risk cloud (grc) product strategy (gen7982) update# 1
TRANSCRIPT
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Oracle Risk Management (GRC) Product Strategy Update GEN7982
Sid Sinha Oracle Application Development Oct 27, 2015
Presented with
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
2
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Agenda
Oracle GRC Product Strategy Update
Case Study: Skechers
Case Study: Harvard Pilgrim HealthCare
KPMG Best Practice Update
Wrap-up
1
2
3
4
5
3
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Oracle Risk Management Product Strategy
Oracle Confidential – Internal/Restricted/Highly Restricted
Digitize Best Practices across the
Extended Enterprise and
Predict Risk using
Data Analysis
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential –
Challenges
6
Risk managers and auditors are unable to spend time on the most important business risks that destroy market value
01
Idea Watch: Harvard Business Review July–August 2015
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential – 7
Missed Opportunity
Strategic
Legal & Compliance
Operational Risks
Financial Reporting Risks
6% 13%
42%
39% 3%
86%
9% 2%
Time Spent $ Loss in Shareholder Value % of Risk Failure leading to a 40+%
drop in Market Capitalization CEB - Executive Guidance - Reducing Risk Management’s Organizational Drag - 2014
risk managers and auditors spend more than half their time on financial reporting, legal, and compliance risks, even though the vast majority of big losses in market value occur because of mismanaged strategic risks “
“
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential –
Challenges
8
Risk teams want to increase their use of data analytics to detect issues early and generate new value
CEB - State of the Internal Audit Function- 2014
CEB - State of the Internal Audit Function- 2014
02
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential –
Challenges
9
“91% plan to reorganize or reprioritize risk management in the next three years”
03
Idea Watch: Harvard Business Review July–August 2015
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential –
Strategic
Legal & Compliance
Operational Risks
Financial Reporting Risks
6%
13%
42%
39%
Time Spent
Reduce Time & Effort • More Process Automation • More Data Analytics • Better Communication
Eliminate Preventable Risks
Focus on Strategic Risks
Enable Business with Risk
Intelligence
Making Risk Management Mission Critical
10
Internal Audit, Compliance, Quality, IT Security & Safety
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential –
MANUAL 70% of Risk Professionals use out dated technology like spreadsheets, emails,
custom apps 1
SILOED Business partners are required to complete multiple, overlapping
assessments, questionnaires and
surveys2
NARROW Risk and Audit teams fail to measure and communicate
value creation KPI that engage LOB partners in a
dialog3
Manual data intensive and coordination tasks consume
valuable FTE capacity
Check the box mentality undermines risk management
Process improvements, finding and fixing high risk control
failures
1 OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org HOW ORGANIZATIONS APPROACH AND ADAPT THEIR TECHNOLOGY STRATEGY FOR GRC 2 CEB - Executive Guidance - Reducing Risk Management’s Organizational Drag - 2014 3 CEB - State of the Internal Audit Function- 2014
Risk Execution Pain Points
11
Internal Audit, Compliance, Quality, IT Security & Safety
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential –
1
2
3
Dashboards, Reports and Alerts
Notifications Worklists Email Perspectives Search
Risk, Controls & Compliance Management
Reviews Documentation Assessments Remediation Surveys
Continuous Controls & Risk Monitoring
Setups Access Master Data Audit Tests Transactions
Engage business partners with actionable risk intelligence that amplifies value creation KPIs
Streamline risk processes to promote collaboration, transparency and accountability
Early detection of potential issues through automated data collection and analysis
Oracle’s Product Strategy
12
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential –
Announcing New ERP Cloud Services
13
Risk Management
Advanced Financial Controls Cloud
(coming soon)
Financial Reporting Compliance Cloud
(R10)
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential
Oracle Risk Management Cloud
14
Data-driven, Integrated & Collaborative
Digitize Internal Processes to certify financial results 01
Streamline Collaboration with External Auditors 02
Automate Data Analysis to Prevent High-Risk Transactions 03
Rapid Deployment with Best Practice Controls 04
Integrated with Oracle Cloud for a Unified Experience 05
Highlights
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential –
Oracle Risk Management
Cloud
CFO (Houston)
VP Finance (Dallas)
VP Audit (Dallas)
AP Control Owner (Ireland)
AR Control Owner (Ireland)
IT Control Owner (Philipines)
01 Digitize Internal Processes
15
Review and Fix Issues
Complete Assessments
Certify Controls
Update Documentation
Risk Based Scoping of Controls
Enforce Manual Controls
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential –
Oracle Risk Management Cloud
Audit Partner (Austin)
Engagement Mgr. (Houston)
Senior Auditor (Seattle)
Senior Auditor (San Diego)
IT Analysts (Philippines)
SOD Analysts (Philippines)
02 Collaborate with External Auditors
16
Issues, Comment and Requests
Review Internal Audit Work
Partner Sign-offs
Review Controls Matrix, Select Key Controls
