oracle ebs r12 financial close periond end tasks and · pdf fileorder management –...
TRANSCRIPT
Leverage T echnology: Turn Risk into Opportunity™
Risk and Compliance Financial Reporting Internal Audit Controls Catalog Application Security Advanced Analytics
A Leader in Risk Based Enterprise Controls Management Solutions
Copyright ©. Fulcrum Information Technology, Inc. Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes
Plug Your Top Revenue Drains in Order to Cash Cycle with Oracle Advanced Controls
Webinar – June 17th , 2014
Adil Khan
Managing Director
www.fulcrumway.com Page 2 Copyright © FulcrumWay
Plug Your Top Revenue Drains
Introductions
Top Revenue challenges in ERP
Controls for O2C Process
Oracle Advanced Controls for O2C
Case Study
Q&A
Agenda
www.fulcrumway.com Page 3 Copyright © FulcrumWay
A Leader in Risk Based Controls Management™
FulcrumWay: is the #1 End-to-End Provider of Risk Based Enterprise Controls Management
Solutions for Oracle EBS, PeopleSoft and JDE customers with over 200 Fortune-500 to Middle Market
clients. Since 2003, we have successfully assisted companies across all major industry segments.
Expertise: Risk Advisory Services. Advanced Controls Design for Enterprise Applications. Best
Practices for Risk Mitigation and Internal Controls Automation. Audit, Compliance, Financial,
Enterprise and Operational Risk Assessments. Risk Remediation Services.
Packaged Solutions: FulcrumWay is the #1 choice of Oracle customers for Oracle GRC Advanced
Controls, GRC Manager, and GRC Intelligence/OBIEE software implementation. Oracle has certified
us as the only partner with Accelerators for Oracle GRC. We also provide Managed Services
Software Services: Risk Assessment for ERP systems, Control Design and Management Tools,
Controls Catalog, Enterprise Risk Manager, Financial Reporting Manager, Audit Manager
USA Presence: Privately held Delaware Corporation with US offices in New York City, Dallas and San
Francisco
International Presence: in Auckland, Chennai, Johannesburg, London, Mexico City
FulcrumWay
www.fulcrumway.com Page 4 Copyright © FulcrumWay
FulcrumWay Clients Successful
Track Record Government Oil and Gas
Healthcare
Communications
Financial Services
Transportation Natural Resources
Manufacturing
Retail
High Tech Media/Entertainment Life Sciences
www.fulcrumway.com Page 5 Copyright © FulcrumWay
FulcrumWay™ Insight
Thought Leadership
Co-Authored GRC Book: First book on GRC for Oracle Applications
SROAUG GRC Solution Lab - February 21st – Los Angels: GRC Case Studies and Best Practices
Collaborate 14 – GRC Client Appreciation Dinner April 7th, 2014 Las Vegas
NEOAUG Spring Conference – June 9th – Worcester, MA -GRC Case Studies and Best Practices
IIA/ISACA GRC Conference – August 19th, 2014 - Presentations – Five New Ways to Assess the Risks that Can Turn Results into Rewards
Webcasts – Every 3rd Tuesday of the Month – GRC Best Practices, Trends and Expert Insight
Oracle Open World – Annual GRC Dinner on September 29th, 2014 - San Francisco, CA
LinkedIn –FulcrumWay Risk, Compliance and Audit Software Group
YouTube Podcasts – FulcrumWay Instant Insight in 10 min or less
Proven Expertise
www.fulcrumway.com Page 6 Copyright © FulcrumWay
Plug Your Top Revenue Drains
Introductions
Top Revenue challenges in ERP
Controls for O2C Process
Oracle Advanced Controls for O2C
Case Study
Q&A
Agenda
www.fulcrumway.com Page 7 Copyright © FulcrumWay
Top Revenue Challenges
How does Revenue leak through your ERP system?
