top 10 p2p advanced controls to improve your bottom line!

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 1

Top 10 Advanced Controls for Procure to Pay to Improve the Bottom-Line

Mary Schaeffer Publisher & Editorial Director, AP Now

Vital Nattuva IT Manager, CISCO Systems

Swarnali Bag Product Strategy, Oracle Corporation


The following is intended to outline our general product

direction. It is intended for information purposes only,

and may not be incorporated into any contract.

It is not a commitment to deliver any material, code, or

functionality, and should not be relied upon in making

purchasing decisions. The development, release, and

timing of any features or functionality described for

Oracle’s products remains at the sole discretion of

Oracle.


Program Agenda

Introduction

Top 10 P2P Issues that Impact the Bottom-Line

Oracle Advanced Controls Solution

Case Study: CISCO

Q & A


About Mary Schaeffer

Editorial Director & Publisher

CRYSTALLUS, Inc. publisher Accounts Payable Now & Tomorrow newsletter

Nationally recognized accounts payable expert and consultant

Write free weekly ezine on AP issues read by over 7,500 professionals

Creator of Institute of Financial Operations Accounts Payable Innovation Certificate program

Editor-at-Large CFO Publishing’s Learning Pro: AP Edition

Frequent speaker at seminars, conferences and online events

Creator of half a dozen CPE courses for CPAs

Writes a free weekly e-zine, e-AP News

Author 18 business books including 101 Best Practices for Accounts Payable

BS in Math from York College (CUNY) and a MBA in Finance from New York Univ

She can be reached at [email protected]

mailto:[email protected]




About Vital Nattuva

IT Manager, Cisco Systems Inc

IT Manager in Finance IT

IT Service Owner for Payable & Expenses, Corporate Accounting and Procurement Services

Has been part of the transformational efforts at Cisco to consolidate multiple geographically aligned Finance instances into Single Global Instance on R12

Before Cisco, he has played an instrumental role in Implementing Oracle financials at various renowned companies across the Globe.


Program Agenda

Introduction


Oracle GRC Advanced Control Solution

Case Study: CISCO

Q & A

What Do We Mean by Control ‘Issues’

The processes that ensure:

Efficient and effective operations

Reliable and accurate reporting

Fraud resistant operation

Internal

External

Regulatory compliant

(c) 2013 Mary S. Schaeffer 7

Financial Impact

Duplicate pays – often not huge amounts of $$

individually

What’s the big deal?

1)They add up!

2)Impact on sales

3)Impact on EPS

4)Fraud and the honest mistake


Impact on Sales

$1000 – right off the bottom line

1% margin = $100,000 in sales

5% margin = $20,000 in sales

$1,000,000

1% margin = $100,000,000 in sales

5% margin = $20,000,000 in sales


Earnings Per Share (EPS)

A= Total amount of duplicate and erroneous payments

B = Total number of shares of stock

A/B

Number should be small – like half a cent

Hypothetical example, a big company with a $10

million excess might have a hit on EPS of half a cent


Issue #1: Duplicate Payments – Two invoices

Late payments

Payment stretching

Discrepant invoices

Unresolved

Poor processes

Invoices to AP late


Issue #2: Duplicate Payments – Two Payment

Vehicles

Most Common

Invoice and p-cards

Expense report and petty cash

Statements

Best Practice Takeaways

Never pay invoices on expense reports

Get rid of petty cash

Limit payments to one vehicle per vendor


Issue #3: Erroneous Charges on Invoices

Who pays freight, insurance etc.

Complete POs

Special deals


Issue #4: Paying before Due Date

The clean desk syndrome

Due date setting in system

Real Life Example

Companies with problems who automate and forget they have

due date set to pay on receipt

When was the last time you checked the due date settings in

your ERP system?


Issue #5: Late fees

“We never pay late fees”

Open vendor credits


Avoid the issue completely

Pay on time


Issue #6: Duplicate Vendors in Master Vendor File

Potential duplicate payments

Correspondence issues

Internal control issue

If processors enter data

Segregation of duties concern

Rigid coding standards/naming convention


© 2013 Mary S. Schaeffer

Issue #7: Inappropriate T&E Expense

T&E = Travel & Entertainment

The Alcohol Issue

The IRS factor

The morale issue

The bottom line factor

17

© 2013 Mary S. Schaeffer

Make Managers Responsible

Look before they sign!!!