Complete Design Assessments
Operating Effectiveness Assessment
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential –
Oracle Risk Management Cloud
17
Oracle Risk Management Cloud Outside Legal Counsel
Review Documentation and Filings
LOB Executives KPIs and Issues
Risk Managers Access to Internal Audit Consultants
Manage Overall Process
Control Owners Assessments
Vendors Statement Audits Compliance Surveys
External Audit Review Work Competed Complete Assessments
Internal Users External Users
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential – 18
Millions of Transactions
Enterprise Data Graph
GR
C O
nto
logy B
ased Po
licy Engin
e
Seman
tic Reaso
nin
g Pattern
Reaso
nin
g
Engine
Transitive
Reflexive
Range
Set Ops
Benford
X-Correlation
Grap
hical A
uth
orin
g Wo
rkben
ch
Library o
f User D
efined
Co
ntro
ls
Incidents
SELF-LEARNING FEEDBACK LOOP
03 Automate Analysis to Prevent High-Risk Transactions
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential – 19
Payables Invoice Details Supplier Site Location Payables Invoice Batches AP Payment Payables Payment Schedule Payables Payment Term Supplier Payables Standard Invoice External Bank Account Payment Instruments Purchase Order Operating Unit Expense Items Expense Mileage Policy Expense Report Attendees Expense Report Information Expense Entertainment Policy Expense Miscellaneous Policy
Pareto Pattern (80-20 Rule) Identify top 20% of Suppliers that send 80% of duplicate invoices by amount value
Absolute Deviation Pattern Identify Invoices that are in the top 10% in price deviation from the average price
Anomaly Detection Pattern Identify T&E reports where the hotel per day charges are much higher (normal distribution) than all the other T&E reports
Clustering Pattern Identify the groups of vendors based on uncollected vendor balances
Business Objects Algorithms
Identify purchase orders that have been back-dated
Identify unusual invoices based on amount and supplier
Identify multiple invoices with 'one-time use' suppliers
Identify invoices from new or inactive suppliers
Identify Invoices from suppliers that are on watchlist
Identify active Employees who submit Expense Report Lines that appear to be duplicate reimbursements
Examples - Ready-made Controls • Identify and track the following exceptions to closure
• Provide audit assurance
Identify Employees who have personal credit card transactions claimed as cash on their expense report.
Identify duplicate Meal expenses submitted by different employees using a similar attendee list.
Identify Employees who submit split expenses for a large event on their expense report.
1,383 Data Elements available for Control Analysis
04 Rapid Deployment with Ready-Made Controls
SCM Cloud Planning & Collaboration* Manufacturing* Order
Management Inventory & Logistics
Marketing Configure, Price & Quote
Commerce Sales Service Social CX Cloud
Financial Consolidation & Close*
Account Reconciliation*
ERP Cloud
Work Life
Global HR
Talent Management
Workforce Rewards
Workforce Management HCM Cloud
Data Cloud
Apps Marketplace
PLM Procurement
DaaS for Marketing DaaS for Sales DaaS for Customer
Intelligence
* Coming Soon
EPM Cloud Enterprise Planning
Financial Reporting
Risk Management
Financials Project Portfolio Management Procurement
05 Core Part of Oracle Cloud
Procurement
Risk Management
Financials
Project Portfolio Management
• Core Part of SaaS Platform • Common Service Provisioning • Common User Experience
• Common Role, User and Security • Common Business Intelligence • Common Extensibility framework
05 Core Part of Oracle ERP Cloud
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential –
Update Documentation Import Spreadsheets Update Process, Control & Risks Test Plans, Review, Approvals
Automate Assessments Select Controls based on Risk Conduct Surveys Design, Operating & Audit
Resolve Issues Set Priority and Due Dates Remediation Plans Notifications
Manage Incidents Assign Owners, Attach evidence
Remembers decisions for next control run (self-learning)
Graphical Authoring User Defined Controls
Eliminate False Positives Uncover Data Patterns
Detect Suspicious Transactions Pre-built Library of Controls
1350 Data Elements P2P & Expense Controls
22
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential
Elite panel of judges (NASA CIO, FCC CIO, Army CIO and others) have selected PA Treasury IT project as one of
the top 10 public sector projects of the nation
Pennsylvania Treasury GRC Project Wins Multiple Awards
23
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential –
Oracle GRC Wins Ventana Technology Innovation Award!
24
“Oracle’s GRC solution provides a unique approach to the problem of risk management by automating risk controls which are embedded into critical business
processes; applying leading edge technologies to solve complex risk challenges.”
- Mark Smith, CEO of Ventana Research
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Case Studies and Speakers at OpenWorld 2015
Oracle Confidential – Internal/Restricted/Highly Restricted 25
_________________
Source-to-Settle
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 26
Follow Us & join the conversation .
Oracle GRC Advanced Controls Group _______________________________________________________________
OracleAdvControls @OracleAdvCntrls
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Risk Management Cloud Resources
27
cloud.oracle.com
Release 10 Readiness
Documentation
Customer Connect
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
28