financial audit scoping tool blueprint for oracle grc applications · financial audit scoping tool...

<Insert Picture Here>

Financial Audit Scoping Tool

Blueprint for Oracle GRC Applications

Implement Audit Standard 5 (AS5) scoping to streamline financial

reporting compliance

• Financial Audit Scoping Tool Blueprint Overview

• Business Challenges

• Solution Details

• Challenges, Capabilities & Benefits

• Process Flows

• Capabilities Details

• Related Requirements Coverage

• Oracle Blueprints for Oracle GRC Applications

Financial Audit Scoping ToolAgenda

Blueprint purpose:• Integrate Oracle Enterprise GRC Manager with Hyperion Financial

Management to allow auditors and managers to evaluate business

process risk based on its impact on financial balances

• Blueprint benefit:• Helps customers implement Audit Standard 5 (AS5) scoping to streamline

financial reporting compliance

• Reduce external audit fees by providing a methodical, rule-based

selection criteria that aligns financial audit activities with controls

Blueprint items:• Auditor Workbench with robust, integrated controls selection based on

accounts, organizations, financial balances and risk-based criteria

• Pre-built analytics of in-scope controls for assessments

• Automated creation and initiation of EGRCM Controls Assessments

Financial Audit Scoping Tool Solution Summary





• Process Flows





SEC fact:

Auditing Standard No. 5 (AS5) directs auditors to focus on those areas that present the

highest risk, such as the financial statement close process and controls designed to prevent

fraud by management.Source: SEC Approves PCAOB Auditing Standard No. 5, July 2007

Percentage of Internal Control

Weaknesses by Category

Personnel

Issues

17%

Financial

Close and

Controls

37%

Significant

Account

Level

40%

Other

6%

Source: Market Reactions to the Disclosure of Internal Control Weaknesses and to the

Characteristics of those Weaknesses Under Section 302 o the Sarbanes Oxley Act Of 2002,

July 2007

Financial Audit Scoping Tool CFOs struggle to improve governance of their financial processes

Financial Audit Scoping ToolFrequency and Complexity of Transaction

• Top-Down, Risk-Based Approach for Identifying Significant

Accounts and Key Controls to Audit

• Focuses Testing on Risk Exposure rather than Coverage

• Reduces Control Testing Audit Costs

• Fine Tunes the Definitions of Material Weakness and

Significant Deficiency

• Guidance is Designed to Facilitate more Efficient External

Auditing including

• Scaling of the Audit for the Size and Complexity of the

Company

• Removes Requirements to Evaluate Management’s Process

7

Financial Audit Scoping ToolBest Practices to Reduce Level of Effort





• Process Flows





Financial Audit Scoping Tool GRC Fundamental to Financial Close

Ledger

Close

Data

AssuranceConsolidation

Internal

Managemen

t Reporting

External

Financial

Reporting

Filing

Documentatio

nFinancial Processes, Risks & Controls

Assessment Control Effectiveness Orchestration Misstatement Risk Modeling

TestingProcess-Based

Audit Scoping

Accounts-Based

Audit Scoping

Risk-Based

Audit Scoping

Investigation Suspicious Financial Transaction Analysis & Monitoring

Remediation Risk Mitigation Planning, Tracking and Evidencing

Certification Internal Controls over Financial Reporting 302 Certification

Close

Compliance

Key Capabilities:

•A unified workbench that brings HFM and EGRCM data together

into a single workspace

•Consolidated significant accounts in HFM that are mapped to

controls in EGRCM are readily identified, as well as associated risks

•Controls that are identified as in-scope are easily assigned to

testers in an assessment plan

•Executive dashboards with the financial coverage of the

assessment plan, as well as the type and nature of the controls that

are in scope

EGRCM Capabilities:

• EGRCM enables customers to manage GRC-related business

processes across the enterprise and HFM enables customers to

centralize financial reporting and enterprise consolidations.

Financial Audit Scoping Tool Solution Details

11

Customer Challenge Solution Benefit

Reducing the cost of controls

assessments

FAST integrates with the EGRCM controls component. Using FAST auditors can

easily perform a top-down approach to deciding which controls should be in-

scope for any given assessment

Integrating Financial close data with

Controls data

FAST integrates with Hyperion Financial Management. It includes a interactive

workbench that shows users how many controls are associated with monitored

reported financial amounts, thereby easily identify controls for significantly large

accounts

Understanding whether the in-scope

controls as mitigating the most relevant

risks

FAST integrates with the EGCRM risk component. Evaluating controls by their

related risks helps the auditor understand management’s evaluation of the

significance of any given risk and the likelihood and impact of any given risk.

Designing a controls assessment that

is repeatable and applies consistent

decision criteria

FAST enables an iterative controls scoping processes based on multiple

criteria. Once satisfied with the composition of the controls assessment, the in-

scope controls and can export, reloaded and modified for the next audit cycle.

Designing a controls assessment that is

composed of a certain controls

properties such as costs, control

methods and control types

FAST includes tables and graphical analysis that intuitively displays the

composition of the in-scope controls to achieve the proper coverage, cost and

make up of key controls, automated and manual controls and detective and

preventive controls

Automatically produce a controls

assessment plan based on an

iterative, robust selection criteria

FAST will programmatically setup a Controls Assessment plan that includes

multiple assessment activities, controls and steps that are managed and

monitored to completion in EGRCM.