Consequences

Firing - rare

Part of annual review

18

Issue #8: Not Earning all Early Pay Discounts

Best financial return for any company

2/10 net 30 36%

Efficient processing


Track discounts lost

Investigate why

Fix root causes wherever possible


Tracking Discrepant Invoices, Lost Early Pay

Discounts etc.

Why

Duplicates etc.

Fraud

In Excel or system

Regular Follow up and reporting

The list no one wants to be on

Analyze


Issue #9: Tax Errors: Sales and Use Tax, VAT

Wrong amounts

Proper jurisdiction

Proper documentation

VAT Reclaim


Issue #10:Purchase Order (PO) Problems

Split POs

Blanket POs

After-the-fact POs

Real Life Example

Is anyone really monitoring ?

Does the PO ever get extinguished?

POs necessary to ensure proper payment

Best bet: All POs done before the fact



Program Agenda

Introduction


Oracle Advanced Controls Solution

Use Case – CISCO Systems

Q & A


Advanced Controls

Layer of automated controls over ERP controls

Continuously monitor key controls

Detect and Report issues as they occur

Prevent issues from occurring

Quickly see high risk issues with exception based dashboards

Address issues that affect the bottom line

Reduces operational risk and process effectiveness

What is it?


Standard + Advanced Controls

User Roles

3-Way

Match

Track

Payments

Sentiment

Analysis

Split

Purchase

Orders Hide

Displays of

Sensitive

Data

Duplicate

Payments

Transaction

Threshold

Amounts

Duplicate

Vendors

Fine-

grained

User

Access

Configuration

Snapshots &

Audit Trial

Transaction

Pattern

Analysis

Fuzzy

Logic,

‘similar

values’

Advanced

Controls

Standard

Controls

Approval

Hierarchies Track

Discounts


Business Risks Bottom Line Impact

Incorrect Vendor Payment • Cash leakage

• P/L Impact

ERP Control

Prevent the same invoice number from being entered for the same supplier and same supplier site

Advanced Control

Detective:

Detect invoices with “Similar” invoice number, same amount to the same supplier

Detect invoices made to the same suppliers but in different business unit

Detect invoices made to incorrect vendor with very similar names

Preventive:

• Put duplicate invoices on hold until proper investigation is complete

Duplicate Vendor Payments


GRC Advanced Controls One Enterprise Foundation

Enterprise Risk & Controls Foundation

Dashboards, Reports and Alerts

Notifications Worklists Email Perspectives Search

Risk, Controls & Compliance Management

Reviews Documentation Assessments Remediation Surveys

Continuous Controls & Risk Monitoring

Setups Access Master Data Audit Tests Transactions

User Authored Controls Data Connectors Fraud & Error Patterns

Ro

le B

as

ed

Ac

ce

ss

Se

cu

rity

We

b S

erv

ice

s &

AP

Is

Custom or Legacy Applications

Risk & Controls Repository

Assess and Certify

Detect Policy Violations

All Users & Applications

100% of Transactions

All Processes Procure to Pay

Order to Cash

Financial Reporting

User Access

Manage by Exception

Optimize Processes


Comprehensive Risk & Controls Mgmt.

Identification

Analysis

Evaluate

Document

Assessments

Reviews

Author

Execute

Investigate

Steps

BUSINESS RISKS

CONTROL OBJECTIVES

CONTINUOUS MONITORS

Assess Risk

and Compliance

Detect and

Fix Issues

Continuous Improvement

& Monitoring


Optimization Cash Flow Prevent Leakage

Business Risks Controls Objectives Continuous Monitors

Unapproved or

Illegal Suppliers

Delayed Supplier

payments

Incorrect Vendor

Payment

Capture all

Discounts

Accurate Supplier

Information

Valid Invoice

Payments

Valid Purchase

Orders

Duplicate Invoice

Payments Incident !

Incident !

Incident !

Investigate

Close

Incident !

