Financial Audit Scoping Tool Blueprint for Oracle GRC Audit Scoping Tool Blueprint for Oracle GRC Applications ... Audit Scoping Accounts-Based Audit Scoping ... Financial Audit Scoping Tool

Download Financial Audit Scoping Tool Blueprint for Oracle GRC   Audit Scoping Tool Blueprint for Oracle GRC Applications ... Audit Scoping Accounts-Based Audit Scoping ... Financial Audit Scoping Tool

Post on 08-Apr-2018

218 views

Category:

Documents

6 download

TRANSCRIPT

  • Financial Audit Scoping Tool

    Blueprint for Oracle GRC Applications

    Implement Audit Standard 5 (AS5) scoping to streamline financial

    reporting compliance

  • Financial Audit Scoping Tool Blueprint Overview

    Business Challenges

    Solution Details

    Challenges, Capabilities & Benefits

    Process Flows

    Capabilities Details

    Related Requirements Coverage

    Oracle Blueprints for Oracle GRC Applications

    Financial Audit Scoping ToolAgenda

  • Blueprint purpose: Integrate Oracle Enterprise GRC Manager with Hyperion Financial

    Management to allow auditors and managers to evaluate business

    process risk based on its impact on financial balances

    Blueprint benefit: Helps customers implement Audit Standard 5 (AS5) scoping to streamline

    financial reporting compliance

    Reduce external audit fees by providing a methodical, rule-based

    selection criteria that aligns financial audit activities with controls

    Blueprint items: Auditor Workbench with robust, integrated controls selection based on

    accounts, organizations, financial balances and risk-based criteria

    Pre-built analytics of in-scope controls for assessments

    Automated creation and initiation of EGRCM Controls Assessments

    Financial Audit Scoping Tool Solution Summary

  • Financial Audit Scoping Tool Blueprint Overview

    Business Challenges

    Solution Details

    Challenges, Capabilities & Benefits

    Process Flows

    Capabilities Details

    Related Requirements Coverage

    Oracle Blueprints for Oracle GRC Applications

    Financial Audit Scoping ToolAgenda

  • SEC fact:

    Auditing Standard No. 5 (AS5) directs auditors to focus on those areas that present the

    highest risk, such as the financial statement close process and controls designed to prevent

    fraud by management.Source: SEC Approves PCAOB Auditing Standard No. 5, July 2007

    Percentage of Internal Control

    Weaknesses by Category

    Personnel

    Issues

    17%

    Financial

    Close and

    Controls

    37%

    Significant

    Account

    Level

    40%

    Other

    6%

    Source: Market Reactions to the Disclosure of Internal Control Weaknesses and to the

    Characteristics of those Weaknesses Under Section 302 o the Sarbanes Oxley Act Of 2002,

    July 2007

    Financial Audit Scoping Tool CFOs struggle to improve governance of their financial processes

  • Financial Audit Scoping ToolFrequency and Complexity of Transaction

  • Top-Down, Risk-Based Approach for Identifying Significant

    Accounts and Key Controls to Audit

    Focuses Testing on Risk Exposure rather than Coverage

    Reduces Control Testing Audit Costs

    Fine Tunes the Definitions of Material Weakness and

    Significant Deficiency

    Guidance is Designed to Facilitate more Efficient External

    Auditing including

    Scaling of the Audit for the Size and Complexity of the

    Company

    Removes Requirements to Evaluate Managements Process

    7

    Financial Audit Scoping ToolBest Practices to Reduce Level of Effort

  • Financial Audit Scoping Tool Blueprint Overview

    Business Challenges

    Solution Details

    Challenges, Capabilities & Benefits

    Process Flows

    Capabilities Details

    Related Requirements Coverage

    Oracle Blueprints for Oracle GRC Applications

    Financial Audit Scoping ToolAgenda

  • Financial Audit Scoping Tool GRC Fundamental to Financial Close

    Ledger

    Close

    Data

    AssuranceConsolidation

    Internal

    Managemen

    t Reporting

    External

    Financial

    Reporting

    Filing

    Documentatio

    nFinancial Processes, Risks & Controls

    Assessment Control Effectiveness Orchestration Misstatement Risk Modeling

    TestingProcess-Based

    Audit Scoping

    Accounts-Based

    Audit Scoping

    Risk-Based

    Audit Scoping

    Investigation Suspicious Financial Transaction Analysis & Monitoring

    Remediation Risk Mitigation Planning, Tracking and Evidencing

    Certification Internal Controls over Financial Reporting 302 Certification

    Close

    Compliance

  • Key Capabilities:

