a leader in risk based enterprise controls management...

Leverage T echnology: Turn Risk into Opportunity™

Risk and Compliance Financial Reporting Internal Audit Controls Catalog Application Security Advanced Analytics

A Leader in Risk Based Enterprise Controls Management Solutions

Copyright ©. Fulcrum Information Technology, Inc. Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes

Is Your ERP Leaking Cash? Monitor PO and AP transac/ons to prevent losses, control supplier master data changes and detect misconfigura/ons

in Oracle EBS R12 Payables and Purchasing applica/ons.

NorCalOAUG – August 26, 2014

Brian Amato

Client Services Director

www.fulcrumway.com Copyright © FulcrumWay

Is Your ERP Leaking Cash?

!   Introductions !   Top Procure to Pay challenges in ERP !   Overview of Payable and Purchasing Controls !   Advanced Controls Analytics !   Case Study !   Q&A

Agenda


A Leader in Risk Based Controls Management™

! FulcrumWay: is the #1 End-to-End Provider of Risk Based Enterprise Controls Management Solutions for Oracle EBS, PeopleSoft and JDE customers with over 200 Fortune-500 to Middle Market clients. Since 2003, we have successfully assisted companies across all major industry segments.

! Expertise: Risk Advisory Services. Advanced Controls Design for Enterprise Applications. Best Practices for Risk Mitigation and Internal Controls Automation. Audit, Compliance, Financial, Enterprise and Operational Risk Assessments. Risk Remediation Services.

! Packaged Solutions: FulcrumWay is the #1 choice of Oracle customers for Oracle GRC Advanced Controls, GRC Manager, and GRC Intelligence/OBIEE software implementation. Oracle has certified us as the only partner with Accelerators for Oracle GRC. We also provide Managed Services

! Software Services: Risk Assessment for ERP systems, Control Design and Management Tools, Controls Catalog, Enterprise Risk Manager, Financial Reporting Manager, Audit Manager

! USA Presence: Privately held Delaware Corporation with US offices in New York City, Dallas and San Francisco

! International Presence: in Auckland, Chennai, Johannesburg, London, Mexico City

FulcrumWay!


FulcrumWay Clients Successful Track Record

Government Oil and Gas

Healthcare

Communications

Financial Services

Transportation Natural Resources

Manufacturing

Retail

High Tech Media/Entertainment Life Sciences


FulcrumWay™ Insight Thought Leadership

! Co-Authored GRC Book: First book on GRC for Oracle Applications

! SROAUG GRC Solution Lab - February 21st – Los Angels: GRC Case Studies and Best Practices

! Collaborate 14 – GRC Client Appreciation Dinner April 7th, 2014 Las Vegas

! NEOAUG Spring Conference – June 9th – Worcester, MA -GRC Case Studies and Best Practices

! IIA/ISACA GRC Conference – August 19th, 2014 - Presentations – Five New Ways to Assess the Risks that Can Turn Results into Rewards

! Webcasts – Every 3rd Tuesday of the Month – GRC Best Practices, Trends and Expert Insight

! Oracle Open World – Annual GRC Dinner on September 29th, 2014 - San Francisco, CA

! LinkedIn –FulcrumWay Risk, Compliance and Audit Software Group

! YouTube Podcasts – FulcrumWay Instant Insight in 10 min or less

Proven Expertise




Agenda


Top Procure to Pay Challenges

Organizations are seeking new ways to transform their rapidly growing data into insight that mitigates risks and unlocks new opportunities. However, using the traditional reporting tools to look for unusual patterns in large data sets is like finding a needle in haystack. The problem is not the resources, or the personnel, or the data. It’s that many organizations simply don’t have the advanced analytics required to arrange the data, identify suspicious patterns and weaknesses, at least not fast enough. There’s too much data, and not enough analytics!



“By 2016, 70 Percent of the Most Profitable Companies Will Manage Their Business Processes Using Real-Time Predictive Analytics” – Gartner Hidden bottlenecks, repetitions, and loopbacks in business

processes can now be tracked, exposed, analyzed and addressed easily and efficiently, which leads to increased efficiency. Exposing these problematic business activities within the processes also allows for a more effective business process optimization, reduces costs, and improves the bottom line.



How does cash leak through your ERP system? Top 10 Issues Business Risk Bottom Line Impact Duplicate Invoices – 2 invoices Overpayment to Supplier Cash Leakage

Duplicate Invoices – 2 vehicle Overpayment to Supplier Cash Leakage

Erroneous Charges to Invoice Overpayment to Supplier Cash Leakage

Late Payment Overpayment to Supplier Cash Leakage

Tax Errors Inaccurate Tax Cash Leakage

Duplicate Vendor in Vendor Master File Inaccurate Vendor Master Cash Leakage

Purchase order Related Issues Financial Fraud and Misuse Cash Leakage

Early Payment Untimely Payment to Supplier Negative Cash Flow

Missed Discounts Untimely Payment to Supplier Negative Cash Flow




Agenda


ERP Control Detective: §  Detect invoices with “Similar” invoice number, same amount to the one supplier §  Detect invoices made to the same suppliers but in different business unit