ERP Transaction Payment Hold

Supplier and Invoices

Created by Same User

Discounts Lost due to

Delays in Payment

Multiple Suppliers with

the similar email domain

Erroneous Payment Purchase Orders

created after Invoice

Duplicate vendor in

vendor master file Split Purchase Order

Oracle Advance Control Process Overview


Exception Based Dashboard


Continuous Monitor – Duplicate Invoices


Control Definition


Incident Management


Preventive Measure


Preventive Measure

• Enforce controls & policy within the ERP systems


…by

Continuously

Monitoring

Your

ERP

Applications

Advanced Controls

Enables you to:

Improve Bottom-Line

Reduce Operational Risk

Increase Process Effectiveness


Advanced Controls

Make Processes More Effective, Efficient

Reduce Operational Risk

Improve Bottom Line

Detect unwanted transactions

Detect settings that cause loss

Detect problematic exceptions

Automate policy management


Program Agenda

Introduction

Top 10 P2P Issues that Impact Bottom-Line

GRC Advanced Control Solution


Q & A

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 40

Oracle Advanced Controls – Customer Experience

Vital Nattuva IT Manager

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41

Company Overview

Need for Compliance

GRC Advanced Control Use Cases

Implementation Approach

Lessons Learned


Our Vision and Strategy

Strategy

Solve our customers’ most important business challenges by delivering intelligent networks and technology architectures built on integrated products, services and software platforms

Vision

Change the way the world works, lives, plays and learns

Quick Facts

Founded in 1984

FY 2013 Revenue: $48.6 billion

FY 2013 Earnings per Share: $1.86 GAAP; $2.02 non-GAAP

Q4 FY'13 Employee Count: 75,049


Business Opportunity in an Evolving World

The Internet of Everything

Deeper Insights for Greater Decision Making

Empower People/ Increase Efficiency

Create and Expand New Markets and Services

Create Better Experiences to Build Better Relationships


Our Priorities Align to Solve your Business Challenges

Mobile | Social | Visual | Virtual

Video Collaboration Data Center/ Virtualization/

Cloud

Architectures for Business

Transformation

Intelligent Network

• Routing

• Switching

• Services

Leadership in the Core…

Strategic Building Blocks

Mobility | Security | Any to Any


Purchasing

iProcurement

iExpenses

General Ledger

Fixed Assets

Accounts Payable

Core

Financials Employee

Self-Service R12.1.3

Travel

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46 Cisco Confidential 46 © 2010 Cisco and/or its affiliates. All rights reserved.

Increased quantity and complexity of:

compliance requirement from internal/external audits

global country regulations

acquisitions and new Cisco entities

Need for automation is required for:

solution compliance validation

capability to monitor 100% of data

scalability for Oracle and non-Oracle integration

Utilize a Policy Maturity Model to

measure how effectively a policy:

• Identifies policy owner

• Dictates requirements

• Determines violations

• States remediation

• Is able to control

Current process for policy

violation detection and

remediation:

• Manual audit/sampling

• Manual process

design/implementation

• Manual communication

Majority of systems/tools requiring

compliance enforcement are not

integrated, and require:

• Invasive tool development

• Scripts to extract data

• Manual validation across multiple

tools/systems

• Leveraging current capabilities

Policy Process System

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47 Cisco Confidential 47 © 2010 Cisco and/or its affiliates. All rights reserved.

Policy

Evaluate policy for requirements and remediation;

increase “policy maturity” when required

Control Rules

Translate policy requirements into data level logic to identify

violations

Data Integration

Environment to consolidate transactions, and apply

logic rules to identify violations

Remediation & Tracking

Track violations, execute and track remediation

Policy CCM

Create compliance

rules in TCG

Publish reports for operations

Track and manage history Compliance rules in TCG

Compliance Tx

Reports from TCG

Transactions

Compliance assessment through

Incident and Remediation management

Process


Duplicate vendors Identify creation of

duplicate vendor sites

Duplicate payments by vendor Identify duplicate invoice

processing by vendor

Maverick buying PO date should be

prior to the invoice

date

Duplicate payments by invoice Identify duplicate invoices by

similar invoice and by vendor

Accounts Payable (Phase I)

$ Duplicate invoice

Duplicate invoice Duplicate vendor in

vendor master file

PO related problems


Withholding Tax (APAC) Identify the suppliers/ invoices

where the incorrect rate of

WHT was applied

Identifying erroneous high value payments Payments more than 30%

increase of the last rolling 6

months payment to the vendor

VAT rate Identify different VAT rates

applied by the same vendor, for

same goods/services, for same

bill to entity

Accounts Payable

(Phase II)

$ Tax errors

Tax errors

Erroneous payment


Collusion – analysis of attendees Analysis of attendees to highlight the

pattern of interrelationship with co-

workers related to suspicious ER activity

Amex/cash surfing Verify if same expense has

been claimed both as Amex

and cash

Forensic repeat offenders Identify expenses claimed in

iExpenses instead of booking

through approved channels

Expense splitting Identify expenses that were split

to avoid policy violation

iExpense (Phase II)

