Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential – Internal/Restricted/Highly Restricted
Oracle Risk Management Getting your business case across the line CON7990
Glen Walton Oracle Application Development Oct 28, 2015
Presented with
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
2
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 3
Today’s Panelists
• Frank Gifford, VP Corporate Finance, Broadridge Financial Solutions
• Calvin Courtland, Senior Director, Internal Audit, Gilead Sciences, Inc.
• Stephen Sullivan, Partner, Audit Assurance, PwC
Oracle Advanced Controls: Vision to Reality
October 2015
Prepared by: Frank Gifford Vice President, Corporate Finance Broadridge Financial Solutions
5 © 2014 | | © 2014
Broadridge technology-driven solutions power the entire investment lifecycle, enabling our clients to successfully manage the massive complexity and operational requirements of today’s capital markets
• Process more than $6 trillion in fixed income and equity trades every day
• Manage board of director elections for virtually every public company in North America
• Provide transparency into the distribution of over 90% of mutual fund and ETF assets
Broadridge is an NYSE-traded company with over five decades of experience and a 98% client retention rate.
6 © 2014 |
Broadridge Overview – Market Position
We are an Industry Leader
• Investment grade, $7 billion market cap, NYSE listed public company
• Five decades of experience supporting the financial services industry
• Over 6,700 employees worldwide
• Relationships with virtually every self-clearing brokerage firm, every mutual fund complex, every public company, and every U.S. investor
We Provide Mission Critical Solutions and Scale
• Our securities technology solutions are used by 8 of the top 10 U.S. broker-dealers
• More than $6 trillion in daily securities settlements including 60% of U.S. fixed-income
• Process equity securities for 6 of the top 10 firms by volume on the NYSE/NASDAQ
• Support more than 30 million customer accounts on our brokerage platforms
• Distribute over 1 billion investor communications annually
Our Offerings are Broad and Flexible
• Solutions ranging from SaaS technology platform to customized BPO supporting process component or complete outsourcing solutions
• Securities processing capabilities in more than 70 markets
• Support sell and buy side markets
7 © 2014 |
General Ledger ISupport
Accounts Receivable Teleservice
Accounts Payable I-Procurement
Fixed Assets I-Expense
Cash Management Advanced Collections
Order Management Service Contracts
Projects
Broadridge
Oracle EBS Footprint Oracle E-Business Suite running Version 12.1.3(upgrade completed November 2013), running the following modules:
Oracle Advanced Controls Preventive Controls Governor and Configuration Controls Governor
8 © 2014 |
My Background Vice President Corporate Finance
• With Broadridge over 3 years • CPA / CISA with controllership and financial services industry background specializing in
process transformation, internal control, risk, regulatory and technology matters • 13 years public accounting experience with Ernst & Young New York Financial Services
Office Current Roles:
• Finance strategic planning on initiatives, projects and system enhancements globally • Project Management oversight for all major financial systems projects as well as business
transformation initiatives across the organization, incorporating business and IT • Lead Global Corporate Sarbanes Oxley, Finance Business Information Security Office
(BISO), FFIEC compliance and Finance Risk Management programs.
Major Oracle Project Implementations • Advanced Controls January 2014-Present • Advanced Collections Strategies April 2014-January 2015 • Project Costing January 2014-January 2015 • R12 Upgrade January 2013- November 2013 • Billing Initiative January 2009-December 2012
10 © 2014 | 10
Business Challenges • Challenges implementing our Finance strategic initiatives (Finance Transformation) to
centralize, standardize and automate due to limitations with Oracle EBS functionality.
• Typical business response to control issues is reactive leading to manual workarounds. User business process controls tend to be manual and time consuming (performed outside of Oracle EBS).
• Need to implement better governance and proactive monitoring controls as Broadridge expands its Global Shared Services model.
• Difficulty integrating acquisitions onto Oracle EBS platform in a timely manner due to business nuances and time constraints spent testing/ regression testing, patching and implementing custom solutions.
• Need for more Agile deployment of solutions through every module, organization, ledger and form within Oracle
• Reduce audit costs, reduce maintenance costs, increase IT productivity.
• More easily implement automated preventative Anti-fraud controls standardizing business rules while leveraging Oracle EBS functionality.
