grc advanced controls oow2014 stop financial leakage - cisco, noble energy, sherwin william

Stop the Financial Leakage &Cure the Drought in ProfitsPanel Discussion CON8203

Jim Lach Corporate IT Controls and Compliance Leader, Sherwin Williams

Gavin Leavay Navillus Partners

Vital Nattuva IT Manager - Finance and Employee Services IT, Cisco Systems

Jeramie Taylor CISA, CFE, Manager - Internal Controls, Noble Energy

Moderator: Barry Greenhut, Director - GRC Product Development, Oracle

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |


Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

3


Agenda

4

Introduction

Panel Discussion


Financial Leakage

• $1,000,000 lost per year for every billion spent

• Each incident of fraud costs $100,000 to $1,700,000*

“For a company with a 5% profit margin, $1 million in recoveries equates to $20 million in incremental sales”

*Source: 2010 ACFE Report to the Nations on Occupational Fraud and Abuse

Protiviti 2010 – Procurement Assessment and AP Recovery Solutions

“[Most companies] expect to find .1% of a company’s spend in financial leakage”


Key Financial Control Issues

51% make 10 to 30% of all payments too early**

64% make 10 to 30% of payments too late**

55% of companies are unable to collect 20 to 40% of total revenue within contracted payment terms**

46% of AP departments have not reviewed AP policies for over a year

434 Senior Finance Executives

** Made to Measure CFOs on finance- and procurement-process improvement, CFO Research, May 2012

* Accounts Payable Network Benchmark: AP Controls May 2011; 425 Companies


Accounts Payable Recovery Audit

UNINTENTIONAL ERRORS AND LEAKAGE

Global, Fortune 500 Firm, High-Tech

• Over 4 Audit Cycles, consultants found $17.5M in payment errors

Profile

Single Business Application Instance

Centralized Payables Operation

Well Staffed

Clean SOX Audit

Audit Recovery Findings

18 Month Cycle

$17.5M Found– $ 8.3M Total Recovery= $ 4.8M After Fees


Survey of 263 Finance Executives

Need for Better Controls and Efficiencies

15%

28%

33%

42%

48%

Improve Cash Flow and Working Capital

Reaching New Heights: The Dividends of Collaboration between Finance and Procurement is published by CFO Publishing LLC, May 2012

Compliance

Understanding Payables Exposure

Audit and Control of Procurement

Business Risk Analysis


• Lack of Staff• False Positives• Access to Data• Visibility to Issues• Mergers & Acquisition• Decentralized Operations• Outsourcing

DRIVERS

Segregation of DutiesDuplicate PaymentsManual ProcessesEmployee Reimbursements

Compliance with Policy

Automation ChecksApprovals

Standardization/Consistency

Signatures/Authority

Accounts Payable Network Benchmark: AP Controls May 2011

Survey of 425 Companies

Top 10 Control Challenges


Agenda

10

Introduction

Panel Discussion• Jim Lach Corporate IT Controls and Compliance Leader, Sherwin Williams

• Gavin Leavay Navillus Partners

• Vital Nattuva IT Manager - Finance and Employee Services IT, Cisco Systems

• Jeramie Taylor CISA, CFE, Manager - Internal Controls, Noble Energy

• Moderator: Barry Greenhut, Director - GRC Product Development, Oracle

• PLEASE ASK QUESTIONS ANYTIME!


4:45 pm

ID # 8210Doing Your ERP Implementation/ Upgrade Right with Oracle Advanced Controls Solutions

OLYMPIC ROOM, Westin

TUESDAY: Oracle GRC Advanced Controls

11

SPEA

KER

S:SE

SSIO

NS:


10:00 am

ID # 8207Stop the Fraudster! Set the Tone at the Top and Prevent Fraud with Oracle Advanced Controls


WEDNESDAY: Oracle GRC Advanced Controls

12

SESS

ION

S:

2:45 pmWEDNESDAY

ID # 8200Do You Really Know What Your Users Can Do—or Maybe Have Done?

