Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential – Internal/Restricted/Highly Restricted

Oracle Risk Management Getting your business case across the line CON7990

Glen Walton Oracle Application Development Oct 28, 2015

Presented with

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

2

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 3

Today’s Panelists

• Frank Gifford, VP Corporate Finance, Broadridge Financial Solutions

• Calvin Courtland, Senior Director, Internal Audit, Gilead Sciences, Inc.

• Stephen Sullivan, Partner, Audit Assurance, PwC

Oracle Advanced Controls: Vision to Reality

October 2015

Prepared by: Frank Gifford Vice President, Corporate Finance Broadridge Financial Solutions

5 © 2014 | | © 2014

Broadridge technology-driven solutions power the entire investment lifecycle, enabling our clients to successfully manage the massive complexity and operational requirements of today’s capital markets

• Process more than $6 trillion in fixed income and equity trades every day

• Manage board of director elections for virtually every public company in North America

• Provide transparency into the distribution of over 90% of mutual fund and ETF assets

Broadridge is an NYSE-traded company with over five decades of experience and a 98% client retention rate.

6 © 2014 |

Broadridge Overview – Market Position

We are an Industry Leader

• Investment grade, $7 billion market cap, NYSE listed public company

• Five decades of experience supporting the financial services industry

• Over 6,700 employees worldwide

• Relationships with virtually every self-clearing brokerage firm, every mutual fund complex, every public company, and every U.S. investor

We Provide Mission Critical Solutions and Scale

• Our securities technology solutions are used by 8 of the top 10 U.S. broker-dealers

• More than $6 trillion in daily securities settlements including 60% of U.S. fixed-income

• Process equity securities for 6 of the top 10 firms by volume on the NYSE/NASDAQ

• Support more than 30 million customer accounts on our brokerage platforms

• Distribute over 1 billion investor communications annually

Our Offerings are Broad and Flexible

• Solutions ranging from SaaS technology platform to customized BPO supporting process component or complete outsourcing solutions

• Securities processing capabilities in more than 70 markets

• Support sell and buy side markets

7 © 2014 |

General Ledger ISupport

Accounts Receivable Teleservice

Accounts Payable I-Procurement

Fixed Assets I-Expense

Cash Management Advanced Collections

Order Management Service Contracts

Projects

Broadridge

Oracle EBS Footprint Oracle E-Business Suite running Version 12.1.3(upgrade completed November 2013), running the following modules:

Oracle Advanced Controls Preventive Controls Governor and Configuration Controls Governor

8 © 2014 |

My Background Vice President Corporate Finance

• With Broadridge over 3 years • CPA / CISA with controllership and financial services industry background specializing in

process transformation, internal control, risk, regulatory and technology matters • 13 years public accounting experience with Ernst & Young New York Financial Services

Office Current Roles:

• Finance strategic planning on initiatives, projects and system enhancements globally • Project Management oversight for all major financial systems projects as well as business

transformation initiatives across the organization, incorporating business and IT • Lead Global Corporate Sarbanes Oxley, Finance Business Information Security Office

(BISO), FFIEC compliance and Finance Risk Management programs.

Major Oracle Project Implementations • Advanced Controls January 2014-Present • Advanced Collections Strategies April 2014-January 2015 • Project Costing January 2014-January 2015 • R12 Upgrade January 2013- November 2013 • Billing Initiative January 2009-December 2012

9 © 2014 |

Building a Business Case for Advanced Controls

10 © 2014 | 10

Business Challenges • Challenges implementing our Finance strategic initiatives (Finance Transformation) to

centralize, standardize and automate due to limitations with Oracle EBS functionality.

• Typical business response to control issues is reactive leading to manual workarounds. User business process controls tend to be manual and time consuming (performed outside of Oracle EBS).

• Need to implement better governance and proactive monitoring controls as Broadridge expands its Global Shared Services model.

• Difficulty integrating acquisitions onto Oracle EBS platform in a timely manner due to business nuances and time constraints spent testing/ regression testing, patching and implementing custom solutions.

• Need for more Agile deployment of solutions through every module, organization, ledger and form within Oracle

• Reduce audit costs, reduce maintenance costs, increase IT productivity.

• More easily implement automated preventative Anti-fraud controls standardizing business rules while leveraging Oracle EBS functionality.