Financial Audit Scoping ToolCustomer Challenges & Benefits Summary

12

Financial Audit Scoping ToolCapability Summary

Solution Capability Value Driver Stakeholder

Integrates with Hyperion

Financial Management

� Identify controls by Significant Accounts

� Incorporates financial account balances and

organizational structure

� Internal Audit Manager

� SOX Program Office (PMO)

� Financial Consolidations Manager

� Financial IT Admin

Integrates with Enterprise

GRC Manager

� Captures Exec Mgt as well as Line of Business

and Audit’s evaluation of risk, the level or risk.

� Identify controls by multiple perspectives and

business processes


� SOX PMO

� IT Admin

Single workbench view of

Financial, Risk and Controls

data and information

� Ease of use

� 360-view across Functional Areas

� 360-view across Business Processes


� SOX PMO

� IT Admin

Iteratively controls scoping

and filtering

� Rules-based criteria when selecting in-scope

controls

� Visibility and insight into controls coverage


� SOX PMO

� IT Admin

Automatic generation of

EGRCM Controls

Assessment Plans

� Increased effectiveness of controls assessment

by focusing on the ‘right’ controls

� Closed-loop, top-down assessment process

� Executive Management

� Line of Business Manager

� Internal Audit / SOX PMO

• 1 - Assessment Template

• 4 - Template Activities

• 2 - Delegation Models

• 1 - Object Class

• 1 - UDTs

• 6 - Hyperion Perspective Items

• 2 - Perspective Trees

• 6 – Preconfigured Charts

EGRCMAdministrator

EGRCM Risk

Manager

EGRCM Risk

Manager

EGRCMRisk

Analyst

Setup HFM Connection

Create POV Validate HFM data

Query controls using FASTworkbench

Validate Coverage Create Assessment

Complete AssessmentTasks

EGRCMRisk

ManagerReport on Compliance

Tie controls to HFMperspectives

Financial Audit Scoping Tool Business Process

�Assess multiple risk types across lines of business

�Leverage flexible quantitative and qualitative analysis models

�Monitor risks to key objectives and performance indicators

�Manage incidents and track losses and recoveries

Risk Management Process

Assess multiple risk classes and monitor overall risk health

Analyze

Risks

Monitor Key

Indicators

Establish

Context

Evaluate

SignificanceTreat Risks

Financial Audit Scoping ToolEstablish a systematic process for risk management

Account Dim

Entity Dim

Fin Balances

Period

Scenario

View

Hyperion

Financial

Management

Enterprise

GRC Manager

Account Map

Org. Map

Bus Process

Risk

Control

Assessment

RiskRisk--basedbased

Controls Controls

AssessmentsAssessments

Financial Audit Scoping Tool Key Mapped Dimensions

Out of Box -

Financial Audit Scoping Tool Blueprint Requirements Coverage

Not Out of Box -

Supports Audit Standard 5 guidance for top-down controls

assessment

Controls scoping by Financial Account, significant account

Controls scoping by Risk level, including likelihood and impact

Controls scoping by Risk evaluation, including risk tolerance and

rating

Controls scoping by organization, management and legal entity rollup

Control scoping by Financial Balance thresholds, percent of total

Iterative selection of controls

Ad-hoc selection of controls

Ability to save in-scope selection

Ability to apply last assessment scope and modify as needed

Graphical, analytical view of controls coverage and composition of in-

scope controls

Filter controls explicitly by Business Process

Support for all EGRCM Information Models

Support for other Assessment types (e.g., Risk Assessment)

Support for any data source, General Ledger





• Process Flows





Best Practices

Standardized techniques, methods, & processes, based on

business practice analysis across multiple organizations.Example: Centralized Health & Safety Incident Management

Content

Pre-defined modules, policies, reports, models, attributes,

lookups, semantic business objects, physical mappings.Example: Pre-built policies to detect SOD-related fraud in Hyperion Financial

Mgmt

Integrations

Out-of-the-box interoperability with critical business systems

delivering best practices across entire business process.Example: Connector to Hyperion FM for accounts-based controls assessment

scoping

Financial Audit Scoping Tool What are Blueprints?

Blueprints leverage the Oracle

GRC Platform Configurability and

Extensibility Framework

Health, Safety and

Environment

HSE Blueprint includes:

• 15 pre-defined Types

• 25 pre-defined Classes

• 5 pre-defined Perspectives

• 153 pre-defined Attributes

• 18 pre-defined Lookup Values

• 20 pre-defined Graphs

• 4 pre-defined Risk Context Models

• 13 pre-defined Survey Questions1

• Standalone ADF-based configurable

incident capture page

Enterprise GRC PlatformEnterprise GRC Platform

GRCIGRCI

GRCMGRCM

GRCC-AGRCC-A

GRCC-CGRCC-C

GRCC-TGRCC-T

GRCC-PGRCC-P

Functional

Components

Extensibility

Framework

RULESRULES

PATTERNSPATTERNS

SDD & SDMSDD & SDM

MODELSMODELS

MODULESMODULES

WEBCATWEBCAT

11g FMW11g FMW ADF & SOAADF & SOA

Financial Audit Scoping Tool How do Blueprints fit into the GRC Platform?

Freely available

Free, self-paced training

Free, community based support

Free, open & extensible

Financial Audit Scoping Tool How are Blueprints Different from Products?

Oracle

Partners

Customers

Enterprise GRC

Platform

• Increase ROI with one platform for all GRC Initiatives

• Share new blueprints in an online community

• Collaborate online on extending existing blueprints

Blueprints

Financial Audit Scoping Tool Blueprints Ecosystem

financial audit scoping tool blueprint for oracle grc applications · financial audit scoping tool...

Documents