
Preventive Controls
21
GRC Manager
Risks AssessmentsIssuesProcesses
PoliciesProcedures Remediation
GRC Intelligence
ReportsDashboards Alerts
Key Risk & Control Indicators
Finan
cial
Com
pliance
IT G
overn
ance
Regula
tory
Polic
y M
gmt
Info
rmat
ion P
rivac
y
Enviro
nmenta
l
Product
Qual
ity &
Saf
ety
Global
Tra
de Mgm
t
Finan
cial
Ser
vice
s
Transaction Controls “We currently manage this on an ad-hoc basis
that is manual and often error prone”
• Easy to use interface to manage threshold values and generate parameterized reports across multiple applications
• Readily available audit reports of suspicious activities
• Workflow enabled process to distribute suspicious activities to key personnel for action / remediation
Oracle GRC Applications Suite Benefits
GRC Manager
Risks Assessments IssuesProcesses
PoliciesProcedures Remediation
Customers
Suppliers
Sales
Legal
HR
Finance
Customers
Suppliers
Sales
Legal
CustomersCustomers
SuppliersSuppliers
SalesSales
LegalLegal
HRHR
FinanceFinance
GRC Controls Management
Access Controls
Configuration Controls
Transaction Controls
Applications
Infrastructure
Preventive Controls
22
GRC Manager
Risks AssessmentsIssuesProcesses
PoliciesProcedures Remediation
GRC Intelligence
ReportsDashboards Alerts
Key Risk & Control Indicators
Finan
cial
Com
pliance
IT G
overn
ance
Regula
tory
Polic
y M
gmt
Info
rmat
ion P
rivac
y
Enviro
nmenta
l
Product
Qual
ity &
Saf
ety
Global
Tra
de Mgm
t
Finan
cial
Ser
vice
s
Preventive Controls “We need to move from manual controls to
automated controls…”
• Automate & Streamline manual controls to become part of the transactional process
• Enforce and report data security and valid change management
• Audit
• Audit & Workflow Notifications
• Audit & Workflow Approvals
Oracle GRC Applications Suite Benefits
GRC Manager
Risks Assessments IssuesProcesses
PoliciesProcedures Remediation
Customers
Suppliers
Sales
Legal
HR
Finance
Customers
Suppliers
Sales
Legal
CustomersCustomers
SuppliersSuppliers
SalesSales
LegalLegal
HRHR
FinanceFinance
GRC Controls Management
Configuration Controls
Transaction Controls
Applications
Infrastructure
Preventive Controls
Access Controls
Oracle GRC Benefits
24
5 Key Areas Where GRC Can Reduce Risks and Costs
Activity Benefits Value Impact
SOD Analysis
Automated Preventive Controls
Configuration & Change Management
Transaction Monitoring
Governance & Compliance Visibility
• Industry proven, best practices policies• Library of prepackaged reports• Accelerates role design and implementation• Run test cases and what-if analysis
• Enforce preventive controls for data integrity and access security• Ease of creating workflow processes for Approval and notification• Library of best practices prepackaged controls
• Ease of deploying change management controls
• Enforce policy procedures within the application
• Increase confidence of data integrity
• Manage & report suspect records
across multiple applications • Readily available audit reports • Automated distribution of suspect records for review & remediation
• Capture internal and external perform-ance metrics quickly & accurately
• Fact-based continuous improvement
20-35% reductionin cost of on-going SOD auditing and monitoring
15-25% reduction in cost for IT to create and implement automated controls
20-30% reduction inaudit and compliance testing cost related to configuration change management
20% reduction inaudit and compliance costs related to investigation of transactions and fraud controls
10-40% reduction in costs of proving risk and compliance effectiveness across the enterprise
SOD = Segregation of Duties
Cost Benefit AnalysisRelative Impacts
Audit cost savings
Fraud Prevention
Mission Enhancement
Key Take-aways
Key Take-aways
GRC Suite:• Demonstrates accountability
• Increases public trust
• Lowers costs of audits
• Provides integrity
• Prevents waste, fraud, and abuse
How?• Library of prepackaged controls based on best practices
• Single source of truth for all documentation that will be audited
• Flexible reporting tool that can generate dashboards, alerts, and printed reports
Contact Information
Cindy Schwimer
Executive Director, Public Sector Solutions
Voice: 703-364-3104
Adam Schwartz
GRC Specialist
Voice: 860-817-9403