leading fortune-500 global property insurance firm...
TRANSCRIPT
Leverage T echnology:
Move Your Business Forward™
Enterprise Risk Management Financial Close Monitor Advanced Controls Catalog Enterprise Audit GRC Monitor
FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions
Copyright ©. Fulcrum Information Technology, Inc. Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes
Leading Fortune-500 Global Property Insurance Firm
Improves Enterprise Audit
www.fulcrumway.com Page 2 Copyright © FulcrumWay
FulcrumWay Intelligent, Integrated Instant Risk Management™
FulcrumWay: is the #1 End-to-End Provider of Enterprise Risk Management Expertise,
Solutions and Software Services for Oracle EBS, PeopleSoft and JDE customers with
over 200 Fortune-500 to Middle Market clients. Since 2003, we have successfully
assisted companies across all major industry segments.
Expertise: Risk Advisory Services. Advanced Controls Design for Enterprise Business
Applications. Best Practices for Risk Mitigation and Internal Controls Automation.
Audit, Compliance, Financial, Enterprise and Operational Risk Assessments. Risk
Remediation Services such as Segregation of Duties.
Packaged Solutions: FulcrumWay is the #1 choice of Oracle customers for Oracle GRC
Manager, GRC Controls and GRC Intelligence/OBIEE software implementation. Oracle
has certified us as the only partner with Accelerators for Oracle GRC. We also provide
Managed Services and Hosting for Oracle GRC applications.
Software Services: Risk Management Tools: Enterprise Risk Manager, Financial Close
Risk Manager, Risk Based Audit Manager, IT Risk Workbench, and Advanced Controls
Catalog. Data Management Tools: Rules Repository, DataProbe™ adaptors and Data
Hub.
USA Presence: Privately held Delaware Corporation with US offices in New York City,
Dallas and San Francisco
International Presence: in Chennai, Dubai, Kampala, London, Rome, Santiago,
Singapore
Introduction
www.fulcrumway.com Page 3 Copyright © FulcrumWay
Government Oil and Gas
Healthcare
Communications
Financial Services
Industrial
Equipment
Natural
Resources
Manufacturing
Retail
FulcrumWay Clients
High Tech
Our Experience
Media and
Entertainment Life Sciences
www.fulcrumway.com Page 4 Copyright © FulcrumWay
FulcrumWay™ Insight
Thought Leadership
Our Experience
Co-Authored GRC Book: First book on GRC for Oracle Applications
Executive Round Tables – GRC Solutions for Energy Industry, Houston, November 2012
OAUG GRC Solution Lab - April 7th – 11th Denver: GRC Case Studies and Best Practices
IIA - Presentations - Top Five Reasons for Automating Application Controls
Collaborate 13 – GRC Client Appreciation Dinner April 9th , 2013 Denver
Webcasts – GRC Best Practices, Trends and Expert Insight
Oracle Open World – Annual GRC Dinner on September 23rd , 2013 W Hotel San Francisco
LinkedIn –FulcrumWay Risk, Compliance and Audit Software Group
YouTube Podcasts – FulcrumWay Instant Insight in 10 min or less
www.fulcrumway.com Page 5 Copyright © FulcrumWay
Assess Risk
Detect
Violations
Analyze
Issues
Remediate
Issues
Implement
Corrective
Actions
Monitor
Application
Environment
Scope
Application
Controls
Sample
ERP
Data
Manage
Exceptions
Setup
Preventive
Controls
IT/Business
Control Teams Application Controls
Manager
Application
Security
Administrator
Application
Controls
Manager
Establish
Test
Environment
FulcrumWay™ Application Controls
Management Best Practices
www.fulcrumway.com Page 6 Copyright © FulcrumWay
Business Rules Repository - Advanced Application Controls
Financial Close Management Operations Management
Enterprise Risk Monitors
FulcrumWay Enterprise Risk Management Services
Risk Assessment Enterprise Survey Key Risk Indicators
Task Monitor
Variance Analytics Reconciliation Analytics
Enterprise Audit Manager Audit Planner
Controls Verification
HCM/HR Controls : (HR,PR)
Inte
llig
en
t In
teg
rate
d In
sta
nt
Compliance Certification
Risk Based Audit Management
Financial Controls: (GL,AP,AR,FA,CM)
Distribution Controls: (OM,INV,WMS,PO)
Supply Chain Controls : (ENG,QP,WIP,BOM)
Access Monitor Configuration
Monitor Incident Monitor
Database Vulnerabilities
GRC Monitor – Enterprise Data Security
Master Data Monitor
Control Analytics
Incident Monitor
Overview
FulcrumWay Core Technologies
DataProbe DataHub Monitors Rules Repository Rules Engine Transmitters
www.fulcrumway.com Page 7 Copyright © FulcrumWay
Enterprise Audit Improves
Internal Audit Effectiveness
Company Overview
Provides property and casualty and specialty insurance to individuals and businesses around the world.
