a leader in risk based enterprise controls management ... · pdf file1 allow address change...
TRANSCRIPT
Leverage T echnology: Move Your Business Forward™
Risk and Compliance Financial Reporting Internal Audit Controls Catalog Application Security Advanced Analytics
A Leader in Risk Based Enterprise Controls Management Solutions
Copyright ©. Fulcrum Information Technology, Inc. Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes
Mitigate Risk of Losses, Waste and Fraud in your Procure-to-Pay Process with Smart Controls
for Oracle
Educational Webinar Series
Adil Khan, Managing Director
March 29th , 2016
www.fulcrumway.com Page 2 Copyright © FulcrumWay
Oracle EBS R12 Procure to Pay
Introductions
Oracle Payables and Procurement Overview
Procure to Pay Controls Check List
Oracle EBS Configurations that Mitigate Risks
Smart Controls – A Case Study
Q&A
Agenda
www.fulcrumway.com Page 3 Copyright © FulcrumWay
Introductions
Oracle Payables and Procurement Overview
Procure to Pay Controls Check List
Oracle EBS Configurations that Mitigate Risks
Smart Controls – A Case Study
Q&A
Agenda Oracle EBS R12 Procure to Pay
www.fulcrumway.com Page 4 Copyright © FulcrumWay
FulcrumWay™ Insight
Thought Leadership
Co-Authored GRC Book: First book on GRC for Oracle Applications
FLOAUG Innovate 16 - February 12th – Orlando: Oracle Role Based Security and Oracle Cloud
Educational Webinar – February 25rd – Self Service User Provision
Educational Webinar – March 22nd – Procure to Pay Process Optimization with Controls Monitoring
Collaborate 16 – April 11th, 2015 Las Vegas GRC Client Appreciation Dinner
Educational Webinar – May 24th – Hire to Retire Controls in Oracle Fusion HCM
Oracle Open World – Annual GRC Dinner on September 19th, 2016 - San Francisco, CA
LinkedIn –FulcrumWay Risk, Compliance and Audit Software Group
International GRC Round Tables – Sydney, London, Johannesburg, Dubai See events page for details
Proven Expertise
www.fulcrumway.com Page 5 Copyright © FulcrumWay
FulcrumWay Client Studies Successful
Track Record Government Oil and Gas
Healthcare
Communications
Financial Services
Transportation Natural Resources
Manufacturing
Retail
High Tech Media/Entertainment Life Sciences
www.fulcrumway.com Page 6 Copyright © FulcrumWay
Introductions
Oracle Payables and Procurement Overview
Procure to Pay Controls Check List
Oracle EBS Configurations that Mitigate Risks
Smart Controls – A Case Study
Q&A
Agenda Oracle EBS R12 Procure to Pay
www.fulcrumway.com Page 7 Copyright © FulcrumWay
Business Process Models Service Oriented Architecture
Corporate Performance Management Collaboration
Strategic Sourcing & Contract Mgmt
Supplier Collaboration
Spend Categories
Indirect & MRO
Direct
Materials
Services SWIFTNet
Settlement
Payment
Processors
Requisition Purchase
Goods /
Services
Receive
Goods /
Services
Invoice Issue
Payments
Banks
Oracle Procure-to-Pay
Control Points Process Controls
www.fulcrumway.com Page 8 Copyright © FulcrumWay
Business Process Models Service Oriented Architecture
Corporate Performance Management Collaboration
Supplier Collaboration
Spend Categories
Indirect & MRO
Direct
Materials
Services SWIFTNet
Settlement
Payment
Processors
Requisi-
tion
Purchase
Goods /
Services
Receive
Goods /
Services
Invoice Issue
Payments
Banks
Oracle Procure-to-Pay
Are your vendors compliant with trade regulations? Are the vendors
blacklisted?
Do you have duplicate suppliers?
Are there inappropriate associations between a
vendor and an employee?
Are there frequent changes to Supplier
information?
Are you missing critical supplier information? Is the information valid?