    A unified workbench that brings HFM and EGRCM data together

    into a single workspace

    Consolidated significant accounts in HFM that are mapped to

    controls in EGRCM are readily identified, as well as associated risks

    Controls that are identified as in-scope are easily assigned to

    testers in an assessment plan

    Executive dashboards with the financial coverage of the

    assessment plan, as well as the type and nature of the controls that

    are in scope

    EGRCM Capabilities:

    EGRCM enables customers to manage GRC-related business

    processes across the enterprise and HFM enables customers to

    centralize financial reporting and enterprise consolidations.

    Financial Audit Scoping Tool Solution Details

  • 11

    Customer Challenge Solution Benefit

    Reducing the cost of controls

    assessments

    FAST integrates with the EGRCM controls component. Using FAST auditors can

    easily perform a top-down approach to deciding which controls should be in-

    scope for any given assessment

    Integrating Financial close data with

    Controls data

    FAST integrates with Hyperion Financial Management. It includes a interactive

    workbench that shows users how many controls are associated with monitored

    reported financial amounts, thereby easily identify controls for significantly large

    accounts

    Understanding whether the in-scope

    controls as mitigating the most relevant

    risks

    FAST integrates with the EGCRM risk component. Evaluating controls by their

    related risks helps the auditor understand managements evaluation of the

    significance of any given risk and the likelihood and impact of any given risk.

    Designing a controls assessment that

    is repeatable and applies consistent

    decision criteria

    FAST enables an iterative controls scoping processes based on multiple

    criteria. Once satisfied with the composition of the controls assessment, the in-

    scope controls and can export, reloaded and modified for the next audit cycle.

    Designing a controls assessment that is

    composed of a certain controls

    properties such as costs, control

    methods and control types

    FAST includes tables and graphical analysis that intuitively displays the

    composition of the in-scope controls to achieve the proper coverage, cost and

    make up of key controls, automated and manual controls and detective and

    preventive controls

    Automatically produce a controls

    assessment plan based on an

    iterative, robust selection criteria

    FAST will programmatically setup a Controls Assessment plan that includes

    multiple assessment activities, controls and steps that are managed and

    monitored to completion in EGRCM.

    Financial Audit Scoping ToolCustomer Challenges & Benefits Summary

  • 12

    Financial Audit Scoping ToolCapability Summary

    Solution Capability Value Driver Stakeholder

    Integrates with Hyperion

    Financial Management

    Identify controls by Significant Accounts

    Incorporates financial account balances and

    organizational structure

    Internal Audit Manager

    SOX Program Office (PMO)

    Financial Consolidations Manager

    Financial IT Admin

    Integrates with Enterprise

    GRC Manager

    Captures Exec Mgt as well as Line of Business

    and Audits evaluation of risk, the level or risk.

