Financial Audit Scoping Tool Blueprint for Oracle GRC Audit Scoping Tool Blueprint for Oracle GRC Applications ... Audit Scoping Accounts-Based Audit Scoping ... Financial Audit Scoping Tool

Download Financial Audit Scoping Tool Blueprint for Oracle GRC   Audit Scoping Tool Blueprint for Oracle GRC Applications ... Audit Scoping Accounts-Based Audit Scoping ... Financial Audit Scoping Tool

Post on 08-Apr-2018

218 views

Category:

Documents

6 download

Embed Size (px)

TRANSCRIPT

<ul><li><p>Financial Audit Scoping Tool </p><p>Blueprint for Oracle GRC Applications</p><p>Implement Audit Standard 5 (AS5) scoping to streamline financial</p><p>reporting compliance</p></li><li><p> Financial Audit Scoping Tool Blueprint Overview</p><p> Business Challenges</p><p> Solution Details</p><p> Challenges, Capabilities &amp; Benefits</p><p> Process Flows</p><p> Capabilities Details</p><p> Related Requirements Coverage</p><p> Oracle Blueprints for Oracle GRC Applications</p><p>Financial Audit Scoping ToolAgenda</p></li><li><p>Blueprint purpose: Integrate Oracle Enterprise GRC Manager with Hyperion Financial </p><p>Management to allow auditors and managers to evaluate business </p><p>process risk based on its impact on financial balances</p><p> Blueprint benefit: Helps customers implement Audit Standard 5 (AS5) scoping to streamline </p><p>financial reporting compliance</p><p> Reduce external audit fees by providing a methodical, rule-based </p><p>selection criteria that aligns financial audit activities with controls</p><p>Blueprint items: Auditor Workbench with robust, integrated controls selection based on </p><p>accounts, organizations, financial balances and risk-based criteria</p><p> Pre-built analytics of in-scope controls for assessments</p><p> Automated creation and initiation of EGRCM Controls Assessments</p><p>Financial Audit Scoping Tool Solution Summary</p></li><li><p> Financial Audit Scoping Tool Blueprint Overview</p><p> Business Challenges</p><p> Solution Details</p><p> Challenges, Capabilities &amp; Benefits</p><p> Process Flows</p><p> Capabilities Details</p><p> Related Requirements Coverage</p><p> Oracle Blueprints for Oracle GRC Applications</p><p>Financial Audit Scoping ToolAgenda</p></li><li><p>SEC fact: </p><p>Auditing Standard No. 5 (AS5) directs auditors to focus on those areas that present the </p><p>highest risk, such as the financial statement close process and controls designed to prevent </p><p>fraud by management.Source: SEC Approves PCAOB Auditing Standard No. 5, July 2007 </p><p>Percentage of Internal Control </p><p>Weaknesses by Category</p><p>Personnel </p><p>Issues</p><p>17%</p><p>Financial </p><p>Close and </p><p>Controls</p><p>37%</p><p>Significant </p><p>Account </p><p>Level</p><p>40%</p><p>Other </p><p>6%</p><p>Source: Market Reactions to the Disclosure of Internal Control Weaknesses and to the </p><p>Characteristics of those Weaknesses Under Section 302 o the Sarbanes Oxley Act Of 2002, </p><p>July 2007</p><p>Financial Audit Scoping Tool CFOs struggle to improve governance of their financial processes</p></li><li><p>Financial Audit Scoping ToolFrequency and Complexity of Transaction</p></li><li><p> Top-Down, Risk-Based Approach for Identifying Significant </p><p>Accounts and Key Controls to Audit</p><p> Focuses Testing on Risk Exposure rather than Coverage</p><p> Reduces Control Testing Audit Costs</p><p> Fine Tunes the Definitions of Material Weakness and </p><p>Significant Deficiency</p><p> Guidance is Designed to Facilitate more Efficient External </p><p>Auditing including</p><p> Scaling of the Audit for the Size and Complexity of the </p><p>Company</p><p> Removes Requirements to Evaluate Managements Process</p><p>7</p><p>Financial