Strategic Sourcing & Contract Mgmt CONTROLS
Process Controls
www.fulcrumway.com Page 9 Copyright © FulcrumWay
Business Process Models Service Oriented Architecture
Corporate Performance Management Collaboration
Strategic Sourcing & Contract Mgmt
Supplier Collaboration
Spend Categories
Indirect & MRO
Direct
Materials
Services SWIFTNet
Settlement
Payment
Processors
Receive
Goods /
Services
Invoice Issue
Payments
Banks
Oracle Procure-to-Pay
Do you have duplicate Purchase Orders?
Are there purchases with non-preferred vendors?
Are there split POs?
Are POs created on the same day as goods
arrive? Requisition
Purchase
Goods /
Services
CONTROLS
Process Controls
www.fulcrumway.com Page 10 Copyright © FulcrumWay
Business Process Models Service Oriented Architecture
Corporate Performance Management Collaboration
Strategic Sourcing & Contract Mgmt
Supplier Collaboration
Spend Categories
Indirect & MRO
Direct
Materials
Services SWIFTNet
Settlement
Payment
Processors
Requisi-
tion
Purchase
Goods /
Services
Banks
Oracle Procure-to-Pay
Are you making accurate and timely payments?
Did the person making the payment create or modify
the vendor?
Are there discrepancies in freight charges?
Receive
Goods /
Services Invoice
Issue
Payments
CONTROLS
Are payment term changes reviewed before payment?
Are there duplicate invoice amounts being processed?
Process Controls
www.fulcrumway.com Page 11 Copyright © FulcrumWay
Introductions
Oracle Payables and Procurement Overview
Procure to Pay Controls Check List
Oracle EBS Configurations that Mitigate Risks
Smart Controls – A Case Study
Q&A
Agenda Oracle EBS R12 Procure to Pay
www.fulcrumway.com Page 12 Copyright © FulcrumWay
Process Risk Management
Detect/
Analyze
Findings
Implement
Corrective
Actions
Monitor
Controls
Scope
Application
Controls
Sample
ERP
Data
Manage
Exceptions
Implement
Controls
Risk Advisors/
ERP Managers/
Control Owners Risk Advisors/
Control Owners
Control
Owners/
ERP
Managers
Establish
Test
Environment
Assess Risk Identify Risk
Design Controls
Advanced
Controls
Experts/
ERP Managers
Approach
www.fulcrumway.com Page 13 Copyright © FulcrumWay
Oracle Controls Checklist Procure to Pay
Item Configuration Control Risk
1 Allow Address Change (Single Payment) Set to No Check payments are sent to an incorrect or invalid address, which could increase
the risk of unauthorized payments.
Automatically Create Employee as Supplier Define Unauthorized supplier records are created for unauthorized employees, which may
result in invalid reimbursement of employee expenses.
2 Allow Pre-Date (Single Payment) Set to No Payments may be recorded on dates preceding invoice dates, resulting in an
understatement of the AP liability account.
3 Use Invoice Approval
Allow Force Approval Set to Yes Unapproved or invalid invoices are created and paid.
4 Hold Unmatched Invoice Set to Yes Supplier may over-bill and invalid or inaccurate invoices may be paid that could
increase the risk of unauthorized transactions and misstatement in accounts.
5 HR: Expand Role of Contingent Worker
profile option Set to No Unauthorized commitments and orders could be made by contingent workers,
outside of the corporate policy.
6 Purchasing approval groups Define Approval groups and assignments may not be appropriately defined, resulting in
invalid or unauthorized approval of transactions.
7 Owner Can Approve Set to No Unauthorized changes to transactions may occur resulting in unauthorized orders,
requisitions or other transactions. 8 Approver Can Modify
Set to No
9 Use Approval Hierarchies Set to Yes Documents may be authorized by the incorrect authority.
www.fulcrumway.com Page 14 Copyright © FulcrumWay
Procure to Pay
Item Configuration Control Risk
10 GL Date Basis S (system)/I (Invoice) Liabilities are not recorded in the correct period.
11 Employee Signing Limits Define Employees may be allocated greater signing limits than planned, resulting in
employee expenses outside of company policy.
12 Exchange Rate Amount" tolerance
configuration Define Inconsistent exchange rates may be used resulting in inaccurate and invalid
valuation of accruals and liabilities.
13 The "Shipment Amount" tolerance
configuration
Define Liabilities may be misstated if invoice amounts are more than what was ordered
and received; or vice versa.