Top 10 Issues Business Risk Top Line Impact
Unusual Discounts Order Fulfilment Revenue Leakage
Pending Shortages Order Fulfilment Revenue Leakage
No Credit Check Order Fulfilment Revenue Leakage
Price Differences Order Fulfilment Revenue Recognition
Shipping Errors Shipping & Delivery Revenue Recognition
Missing Sales Order Shipping & Delivery Revenue Recognition
Customer Over Limit Invoice & Billing Revenue Leakage
Write-offs Invoice & Billing Revenue Leakage
Billing Delays & Errors Invoice & Billing Revenue Recognition
Customer OFAC Check /Duplicate Customers Master Data Reveneu Penalties
O2C Challenges
www.fulcrumway.com Page 8 Copyright © FulcrumWay
Plug Your Top Revenue Drains
Introductions
Top Revenue challenges in ERP
Controls for O2C Process
Oracle Advanced Controls for O2C
Case Study
Q&A
Agenda
www.fulcrumway.com Page 9 Copyright © FulcrumWay
Business Process Models Service Oriented Architecture
Business Intelligence Collaboration
Order Management – Shipping Execution
Receivable Management – Cash Management
Order Categories
CRM
Call Center
E-Commerce
SWIFTNet
Settlement
Payment
Processors
Enter
Order
Book
Order
Pick
Release
Ship
Confirm Receipt
Banks
Order to Cash Process
Control Points O2C Challenges
Invoice Bank
Recon.
www.fulcrumway.com Page 10 Copyright © FulcrumWay
Business Process Models Service Oriented Architecture
Business Intelligence Collaboration
Order Management – Shipping Execution
Receivable Management – Cash Management
Order Categories
CRM
Call Center
E-Commerce
SWIFTNet
Settlement
Payment
Processors
Enter
Order
Book
Order
Pick
Release
Ship
Confirm Receipt
Banks
Order to Cash Process
Control Points O2C Challenges
Invoice Bank
Recon.
Are your customers compliant with trade regulations? Are the customers
blacklisted?
Do you have duplicate customers?
Are there inappropriate adjustment to Invoices?
Are customer orders over credit limits?
Are you missing critical customer information?
Is the information valid?
CONTROLS
www.fulcrumway.com Page 11 Copyright © FulcrumWay
Business Process Models Service Oriented Architecture
Business Intelligence Collaboration
Order Management – Shipping Execution
Receivable Management – Cash Management
Order Categories
CRM
Call Center
E-Commerce
SWIFTNet
Settlement
Payment
Processors
Enter
Order
Book
Order
Pick
Release
Ship
Confirm Receipt
Banks
Order to Cash Process
Control Points O2C Challenges
Invoice Bank
Recon.
CONTROLS
Are there unusual discounts or over-
rides?
Are there any variations in unit of measures?
Are there suspicious credit limit changes?
Has the same user created and approved the order?
www.fulcrumway.com Page 12 Copyright © FulcrumWay
Business Process Models Service Oriented Architecture
Business Intelligence Collaboration
Order Management – Shipping Execution
Receivable Management – Cash Management
Order Categories
CRM
Call Center
E-Commerce
SWIFTNet
Settlement
Payment
Processors
Enter
Order
Book
Order
Pick
Release
Ship
Confirm Receipt
Banks
Order to Cash Process
Control Points O2C Challenges
Invoice Bank
Recon.
Order price different from shipping price?
Are there any shipments with missing / unmatched sales
orders?
Are there delays in shipment of booked
orders?
CONTROLS
www.fulcrumway.com Page 13 Copyright © FulcrumWay
Business Process Models Service Oriented Architecture
Business Intelligence Collaboration
Order Management – Shipping Execution
Receivable Management – Cash Management
Order Categories
CRM
Call Center
E-Commerce
SWIFTNet
Settlement
Payment
Processors
Enter
Order
Book
Order
Pick
Release
Ship
Confirm Receipt
Banks
Order to Cash Process
Control Points O2C Challenges
Invoice Bank
Recon.