§  Detect invoices made to different vendor with very similar names Preventive:

•  Put duplicate invoices on hold until proper investigation is complete

• Discrepant Invoices • Late Payments • Honest mistake/ Fraud

Issue1: Duplicate Invoices – 2 Invoices


ERP Control Detective: §  Detect suppliers with multiple method of payment §  Detect payment made by procurement card and checks Preventive: •  Put duplicate invoices on hold until proper investigation is complete •  Prevent Supplier from getting paid through paper invoice if he is setup for electronic payment

•  2 Vehicles like Invoices and P-Card •  Paper Invoice and Electronic Process •  Expense Report and Petty Cash •  Multiple payment vehicle for a vendor

Issue2: Duplicate Payments – 2 Vehicle


ERP Control Detective: §  Detect invoices where freight was charged when in PO it was supposed to be pre-paid by the

vendor §  Detect invoices where freight was charged and warehouse charged freight separately §  Detect invoices billed for quantities than what was actually shipped

Preventive: •  Put suspect invoices on hold until proper investigation is complete

Issue3: Erroneous Charges to Invoice

•  Who pays freight, insurance? •  Are invoices based on POs? •  Special deals


ERP Control Detective: §  Detect invoices that are approaching due date base on supplier/ PO payment term §  Identify users who have consistently not paid vendors on time

§  Detect payments to vendors that are consistently late Preventive:

•  Send alerts on upcoming payments that are approaching due dates

Issue4: Late Payments

•  “Never pay late fees” •  Open Vendor Credit •  Can result in Duplicate Payment


ERP Control Detective: §  Detect sales tax invoices by vendors for non-taxable items §  Identifies use tax in error on non-taxable goods and services

§  Identify all VAT invoices that are approaching due date of the calendar year §  Detect if sales tax goes over a threshold value

§  Identify supplier invoices where VAT is charged based on supplier location vs where the service is rendered

Issue5: Tax Errors - Sales/ Use/ VAT

• Wrong Amounts • Proper jurisdiction • Proper documentation • VAT Reclaim


ERP Control Detective: §  Duplicate payment made to multiple entities of the same supplier §  Identify purchases made from unapproved vendors

§  Identify suppliers with similar or different names but with same Tax ID Number or address §  Identify suppliers who exists in the “Do not do business with” suppliers Preventive: §  Ensure Segregation of duties between supplier creation and other conflicting functions

§  Detect suppliers with similar names at the time of supplier creation

Issue6: Master Vendor Management

• Potential duplicate payments • Segregation of Duties Concern • Correspondence Issues


ERP Control Detective: §  Detect Split PO to work around approval threshold §  Detect standard PO issued to a supplier where a blanket PO exists

Preventive: §  POs over a certain threshold require approvals

§  Good receipts cannot take place without an approved PO §  Mandate PO number during invoice creation

Issue7: Purchase Order Problems

•  Split Purchase Order •  Blanket Purchase Order •  After the Fact PO


ERP Control Detective: §  Identifies special rebate from the PO contract that the invoice failed to mention §  Track invoices that missed discount date by a little margin Preventive: •  Send alerts on upcoming discounts available for payments above a threshold

Issue8: Missed Discounts

• Inefficient processing • Best financial return for any company • Track discount lost and why • Fix root causes whenever possible


ERP Control Detective: §  Detect payments made earlier than supplier payment term §  Alerts a user if payment term setup is changed

Preventive: •  Set up an approval process if payment term is changed •  Prevent payment term to be changed •  Ensures segregation of duties between invoice creation and supplier creation

Issue9: Early Payment

•  Negative cash flow •  Fraud •  Analyze early payments


ERP Control Detective: §  Identify suspicious activity between coworkers to highlight the pattern of interrelationship in the

expense reports §  Detect expenses claimed in an expense report instead of booking through approved channels §  Detect expense splitting

Preventive: •  Deny expenses through unapproved channels unless approved by senior management

Issue10: Travel & Entertainment

•  Employee misuse •  Constant leakage to the bottom line •  Make manager responsible •  Part of annual review




Agenda


Advanced Controls

!   Layer of automated controls over ERP controls !   Continuously monitor key controls !   Detect and Report issues as they occur !   Prevent issues from occurring !   Quickly see high risk issues with exception based dashboards !   Address issues that affect the bottom line !   Reduces operational risk and process effectiveness

What are Advanced Controls?