FRANCISCAN I ROOM, Westin

10:45 am

IOFM Workshop: How Your Vendor Master File is Critical to GRC and Compliance

Presenter: Jon CasherLength: 90 MinutesCPE Credits: 1.5

ZEUM ROOM 8th FLOOR, Palomar JON CASHER Ph.D.

IOFM WorkshopPresident, Casher Associates

Leading Industry Expert & Consultant

CPECREDITS

1.5

LOCATION: Hotel Palomar4th & Market

Contact: Dane Roberts [email protected]

SPEA

KER

S:


10:15 am

ID # 8208Achieve a Quicker and Compliant Financial Close with Oracle Governance, Risk, Compliance


THURSDAY: Oracle GRC Advanced Controls

13

SPEA

KER

S:SE

SSIO

NS:

12:45 pm

ID # 8154Controlling for Multiple ERP Systems with Oracle Advanced Controls


2:45 pm

ID # 8213How Your Vendor Master File is Critical to Governance, Risk Management and Compliance


LOCATION: Westin3rd & Market


5:00 pmWEDNESDAY

ID # MTE 8487Meet the Governance, Risk, and Compliance Experts

METROPOLITAN III ROOM

MEET EXPERTS & DEMO GROUNDS: Oracle GRC

14

HO

ST:

SESS

ION

S:

ID # 4250Demo Station: Oracle Fusion Governance, Risk, and Compliance Advanced Controls

MONDAY 9:45 – 6:00TUESDAY 9:45 – 6:00WEDNESDAY 9:30 – 3:45

LOCATION: Westin3rd & Market

HO

ST:

SESS

ION

S:

LOCATION: Moscone West


DEMOgrounds: Moscone West Station ID WCL-003

15


Follow Us & join the conversation .

Oracle GRC Advanced Controls Group

@OracleAdvCntrls

https://www.linkedin.com/groups?mostRecent=&gid=5185359&trk=my_groups-tile-flipgrp

https://www.linkedin.com/groups?mostRecent=&gid=5185359&trk=my_groups-tile-flipgrp

https://twitter.com/OracleAdvCntrls




Background and Supplemental Information

19



Sherwin Williams

Since its founding by Henry Sherwin and Edward Williams in

1866, The Sherwin-Williams Company has not only grown to

be the largest producer of paints and coatings in the United

States, but is among the largest producers in the world.

Sherwin-Williams

Advanced Controls

Jim Lach

Corporate IT Controls and Compliance Leader

[email protected]

Advanced Controls

CCG Version 5.5.1

Snapshots and Change Tracking in place

ACG Version 8.6.4.7159

Heavily used for User Access Models

TCG Version 8.6.4.7181

Minor usage to date. Development in process.

TPCG

Minor usage to date. Development in process.



Noble Energy

Company OverviewA company of growth and expansion

25

Founded in 1932 by Lloyd Noble

Noble Energy is an S&P 500 public company with reserves of 1.4 billion barrels of oil equivalent and assets totaling over $19 billion at year-end 2013

Noble Energy's corporate purpose is "Energizing the World, Bettering People's Lives®”

We strive to provide energy for the world through finding and producing hydrocarbons, while positively influencing the lives of our stakeholders. To us, the two responsibilities cannot exist separately.

Company OverviewA focus on core value added assets

26

Oracle EBS OverviewThe technology that aligns the businesses

27

Implemented Oracle EBS version 11.5.10 in Q4 of 2007

Currently on Oracle EBS version 12.1.3

6 instances including 1 Prod, 4 Test, 1 Dev; April 2014 – Add 2 Test

Oracle EBS is hosted by Oracle Managed Cloud Services in Austin, TX

All employees and some contractors are users – ~3000

EBS Modules: General Ledger

Financial Reporting

Payables

Receivables

Fixed Assets

Projects

Asset Management

Inventory

Purchasing

iExpense

OTL Time Entry

Human Resources

Payroll

P2 Enterprise Upstream: Revenue

Revenue Reporting

Division Orders

Joint Venture Accounting

Production Reporting

Report Centers

Oracle EBS OverviewUniquely Noble Operations

28

Noble does not “sell” consumer products or services, we find and extract and oil/gas in which ownership is transferred at meters or when arriving at a processing facility