Audit Scoping ToolBest Practices to Reduce Level of Effort</p></li><li><p> Financial Audit Scoping Tool Blueprint Overview</p><p> Business Challenges</p><p> Solution Details</p><p> Challenges, Capabilities &amp; Benefits</p><p> Process Flows</p><p> Capabilities Details</p><p> Related Requirements Coverage</p><p> Oracle Blueprints for Oracle GRC Applications</p><p>Financial Audit Scoping ToolAgenda</p></li><li><p>Financial Audit Scoping Tool GRC Fundamental to Financial Close</p><p>Ledger </p><p>Close</p><p>Data </p><p>AssuranceConsolidation</p><p>Internal </p><p>Managemen</p><p>t Reporting</p><p>External </p><p>Financial </p><p>Reporting</p><p>Filing</p><p>Documentatio</p><p>nFinancial Processes, Risks &amp; Controls</p><p>Assessment Control Effectiveness Orchestration Misstatement Risk Modeling</p><p>TestingProcess-Based </p><p>Audit Scoping</p><p>Accounts-Based </p><p>Audit Scoping</p><p>Risk-Based </p><p>Audit Scoping</p><p>Investigation Suspicious Financial Transaction Analysis &amp; Monitoring</p><p>Remediation Risk Mitigation Planning, Tracking and Evidencing</p><p>Certification Internal Controls over Financial Reporting 302 Certification</p><p>Close </p><p>Compliance</p></li><li><p>Key Capabilities:</p><p>A unified workbench that brings HFM and EGRCM data together </p><p>into a single workspace </p><p>Consolidated significant accounts in HFM that are mapped to </p><p>controls in EGRCM are readily identified, as well as associated risks </p><p>Controls that are identified as in-scope are easily assigned to </p><p>testers in an assessment plan </p><p>Executive dashboards with the financial coverage of the </p><p>assessment plan, as well as the type and nature of the controls that </p><p>are in scope </p><p>EGRCM Capabilities:</p><p> EGRCM enables customers to manage GRC-related business </p><p>processes across the enterprise and HFM enables customers to </p><p>centralize financial reporting and enterprise consolidations. </p><p>Financial Audit Scoping Tool Solution Details</p></li><li><p>11</p><p>Customer Challenge Solution Benefit</p><p>Reducing the cost of controls </p><p>assessments</p><p>FAST integrates with the EGRCM controls component. Using FAST auditors can </p><p>easily perform a top-down approach to deciding which controls should be in-</p><p>scope for any given assessment</p><p>Integrating Financial close data with </p><p>Controls data</p><p>FAST integrates with Hyperion Financial Management. It includes a interactive </p><p>workbench that shows users how many controls are associated with monitored </p><p>reported financial amounts, thereby easily identify controls for significantly large </p><p>accounts</p><p>Understanding whether the in-scope </p><p>controls as mitigating the most relevant </p><p>risks</p><p>FAST integrates with the EGCRM risk component. Evaluating controls by their </p><p>related risks helps the auditor understand managements evaluation of the </p><p>significance of any given risk and the likelihood and impact of any given risk. </p><p>Designing a controls assessment that </p><p>is repeatable and applies consistent </p><p>decision criteria</p><p>FAST enables an iterative controls scoping processes based on multiple </p><p>criteria. Once satisfied with the composition of the controls assessment, the in-</p><p>scope controls and can export, reloaded and modified for the next audit cycle. </p><p>Designing a controls assessment that is </p><p>composed of a certain controls </p><p>properties such as costs, control </p><p>methods and control types</p><p>FAST includes tables and graphical analysis that intuitively displays the </p><p>composition of the in-scope controls to achieve the proper coverage, cost and </p><p>make up of key controls, automated and manual controls and detective and </p><p>preventive controls</p><p>Automatically produce a controls </p><p>assessment plan based on an </p><p>iterative, robust selection criteria</p><p>FAST will programmatically setup a Controls Assessment plan that includes </p><p>multiple assessment activities, controls and steps that are managed and </p><p>monitored to completion in EGRCM.