$

Key word search in category Identify the expenses claimed using unapproved

channels, and by wrong categorization to avoid

activating the report for audit

File attachment on Expense Reports (ER) Identify ERs with supporting documents in un-

acceptable formats (like editable attachments like .txt)

Noncompliant expenses

Inappropriate T&E claim

Duplicate expenses





Implementation Approach

Phase II Phase I

Understand

GRC

capabilities

Identify gaps

and issues

Stress test

application

performance

Enable GRC

platform

Rollout AP use

cases

Stabilize GRC

platform

Rollout

iExpense use

cases

Achieve

adoption

Phase III

Expand rollout

to other

functions


For One (1) Year Date Analyzed

Approximately 150+ No. of Entities

Four use cases in Accounts Payables

No. of Use Cases

Graph Initial Build

130M records processed

1.3M records processed Graph

Incremental Build


Hardware Configuration

• TCG analyzes millions of

transactions so it needs

enough resources (disk

space and memory)

• Follow Oracle

recommended h/w and

s/w and make

adjustments based on

the volume of

transactions

Model & Control

Analysis Assessment

• Optimize the design of

models

• Replicate read-only

schema instead of using

apps schema of EBS

• Implement control data

level security (by region)

so incidents can only be

viewed by the right user

for that region

Fit/Gap Analysis

• Verify the availability of

business objects for the

use cases

• Validate the model

results first before

running the controls

• If you don’t need to

secure your incidents,

then do not use

perspective for security

Oracle Support

• Early engagement with

Oracle

• Tight collaboration and

partnership with Oracle

ETL Performance Assessment

• Perform multiple

iterations of graph build.

Monitor sys resources

• Analyze transaction

volume of each business

object used in models

• Understand the ETL

design and Data

Extraction criterion


Expense Management Forensic Strategy Automation

Potential Cost savings through increased compliance in hotel bookings (10% increase in compliance may Yield ~ 2/3 M $/Yr savings)

Potential savings through Procurement spend Channel alignment (realize higher discounts thru P-card program)

Reduced internal and External Audit costs

Cost avoidance of Operations in Audit remediation


Thank you.


Program Agenda

Introduction

Top 10 P2P Issues that Impact Bottom-Line

GRC Advanced Control Solution


Q & A


Oracle Advance Controls OOW2013 Sessions & Demo Pod Slides


Demo Workstation Moscone West 1st Floor #W-013

Monday Tuesday Wednesday

Demo ID 3532

Workstation #: W--013 9:45 – 6:00 9:45 – 6:00 9:45 – 4:00


Demo Workstation Moscone West 1st Floor #W-013


General Session: Empowering Modern Governance, Risk, and Compliance

12:15PM Moscone West – 2006/2008

GEN8812

Automate Robust User Access and Security Controls for PeopleSoft

10:45AM Moscone West - 2009

CON8820

Panel Discussion: Intelligent Controls for Key Business Processes & Upgrades in PeopleSoft

3:15PM Moscone West - 3020

CON8822

Deloitte: Leveraging Oracle GRC Technology to Reduce Revenue Loss, Cost Leakage & Fraud

3:15PM Moscone West - 2000

CON8822

Learn More About Oracle Advance Controls Monday


Top 10 Advanced Controls for Procure-to-Pay to Improve the Bottom Line

10:30AM Moscone West – 2003

CON8814

Center for Medicare & Medicaid Services Automates Internal Controls with Oracle GRC

3:45PM St Francis – Elizabethan C/D

CON9346

Enforce Segregation of Duties with Identity Management and Oracle Advanced Controls

5:15PM Moscone West – 3018

CON8827

Learn More About Oracle Advance Controls Tuesday


Optimizing Order-to-Cash with Oracle Advanced Controls for Oracle E-Business Suite

10:15AM Moscone West – 3018

CON8816

Reducing Risk for Oracle E-Business Suite Upgrades and Implementations


CON8830

Panel Discussion: Intelligent Controls for Key Business Processes and Upgrades

3:30PM Moscone West – 2002 / 2004

CON8832

Learn More About Oracle Advance Controls Wednesday


Advanced Access and User Security for Oracle E-Business Suite and Fusion Applications


CON8824

Meet the Governance, Risk, and Compliance Experts

12:30PM Moscone West 2001A

MTE9412

Learn More About Oracle Advance Controls Thursday


The preceding is intended to outline our general product direction. It is

intended for information purposes only, and may not be incorporated into

any contract.