14 Allow Distribution Level Matching Set to Yes Invoices can only be matched to shipment lines, potentially resulting in invalid
accounting of the invoice.
15 Over Receipt Tolerance
Over Receipt Action Verify Values Goods may be received and paid for which were not ordered, or payments may be
made for services which were not actually rendered.
16 Receipt Required Set to Yes. Verify for
outside processing,
rate based temp labor,
fixed price temp labor
and fixed price services
Invoices are paid without receiving goods/services
17 eBTax: Allow Override of Tax Recovery
Rate profile option Set to No The tax recovery rate could be overridden by unauthorized individuals, resulting in
inaccurate tax calculations.
Oracle Controls Checklist
www.fulcrumway.com Page 15 Copyright © FulcrumWay
Introductions
Oracle Payables and Procurement Overview
Procure to Pay Controls Check List
Oracle EBS Configurations that Mitigate Risks
Smart Controls – A Case Study
Q&A
Agenda Oracle EBS R12 Procure to Pay
www.fulcrumway.com Page 16 Copyright © FulcrumWay
Navigation: Purchasing Supper User > Setup > Purchasing > Document Types
Purchase Order Approval Purchasing
Configuration
www.fulcrumway.com Page 17 Copyright © FulcrumWay
Payables
Configurations User Invoice Approval Workflow
Navigation: Payable Manager--> Setup -->Options--> Payables Options
Click on Approval Tab
www.fulcrumway.com Page 18 Copyright © FulcrumWay
Navigation: Payable Manager--> Setup -->Options--> Payables Options
Click on Approval Tab
Allow Force Approval Payables
Configurations
www.fulcrumway.com Page 19 Copyright © FulcrumWay
Navigation: Payables Super User->Supplier ->Entry. Select Supplier, and then Click Invoice
Management
AP Invoice Payment Discounts Payables
Configurations
www.fulcrumway.com Page 20 Copyright © FulcrumWay
Navigation: Purchasing Supper User ->Setup-> Organizations -> Receiving Options
Receiving Tolerance Level Receiving
Configurations
www.fulcrumway.com Page 21 Copyright © FulcrumWay
Navigation: Payables Super User->Setup->Options->Payables Options and then click on Invoice
Tab.
Payable Invoice Posting to GL GL Posting
Configurations
www.fulcrumway.com Page 22 Copyright © FulcrumWay
Oracle EBS R12 Payables and Purchasing
Configurations
Introductions
Oracle Payables and Procurement Overview
Procure to Pay Controls Check List
Oracle EBS Configurations that Mitigate Risks
Smart Controls – A Case Study
Q&A
Agenda
www.fulcrumway.com Page 23 Copyright © FulcrumWay
Fiscal watchdog ensures tens of billions of dollars in
payments are lawful and correct
Our Client
A state government agency responsible for safeguarding financial assets – more than $120 billion of public funds.
Helps local governments and nonprofits invest their money with flexibility, security, and confidence.
Challenges Replace fragmented legacy system for recovery audit department with a single incident management system Replace manual control checklists with a audit analytics system to identify suspicious vouchers submitted for payments by 28+ agencies across the state. Assign suspension transaction to auditors for final review and approval using a pattern matching system
Solutions
Oracle GRC Advanced Controls
Results: Reduce erroneous payment processing by 5% on millions of payments processed each day by consolidating all vouchers across 28 agencies into a single data hub. Improve incident investigation process by establishing business rules to assign incidents based upon risk level, investigation type, priority that match the auditor skills and job role Provide management visibility and independent oversight to monitor approved and rejected payments Eliminate inconsistent and contradictory actions by auditors by providing a structured investigation process based on approved investigation checklists based on type of the suspicious transaction. Optimize recover audit business process with integration to the ERP system for vendor management and payment processing
Case Study
www.fulcrumway.com Page 24 Copyright © FulcrumWay
Our Client Designs, develops, markets, and distributes footwear for men, women, and children
The company operates through four segments: Domestic Wholesale Sales, International Wholesale Sales, Retail Sales, and E-commerce Sales.
Operates 122 stores, 131 factory outlets, and 71 warehouse stores in the United States; and 44 stores and 26 factory outlets internationally.