</p><p>Financial Audit Scoping ToolCustomer Challenges &amp; Benefits Summary</p></li><li><p>12</p><p>Financial Audit Scoping ToolCapability Summary</p><p>Solution Capability Value Driver Stakeholder</p><p>Integrates with Hyperion </p><p>Financial Management</p><p> Identify controls by Significant Accounts</p><p> Incorporates financial account balances and </p><p>organizational structure</p><p> Internal Audit Manager</p><p> SOX Program Office (PMO)</p><p> Financial Consolidations Manager</p><p> Financial IT Admin</p><p>Integrates with Enterprise </p><p>GRC Manager</p><p> Captures Exec Mgt as well as Line of Business </p><p>and Audits evaluation of risk, the level or risk.</p><p> Identify controls by multiple perspectives and </p><p>business processes</p><p> Internal Audit Manager</p><p> SOX PMO</p><p> IT Admin</p><p>Single workbench view of </p><p>Financial, Risk and Controls </p><p>data and information</p><p> Ease of use </p><p> 360-view across Functional Areas</p><p> 360-view across Business Processes</p><p> Internal Audit Manager</p><p> SOX PMO</p><p> IT Admin</p><p>Iteratively controls scoping </p><p>and filtering</p><p> Rules-based criteria when selecting in-scope </p><p>controls</p><p> Visibility and insight into controls coverage</p><p> Internal Audit Manager</p><p> SOX PMO</p><p> IT Admin</p><p>Automatic generation of </p><p>EGRCM Controls </p><p>Assessment Plans</p><p> Increased effectiveness of controls assessment </p><p>by focusing on the right controls</p><p> Closed-loop, top-down assessment process</p><p> Executive Management</p><p> Line of Business Manager</p><p> Internal Audit / SOX PMO</p></li><li><p> 1 - Assessment Template</p><p> 4 - Template Activities</p><p> 2 - Delegation Models</p><p> 1 - Object Class</p><p> 1 - UDTs</p><p> 6 - Hyperion Perspective Items</p><p> 2 - Perspective Trees</p><p> 6 Preconfigured Charts</p><p>EGRCMAdministrator</p><p>EGRCM Risk</p><p>Manager</p><p>EGRCM Risk</p><p>Manager</p><p>EGRCMRisk</p><p>Analyst</p><p>Setup HFM Connection</p><p>Create POV Validate HFM data</p><p>Query controls using FASTworkbench</p><p>Validate Coverage Create Assessment</p><p>Complete AssessmentTasks</p><p>EGRCMRisk</p><p>ManagerReport on Compliance</p><p>Tie controls to HFMperspectives</p><p>Financial Audit Scoping Tool Business Process</p></li><li><p>Assess multiple risk types across lines of business</p><p>Leverage flexible quantitative and qualitative analysis models</p><p>Monitor risks to key objectives and performance indicators</p><p>Manage incidents and track losses and recoveries</p><p>Risk Management Process</p><p>Assess multiple risk classes and monitor overall risk health</p><p>Analyze</p><p>Risks</p><p>Monitor Key</p><p>Indicators</p><p>Establish</p><p>Context</p><p>Evaluate</p><p>SignificanceTreat Risks</p><p>Financial Audit Scoping ToolEstablish a systematic process for risk management</p></li><li><p>Account Dim</p><p>Entity Dim</p><p>Fin Balances</p><p>Period</p><p>Scenario</p><p>View</p><p>Hyperion </p><p>Financial </p><p>Management</p><p>Enterprise </p><p>GRC Manager</p><p>Account Map</p><p>Org. Map</p><p>Bus Process</p><p>Risk</p><p>Control</p><p>Assessment</p><p>RiskRisk--basedbased</p><p>Controls Controls </p><p>AssessmentsAssessments</p><p>Financial Audit Scoping Tool Key Mapped Dimensions</p></li><li><p>Out of Box -</p><p>Financial Audit Scoping Tool Blueprint Requirements Coverage</p><p>Not Out of Box -</p><p>Supports Audit Standard 5 guidance for top-down controls </p><p>assessment</p><p>Controls scoping by Financial Account, significant account</p><p>Controls scoping by Risk level, including likelihood and impact</p><p>Controls scoping by Risk evaluation, including risk tolerance and </p><p>rating</p><p>Controls scoping by organization, management and legal entity rollup</p><p>Control scoping by Financial Balance thresholds, percent of total</p><p>Iterative selection of controls</p><p>Ad-hoc selection of controls</p><p>Ability to save in-scope selection</p><p>Ability to apply last assessment scope and modify as needed</p><p>Graphical, analytical view of controls coverage and composition of in-</p><p>scope controls</p><p>Filter controls explicitly by Business Process</p><p>Support for all EGRCM Information Models</p><p>Support for other Assessment types (e.g., Risk Assessment)</p><p>Support for any data source, General Ledger</p></li><li><p> Financial Audit Scoping Tool Blueprint Overview</p><p> Business Challenges</p><p> Solution Details</p><p> Challenges, Capabilities &amp; Benefits</p><p> Process Flows</p><p> Capabilities Details</p><p> Related Requirements Coverage</p><p> Oracle Blueprints for Oracle GRC Applications</p><p>Financial Audit Scoping ToolAgenda</p></li><li><p>Best Practices</p><p>Standardized techniques, methods, &amp; processes, based on </p><p>business practice analysis across multiple organizations.Example: Centralized Health &amp; Safety Incident Management</p><p>Content</p><p>Pre-defined modules, policies, reports, models, attributes, </p><p>lookups, semantic business objects, physical mappings.Example: Pre-built policies to detect SOD-related fraud in Hyperion Financial </p><p>Mgmt</p><p>Integrations</p><p>Out-of-the-box interoperability with critical business systems </p><p>delivering best practices across entire business process.Example: Connector to Hyperion FM for accounts-based controls assessment </p><p>scoping</p><p>Financial Audit Scoping Tool What are Blueprints?</p></li><li><p>Blueprints leverage the Oracle </p><p>GRC Platform Configurability and </p><p>Extensibility Framework</p><p>Health, Safety and </p><p>Environment</p><p>HSE Blueprint includes:</p><p> 15 pre-defined Types</p><p> 25 pre-defined Classes</p><p> 5 pre-defined Perspectives</p><p> 153 pre-defined Attributes</p><p> 18 pre-defined Lookup Values</p><p> 20 pre-defined Graphs</p><p> 4 pre-defined Risk Context Models</p><p> 13 pre-defined Survey Questions1</p><p> Standalone ADF-based configurable </p><p>incident capture page</p><p>Enterprise GRC PlatformEnterprise GRC Platform</p><p>GRCIGRCI</p><p>GRCMGRCM</p><p>GRCC-AGRCC-A</p><p>GRCC-CGRCC-C</p><p>GRCC-TGRCC-T</p><p>GRCC-PGRCC-P</p><p>Functional</p><p>Components</p><p>Extensibility </p><p>Framework</p><p>RULESRULES</p><p>PATTERNSPATTERNS</p><p>SDD &amp; SDMSDD &amp; SDM</p><p>MODELSMODELS</p><p>MODULESMODULES</p><p>WEBCATWEBCAT</p><p>11g FMW11g FMW ADF &amp; SOAADF &amp; SOA</p><p>Financial Audit Scoping Tool How do Blueprints fit into the GRC Platform?</p></li><li><p>Freely available</p><p>Free, self-paced training</p><p>Free, community based support</p><p>Free, open &amp; extensible</p><p>Financial Audit Scoping Tool How are Blueprints Different from Products?</p></li><li><p>Oracle</p><p>Partners</p><p>Customers</p><p>Enterprise GRC </p><p>Platform</p><p> Increase ROI with one platform for all GRC Initiatives</p><p> Share new blueprints in an online community</p><p> Collaborate online on extending existing blueprints</p><p>Blueprints</p><p>Financial Audit Scoping Tool Blueprints Ecosystem</p></li></ul>

Recommended

View more >