Employees- 12,000, in 29 countries
PeopleSoft
Audit Challenges/Opportunities
Solution for both SOX and Internal Audit
Internal Audit spending 80% resources on SOX Audits in North America.
Limited management visibility into enterprise risk based on financial, operational and IT risks.
Risk Assessment Process - interviews with limited number of managers.
Significant variation in Risk Matrix, Audit Process and Reporting by region.
Process Owners demand better visibility into controls evaluations prior to SOX certification
Internal Audit application unable to support multiple compliance frameworks
Lack of Management Dashboards on deficiencies, risks and audits.
Solution
Enterprise Audit Manager
GRC DataHub
Results
Auditable, repeatable Section 404 compliance process
Solution being used for Management Self-Assessment and Internal Audit work
Increased audit coverage by 40% with automated Process Owner self-assessment based on self-service portal with email notifications
Management Dashboard with global risk views and drill down capabilities.
Improved Audit Staff Resource Utilization by 35% with audit planning and scheduling tool
Reduced Issue-Remediation cycle time with reminder notifications to process/control owners
Centralized audit work-papers to improve audit review and walk-through process
Improved audit testing with sampling PeopleSoft and other system transactional data.
Client Case
www.fulcrumway.com Page 8 Copyright © FulcrumWay
Integrated Audit Life Cycle Management with Continuous Monitoring
Risk Assessment:
Apply qualitative and quantitative analysis
Reduce the impact and frequency of loss events
Enterprise Audit Manager
Enterprise Audit
Manager
Planning: Establish scope and objectives for audit
engagements. Maintain budget, timeline and
resources assignments
Fieldwork: Evaluate internal controls in the
audit plan to maintain effectiveness, identify
opportunities for improvement, and communicate findings.
Issue Management: Manage independent audit opinion over the design and
operating effectiveness of controls. Monitor issues
assigned to the control and process owners
ERP Application Environment
Setups Forms/Pages Master Tables Profile Options Security
Workpapers: Documentary evidence of
risks, controls, audit testing, discussions, and
observations. Principal source for re-performance. Facilitate third party review
Analytics and Reports: Comprehensive reports library
to monitor status of engagements, resources,
issues, remediation actions, Workpapers, risks, controls
and process
www.fulcrumway.com Page 9 Copyright © FulcrumWay
Apply qualitative and quantitative
analysis Risk Assessment
Improve Internal Audit Effectiveness by utilizing resources based on risk tolerance
Analyze management response to risk questionnaire and rate risk based on risk factors such as impact on financial results, operational issues, etc
www.fulcrumway.com Page 10 Copyright © FulcrumWay
Create An Audit Engagement Planning
Streamline Audit Operations by assigning audit tasks in terms of process, risks, controls.
Provides all On-Boarding Information to define the scope and details of the Audit Engagement
www.fulcrumway.com Page 11 Copyright © FulcrumWay
Attach Key Planning Documents Planning
Facilitate third party review. Improve documentary evidence testing, and observations.
Select/Upload key documents: Audit Memo, Audit Plan, Project Plan. Audit team and third party auditors can follow the documents to perform or re-perform audit as needed.
www.fulcrumway.com Page 12 Copyright © FulcrumWay
Assign audit resources to the
plan Planning
Optimize Audit Resource Utilization. Identify task delays and cost overrun.
Resources schedule is prepared and sent for approval to the Audit Director. Engagement tasks are assigned and auditors are notified once the audit plan is approved and active.
www.fulcrumway.com Page 13 Copyright © FulcrumWay
Audit Director Approval Status Planning
Audit Director has complete visibility into all Audit Engagements by status
Engagement alerts are sent to Director email. Director dashboard provides drilldown details on each engagement. The reports can be downloaded in excel
www.fulcrumway.com Page 14 Copyright © FulcrumWay
Audit engagements assigned to
an auditor Field Work
Improvement in Audit Manager productivity with timely and detail assignments
Audit managers receives email notification when the audit engagement is approved and assigned. Manager dashboard display engagement details
www.fulcrumway.com Page 15 Copyright © FulcrumWay
Review Test Plan and Test sheets Field Work
Improve testing efficiency and accuracy.
