skechers - oracle grc case study gen7982 update# 2
TRANSCRIPT
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Oracle Risk Management (GRC) Product Strategy Update GEN7982
Sid Sinha Oracle Application Development Oct 27, 2015
Presented with
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
2
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Introductions
Oracle Confidential – Internal/Restricted/Highly Restricted 3
• Ashwat Panchal – Director Internal Audit, Skechers, USA Inc. – Ashwat is responsible for managing the Global Internal Audit
function for the company, which includes direct reports in US, Europe and Asia. He works closely with Senior Management and Audit Committee to ensure the Company's governance, risk and compliance activities are functioning properly. In addition, he works closely with the external auditors to support the annual financial statement and statutory audits around the world.
Agenda
Oracle GRC Product Strategy Update
Case Study: Skechers
Case Study: Harvard Pilgrim HealthCare
KPMG Best Practice Update
Wrap-up
1
2
3
4
5
4
I N T E R N A L A U D I T
SKECHERS USA, Inc. – Internal Audit
Oracle GRC Solution for Global Audit / Compliance Needs
Ashwat Panchal
Director – Internal Audit
Internal
Audit 6
Agenda
Company Background
Internal Audit Organization
Business Needs
GRC Implementation
Benefits
Summary
Questions
Internal
Audit 7
Company Background
Global Brand
Second largest and fastest growing Global Footwear Brand
Skechers product reaches consumers on six continents via our subsidiaries, joint ventures and distribution
partners.
Presence in more than 160 countries
Internal
Audit 8
Company Background
Diversified Business Model
Combination of Domestic Wholesale, International Wholesale, Retail, Distributors and Joint Ventures around the
world.
Financial and Other Data
Annual Net Sales of $2.4 Billion in 2014
Over 1,000 Retail Stores Worldwide
Breakdown of Net Sales Q1 2015
Information Technology
Oracle Financials
Legacy Applications for sales order to cash and retail point of sales
Third Party Warehouse Management System
42%
37%
20%
1%
Domestic Wholesale International Wholesale Retail E-commerce
Internal
Audit 9
Internal Audit Organization
Organization Chart
Director - Internal Audit
Internal Audit Manager Senior Internal Auditor Internal Auditor Internal Auditor
Location France USA USA Hong Kong
Audit Responsiblities Include
Europe USA USA Asia Joint Ventures
Canada Central America Central America Japan
India Joint Venture Latin America Latin America
International Distributors International Distributors
Internal
Audit 10
Business Needs
Management of Global Audit / Compliance Activities
Distributed Control Environment
Efficient Use of Audit Resources
Scalable and Addresses Global Growth
Hosted Solution
SEC Public Company
Internal
Audit 11
GRC Implementation
Replaced IBM’s WBCR Solution in 2012
GRC Solution
eGRCM – Governance Risk and Compliance Manager
ACG – Access Controls Governor
– Integrated with Oracle Financials for Access Controls / Segregation of Duties
TCG – Transaction Controls Governor
– Procure to Pay Cycle
GRCi – Oracle Business Intelligence for Reporting
Hosted Environment – AT&T
Globally accessible
Internal
Audit 12
Benefits
Standardized Control Infrastructure with Master Library of Processes and Controls
Ease of Implementation of Controls as Operations Grow Worldwide
Internal
Audit 13
Benefits
Audit Efficiencies
Internal Audit
Improved workflow for review and approvals for Audit Assessments
Simplify routine audit activities, thereby allowing Internal Audit team to focus on higher risk and strategic areas
Accessible worldwide
Efficient use of Internal Audit resources
External Audit
Streamlined communication with External Auditors
External Auditors can review control environment documentation, including process flows and identification of key
controls throughout the Company
Ability for External Auditors to access Internal Audit testing that is used to support the financial statement audits
Reduced audit fees
Internal
Audit 14
Benefits
Centralized Repository
Control Environment Documentation, including processes, risks, controls
Process Flow Diagrams
Standardized Audit Plans / Programs
Internal
Audit 15
Benefits
Centralized Repository (continued)
Control Assessment Documentation, including test procedures / results and conclusions on effectiveness of
controls
Issue Management, including creation and follow-up on remediation activities
Internal
Audit 16
Benefits
Customizable Modules
Library of company documentation
Platform to share information with External Auditors
Integrated with GRCi for OBIEE Reporting
Customizable dashboards
Internal
Audit 17
Benefits
ACG – Automated Access Controls For Oracle Financials
Improve testing for access controls and segregation of duties
TCG – Continuous Controls Monitoring for Procure to Pay Process
Review key controls for potential fraud.
Internal
Audit 18
Summary
Support and Enable Corporate Growth Plans
Efficient Use of Internal Audit Resources
Improved Workflow for Review and Approval of Audit Assessments
Improved Communications with External Auditors
Reduced Audit Fees
Easily Accessible Around the World.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Proposed Agenda
GRC Product Update
Case Study: Harvard Pilgrim HealthCare
Case Study: Skechers
KPMG Best Practice Update
Wrap-up
1
2
3
4
5
19
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential –
Update Documentation Import Spreadsheets Update Process, Control & Risks Test Plans, Review, Approvals
Automate Assessments Select Controls based on Risk Conduct Surveys Design, Operating & Audit
Resolve Issues Set Priority and Due Dates Remediation Plans Notifications
Manage Incidents Assign Owners, Attach evidence
Remembers decisions for next control run (self-learning)
Graphical Authoring User Defined Controls
Eliminate False Positives Uncover Data Patterns
Detect Suspicious Transactions Pre-built Library of Controls
1350 Data Elements P2P & Expense Controls
20
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Case Studies and Speakers at OpenWorld 2015
Oracle Confidential – Internal/Restricted/Highly Restricted 21
_________________
Source-to-Settle
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 22
Follow Us & join the conversation .
Oracle GRC Advanced Controls Group _______________________________________________________________
OracleAdvControls @OracleAdvCntrls
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Risk Management Cloud Resources
23
cloud.oracle.com
Release 10 Readiness
Documentation
Customer Connect
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 24
Classroom Training
Learning Subscription
Live Virtual Class
Training On Demand
Keep Learning with Oracle University
education.oracle.com
Cloud
Technology
Applications
Industries
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
25