We operate globally which causes challenges with managing banks, payments and reconciliations around the world

Financial procurement authorization is captured at the requisition, not the purchase order

Budgeting and forecasting take place in Hyperion, external to EBS

iRecruitment/HR creates candidate accounts in EBS Currently over 300,000 “users” if unfiltered for candidates

Noble is currently working on a “Foundation 2020” project which will revamp how we use Oracle for several major processes

Moving ForwardThe Journey Continues

ACCESS GLOBAL CONDITIONS (ACG):

ACGs were setup and tested one-by-one (14 Total) Exclude certain IT Service Accts (oracle managed, etc.)

Exclude if Menu and/or Sub-Menu Grant Flag = N; Menu Prompt = No Prompt

Exclude if Not Within the Same Set of Books

Exclude if Function is Query Only

Exclude if Responsibility and/or User is End Dated

ACG testing consisted of looking at both production and test environments

Result count for each test was tracked to determine if there was or was not a reduction in results

29


AACG:Requirement - Re-validation of Seeded Content Access Points

Developed Custom Reports to help validate access points:• Confirmed if access point is used by NBL / resides with a NOBL Responsibility

• ID unexpected responsibilities where access point exists

• Determine if other access points should be considered / included

30


Example of Value Added Validation:

Looked up the Seeded “Bank Account Reconciliation” access point

ID’ed other access points that should be considered

Opened a responsibility with this in test and uncovered a Noble custom form / access point (undetected by IT Custom Report or GRC)

31


TCG:Requirement - Validation of Seeded Content

Individually loaded, customized and refined each TCG model

Ran each Model Object (i.e. table) wide open to view exactly what populates and what does not

Refined each filter until only a complete and accurate set of data was returned

Used seeded content as starting place for additional models

Examples of New TCG Models:

Dormant User Accounts

Expense Report Expenses

Passwords Not Set to 90 Days

Person Addr XX% Similar to Payee Addr 1, 2, 3

Person Addr XX% Similar to Customer Addr 1, 2, 3

Person Addr XX% Similar to Supplier Site Location

Person Home Addr within the Paid to Addr

Supplier Name Contains XXXX, Pmt Not Void & Exclude Employee Pmts

32


PCG:Requirement – Internal Controls to drive the use of this module

Only 1 IT User has access to PCG in Production

Only 2 Internal Controls people have access in Test + 1 IT User

Internal Controls learning and building our own PCG Rules in Test

Developed a naming convention of all PCG Rules

Examples of PCG Controls:

Set Password Lifespan field default to 90 days

Restrict Financial DOA Administration

Restrict Procurement DOA Administration

Limit User update access to System Administration, etc. (in Test)

Restrict Inventory Transaction Types

Restrict Noble Journal Source and Categories

Restrict Noble Password Reset Responsibility

CCG: Will be utilized in late 2014 and early 2015

Intelligence: Linked into OBIEE, but dashboards will need to be built out

Manager: Noble utilizes a non-Oracle product solution in place of this

33



Cisco

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35

IT Manager, Cisco Systems Inc

IT Manager in Finance and Employee Services IT

IT Service Owner for Payable & Expenses, Procurement Services and Fixed Asset Management

Has been part of the transformational efforts at Cisco to consolidate multiple geographically aligned Finance instances into Single Global Instance on R12

Before Cisco, he has played an instrumental role in Implementing Oracle financials at various renowned companies across the Globe.