CONTROLS
Sales Order with no billing?
Did the person create the invoice and entered
receipt?
Invoice amount over customer credit limit in
the period?
Unauthorized changes to invoices?
Suspect revenue recognition?
www.fulcrumway.com Page 14 Copyright © FulcrumWay
Plug Your Top Revenue Drains
Introductions
Top Revenue challenges in ERP
Controls for O2C Process
Oracle Advanced Controls for O2C
Case Study
Q&A
Agenda
www.fulcrumway.com Page 15 Copyright © FulcrumWay
Advanced Controls
Layer of automated controls over ERP controls
Continuously monitor key controls
Detect and Report issues as they occur
Prevent issues from occurring
Quickly see high risk issues with exception based dashboards
Address issues that affect the bottom line
Reduces operational risk and process effectiveness
What are Advanced Controls?
www.fulcrumway.com Page 16 Copyright © FulcrumWay
Advanced Controls One Enterprise Foundation
Enterprise Risk & Controls Foundation
Dashboards, Reports and Alerts
Notifications Worklists Email Perspectives Search
Risk, Controls & Compliance Management
Reviews Documentation Assessments Remediation Surveys
Continuous Controls & Risk Monitoring
Setups Access Master Data Audit Tests Transactions
User Authored Controls Data Connectors Fraud & Error Patterns
Ro
le B
as
ed
Ac
ce
ss
Se
cu
rity
We
b S
erv
ice
s &
AP
Is
Custom or Legacy Applications
Risk & Controls Repository
Assess and Certify
Detect Policy Violations
All Users & Applications
100% of Transactions
All Processes Procure to Pay
Order to Cash
Financial Reporting
User Access
Manage by Exception
Optimize Processes
www.fulcrumway.com Page 17 Copyright © FulcrumWay
Standard + Advanced Controls
User Roles
Ship
Confirm
Rules
Customer
Credit
Sentiment
Analysis
Split Sales
Orders
Hide
Displays of
Sensitive
Data
Duplicate
Customers
Transaction
Threshold
Amounts
Invoices
over Credit
Limits
Fine-
grained
User
Access
Configuration
Snapshots &
Audit Trial
Transaction
Pattern
Analysis
Fuzzy
Logic,
‘similar
values’
Advanced
Controls
Standard
Controls
Credit
Memo Track
Discounts
Advanced Controls
www.fulcrumway.com Page 18 Copyright © FulcrumWay
Enterprise Controls Platform Advanced
Controls
Automated Application Controls Management
Monitor Control Effectiveness
Enforce Policies in Context
What users can do
How is the process set up
How users execute processes
What users have done
What’s changed in the process
What are the execution patterns
Application Access
Controls
Configuration Controls
Transaction Controls
Preventive Controls
GRC Manager
SOD & Access
Application Configuration
Transaction Monitoring
GRC Intelligence
Advanced Controls
Preventive Controls
www.fulcrumway.com Page 19 Copyright © FulcrumWay
Enterprise Controls Platform Advanced
Controls
Compensating Policies
Preventive Provisioning
Remediation (Clean-up)
Access Analysis
• Accelerate deployment and time to value with ready-made controls library
• Mitigate risk of inappropriate user access with approval workflow and audit trails
• Simplify segregation of duties enforcement with simulation and remediation
Define Access Controls
Detection Prevention
GRC Manager
SOD & Access
Application Configuration
Transaction Monitoring
GRC Intelligence
Advanced Controls
Application Access Controls Embed Controls Natively in Enterprise Apps
www.fulcrumway.com Page 20 Copyright © FulcrumWay
www.fulcrumway.com Page 22 Copyright © FulcrumWay
Identify the users with questionable access and their count of controls violated.
Identify all Users and the Functions/Forms that are causing violations to the access controls. Identify all Responsibilities that are causing violations
to the access controls.
