Copyright © 2016, Oracle and/or its affiliates. All rights reserved.
Implement the
Best Practice for Oracle Fusion
Advanced Financial Controls Cloud Service OpenWorld 2016
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.
Implement the
Best Practice for Oracle Fusion
Advanced Financial Controls Cloud Service
Learn about Oracle’s Best Practice Process & Solution
Automates identification of transactions that indicate fraud, error and policy violation
Prescribes steps to configure and use Advanced Financial Controls
Offers fastest implementation, minimum risk and effort, maximum return on investment
Learn more best practices from industry experts
Get answers to your questions in live Q&A
Copyright © 2016 Oracle and/or its affiliates. All rights reserved.
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
3
Arturo Martínez del
Campo Saucedo
Corporate Chief Financial Officer
Grupo Posadas S.A.B. de C.V. .
LEADERSHIP IN FINANCE
LATIN AMERICA - CLOUD
2016
Best Practice Adopter
First Adopter of Risk Cloud
Copyright © 2016 Oracle and/or its affiliates. All rights reserved.
Agenda
Panelist Introductions
Best Practices
Panelist Q&A
More Resources
1
2
3
4
5
Copyright © 2016 Oracle and/or its affiliates. All rights reserved.
Session Speakers
Panelists:
– Chris Doxey President Doxey, Inc.
– Swarnali Bag Managing Practice Lead Oracle Consulting USA
Moderator:
– Barry Greenhut Director, Product Strategy Oracle Product Development
6
Copyright © 2016 Oracle and/or its affiliates. All rights reserved.
Agenda
Panelist Introductions
Best Practices
Context: Best Practices for Financial Controls
Panelist Q&A
More Resources
1
2
3
4
10
Best Practice 1: An Integrated GRC
Framework
22
An Integrated Governance, Risk, and
Compliance (GRC) Monitoring Model
23
Assertion and Attestation
Test/Evaluate Controls
Define Control Activities
Define Control Objectives
Identify Risk
Document the Process
Document the Process
and System
Identify Financial Processes and Systems
Define the Scope
The Building Blocks of an Internal Control
Framework
• Processes
• System
• Entity
• Compliance
• Fraud Prevention
• Organization Wide
Internal Controls
Supports
24
The Internal Controls Universe
Standards of Internal Control
25
Best Practice 2: Ten Tips for
Developing Risk Based Internal
Controls
26
Ten Tips for Developing Risk Based
Internal Controls
1. The focus should be on the business process rather than only the
expect outcome of the audit process.
2. The control should be process focused rather than purely
transaction focused. Although, the control should address the
accuracy of a transaction, a risk based control addresses the total
business process – not just a single transaction.
3. The expected outcome is to identify and mitigate the risk as well
determine opportunities for process improvements and fraud
prevention.
4. There should be a focus on risk management rather than solely
following current policies and procedures.
5. The goal should be on continual risk assessment coverage through
automation.
27
Ten Tips for Developing Risk Based
Internal Controls (Cont.)
6. Risk based internal controls facilitate change since they should be
updated on a regular basis.
7. This approach should set the foundation for implementing
meaningful operational metrics.
8. Risk based controls can resolve identifying risks within business
process gaps.
9. Risk based controls can help prevent and detect fraud since they
truly can reflect the end to end business process.
10. Risk based controls should always be suggested by the business
process owners.
28
Copyright © 2016 Oracle and/or its affiliates. All rights reserved.
Agenda
Panelist Introductions
Best Practices
Oracle’s Best Practice Process and Solution
Panelist Q&A
More Resources
1
2
3
4
29
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Advanced Financial Controls – Design Objectives Protect Against Fraud, Error and Policy Violations
Manage Exceptions
Continuous Monitoring
Configure Best Practice Controls
Author New Audit Rules & Algorithms
30
Link Results to Business Risks Link Results to Business Risks
Stop High Risk Transactions Identical Expenses Split Purchase Orders Duplicate Invoices Unusual Invoice Amt. Unauthorized Spend Blocked Suppliers User Creates Supplier &
Pays invoice
Copyright © 2016 Oracle and/or its affiliates. All rights reserved.
Oracle’s Best Practice Process & Solution
Best Practice Process
– Goal: Find and remediate fraud, error and policy violations in Financials Cloud
– Method:
• Use Advanced Financial Controls to find issues and manage remediation
• Remediate transactions and/or configurations in Financials Cloud, create compensating controls, etc.
– Context:
• Needed by Financials Cloud subscribers
• Foundation for all other advanced financial control activities
Best Practice Solution
– Prescribes steps to configure and use Advanced Financial Controls
– Basis of Oracle University and partner training courses
Benefits of both
– Fastest implementation and go-live
– Maximum ROI
– Minimum project risk and effort
– Minimum ongoing cost of operation
31
Based on our experiences with customers over the past decade and collaborations with audit and compliance experts
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 32
Best Practice Process
Identify Unwanted
Transactions
Deploy Controls
Address Issues
Report Results
32
Create Models and assess results
Remediate unwanted transactions where feasible
Convert Models to Controls
Run Control Analysis periodically
Manage incidents - options:
Remediate transactions
Adjust ERP configuration
Add compensating access controls
Report incident management results to
managers, auditors
Copyright © 2016 Oracle and/or its affiliates. All rights reserved.