Cisco Confidential 36© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Solve

Innovate

ChangeOur Vision

For nearly 30 years, we’ve focused on helping

to change the way the world works, lives, plays,

and learns.Our Strategy

We solve our customers’ most important business challenges by delivering intelligent networks and technology architectures

built on integrated products, services, and

software platforms.

Cisco Confidential 37© 2013-2014 Cisco and/or its affiliates. All rights reserved.

CiscoAt-a-Glance

Revenue: $47.1B, -3% Y-Y Growth, $36B Products, $11B Services

$6.3 R&D (13.35% of Cisco revenue)

More than 71,000 employees

Nearly 70,000 channel partners

380 global sites doing business in 165+ countries

More than 18,000 patents

28,000 engineers (39% of our workforce)

#1 or #2 in most market segments we serve

More than 170 acquisitions since 1993

Broad portfolio of integrated products and solutions

FY14Stats

Other Stats


Purchasing

iProcurement

iExpenses

General Ledger

Fixed Assets

Accounts Payable

Core

FinancialsEmployee

Self-ServiceR12.1.3

Travel


Duplicate vendorsIdentify creation of

duplicate vendor sites

Duplicate payments by vendorIdentify duplicate invoice

processing by vendor

Maverick buyingPO date should be

prior to the invoice

date

Duplicate payments by invoiceIdentify duplicate invoices by

similar invoice and by vendor

Accounts Payable$

Duplicate invoice

Duplicate invoiceDuplicate vendor in

vendor master file

PO related problems

Identifying erroneous high value paymentsPayments more than 30%

increase of the last rolling 6

months payment to the vendor

$Erroneous payment

Withholding Tax (APAC)Identify the suppliers/ invoices

where the incorrect rate of WHT

was applied

Tax errors


iExpense

File attachment on Expense Reports (ER)Identify ERs with supporting documents in

un-acceptable formats (like editable

attachments like .txt)

Noncompliant expenses

Duplicate Expense

Amex/cash surfingVerify if same expense has

been claimed both as Amex and

cash$


• One (1) YearData Analyzed

• 103 Million records processed

Graph Initial Build

• 800 Thousand records processed

Graph Incremental

Build

• Six (6) Custom Business Objects

No. of Custom BOs

• Six (6) use cases in Accounts Payables

• Two (2) use cases in iExpenseNo. of Controls

• 3 times a weekSync and

Control Analysis Schedule

• GRC-all-8.6.5.1645GRC

Version

• Oracle DB 11.2.0.3.10Database

• Firefox 24

• Internet Explorer 9x, 8xBrowser

• Oracle WebLogic Server 12.1.2 with Oracle JDK 1.7.0_51

• Application Development Runtime 12.1.2 and RCU 12.1.2

Application Server and Middleware


2-3 K per day

• Total Incidents generated

750-800 per day

• Incidents Closed and Resolved


Hardware Configuration

• TCG analyzes millions of

transactions so it needs

enough resources (disk

space and memory)

• Follow Oracle

recommended h/w and

s/w and make

adjustments based on the

volume of transactions

Model & Control

Analysis Assessment

• Optimize the design of

models

• Avoid nested UDO

• Replicate read-only

schema instead of using

apps schema of EBS

Fit/Gap Analysis

• Understand the

importance of Incident

Status and State Code

and how it affects the

remediation process

• Validate the model

results first before

running the controls

• Verify the availability of

business objects for the

use cases

Oracle Support

• Early engagement with

Oracle

• Tight collaboration and

partnership with Oracle

ETL Performance Assessment

• Perform and document

multiple iterations of graph

build and Control Analysis.

Monitor sys resources

• Plan to get weekly or daily

refresh of datasource data

with production data

• Analyze transaction volume

of each business object used

in models

• Understand the ETL design

and Data Extraction criterion



Navillus Partners

45

ABOUT NAVILLUS PARTNERS

International professional services and solutions firm headquartered in Boston, Massachusetts

Established in 2009, Navillus has experienced on average 40% growth year over year in Oracle

Advanced Controls professional services

Oracle Gold Level Partner specializing in Oracle Advanced Controls & E-Business Suite / PeopleSoft

professional implementation and advisory services

Recognized as the #1 Oracle Advanced Controls Partner in 2012 & 2014!