Advanced Controls One Enterprise Foundation

Enterprise Risk & Controls Foundation

Dashboards, Reports and Alerts Notifications Worklists Email Perspectives Search

Risk, Controls & Compliance Management Reviews Documentation Assessments Remediation Surveys

Continuous Controls & Risk Monitoring Setups Access Master Data Audit Tests Transactions

User Authored Controls Data Connectors Fraud & Error Patterns

Rol

e B

ased

Acc

ess

Secu

rity

Web

Ser

vice

s &

API

s

Custom or Legacy Applications

§  Risk & Controls Repository §  Assess and Certify §  Detect Policy Violations

§  All Users & Applications §  100% of Transactions §  All Processes

  Procure to Pay   Order to Cash   Financial Reporting   User Access

§  Manage by Exception §  Optimize Processes


Standard + Advanced Controls

User Roles

3-Way Match

Track Payments

Sentiment Analysis

Split Purchase

Orders Hide Displays of Sensitive

Data Duplicate Payments

Transaction Threshold Amounts

Duplicate Vendors

Fine-grained

User Access

Configuration Snapshots & Audit Trial

Transaction Pattern Analysis

Fuzzy Logic, ‘similar values’

Advanced Controls

Standard Controls

Approval Hierarchies

Track Discounts

Advanced Controls


Ontology based Advanced Transaction (OAT) Analytics

User Roles

3-Way Match

Track Payments

Sentiment Analysis

Split Purchase

Orders Hide Displays of Sensitive

Data Duplicate Payments

Transaction Threshold Amounts

Duplicate Vendors

Fine-grained

User Access

Configuration Snapshots & Audit Trial

Transaction Pattern Analysis

Fuzzy Logic, ‘similar values’

Advanced Controls

Standard Controls

Approval Hierarchies

Track Discounts

Advanced Controls

FulcrumWay OAT Analytics™ discovers your data source and creates enterprise ontology catalog including business objects, attribute, era, frequency, patterns and model logic to deliver insight within just a few weeks


Advanced Controls Procure to Pay with Advanced Controls


Advanced Controls Exception Based Dashboard


Advanced Controls Continuous Monitor – Duplicate Invoices


Advanced Controls Definition – Control Model Logic


Advanced Controls Incident Management


Advanced Controls Preventive Controls


Advanced Controls




Agenda


Case Study

!   Designs, develops, markets, and distributes footwear for men, women, and children, as well as performance footwear for men and women

!   The company operates through four segments: Domestic Wholesale Sales, International Wholesale Sales, Retail Sales, and E-commerce Sales.

!   As of February 15, 2014, the company operated 122 concept stores, 131 factory outlet stores, and 71 warehouse outlet stores in the United States; and 44 concept stores and 26 factory outlets internationally.

A global leader in the lifestyle footwear controls cost with OAT Analytics™


Analytics Use Cases by Process and Industry

! Accounts Payable Audits: Track all your claims closely, and prevent future losses by catching them earlier. Improve vendor relationships by submitting only verified high-quality claims, all resulting in less work for you, and more accurate, more profitable results

! Merchandise Audits: Detect merchandising errors early by finding the facts as close to the transaction as possible. This helps your company reduce operating expenses through recoveries.

! Vendor Risk Assessment: Comprehensive vendor risk analysis to analyze all available data for optimal results. Research a wide variety of potential vendor risks – from fraud and conflicts of interest to lapsed business licenses and liability concerns.

! Freight Audits: Safeguard freight-related disbursements by identifying payment errors and analyzing whether vendors and carriers have complied with your shipping guidelines

! Media Audits: Agency and media invoices match up. Identify duplicates and overpayments, review contracts, media plans, insertion orders, print orders and billing statements, and accurately determine whether there have been mistakes and under-achieving performance.

! Contract Compliance: In-depth review of contract compliance combines automated techniques with focused strategic buyer discussions. Identify the causes behind overpayments, and developing customized prevention techniques for minimizing future exposure.

Case Study


Implementation Approach for Reliable, Affordable, Rapid and Easy (RARE) Insight Case Study

Assess

• Iden/ty data-‐sources, business objects, aHribute era, frequency, paHerns and model logic • Create object catalog, condi/ons and paHerns and transac/on excep/ons using DataProbe™ • Confirm Findings and Gap.

Design

• Map data source objects catalog to OAT (Protégée) • Define transac/on model logic in terms of data-‐sources, business objects, aHribute era, frequency, and paHerns • Confirm Design. Iden/fy out of the box vs custom objects for install

Install / Configure

• Install Advanced Controls plaVorm • Configure data-‐source, objects, and models • Unit Test and Verify Results

Test / Train

• Train users, managers, and administrators • Conduct user acceptance tes/ng

Deploy

• Setup produc/on system • Support administrators as needed


AP Audit! FulcrumWay Retail Industry

Claims Trend


Merchandise! FulcrumWay Retail Industry

Merchandise Losses

Net Price


Vendor Risk! FulcrumWay Retail Industry


Freight! FulcrumWay Retail Industry


Media! FulcrumWay Retail Industry


Industry Opportunities What is Possible with OAT AnalyCcs™




Agenda


Leader in Risk Based Enterprise Controls Q & A!

One-on-One with Experts Download DataProbe

Follow FulcrumWay on LinkedIn for ERP Risk and Controls

a leader in risk based enterprise controls management...

Documents