Auditor can perform testing using pre-defined test plan and instructions. Alternatively, auditor can create a test plan on the fly. Test sheets are stored for review and evidence
www.fulcrumway.com Page 16 Copyright © FulcrumWay
Create and assign issues
Edit/Delete Issue
Manage Issues
www.fulcrumway.com Page 17 Copyright © FulcrumWay
IA monitor issues log Manage Issues
www.fulcrumway.com Page 18 Copyright © FulcrumWay
Create Remediation Plan Manage Issues
www.fulcrumway.com Page 19 Copyright © FulcrumWay
Assign and manage remediation
actions
Link Related Remediation to Issue
Manage Issues
www.fulcrumway.com Page 20 Copyright © FulcrumWay
Monitor Remediation Activities
Remediation Management Dashboard of Active Remediation
Manage Issues
www.fulcrumway.com Page 21 Copyright © FulcrumWay
Status of Key Documents Maintain Workpapers
www.fulcrumway.com Page 22 Copyright © FulcrumWay
Process Management Dashboard
User can either Create a Process or Manage an existing process (Edit/Erase)
Maintain Workpapers
www.fulcrumway.com Page 23 Copyright © FulcrumWay
Risk Management Dashboard
Dashboard view of all Active Risks
Maintain Workpapers
www.fulcrumway.com Page 24 Copyright © FulcrumWay
Risk Management
Allows user to Change/Edit or Delete Risk
Maintain Workpapers
www.fulcrumway.com Page 25 Copyright © FulcrumWay
Control Process Dashboard
Dashboard view of Active Controls
Maintain Workpapers
www.fulcrumway.com Page 26 Copyright © FulcrumWay
Control Management
Control Management screen allows user to Edit/Delete Control
Maintain Workpapers
www.fulcrumway.com Page 27 Copyright © FulcrumWay
Test Plan
Test Plan can be uploaded
Maintain Workpapers
www.fulcrumway.com Page 28 Copyright © FulcrumWay
Create Test Plan
Test Plan Details screen provides name, description, assessment type, sample size, sample collected, , etc.
Maintain Workpapers
www.fulcrumway.com Page 29 Copyright © FulcrumWay
Test Plan Attachment Maintain Workpapers
www.fulcrumway.com Page 30 Copyright © FulcrumWay
Test Instruction Details Maintain Workpapers
www.fulcrumway.com Page 31 Copyright © FulcrumWay
Key Document Status Analytics and Reports
www.fulcrumway.com Page 32 Copyright © FulcrumWay
Resource Status Analytics and Reports
www.fulcrumway.com Page 33 Copyright © FulcrumWay
Audit Engagement Details For A Selected Period Analytics and Reports
www.fulcrumway.com Page 34 Copyright © FulcrumWay
Issue Remediation Status Analytics and Reports
www.fulcrumway.com Page 35 Copyright © FulcrumWay
Remediation-Time Status Analytics and Reports
www.fulcrumway.com Page 36 Copyright © FulcrumWay
Risk Control Matrix (RCM) Report Analytics and Reports
www.fulcrumway.com Page 37 Copyright © FulcrumWay
Engagement Details With RCM Report Analytics and Reports
www.fulcrumway.com Page 38 Copyright © FulcrumWay
All Audits Scheduled by Internal Audits Analytics and Reports
www.fulcrumway.com Page 39 Copyright © FulcrumWay
Determine The Allocation of Hours in Each Engagement Analytics and Reports
www.fulcrumway.com Page 40 Copyright © FulcrumWay
Determine the Allocation of Cost in Audit Engagement Analytics and Reports
www.fulcrumway.com Page 41 Copyright © FulcrumWay
Determine Total Audit Resource (Hours) By Month Analytics and Reports
www.fulcrumway.com Page 42 Copyright © FulcrumWay
Determine Total Audit Resource Cost By Month Analytics and Reports
www.fulcrumway.com Page 43 Copyright © FulcrumWay
Resource Management/Alerts
Alert based on Client defined threshold of >90%= over
utilized
Analytics and Reports
www.fulcrumway.com Page 44 Copyright © FulcrumWay
Questions, Benefits, Costs Next Steps