11 © 2014 | 11

Benefits of Oracle Advanced Controls • As finance’s transformation continues to evolve, provides platform to standardize oversight

and sustainability on process, people and data required for a successful model

• Moves the business thinking and capabilities surrounding control process enhancement from a manual to an automated control effort more fully leveraging native functionality embedded within Oracle EBS suite of modules.

• Toolset to reduce the forms personalization and subsequent CEMLIS with the Oracle Suite, allowing shorter time to production on changes and the ability to redeploy IT resources to more value added initiatives.

• Agile deployment of toolset through every module, organization, ledger and form within Oracle using standard Oracle Functionality

• Protect application data and mitigate risk of sensitive application data changes without appropriate approval and audit trails.

• Reduce audit costs, reduce maintenance costs, increase IT productivity.

• More easily implement automated preventative Anti-fraud controls

12 © 2014 | 12

Advanced Controls Delivers Strong ROI • Expected accelerated payback solely based on IT and business savings devoted to process

optimization and streamlined Oracle workflows without quantification of benefits of reduced risk and improved controls. After being presented a demonstration of the toolset, the IT teams were able to review the list of scoped projects from the business and show where these tools could be leveraged to accelerate the implementation of various technology enhancement requests.

• Savings realized as a result of enhanced fraud mitigation within our disbursements area (cannot be easily quantified though the costs of a fraud committed could potentially be enormous and the organizational impact devastating).

• Realized Organizational savings in reduction of development time and finance resource redeployment as the tool is deployed on other areas of the organization.

• Implementation allows finance organization more control capabilities and flexibility as it

expands its Global Shared Services model.

• In addition to the use cases outlined within the Appendix, due to the fact that the toolset provides a standard framework of configuration and controls, all of the acquisition integration projects has benefitted from the use of Oracle Advanced Controls.

• While the focus of the toolset starts as compliance, the strength of the product allows it to optimize business performance across all areas using Oracle.

13 © 2014 |

Calvin Courtland Senior Director, Internal Audit – Gilead Sciences, Inc.

October 28, 2015

Oracle Open World (CON7990)

Configurations Control Governor - Internal Audit

14 © 2014 |

Background – Calvin Courtland

• Internal Audit, Compliance and Technology

– Financial services, consumer products, internet and biotechnology

– 3+ years at Gilead Internal Audit

– Implemented systematic, audit solutions to improve effectiveness, increase coverage and reduce effort

• Gilead Internal Audit

– Third party, operational, forensics, SOX

– Global coverage

15 © 2014 |

Background – Gilead Sciences

• Overview

– Foster City, CA, founded 1987

– $25B, 2014 revenues

– 7K employees, 44 locations, 34 countries

– Liver, HIV/AIDS, hematology/oncology, inflammatory/respiratory and cardiovascular

• Oracle

– EBS 12.1

– OBIEE 11.1

– GRC (AACG 8.6, CCG 5.5)

– SOA, B2B 11g

16 © 2014 |

Problem > Objective

• SOX – Oracle Application Controls

– Internal/external audit direct assistance

– 55 Oracle configurations tied to SOX key controls

– Configuration evidence/analysis recreated annually

• Oracle CCG

– Baseline SOX Oracle configurations

– Roll-forward baseline annually and supplement with CCG Snapshot/Change Tracker

– Reduce annual audit effort over static configurations

– Focus efforts on analysis over impact from changes

17 © 2014 |

Milestones > Today

• Key Stakeholder: External Audit

– Detailed technical design/mapping SOX > CCG

– Detailed review of UAT results

– Future direct assistance deliverables

• 2015 and Beyond

– Minimal effort, Oracle configuration evidence

– Direct assistance executing as planned

– IT Management began leveraging IA CCG

– IA CCG used in non-SOX, international audits

18 © 2014 |

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 19

Follow Us & join the conversation .

Oracle GRC Advanced Controls Group _______________________________________________________________

OracleAdvControls @OracleAdvCntrls

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 20

Oracle GRC Wins Ventana Technology Innovation Award!

“Oracle’s GRC solution provides a unique approach to the problem of risk management by automating risk controls which are embedded into critical business

processes; applying leading edge technologies to solve complex risk challenges.”

- Mark Smith, CEO of Ventana Research

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Elite panel of judges (NASA CIO, FCC CIO, Army CIO and others) have selected PA Treasury IT project as one of

the top 10 public sector projects of the nation

21

Pennsylvania Treasury GRC Project Wins Multiple Awards

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 22

Case Studies and Speakers at OpenWorld 2015

_________________

Source-to-Settle