Challenges Control cash leakage in Procure to Pay Process. Assess Vendor Risks based on internal and external data sources Streamline internal audit of Fright costs, Media fees Ensure Contract compliance
Solutions
Oracle Transaction Controls
FulcrumWay OAT™ Analytics
Results: Enabled AP payment tracking , and prevented over 200K in future losses by catching them earlier. Enabled comprehensive vendor risk analysis using all available data - from fraud and conflicts of interest to lapsed business licenses and liability concerns. Safeguarded freight-related disbursements by identifying payment errors and analyzing whether vendors and carriers have complied with your shipping guidelines Enabled Agency and media invoices match up. Identify duplicates and overpayments, review contracts, media plans, insertion orders, print orders and billing statements, and accurately determine whether there have been mistakes and under-achieving performance. Improved contract compliance combines using automated techniques with focused strategic buyer dashboards to identify the causes behind overpayments, and developed prevention techniques for minimizing future exposure.
Case Study A global leader in the lifestyle footwear
controls cost with Transaction Analytics
www.fulcrumway.com Page 25 Copyright © FulcrumWay
Smart Controls
Layer of automated controls over ERP controls
Continuously monitor key controls
Detect and Report issues as they occur
Prevent issues from occurring
Quickly see high risk issues with exception based dashboards
Address issues that affect the bottom line
Reduces operational risk and improve process effectiveness
What are Smart Controls?
www.fulcrumway.com Page 26 Copyright © FulcrumWay
Procure to Pay Standard Controls
Prevent Duplicate
Supplier Name and Sites
www.fulcrumway.com Page 27 Copyright © FulcrumWay
Procure to Pay Standard Controls
Requisitions Require PO Approval
www.fulcrumway.com Page 28 Copyright © FulcrumWay
Procure to Pay Standard Controls
Purchase Orders can only be issues to
valid suppliers and goods received at
valid sites
Purchase Orders Require
Approval
www.fulcrumway.com Page 29 Copyright © FulcrumWay
Procure to Pay Standard Controls
Goods and Services are received based
on control configurations
www.fulcrumway.com Page 30 Copyright © FulcrumWay
Procure to Pay Standard Controls
Duplicate Invoice numbers are
prevented
Invoice items are matched with PO and Receiving to
ensure 3-Way match
www.fulcrumway.com Page 31 Copyright © FulcrumWay
Procure to Pay Standard Controls
Payments are released to valid
suppliers and Invoices
Payments Terms are enforced
www.fulcrumway.com Page 32 Copyright © FulcrumWay
Smart Business = Standard + Smart Controls
User Roles
3-Way
Match
Track
Payments
Sentiment
Analysis
Split
Purchase
Orders Hide
Displays of
Sensitive
Data
Duplicate
Payments
Transaction
Threshold
Amounts
Duplicate
Vendors
Fine-
grained
User
Access
Configuration
Snapshots &
Audit Trial
Transaction
Pattern
Analysis
Fuzzy
Logic,
‘similar
values’
Smart
Controls
Standard
Controls
Approval
Hierarchies Track
Discounts
Case Study
www.fulcrumway.com Page 33 Copyright © FulcrumWay
Smart Controls Transaction Monitor – Duplicate Invoices
www.fulcrumway.com Page 34 Copyright © FulcrumWay
www.fulcrumway.com Page 35 Copyright © FulcrumWay
Smart Controls Definition – Control Model Logic
www.fulcrumway.com Page 36 Copyright © FulcrumWay
Smart Controls Incident Management
www.fulcrumway.com Page 37 Copyright © FulcrumWay
Smart Controls Preventive Controls
www.fulcrumway.com Page 38 Copyright © FulcrumWay
Smart Controls Preventive Controls
www.fulcrumway.com Page 39 Copyright © FulcrumWay
Smart Controls Procure to Pay with Smart Controls
www.fulcrumway.com Page 40 Copyright © FulcrumWay
Over 1000 Smart Controls for ERP
Select Configuration, Master Data and Transaction Controls
Detect control weaknesses across ERP system to identify business process optimization opportunities
Case Study
www.fulcrumway.com Page 41 Copyright © FulcrumWay
Sign-up for FREE 14 Days Evaluation Q & A
Register online and
download Dataprobe to
identify P2P Risks in EBS