Embed Size (px)
DESCRIPTION
gfjkjhgjhgjhg
Citation preview
Configuration GRC & Oracle Configuration Controls GovernorMay 2009Oracle GRC Strategy – Barry Greenhut
2
Application GRC tells you…
Who’s using our apps?ACCESS CONTROLS
What can they do?CONFIGURATION CONTROLS
What have they done?TRANSACTION CONTROLS
3
Application GRC controls reduce…
Financial Loss
Compliance Cost
Audit Effort
!!
4
Configuration examples
• Financial Loss• Tax mis-configuration causes under-collection of taxes, goes
undetected for months.
Consequences: Pay taxes on behalf of customers, plus penalties.
• Clerk changes bank account info without cross-check, millions transferred before fraud discovered.
Consequences: Money lost, or frozen pending litigation; public confidence shaken due to notoriety.
• Sales reps raise customers’ credit limits so they can buy more.
Consequences: Customers default on payments, receivables aging forces write-downs.
5
Configuration examples
• Compliance Cost• Ledger Set mis-configuration allocates revenues amongst
divisions incorrectly.
Consequences: Restate and refile quarterly results; public confidence shaken due to notoriety.
• Audit Effort• Production patch resets vendor tolerances, goes unnoticed
for months.
Consequences: Internal audit team spends months proving there were no abuses; external auditors perform substantial transaction examination.
!!
6
How do I control costs/risks?
• Control setup changes that can have significant financial or regulatory impact
• Identify setup changes that violate financial or regulatory policy
• Accelerate documentation and analysis of setup values
7
Use CCG to control costs/risks
Use CCG to:Change Tracking
Snapshots & Comparisons
Reduce Financial LossControl setup changes that can have significant financial or regulatory impact
Reduce Compliance CostsIdentify setup changes that violate financial or regulatory policy
Alert users when key
setups change
Find differences
between production &
baseline
Reduce Audit EffortAccelerate documentation and analysis of setup values
Audit trail of changes
Document all setup values, as seen in the
original application
8
CCG has delivered GRC savings since 1998
• No substantial competitors
• Just the configuration GRC you absolutely need:• Full audit trails and alerts (Change Tracking)
• Comprehensive record keeping (Snapshots)
• Find discrepancies (Snapshot Comparisons)
9
CCG has delivered GRC savings since 1998
• Quick to implement – can be done in one day, thanks to shrink-wrap support for:• EBS R12 – 12 modules, 550+ setups
EBS 11i – 66 modules, 3,000+ setups
• PSFT HCM 8.8/8.3 – 9 modules, 400+ setups
• Protects data from prying eyes – you control all access
• Centralizes all controls and data in a single source of truth
10
CCG Features
• Change Tracking• Alert users whenever changes occur
• Dashboard summarizes changes in all environments
• Drill down to see details of all changes
• Export change details to CSV (Excel) and PDF
11
Change Tracking captures every change made to designated setups
Configuration Governor - Change Tracker
Envir1
Envir2
Envir3
App A 4 6 29
App B 519 4 0
App C 3 39 0
Audit Trail
Automatically alerts designated parties when changes occur
Page/Form
InsertUpdateDelete
Generates authoritative audit trail reports (Who, What, When, How)
12
CCG Features
• Snapshots & Comparisons• Document all setup values seen in the original applications
• Compare two environments’ values (e.g., Production vs. a best-practice baseline), or snapshots from two points in time
• Export all details to CSV (Excel) and PDF
13
Snapshots record setup values to identify deviations from policy, and for compliance documentation
Page/Form Snapshot
14
Values found in child pages/forms are captured too
Page/FormChild
Snapshot
15
Compare setup values from different: Environments • Dates • SOBs/Ledgers • Operating Units • Application Releases
Snapshot 1 Snapshot 2
16
CCG Features
• Comprehensive Data Security• Control the business data seen by each CCG user
• Control the actions each CCG user can take
• Install CCG in firewalled tier
• Flexible• Reconfigure Change Tracking on demand
• Schedule Snapshot schedules, and take Snapshots on demand
• Generate Comparisons on demand
• Add new business environments on demand
17
CCG Features
• Mature Product• Introduced in 1998
• Over 300 EBS customers
• Over 60,000 developer-hours invested in creating metadata for EBS and PeopleSoft
• Metadata = Ready to Use• Shrink-wrap support for 12 R12 modules (550+ setups) and
66 EBS 11i modules (3,000+ setups)
• Shrink-wrap support for 9 PeopleSoft HCM 8.8/8.3 modules (400+ setups)
• Add support for additional setups with MetaBuilder, a developer’s tool included in CCG
18
EBS R12 550+ setups
EBS 11i 3,000+ setups
PSFT HCM 8.8 400+ setups
BASE ENGINEAlertsApplication Object LibraryCommon ModulesSystem Administration
FINANCIALS General LedgerSubledger AccountingPayableseBusiness TaxLegal Entity ConfiguratorReceivables / iReceivables
PROCUREMENT iProcurementPurchasing
BASE ENGINE
CONTRACTS
CRM
DISTRIBUTION
FINANCIALS
HR/PAYROLL
MANUFACTURING
PLANNING
PROCUREMENT
PROJECTS
PUBLIC SECTOR
BASE ENGINE
HCM Benefits Compensation HR Payroll Pension Recruiting Stock Administration Workflow
Shrink-Wrap Support
19
Use MetaBuilder to Create More Metadata
20
Summary
• Configuration Controls Governor offers GRC value:• Reduce Financial Loss and Risk
• Reduce Regulatory Compliance Cost and Risk
• Reduce Audit Effort
• CCG is a mature product that provides a single place to manage all application configuration GRC
• CCG comes ready-to-use, with support for: • EBS R12 (12 modules, 550+ setups)
EBS 11i (66 modules, 3,000+ setups)
• PSFT HCM 8.8/8.3 (9 modules, 400+ setups)
• Add more support using MetaBuilder
