Download - NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010
![Page 1: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/1.jpg)
<Insert Picture Here>
NASACTGrants Management: Are States Ready to Manage More Federal Grant Funds?
March 2, 2010
![Page 2: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/2.jpg)
Agenda
• Oracle: Did you know?
• What is “G-R-C”?
• GRC Offering
• Benefits
• Key Take-Aways
![Page 3: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/3.jpg)
Oracle
![Page 4: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/4.jpg)
Did you know?
• #1 in North America• #1 in HR• #1 in Public Sector Globally• Project “Oracle”, 1977• Longest running relationship with government of any software
vendor
Scale
• $22.4 in revenue for FY 08• 320,000 customers in 145 countries• 92,000 employees (1 in 3 joined from acquisitions)
Innovation and Investment
• Over 3,000 products with over 2,000 patents
• $3b R&D• 20,000+ developers, running over
300,000 test scripts nightly• 6,500 customer-driven
enhancements yearly• 1 million students supported• 7,500 customer support specialists
speaking 27 languages• 20,000+ implementation
consultants
![Page 5: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/5.jpg)
What is “G-R-C”?
![Page 6: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/6.jpg)
Creating Public TrustGRC in the Public Sector
IntegrityIntegrity
GovernanceGovernance
Risk
Risk
Com
plia
nce
Com
plia
nce
Governance + Risk Management + Compliance = Integrityequates to
Structures + Threat Mitigation + Proofing = Public Trust
![Page 7: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/7.jpg)
Motivation
Rationalization Opportunity
Fraud Triangle Reducing Fraud in Government
• As much as 7% of annual budget*
•That is $70m per billion of budget
Pednault, S. (2009). Fraud 101: Techniques and Strategies for Understanding Fraud, 3rd ed. Hoboken, NJ: John Wiley & Sons, p. xi.
• Need to break one leg of the triangle
• Motivation and Opportunity easiest to address
• Rationalization may be impossible to manage
FRAUD
Human Perform
ance Improvement
Kohlberg Moral S
tagesGRC
![Page 8: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/8.jpg)
Risk-Controls Relationships
Correct Outcome
Correct Outcome
Risk
Controls
No
Yes
NoYes
Possible Loss
Possible Waste
![Page 9: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/9.jpg)
Oracle’s GRC Offering
![Page 10: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/10.jpg)
10
GRC Controls Management
Access Controls
Configuration Controls
Transaction Controls
GRC Manager
Risks AssessmentsIssuesProcesses
PoliciesProcedures Remediation
GRC Intelligence
ReportsDashboards Alerts
Key Risk & Control Indicators
Applications
Infrastructure
Finan
cial
Com
pliance
IT G
overn
ance
Regula
tory
Polic
y M
gmt
Info
rmat
ion P
rivac
y
Enviro
nmenta
l
Product
Qual
ity &
Saf
ety
Global
Tra
de Mgm
t
Finan
cial
Ser
vice
s
GRC Intelligence “If only we had a dash board that could
highlight real time application access and / or transactional risk…”
• Pre-built role-based Dashboards & KPI's
• Tailored diagnostics for all GRC initiatives
• Processes / Controls
• Documents
• Certification
• Assessments & Test Results
• Single source of GRC information across orgs and locations
Oracle GRC Applications Suite Benefits
GRC Manager
Risks Assessments IssuesProcesses
PoliciesProcedures Remediation
Customers
Suppliers
Sales
Legal
HR
Finance
Customers
Suppliers
Sales
Legal
CustomersCustomers
SuppliersSuppliers
SalesSales
LegalLegal
HRHR
FinanceFinance
Preventive Controls
![Page 11: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/11.jpg)
![Page 12: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/12.jpg)
![Page 13: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/13.jpg)
13
GRC Manager
Risks AssessmentsIssuesProcesses
PoliciesProcedures Remediation
GRC Intelligence
ReportsDashboards Alerts
Key Risk & Control Indicators
Finan
cial
Com
pliance
IT G
overn
ance
Regula
tory
Polic
y M
gmt
Info
rmat
ion P
rivac
y
Enviro
nmenta
l
Product
Qual
ity &
Saf
ety
Global
Tra
de Mgm
t
Finan
cial
Ser
vice
s
Oracle GRC Applications Suite Benefits
GRC Manager
RisRisks Assessments IssuesProcesses
PoliciesProcedures Remediation
Customers
Suppliers
Sales
Legal
HR
Finance
Customers
Suppliers
Sales
Legal
CustomersCustomers
SuppliersSuppliers
SalesSales
LegalLegal
HRHR
FinanceFinance
GRC Manager “We can’t manage nor have the visibility of all
the GRC initiatives across the enterprise….