Best Practice Solution Outline
33
Admin
Internal Auditor
Business Analyst
Process Owner
1. Gather configuration
data
2. Configure AFC (general, roles,
users)
3. Import Pre-built Models
4. Test & Refine
Models
5. Review Results &
Remediate
6. Define Advanced Controls
7. Schedule Sync & Control Analysis
8. Review Incidents & Remediate
9. Review Incident Reports
Copyright © 2016 Oracle and/or its affiliates. All rights reserved.
Agenda
Panelist Introductions
Best Practices
Oracle: Preview – Best Practice Process
Panelist Q&A
More Resources
1
2
3
4
34
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 35
Diane Analyst
I import pre-built models, test and refine them, and use the results to guide remediation of transaction issues
Manage Models and Deploy Controls
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 36
Import Pre-built Models
Copyright © 2016 Oracle and/or its affiliates. All rights reserved.
Import Pre-built Models Some of the planned pre-built models
Payables
• Identify Duplicate Invoice Entries
• Identify Duplicate Supplier Sites Created in Master
• Identify Purchase Orders that Are Back Dated
• Erroneous High Value Invoices for Payment
• Supplier and Invoices Created by the Same User
Expenses
• Employee Consistently Missing Receipts
• Identify Duplicate Expense Submitted by Employees for Reimbursement
• Split Expense for a Large Event
37
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 38
Configure Model
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 39
Configure Model – Business Objects
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 40
Configure Model- Filter Logic
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 41
Configure Model- Result Attributes
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 42
Review Model Results
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 43
Deploy Controls
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 44
Chris Owner
I review and remediate incidents in my business area
Review and Remediate Incidents
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 45
Review and Remediate Incidents
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 46
Alan Auditor
I review incident reports and re-evaluate our existing advanced controls
Review Incident Reports
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 47
Review Incident Reports
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 48
Best Practice Process
Identify Unwanted
Transactions
Deploy Controls
Address Issues
Report Results
48
Create Models and assess results
Remediate unwanted transactions where feasible
Convert Models to Controls
Run Control Analysis periodically
Manage incidents - options:
Remediate transactions
Adjust ERP configuration
Add compensating access controls
Report incident management results to
managers, auditors
Copyright © 2016 Oracle and/or its affiliates. All rights reserved.
Agenda
Panelist Introductions
Best Practices
Panelist Q&A Chris Doxey Doxey, Inc.
Swarnali Bag Oracle Consulting
More Resources
1
2
3
4
49
Copyright © 2016 Oracle and/or its affiliates. All rights reserved.
Agenda
Panelist Introductions
Best Practices
Panelist Q&A
More Resources
1
2
3
4
50
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. Copyright © 2016, Oracle and/or its affiliates. All rights reserved.
Thursday PANEL SESSION Sep 22, 9:30 AM – 10:15 AM| Moscone West 3005
Implement the Best Practice for Oracle Fusion Advanced Financial Controls Cloud Service [CAS7286]
Swarnali Bag, Governance, Risk & Compliance Practice Lead, Oracle Barry Greenhut, Director, Product Strategy, Oracle Christine Doxey, President, Doxey, Inc. Lakshmi Rajamohan, Principal Product Strategy Manager, Oracle Mark Stebelton, Director, Product Management, Oracle This session provides a detailed walkthrough of Oracle Fusion Financial Controls Cloud Service from an end user’s perspective, and highlights how the product can be configured to automate best practice controls. Oracle Fusion Advanced Financial Controls Cloud Service is designed to meet the common needs of Oracle Financials Cloud subscribers. Based on learning from a decade of customer experience, this session showcases Oracle’s best practice business process for maximum ROI with minimum cost of ongoing operation.
PANEL SESSION Sep 22, 12:00 PM – 12:45 PM | Moscone West 3005
Get Started with Financial Reporting Compliance and Advanced Financial Controls [CON7284]
Barry Greenhut, Director, Product Strategy, Oracle Lakshmi Rajamohan, Principal Product Strategy Manager, Oracle Joel Alvarado, Customer Success Manager, Oracle This session provides you with the most effective project plan to implement Oracle Financial Reporting Compliance or Oracle Fusion Advanced Financial Controls Cloud Service. Participants will learn the shortest and most cost-effective path to success using Oracle’s customer and partner-tested “get started” process. Learn how to plan and adopt these cloud services, and then sustain your use through growth and change. Learn how to get the experience and expertise needed to succeed.
51
Copyright © 2016 Oracle and/or its affiliates. All rights reserved.
For subscribers and partners
To Learn More about Best Practices
Modern Best Practice Oracle University Go-To Partners
Get Started Customer Connect
52
Success Managers
Copyright © 2016 Oracle and/or its affiliates. All rights reserved.
To Learn More about Risk Management Cloud
Cloud Portal Release Readiness User Documentation
53
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. Copyright © 2016, Oracle and/or its affiliates. All rights reserved.
Go-To Partners
Success requires experience and expertise
– get both from our Go-To Partners:
• Guide process owners & participants
through adoption of Best Practice Processes
• Configure software for effective long-term
success: Minimum cost of operation,
Maximum flexibility to adapt to change
To learn more and get connected, contact
your Oracle Success Manager
54
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. 55 55
Join our LinkedIn Group For the latest Updates and Presentations .
Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 59
Oracle Confidential – Internal/Restricted/Highl
Oracle Confidential – Internal/Restricted/Highl
60