Identify all Responsibilities and the Functions/Forms that are causing violations to the access controls.
www.fulcrumway.com Page 23 Copyright © FulcrumWay
www.fulcrumway.com Page 24 Copyright © FulcrumWay
Enterprise Controls Platform Advanced
Controls
Manage Data Integrity
Enforce Change Control
Monitor Configuration
Changes
Document or Compare
Configurations
Configuration Controls Ensure Integrity of Critical Application Setups
• Tightly control change management to accelerate development and test time
• Track complete audit trails for changes to key configurations
• Achieve consistent application setup and operating standards across multiple instances
Define Configuration
Controls
Detection Prevention
GRC Manager
SOD & Access
Application Configuration
Transaction Monitoring
GRC Intelligence
Advanced Controls
Preventive Controls
www.fulcrumway.com Page 25 Copyright © FulcrumWay
Differences
www.fulcrumway.com Page 26 Copyright © FulcrumWay
Business application does not keep a record history of change details nor does it alert users to changes.
Continuously Monitor Controls
When?
What?
Where?
Who?
www.fulcrumway.com Page 27 Copyright © FulcrumWay
Enterprise Controls Platform Advanced
Controls
Review Audit Reports
Enforce Field
Validation
Initiate Approval Workflow
Prevent Read or Write Access
Preventive Controls Embed Controls Natively in Enterprise Apps
• Enforce preventive controls for specific users and events natively within
enterprise application • Mitigate risk of application changes with
approval workflow and audit trails
• Protect sensitive application data
• Reduce audit costs, reduce maintenance costs, increase IT productivity
Define Preventive
Controls
Prevention
GRC Manager
SOD & Access
Application Configuration
Transaction Monitoring
GRC Intelligence
Advanced Controls
Preventive Controls
www.fulcrumway.com Page 28 Copyright © FulcrumWay
Disable invoice Actions… button for invoices created by same user
www.fulcrumway.com Page 29 Copyright © FulcrumWay
www.fulcrumway.com Page 31 Copyright © FulcrumWay
www.fulcrumway.com Page 32 Copyright © FulcrumWay
www.fulcrumway.com Page 33 Copyright © FulcrumWay
Enterprise Controls Platform Advanced
Controls
Transaction Controls Identify Inaccurate or Fraudulent Transactions
• Continuously monitor transaction accuracy, mitigate fraud exposure
• Test against thresholds
• Search for anomalies
• Perform transaction sampling
Detection Prevention
Compensating Controls
Review and Address
Suspects
Perform Transaction
Analysis
Define Transaction
Controls
Business Elements from
Designated Nationals list
Business Elements
Suppliers from various
business applications
Business Rules, written in “Plain English”,
by Business People – No Coding/Scripting
Business Elements from
Designated Nationals list
Business Elements from
Designated Nationals list
Business Elements
Suppliers from various
business applications
Business Elements
Suppliers from various
business applications
Business Elements
Suppliers from various
business applications
Business Rules, written in “Plain English”,
by Business People – No Coding/Scripting
Business Rules, written in “Plain English”,
by Business People – No Coding/Scripting
Business Rules, written in “Plain English”,
by Business People – No Coding/Scripting
GRC Manager
SOD & Access
Application Configuration
Transaction Monitoring
GRC Intelligence
Advanced Controls
Preventive Controls
www.fulcrumway.com Page 34 Copyright © FulcrumWay
www.fulcrumway.com Page 35 Copyright © FulcrumWay
www.fulcrumway.com Page 36 Copyright © FulcrumWay
www.fulcrumway.com Page 37 Copyright © FulcrumWay
www.fulcrumway.com Page 38 Copyright © FulcrumWay
Advanced Controls
www.fulcrumway.com Page 39 Copyright © FulcrumWay
Plug Your Top Revenue Drains
Introductions
Top Revenue challenges in ERP
Controls for O2C Process
Oracle Advanced Controls for O2C
Case Study
Q&A
Agenda
www.fulcrumway.com Page 40 Copyright © FulcrumWay
Case Study
The company offers domain name registry services that
operate the authoritative directory of .com, .net, .cc, .tv, and
.name domains, as well as the back-end systems for
various.gov, .jobs, and .edu domains.