It is not a commitment to deliver any material, code, or functionality, and

should not be relied upon in making purchasing decisions. The

development, release, and timing of any features or functionality

described for Oracle’s products remains at the sole discretion of Oracle.


@OracleAdvCntrls


Appendix



Invalid entry of supplier invoices Cash leakage

ERP Control

Prevent same invoice number from being entered for the same supplier and same supplier site

Advanced Control

Detective:

Detect invoices with “Similar” invoice number, same amount to the one supplier

Detect invoices made to the same suppliers but in different business unit

Detect invoices made to different vendor with very similar names

Detect payment made by procurement card and checks

Preventive:

• Put duplicate invoices on hold until proper investigation is complete

Duplicate Vendor Payments



Overpayment to suppliers Cash leakage

ERP Control

Track scheduled payments so that it never goes over the invoice total

3-way match will compare the purchase order, receipt of goods and invoice if the above two are correct

Advanced Control

Detective:

Detect invoices where freight was charged when in PO it was supposed to be pre-paid by the

vendor

Detect invoices where freight was charged and warehouse charged freight separately

Detect invoices billed for quantities than what was actually shipped

Preventive:

• Put suspect invoices on hold until proper investigation is complete

Erroneous Charges to Invoice



Untimely payment to supplier

Negative Credit Rating

Late payment fines causes negative cash flow

Lose out on opportunity to take early payment discounts

ERP Control

Invoice ageing report show invoices due payment

Advanced Collections flags delinquent or pre-delinquent transactions

Invoice get paid based on payment term after it is validated and approved

Advanced Control

Detective:

Detect invoices that are approaching due date base on supplier/ PO payment term

Identify users who have consistently not paid vendors on time

Detect payments to vendors that are consistently late

Preventive:

• Send alerts on upcoming payments that are approaching due dates

Late Payments



Risk of audit/ fines and penalty (regulatory risk) Cash leakage

ERP Control

Can mandate original employee receipts for foreign trip to reclaim VAT

Tax module calculates applicable taxes which provides a check on amounts stated by the supplier

Advanced Control

Detective:

Detect sales tax invoices by vendors for non-taxable items

Identifies use tax in error on non-taxable goods and services

Identify all VAT invoices that are approaching due date of the calendar year

Detect if sales tax goes over a threshold value

Identify supplier invoices where VAT is charged based on supplier location vs where the service is

rendered

Tax Errors: Sales/ Use/ VAT



Inaccurate vendor master Cash leakage

ERP Control

Prevents user from entering duplicate supplier names

When entering a new supplier, it shows you existing suppliers with similar names

Advanced Control

Detective:

Duplicate payment made to multiple entities of the same supplier

Identify purchases made from unapproved vendors

Identify users having supplier creation privileges and purchase order/ Invoice creation privilege

Identify suppliers with similar or different names but with same Tax ID Number or address

Identify suppliers who exists in the “Do not do business with” suppliers

Preventive:

Make supplier Tax ID Number field mandatory

Prevent POs to be created with unapproved vendors

Master Vendor Management



Financial fraud and misuse Cash Leakage

ERP Control

No good native controls

Advanced Control

Detective:

Detect Split PO to work around approval threshold

Detect standard PO issued to a supplier where a blanket PO exists

Preventive:

POs over a certain threshold require approvals

Good receipts cannot take place without an approved PO

Mandate PO number during invoice creation

Purchase Order Problems



Costly Payment to Vendor Negative Cash Flow

ERP Control

Populates payment term of the supplier or the PO during invoice creation

Based on supplier master configuration, system will force a discount even if discount date has passed

Advanced Control

Detective:

Identifies special rebate from the PO contract that the invoice failed to mention

Track invoices that missed discount date by a little margin

Preventive:

• Send alerts on upcoming discounts available for payments above a threshold

• Prevent vendors from deducting late fees from open vendor credit

Missed Discounts



Untimely payment to supplier Negative Flow Impact

ERP Control

Automatically displays payment term during invoice creation

Payment on receipt option can be disabled

Advanced Control

Detective:

Detect payments made earlier than supplier payment term

Alerts a user if payment term setup is changed

Preventive:

• Set up an approval process if payment term is changed

• Prevent payment term to be changed

• Ensures segregation of duties between invoice creation and supplier creation

Early Payment

top 10 p2p advanced controls to improve your bottom line!

Technology

oracle andor

oracle financials

oracle corporation

confidential oracle

confidential oracle

confidential oracle

confidential oracle

sole discretion of oracle