• End-to-End GRC business process
• Reduce cost and complexity by managing multiple global mandates with one system
• Rely on tamper proof chain of evidence for all financial compliance processes
• Align policies and processes with best practice risk and control frameworks
GRC Controls Management
Access Controls
Configuration Controls
Transaction Controls
Applications
Infrastructure
Preventive Controls
![Page 14: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/14.jpg)
Multiple hierarchies exist to represent frameworks, business models and financial structures.
![Page 15: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/15.jpg)
Relationships are managed from the hierarchy down to the objectives, risks and controls in a many to many structure.
![Page 16: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/16.jpg)
Oracle GRC workflow automatically generates emails to compliance staff of action items.
These emails link the user directly back to Oracle GRC Manager with a single mouse click.
![Page 17: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/17.jpg)
Easy to Use testing screens allow conclusions and supporting comments.
![Page 18: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/18.jpg)
TrackIssues until they are closed with immediate access to who is currently tasked and how long they have been working on it.
![Page 19: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/19.jpg)
19
GRC Manager
Risks AssessmentsIssuesProcesses
PoliciesProcedures Remediation
GRC Intelligence
ReportsDashboards Alerts
Key Risk & Control Indicators
Finan
cial
Com
pliance
IT G
overn
ance
Regula
tory
Polic
y M
gmt
Info
rmat
ion P
rivac
y
Enviro
nmenta
l
Product
Qual
ity &
Saf
ety
Global
Tra
de Mgm
t
Finan
cial
Ser
vice
s
Access Controls “The SOD process is very manually intensive
and only covers a fraction of the application landscape”
• Best practice SOD Library
• Cross Application SOD Enablement
• Real-time Simulation & Remediation
• Preventive User Provisioning
• Library of prepackaged reports
• Accelerates role design and implementation
Oracle GRC Applications Suite Benefits
GRC Manager
Risks Assessments IssuesProcesses
PoliciesProcedures Remediation
Customers
Suppliers
Sales
Legal
HR
Finance
Customers
Suppliers
Sales
Legal
CustomersCustomers
SuppliersSuppliers
SalesSales
LegalLegal
HRHR
FinanceFinance
GRC Controls Management
Access Controls
Configuration Controls
Transaction Controls
Applications
Infrastructure
Preventive Controls
![Page 20: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/20.jpg)
20
GRC Manager
Risks AssessmentsIssuesProcesses
PoliciesProcedures Remediation
GRC Intelligence
ReportsDashboards Alerts
Key Risk & Control Indicators
Finan
cial
Com
pliance
IT G
overn
ance
Regula
tory
Polic
y M
gmt
Info
rmat
ion P
rivac
y
Enviro
nmenta
l
Product
Qual
ity &
Saf
ety
Global
Tra
de Mgm
t
Finan
cial
Ser
vice
s
Configuration Controls “If only we had a dash board that could
highlight real time application access and / or transactional risk…”
• Ease of deploying change management controls
• Enable risk management controls by enforcing policy procedures within the application
• Increase confidence in the management of data integrity.
• Repository of audit trails in change management reports
• Increase business confidence in efficiency and data integrity of the system.
