Embed Size (px)
Citation preview
1
Risk Management in Role-based ApplicationsSegregation of Duties in Oracle
Problem agenda
Introduction P2P Issues that Impact the Bottom-Line Oracle Advanced Controls Solution Use Case: Financial Organization SystemsQ & A
3
Harish Sharma, Senior Consultant
Over 7 years of experience in ERP Implementation, Security and GRC Design
Problem agenda
Introduction P2P Issues that Impact the Bottom-Line Oracle Advanced Controls Solution Use Case: Financial Organization SystemsQ & A
What Do We Mean by Control ‘Issues’ 5
The processes that ensure: Efficient and effective operations Reliable and accurate reporting Fraud resistant operation Internal External Regulatory compliant
Common Issues: Duplicate Vendors in Master Vendor File
6 Duplicate payments
The invoice is submitted for entry twice Different options for receipt and payment of invoices, including outsourcing. Data entry errors Manual checks requests
Correspondence issues Supplier is using a different site/location. Duplicate Name problem with Supplier conversion
Internal control issue Controls Inappropriately configured Controls are not regularly overridden
AP processors take shortcuts when creating vendor entries Misreading a number or letter (for example: 0 instead of O, or 5 instead of S). Transposing numbers (for example: 56 instead of 65) Mis-keying (or simply omitting) punctuation (such as hyphens and slashes) Omitting leading or trailing zeroes
Segregation of duties concern Standardization and normalization are crucial Preventing creating new ones Identifying existing duplicate ones
Rigid coding standards
Problem agenda
Introduction P2P Issues that Impact the Bottom-Line Oracle Advanced Controls Solution Use Case: Financial Organization SystemsQ & A
Advanced Controls8
Layer of automated controls over ERP controls Continuously monitor key controls Detect and Report issues as they occur Prevent issues from occurring Quickly see high risk issues with exception based
dashboards Address issues that affect the bottom line Reduces operational risk and process effectiveness
9
10Copyright © Capgemini 2013. ll Rights Reserved
10
12Copyright © Capgemini 2013. ll Rights Reserved
Continuous Monitor – Duplicate Vendor
Incident Management
Control Definition
Preventive Measure
Preventive Measure Cont..
19Copyright © Capgemini 2013. ll Rights Reserved
20Copyright © Capgemini 2013. ll Rights Reserved
Problem agenda
Introduction P2P Issues that Impact the Bottom-Line Oracle Advanced Controls Solution Use Case: Financial Organization SystemsQ & A
22
Oracle Advanced Controls –Customer Experience
24
25
26
Use Case - Scope 27
Security Infrastructure
28
approach to GRC Projects29
Implementation Approach30
31
Tangible Business Benefits32Fewer duplicate payments: Vendor master cleanup eliminates the duplicate vendor files and vendor coding issues that significantly contribute to duplicate payments.
Reduced fraud: The Association of Certified Fraud Examiners estimates that the average company loses 5 percent of its annual revenues to fraud. Cleaning and maintaining a vendor master file provides the visibility and controls required to help reduce fraudulent payments.
Increased staff productivity: Clean vendor files make it easier to find vendors in your system. This makes it less likely that staff will create a duplicate vendor record, and ensures that staff does not waste their time maintaining files that should have been deleted.
Improved analysis and management of spending: By showing which vendors are parts of the same corporate entity, vendor master cleanup helps companies analyze and manage spending to negotiate better discount terms and proactively manage their debit balances.
Streamlined regulatory compliance: Vendor master data management drives compliance with regulations and internal controls, as well as compliance with 1099 tax legislation.
Reduced costs: Compared to traditional manual processes, an ongoing vendor master data maintenance program significantly reduces the costs of managing supplier information.
33
Thanking You
Q & A
35
36
37
