1

Risk Management in Role-based ApplicationsSegregation of Duties in Oracle

Problem agenda

Introduction P2P Issues that Impact the Bottom-Line Oracle Advanced Controls Solution Use Case: Financial Organization SystemsQ & A

3

Harish Sharma, Senior Consultant

Over 7 years of experience in ERP Implementation, Security and GRC Design

Problem agenda

Introduction P2P Issues that Impact the Bottom-Line Oracle Advanced Controls Solution Use Case: Financial Organization SystemsQ & A

What Do We Mean by Control ‘Issues’ 5

The processes that ensure: Efficient and effective operations Reliable and accurate reporting Fraud resistant operation Internal External Regulatory compliant

Common Issues: Duplicate Vendors in Master Vendor File

6 Duplicate payments

The invoice is submitted for entry twice Different options for receipt and payment of invoices, including outsourcing. Data entry errors Manual checks requests

Correspondence issues Supplier is using a different site/location. Duplicate Name problem with Supplier conversion

Internal control issue Controls Inappropriately configured Controls are not regularly overridden

AP processors take shortcuts when creating vendor entries Misreading a number or letter (for example: 0 instead of O, or 5 instead of S). Transposing numbers (for example: 56 instead of 65) Mis-keying (or simply omitting) punctuation (such as hyphens and slashes) Omitting leading or trailing zeroes

Segregation of duties concern Standardization and normalization are crucial Preventing creating new ones Identifying existing duplicate ones

Rigid coding standards

Problem agenda

Introduction P2P Issues that Impact the Bottom-Line Oracle Advanced Controls Solution Use Case: Financial Organization SystemsQ & A

Advanced Controls8

Layer of automated controls over ERP controls Continuously monitor key controls Detect and Report issues as they occur Prevent issues from occurring Quickly see high risk issues with exception based

dashboards Address issues that affect the bottom line Reduces operational risk and process effectiveness

9

10Copyright © Capgemini 2013. ll Rights Reserved

10

12Copyright © Capgemini 2013. ll Rights Reserved

Continuous Monitor – Duplicate Vendor

Incident Management

Control Definition

Preventive Measure

Preventive Measure Cont..

19Copyright © Capgemini 2013. ll Rights Reserved

20Copyright © Capgemini 2013. ll Rights Reserved

Problem agenda

Introduction P2P Issues that Impact the Bottom-Line Oracle Advanced Controls Solution Use Case: Financial Organization SystemsQ & A

22

Oracle Advanced Controls –Customer Experience

24

25

26

Use Case - Scope 27

Security Infrastructure

28

approach to GRC Projects29

Implementation Approach30

31

Tangible Business Benefits32Fewer duplicate payments: Vendor master cleanup eliminates the duplicate vendor files and vendor coding issues that significantly contribute to duplicate payments.

Reduced fraud: The Association of Certified Fraud Examiners estimates that the average company loses 5 percent of its annual revenues to fraud. Cleaning and maintaining a vendor master file provides the visibility and controls required to help reduce fraudulent payments.

Increased staff productivity: Clean vendor files make it easier to find vendors in your system. This makes it less likely that staff will create a duplicate vendor record, and ensures that staff does not waste their time maintaining files that should have been deleted.

Improved analysis and management of spending: By showing which vendors are parts of the same corporate entity, vendor master cleanup helps companies analyze and manage spending to negotiate better discount terms and proactively manage their debit balances.

Streamlined regulatory compliance: Vendor master data management drives compliance with regulations and internal controls, as well as compliance with 1099 tax legislation.

Reduced costs: Compared to traditional manual processes, an ongoing vendor master data maintenance program significantly reduces the costs of managing supplier information.

33

Thanking You

Q & A

35

36

37