The first in the industry to hold Oracle Advanced Controls Specialization accreditation

Is an Oracle authorized training partner

Navillus is a privately held company that has been profitable consistently both from a cash and accrual

basis since the 4th month of operations with zero external debt outstanding.

Our team’s collective experience includes:

168 years working in the information technology industry

177 years implementing the Oracle e-Business Suite ERP package

76 years implementing the Oracle GRC applications

More than 512 GRC implementations to the team’s credit to date

46

ABOUT NAVILLUS PARTNERS

Highly experienced resources with one of the strongest track

records for delivery success in the North America & Europe.

Oracle Resource(s) have 13+ years dedicated to Oracle Implementations, Security Design, and Project /

Program Management

Our team members average more than 8 years of Oracle Advanced Controls Experience

The majority or our team was involved in the development of the original versions of the Oracle Advanced

Controls Applications

Proprietary accelerated delivery methodology, NAViGATEProcess Driven approach tailored specifically for Oracle Advanced Controls

‘Design In’ Approach for Oracle e-Business Suite & PeopleSoft implementations and upgrades

Developed and maintain our ACE Process & Controls LibraryProcess optimization and control accelerators

GRC & Business Process Controls Library for PCG, CCG, & TCG

Comprehensive extension to Oracle’s out of the box Access Controls Content

-

47

NAVILLUS PARTNERS IS A WORLD LEADER

More than 500 combined Oracle Advanced controls implementations

34+ skilled and experienced Advanced Controls professional worldwide

Functional & technical experience across nearly all Oracle e-business applications

(HRMS, Financials, Supply Chain Management, CRM, other)

Multiple consultants with Oracle accredited specializations

Experience

Global

Delivery

Centers

of Excellence

Right-shore Delivery capabilities for Oracle Advanced Controls including

utilization of our experienced Chennai, India team, well beyond installation &

technical responsibilities

Navillus provides training to customers and other implementation partners

worldwide

International experience in more than 10 countries

Navillus’ Center of Excellence (CoE) is a solution center that works closely with

Oracle OAC Product & Product Strategy and promotes and trains the extended

team on new product features and techniques

Provides new and innovative delivery techniques from in-field feedback and

experience to continuously enhance our NAViGATE Methodology

Works with Oracle’s product group on new features and enhancements

Maintains and updates our internal development and demo labs

48

NAVILLUS ADVANCED CONTROLS CASH LEAKAGE USE CASE

49

NAVILLUS PARTNERS DEPLOYMENT INFORMATION

Library Prebuilt Transaction Control Models and Preventive Controls

to provide immediate ROI

1 week for existing installs

2 weeks requiring installation of TCG and PCG

Recent Client Deployment Resulted in identifying:

$271K in Duplicate Spend

Over 150 Duplicate Suppliers

Rules designed to provide prevent controls and continuous

oversight to specific process and system limitations resulting in

duplicate spend -

50

ANALYSIS FOR IMMEDIATE ROI

Recent Deployment of Navillus TCG Controls focused on Cash Leakage

Deployed 7 Duplicate Invoice/Payment Monitors – Possible duplicate invoices based on attribute combinations (e.g. same invoice number and amount, same supplier, invoice amount and date)• 7 Variations of Supplier, Inv #, Invoice Amt., Inv. Date attribute review

• Duplicate Invoices - Same invoice number and amount

Deployed 4 Duplicate Supplier Monitors – different possibilities for review• Similar name suppliers

• Suppliers with the same tax ID

• Combinations of Name, Address, etc.