    Identify controls by multiple perspectives and

    business processes

    Internal Audit Manager

    SOX PMO

    IT Admin

    Single workbench view of

    Financial, Risk and Controls

    data and information

    Ease of use

    360-view across Functional Areas

    360-view across Business Processes

    Internal Audit Manager

    SOX PMO

    IT Admin

    Iteratively controls scoping

    and filtering

    Rules-based criteria when selecting in-scope

    controls

    Visibility and insight into controls coverage

    Internal Audit Manager

    SOX PMO

    IT Admin

    Automatic generation of

    EGRCM Controls

    Assessment Plans

    Increased effectiveness of controls assessment

    by focusing on the right controls

    Closed-loop, top-down assessment process

    Executive Management

    Line of Business Manager

    Internal Audit / SOX PMO

  • 1 - Assessment Template

    4 - Template Activities

    2 - Delegation Models

    1 - Object Class

    1 - UDTs

    6 - Hyperion Perspective Items

    2 - Perspective Trees

    6 Preconfigured Charts

    EGRCMAdministrator

    EGRCM Risk

    Manager

    EGRCM Risk

    Manager

    EGRCMRisk

    Analyst

    Setup HFM Connection

    Create POV Validate HFM data

    Query controls using FASTworkbench

    Validate Coverage Create Assessment

    Complete AssessmentTasks

    EGRCMRisk

    ManagerReport on Compliance

    Tie controls to HFMperspectives

    Financial Audit Scoping Tool Business Process

  • Assess multiple risk types across lines of business

    Leverage flexible quantitative and qualitative analysis models

    Monitor risks to key objectives and performance indicators

    Manage incidents and track losses and recoveries

    Risk Management Process

    Assess multiple risk classes and monitor overall risk health

    Analyze

    Risks

    Monitor Key

    Indicators

    Establish

    Context

    Evaluate

    SignificanceTreat Risks

    Financial Audit Scoping ToolEstablish a systematic process for risk management

  • Account Dim

    Entity Dim

    Fin Balances

    Period

    Scenario

    View

    Hyperion

    Financial

    Management

    Enterprise

    GRC Manager

    Account Map

    Org. Map

    Bus Process

    Risk

    Control

    Assessment

    RiskRisk--basedbased

    Controls Controls

    AssessmentsAssessments

    Financial Audit Scoping Tool Key Mapped Dimensions

  • Out of Box -

    Financial Audit Scoping Tool Blueprint Requirements Coverage

    Not Out of Box -

    Supports Audit Standard 5 guidance for top-down controls

    assessment

    Controls scoping by Financial Account, significant account

    Controls scoping by Risk level, including likelihood and impact

    Controls scoping by Risk evaluation, including risk tolerance and

    rating

    Controls scoping by organization, management and legal entity rollup

    Control scoping by Financial Balance thresholds, percent of total

    Iterative selection of controls

    Ad-hoc selection of controls

    Ability to save in-scope selection

    Ability to apply last assessment scope and modify as needed

    Graphical, analytical view of controls coverage and composition of in-

    scope controls

    Filter controls explicitly by Business Process

    Support for all EGRCM Information Models

    Support for other Assessment types (e.g., Risk Assessment)

    Support for any data source, General Ledger

  • Financial Audit Scoping Tool Blueprint Overview

    Business Challenges

    Solution Details

    Challenges, Capabilities & Benefits

    Process Flows

    Capabilities Details

    Related Requirements Coverage

    Oracle Blueprints for Oracle GRC Applications

    Financial Audit Scoping ToolAgenda

  • Best Practices

    Standardized techniques, methods, & processes, based on

    business practice analysis across multiple organizations.Example: Centralized Health & Safety Incident Management

    Content

    Pre-defined modules, policies, reports, models, attributes,

    lookups, semantic business objects, physical mappings.Example: Pre-built policies to detect SOD-related fraud in Hyperion Financial

    Mgmt

    Integrations

    Out-of-the-box interoperability with critical business systems

    delivering best practices across entire business process.Example: Connector to Hyperion FM for accounts-based controls assessment

    scoping

    Financial Audit Scoping Tool What are Blueprints?

  • Blueprints leverage the Oracle

    GRC Platform Configurability and

    Extensibility Framework

    Health, Safety and

    Environment

    HSE Blueprint includes:

    15 pre-defined Types

    25 pre-defined Classes

    5 pre-defined Perspectives

    153 pre-defined Attributes

    18 pre-defined Lookup Values

    20 pre-defined Graphs

    4 pre-defined Risk Context Models

    13 pre-defined Survey Questions1

    Standalone ADF-based configurable

    incident capture page

    Enterprise GRC PlatformEnterprise GRC Platform

    GRCIGRCI

    GRCMGRCM

    GRCC-AGRCC-A

    GRCC-CGRCC-C

    GRCC-TGRCC-T

    GRCC-PGRCC-P

    Functional

    Components

    Extensibility

    Framework

    RULESRULES

    PATTERNSPATTERNS

    SDD & SDMSDD & SDM

    MODELSMODELS

    MODULESMODULES

    WEBCATWEBCAT

    11g FMW11g FMW ADF & SOAADF & SOA

    Financial Audit Scoping Tool How do Blueprints fit into the GRC Platform?

  • Freely available

    Free, self-paced training

    Free, community based support

    Free, open & extensible

    Financial Audit Scoping Tool How are Blueprints Different from Products?

  • Oracle

    Partners

    Customers

    Enterprise GRC

    Platform

    Increase ROI with one platform for all GRC Initiatives

    Share new blueprints in an online community

    Collaborate online on extending existing blueprints

    Blueprints

    Financial Audit Scoping Tool Blueprints Ecosystem

Recommended

View more >