11 © 2014 | 11
Benefits of Oracle Advanced Controls • As finance’s transformation continues to evolve, provides platform to standardize oversight
and sustainability on process, people and data required for a successful model
• Moves the business thinking and capabilities surrounding control process enhancement from a manual to an automated control effort more fully leveraging native functionality embedded within Oracle EBS suite of modules.
• Toolset to reduce the forms personalization and subsequent CEMLIS with the Oracle Suite, allowing shorter time to production on changes and the ability to redeploy IT resources to more value added initiatives.
• Agile deployment of toolset through every module, organization, ledger and form within Oracle using standard Oracle Functionality
• Protect application data and mitigate risk of sensitive application data changes without appropriate approval and audit trails.
• Reduce audit costs, reduce maintenance costs, increase IT productivity.
• More easily implement automated preventative Anti-fraud controls
12 © 2014 | 12
Advanced Controls Delivers Strong ROI • Expected accelerated payback solely based on IT and business savings devoted to process
optimization and streamlined Oracle workflows without quantification of benefits of reduced risk and improved controls. After being presented a demonstration of the toolset, the IT teams were able to review the list of scoped projects from the business and show where these tools could be leveraged to accelerate the implementation of various technology enhancement requests.
• Savings realized as a result of enhanced fraud mitigation within our disbursements area (cannot be easily quantified though the costs of a fraud committed could potentially be enormous and the organizational impact devastating).
• Realized Organizational savings in reduction of development time and finance resource redeployment as the tool is deployed on other areas of the organization.
• Implementation allows finance organization more control capabilities and flexibility as it
expands its Global Shared Services model.
• In addition to the use cases outlined within the Appendix, due to the fact that the toolset provides a standard framework of configuration and controls, all of the acquisition integration projects has benefitted from the use of Oracle Advanced Controls.
• While the focus of the toolset starts as compliance, the strength of the product allows it to optimize business performance across all areas using Oracle.
13 © 2014 |
Calvin Courtland Senior Director, Internal Audit – Gilead Sciences, Inc.
October 28, 2015
Oracle Open World (CON7990)
Configurations Control Governor - Internal Audit
14 © 2014 |
Background – Calvin Courtland
• Internal Audit, Compliance and Technology
– Financial services, consumer products, internet and biotechnology
– 3+ years at Gilead Internal Audit
– Implemented systematic, audit solutions to improve effectiveness, increase coverage and reduce effort
• Gilead Internal Audit
– Third party, operational, forensics, SOX
– Global coverage
15 © 2014 |
Background – Gilead Sciences
• Overview
– Foster City, CA, founded 1987
– $25B, 2014 revenues
– 7K employees, 44 locations, 34 countries
– Liver, HIV/AIDS, hematology/oncology, inflammatory/respiratory and cardiovascular
• Oracle
– EBS 12.1
– OBIEE 11.1
– GRC (AACG 8.6, CCG 5.5)
– SOA, B2B 11g
16 © 2014 |
Problem > Objective
• SOX – Oracle Application Controls
– Internal/external audit direct assistance
– 55 Oracle configurations tied to SOX key controls
– Configuration evidence/analysis recreated annually
• Oracle CCG
– Baseline SOX Oracle configurations
– Roll-forward baseline annually and supplement with CCG Snapshot/Change Tracker
– Reduce annual audit effort over static configurations
– Focus efforts on analysis over impact from changes
17 © 2014 |
Milestones > Today
• Key Stakeholder: External Audit
– Detailed technical design/mapping SOX > CCG
– Detailed review of UAT results
– Future direct assistance deliverables
• 2015 and Beyond
– Minimal effort, Oracle configuration evidence
– Direct assistance executing as planned
– IT Management began leveraging IA CCG
– IA CCG used in non-SOX, international audits
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 19
Follow Us & join the conversation .
Oracle GRC Advanced Controls Group _______________________________________________________________
OracleAdvControls @OracleAdvCntrls
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 20
Oracle GRC Wins Ventana Technology Innovation Award!
“Oracle’s GRC solution provides a unique approach to the problem of risk management by automating risk controls which are embedded into critical business
processes; applying leading edge technologies to solve complex risk challenges.”
- Mark Smith, CEO of Ventana Research
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Elite panel of judges (NASA CIO, FCC CIO, Army CIO and others) have selected PA Treasury IT project as one of
the top 10 public sector projects of the nation
21
Pennsylvania Treasury GRC Project Wins Multiple Awards