Deployed 2 Missed Discount Monitors – identifying Suppliers offering discounts where no discount taken

51

SUMMARY OF RECENT DEPLOYMENT

Review of one Duplicate Payment TCG Model looking for Invoices with the same invoice number and amount identified:

• Identified Results (20 month review): 175 incidents totaling ~$5 million USD = $2.5 million in possible overspend

• Likely Dups from Result Review Identified: 8 incidents representing ~$271k (11%) in possible overspend (see next slide)

Duplicate Supplier – Different possibilities for review

• Similar name suppliers - 1745

• Suppliers with the same tax ID – 165

Missed Discounts - Suppliers offering discounts with no discount taken on Invoice 61 invoices – totaling @97K, missed discount of @4.8K.

52

LAYERED APPROACH FOR DUPLICATE INVOICES

Identified weaknesses with TCG lead to Preventive Controls design with PCG

Duplicate Issues identified and related PCG Control

• Duplicate payments across supplier site or OU

Rule designed to Prevent or Warn of duplicates across OU or Site at entry.

• One letter’s case or placement different in the invoice number

Rule to restrict invoices to all capitals and holds or warning of similar numbers

• Duplicate suppliers in system and two different suppliers paid

Rule warn or hold duplicate suppliers at entry

53

DUPLICATE INVOICES SUMMARY

4755

1142

1712

1756 118

0

500

1000

1500

2000

2500

3000

3500

4000

4500

5000

Dup Invoice 1 Dup Invoice 2 Dup Invoice 3 Dup Invoice 4 Dup Invoice 5 Dup Invoice 6 Dup Invoice 7

Nu

mbe

r o

f In

cid

en

ts

Control Name

Incident Violation Counts

54

DUPLICATE INVOICES SUMMARY

$42.0

$28.6

$37.3

$2.5

$0.009$0.0

$2.0

$0.0

$5.0

$10.0

$15.0

$20.0

$25.0

$30.0

$35.0

$40.0

$45.0

Dup Invoice 1 Dup Invoice 2 Dup Invoice 3 Dup Invoice 4 Dup Invoice 5 Dup Invoice 6 Dup Invoice 7

Dolla

r A

mou

nt ($

US

mil)

Control Name

Dollar Amount of Duplicate Invoice incidents



Oracle


…by Continuously Monitoring Your Financial Applications

Advanced Controls

Give you the means to:

Make Processes More Effective, Efficient

Reduce Operational Risk

Improve Bottom Line


Make Processes More Effective, Efficient


Improve Bottom Line

Advanced Controls

Detect unwanted transactions

Detect settings that cause loss

Detect problematic exceptions

Automate policy management


Improve Bottom Line

Advanced Control

• Detect Unwanted Transaction

Business Review

• Determine Response

Financial Application

• New Business Rule


Replace Manual Management of

Policies

…with Automated

Workflows & Repositories

Reduce Manual Effort & Expense

More Timely & Complete

Results

Replace Manual Sampling

…with Linked Continuous

Monitors

Reduce Manual Effort & Expense

More Complete & Accurate

Results



Do I Need Advanced Controls?

Experience unwanted transactions?

Experience adverse events?

Depend on process exceptions?

Find compliance expensive?

Experience audit findings?

Does your organization…



Grown through acquisition

Many operating units

Publicly traded stock

Highly regulated industry

Multi-state or multi-national

Experience unwanted transactions?

Experience adverse events?

Depend on process exceptions?

Find compliance expensive?

Experience audit findings?

Does your business… Do you struggle with complexity?



Preparing to use an Oracle Application?

Upgrading an Oracle Application?

Changing its business processes?

Is your organization…


Advanced Controls Are Used in High-Risk EBS & PSFT Processes

• EXAMPLE: Find questionable invoices that can’t be found by other solutions

Provide insight intotransactions & setups

• EXAMPLE: Put questionable invoices on hold for dispositionProcess owners leverage

insight

• EXAMPLE: Avoid paying invalid invoices

Process owners maximize benefit of

insight

63


Embedding Advanced Controls Accelerates Processes, Increases Accuracy, Reduces Risk

64

Pre-Built TCG Control for EBS/PSFT Embedded in EBS/PSFT Process

1 Prevent payment of duplicate invoicesand payment requests

1. Inspect potential duplicates (incl. fuzzy matches on vendor names, amounts, dates, vendor addresses, invoice numbers)

2. Put selected duplicates on hold

2 Prevent duplicate vendors 1. Inspect potential duplicates (incl. fuzzy matches on names, address, phone numbers, email domains, bank accts, tax IDs, etc.)