The company also provides network intelligence and
availability services that provide infrastructure assurance to
organizations comprising distributed denial of services,
protection services, security intelligence services, and
managed domain name systems.
Founded in 1995 and is headquartered in Reston, Virginia.
A global leader in Internet Infrastructure
Services
www.fulcrumway.com Page 41 Copyright © FulcrumWay
A Risk Based Approach to Advanced Controls
Detect
Control
Defects
Analyze
Findings
Implement
Corrective
Actions
(AC/ERP)
Monitor
Application
Controls
(OAC)
Scope
Application
Controls
Sample
ERP
Data
Manage
Exceptions
Setup
Mitigating
Controls
(CC/PC/TC)
Risk Advisors/
ERP Managers/
Control Owners Risk Advisors/
Control Owners
Control
Owners/
ERP
Managers
Establish
Test
Environment
DataProbe Analytics
Controls Catalog Controls Workbench
Advanced
Controls
Experts/
ERP Managers
Advanced
Controls
www.fulcrumway.com Page 42 Copyright © FulcrumWay
Mitigate Risk in Order to Cash Process
Restrict Sensitive Access: Unauthorized access to AR setup options could result in frauds or
errors in recognition of Revenue, incorrect AR aging, DSO metrics, incorrect revenue recognition,
and other issues.
Segregate User Access: Segregate access to enter sales orders and release credit holds. Can lead
to incorrect orders and billing, creating a risk to customer satisfaction and trust and could result in
Revenue Leakage.
Monitor Credit Memos: User access to transactions and customer master can lead to incorrect
billing and aging of customer accounts, creating a risk of Revenue Leakage and could result in
over or under stated Revenue Account.
Enforce Tax Rules: Require the Tax code field to be mandatory for Non-US customers. Can cause
incorrect VAT calculations if tax code is left null or invalid tax code is assigned. Can result in
regulatory penalties.
Alert when Receipts mismatch Transactions: Monitor when amount of receipts used to clear
Transactions are different. Incorrect cash application could result into incorrect aging and
incorrect Revenue Account balance.
Prevent Unauthorized Order fulfilment: Monitor changes to Sales Order and stop order fulfillment
when unit of measure or discounts are changed.
Case Study
www.fulcrumway.com Page 43 Copyright © FulcrumWay
Implementation Approach Case Study
Assess
•Identity data-sources, business objects, attribute era, frequency, patterns and model logic
•Create object catalog, conditions and patterns and transaction exceptions using DataProbe™
•Confirm Findings and Gap.
Design
•Map data source objects catalog to OAT (Protégée)
•Define transaction model logic in terms of data-sources, business objects, attribute era, frequency, and patterns
•Confirm Design. Identify out of the box vs custom objects for install
Install / Configure
•Install Advanced Controls platform
•Configure data-source, objects, and models
•Unit Test and Verify Results
Test / Train
•Train users, managers, and administrators
•Conduct user acceptance testing
Deploy
•Setup production system
•Support administrators as needed
www.fulcrumway.com Page 44 Copyright © FulcrumWay
Is Your ERP Leaking Cash?
Introductions
Top Procure to Pay challenges in ERP
Overview of Payable and Purchasing Controls
Advanced Controls Analytics
Case Study
Q&A
Agenda
www.fulcrumway.com Page 45 Copyright © FulcrumWay
Plug Your Top Revenue Drains
Introductions
Top Revenue challenges in ERP
Controls for O2C Process
Oracle Advanced Controls for O2C
Case Study
Q&A
Agenda
www.fulcrumway.com Page 46 Copyright © FulcrumWay
Leader in Risk Based Enterprise Controls Q & A
One-on-One with Experts Download DataProbe
Follow FulcrumWay on LinkedIn for ERP Risk and Controls