Oracle GRC Applications Suite Benefits
GRC Manager
Risks IAssessments Issuesssues
Processes
PoliciesProcedures Remediation
Customers
Suppliers
Sales
Legal
HR
Finance
Customers
Suppliers
Sales
Legal
CustomersCustomers
SuppliersSuppliers
SalesSales
LegalLegal
HRHR
FinanceFinance
GRC Controls ManagementAccess Controls
Configuration Controls
Transaction Controls
Applications
Infrastructure
Preventive Controls
![Page 21: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/21.jpg)
21
GRC Manager
Risks AssessmentsIssuesProcesses
PoliciesProcedures Remediation
GRC Intelligence
ReportsDashboards Alerts
Key Risk & Control Indicators
Finan
cial
Com
pliance
IT G
overn
ance
Regula
tory
Polic
y M
gmt
Info
rmat
ion P
rivac
y
Enviro
nmenta
l
Product
Qual
ity &
Saf
ety
Global
Tra
de Mgm
t
Finan
cial
Ser
vice
s
Transaction Controls “We currently manage this on an ad-hoc basis
that is manual and often error prone”
• Easy to use interface to manage threshold values and generate parameterized reports across multiple applications
• Readily available audit reports of suspicious activities
• Workflow enabled process to distribute suspicious activities to key personnel for action / remediation
Oracle GRC Applications Suite Benefits
GRC Manager
Risks Assessments IssuesProcesses
PoliciesProcedures Remediation
Customers
Suppliers
Sales
Legal
HR
Finance
Customers
Suppliers
Sales
Legal
CustomersCustomers
SuppliersSuppliers
SalesSales
LegalLegal
HRHR
FinanceFinance
GRC Controls Management
Access Controls
Configuration Controls
Transaction Controls
Applications
Infrastructure
Preventive Controls
![Page 22: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/22.jpg)
22
GRC Manager
Risks AssessmentsIssuesProcesses
PoliciesProcedures Remediation
GRC Intelligence
ReportsDashboards Alerts
Key Risk & Control Indicators
Finan
cial
Com
pliance
IT G
overn
ance
Regula
tory
Polic
y M
gmt
Info
rmat
ion P
rivac
y
Enviro
nmenta
l
Product
Qual
ity &
Saf
ety
Global
Tra
de Mgm
t
Finan
cial
Ser
vice
s
Preventive Controls “We need to move from manual controls to
automated controls…”
• Automate & Streamline manual controls to become part of the transactional process
• Enforce and report data security and valid change management
• Audit
• Audit & Workflow Notifications
• Audit & Workflow Approvals
Oracle GRC Applications Suite Benefits
GRC Manager
Risks Assessments IssuesProcesses
PoliciesProcedures Remediation
Customers
Suppliers
Sales
Legal
HR
Finance
Customers
Suppliers
Sales
Legal
CustomersCustomers
SuppliersSuppliers
SalesSales
LegalLegal
HRHR
FinanceFinance
GRC Controls Management
Configuration Controls
Transaction Controls
Applications
Infrastructure
Preventive Controls
Access Controls
![Page 23: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/23.jpg)
Oracle GRC Benefits
![Page 24: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/24.jpg)
24
5 Key Areas Where GRC Can Reduce Risks and Costs
Activity Benefits Value Impact
SOD Analysis
Automated Preventive Controls
Configuration & Change Management
Transaction Monitoring
Governance & Compliance Visibility
• Industry proven, best practices policies• Library of prepackaged reports• Accelerates role design and implementation• Run test cases and what-if analysis
• Enforce preventive controls for data integrity and access security• Ease of creating workflow processes for Approval and notification• Library of best practices prepackaged controls
• Ease of deploying change management controls
• Enforce policy procedures within the application
• Increase confidence of data integrity
• Manage & report suspect records
across multiple applications • Readily available audit reports • Automated distribution of suspect records for review & remediation
• Capture internal and external perform-ance metrics quickly & accurately
• Fact-based continuous improvement
20-35% reductionin cost of on-going SOD auditing and monitoring
15-25% reduction in cost for IT to create and implement automated controls
20-30% reduction inaudit and compliance testing cost related to configuration change management
20% reduction inaudit and compliance costs related to investigation of transactions and fraud controls
10-40% reduction in costs of proving risk and compliance effectiveness across the enterprise
SOD = Segregation of Duties
![Page 25: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/25.jpg)
Cost Benefit AnalysisRelative Impacts
Audit cost savings
Fraud Prevention
Mission Enhancement
![Page 26: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/26.jpg)
Key Take-aways
![Page 27: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/27.jpg)
Key Take-aways
GRC Suite:• Demonstrates accountability
• Increases public trust
• Lowers costs of audits
• Provides integrity
• Prevents waste, fraud, and abuse
How?• Library of prepackaged controls based on best practices
• Single source of truth for all documentation that will be audited
• Flexible reporting tool that can generate dashboards, alerts, and printed reports
![Page 28: NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010](https://reader035.vdocuments.site/reader035/viewer/2022081602/5514da56550346b0338b5542/html5/thumbnails/28.jpg)
Contact Information
Cindy Schwimer
Executive Director, Public Sector Solutions
Voice: 703-364-3104
Adam Schwartz
GRC Specialist
Voice: 860-817-9403