2. Inactivate selected duplicates

3 Prevent employees from acting as suppliers

1. Inspect potential violators (incl. employees whose payroll bank accounts or tax IDs match suppliers’ accounts/IDs or invoice/payment requests’ accounts/IDs)

2. Put selected invoices/requests on hold, notify employees’ managers

4 Prevent split POs 1. Inspect potential split items2. Put selected splits on hold

5 Prevent improper steering of purchases to vendors

1. Inspect top amounts awarded to vendors by buyer2. Inactivate selected vendors, notify buyers’ managers

6 Prevent purchase/sales transactions with restricted entities

1. Inspect POs, payment requests and sales orders to restricted vendors and customers

2. Put selected transactions on hold


Solutions for Embedding Advanced Controls

Typical solution:

1. Review Advanced Controls data

2. Research context in ERP

3. Take action in ERP

4. Update Advanced Controls accordingly

One-click solution:

Use single user interface* to:

a. Review Advanced Controls and ERP data EXAMPLE: Duplicate invoices

b. Trigger ERP action and update Advanced ControlsEXAMPLE: Put selected invoices on hold

* Provided by Specialized partners

65


Partner Case Study: PeopleSoft

Business Requirement:

• Review ~5,000 potentially erroneous payment requests each week (worth ~$60 million)

• For each request: hold for investigation, or release for payment

One-Click Solution:

• TCG controls detect requests that require review

• Dashboard lets users review requests and route them appropriately in PeopleSoft Financials

• Provided by FulcrumWay

Outcome: Prevents an average of $100 million in erroneous payments annually

66

Agencies Payment Requests PeopleSoft Financials (New Payment System)

Auto Payments on Hold

Payment Requests

PeopleSoft GRC

SQL/Legacy

E-Business

Release Payments on Hold not selected for audit

http://www.salesforce.com/

http://www.salesforce.com/


Built by Specialized Partner



Concept Visualization: One-Click Solution for E-Business Suite

67

User Views TCG Incidents…

One-Click

…and EBS Invoices

Selected Invoices are Put on Hold in EBS, Incidents are marked “Processed” in TCG


Recommended Integration Architecture for One-Click Solutions

• Specialized Partners plan, develop and support one-click solutions

• Recommended integration architecture:

68

OracleE-Business Suite

or PeopleSoft

Specialized Partner’s One-ClickSolution

OracleTransaction

Controls Governor

Pre

-Bu

ilt S

erv

ice

s Pre

-Bu

ilt Service

s


Recommended User Experience for One-Click Solutions

• Specialized Partners plan, develop and support one-click solutions

• Recommended one-click user experience options:

69

Oracle E-Business Suite

or PeopleSoft

Specialized Partner’s One-Click Solution

…or…

UI Embedded in ERP

…or…Specialized Partner’s One-ClickSolution

Standalone UI

Portal

Specialized Partner’s One-Click Solution

UI Embedded in Portal


Guidance to Customers

• The preceding slides illustrate a one-click solution that can be provided by Specialized Partners

• If you’d like to consider the solution further, start by ensuring:

– Your intended use is described by the preceding slidesSUMMARY: You plan to embed a TCG control in an EBS or PeopleSoft process

– You already use your TCG controls as continuous control monitorsProvides incident management experience needed for successful planning

– A Specialized Partner is helping you plan, develop, deploy and support your solution

70

grc advanced controls oow2014 stop financial leakage - cisco, noble energy, sherwin william

Documents