Download - FulcrumWay GRC Solutions
Leverage Information Technology:
Turn Corporate Governance into Business Performance™
Risk Assessment and
Controls Monitoring
Copyright ©. Fulcrum Information Technology, Inc.
A FulcrumWay International Regional Service Partner
www.mantala.com.mtPage 2
FulcrumWay Market Leadership
FulcrumWay: is the #1 End-to-End Provider of Governance, Risk and Compliance Expertise, Solutions and Software Services for Oracle enterprise customers
Expertise: Risk Management, Compliance, IT Audit, Internal Controls, Financial Reporting and GRC Software implementation consulting services. Since 2003, we have successfully assisted over one hundred Fortune-500 to Middle Market companies across all major industry segments.
Packaged Solutions: Oracle certified Systems Integrator and ISV member of the Oracle Partner Network. FulcrumWay solution are built on software technologies from Oracle Corporation. FulcrumWay GRC Solutions are the #1 choice of Oracle customers.
Software Services: We enable organizations to assess Financial, Operational and Information Technology risks, monitor internal controls and optimize business processes. Auditors, Risk Managers and Business Process Owners can rapidly assess enterprise risk and monitor controls using web based software services.
Privately Held Delaware corporation with US presence in:New York, Texas and California
International Presence in UK, Chile, Italy, Singapore, Turkey and India
www.mantala.com.mtPage 3
Media and Entertainment
Financial Services
Healthcare
Natural Resources
Life Sciences
Industrial Manufacturing
Defense Oil and Gas
High Technology
Retail
FulcrumWay Clients
Industrial Equipment
Communications
www.mantala.com.mtPage 4
FulcrumWay™ InsightFulcrumWay™ Insight
Thought Leadership
Compliance Week Magazine - Healthcare Firm Aligns Compliance Efforts, Cuts Costs
Economist Magazine –Compliance Guide for Enterprise Systems
Podcasts – How Automating the Enterprise Risk Management Process helps organizations comply with regulations
OAUG GRCSIG - Impact of AS5 for Oracle Enterprise Customers
IIA – Top Five Reasons for Automating Application Controls
Oracle Open World – Annual GRC Dinner, GE and Birds Eye Case Study
Collaborate - Financial Governance - Achieving Timeliness, Reliability and Efficiency in Financial Management and Reporting
Webcasts – GRC Best Practices, Trends and Expert Insight
www.mantala.com.mtPage 5
FulcrumWay 2009 EventsFulcrumWay 2009 Events
Current, Recent and Upcoming Events
December 16 – Webinar " Strengthening Compliance and Performance by improving the Financial Transaction Controls and Close Processes "December 2 – Financial Governance Luncheon in Palo Alto November 18 - Webinar "Ensuring Compliant Processes and IT Risk Management with Configuration Change Controls"November 13 – FulcrumWay at the SROAUG Meeting in Los Angeles at the LAX Crowne PlazaNovember 4 – “OAUG GRC Special Interest Group Meeting: GRC Highlights @ Oracle OpenWorld 2009”October 28 – “Aligning Risk and Performance Management” Oracle iSeminarOctober 22 – “Slashing Compliance Costs and Boosting Risk Management In Midsized Companies” free WebinarOctober 21 – “Risk and Compliance Management Power Across the Enterprise: Oracle’s Enterprise GRC Manager” free WebinarOctober 11-15 – Oracle OpenWorld: 4 GRC Sessions and the Sixth Annual GRC Roundtable DinnerSeptember 29 – NYC Metro OAUG Meeting GRC SessionSeptember 16 – “Risk and Compliance Management Success Stories: GRC Business Cases that Get Approved” free Webinar
www.mantala.com.mtPage 6
Governance, Risk and Compliance Challenges
Detect and Prevent Outright Fraud
Mitigate Financial Misstatement Risk
Develop and Maintain Sustainable Regulatory Compliance Processes
Effectively Test and Monitor Internal Controls
Dell Talking Again After AuditMore than four years of intentionally misstated results will cost the computer maker millions. Says one exec: “This is not a happy story”
Business Week, 2008
The Public Company Accounting Oversight Board issued a 33-page alert to auditors, telling them to plan their audits with an eye towards the new risks that spring from management acting under economic pressure.
Compliance Week, 2009
Online fraud is becoming so lucrative, said Katherine Hutchison, PayPal’s senior director of global risk management, that it has developed into an industry with specialized players that hire each others in areas such as harvesting credit card numbers and freight forwarding. “A single professional thief doesn’t have to have all of the skills needed to commit fraud,” she said.)
WSJ April, 2009
www.mantala.com.mtPage 7
Current State • Managed in silos
• Mostly reactionary
• More projects than programs
• Handled separately from mainstream processes and decision-making
• People used as middleware
• Limited and fragmented use of technology
GRC Program Management
Future State • Enterprise approach
• Integrated controls and processes
• Program based approach
• Embedded within mainstream processes and decision-making
• Effective use of information technology
• Architected solutions
Enterprise GRC Program Management
(c) OCEG, 2008
www.mantala.com.mtPage 8
The Big Picture: GRC Maturity
Informal:
Adhoc approach
Compliant but at a high cost to business
Manual control
No best practices
Reactive:
Tactical approach
Risks are documented
Manual risk assessment and reporting
After the fact reporting
Proactive:
Unified, standardized & strategic approach
Policies are enforced
Automated process
Prevent policy violation
Optimized:
GRC objectives embedded throughout the organization
Analyze and trend
Automated risk mitigation / Predictive risk assessments
Compliance and Audit Automation
Controls and Process Monitoring
Integrated GRC
IT Governance
Enterprise Risk Management
Financial Governance
www.mantala.com.mtPage 9
Enterprise Applications / IT InfrastructureEnterprise Applications / IT Infrastructure
Oracle EBS Hyperion JD Edwards PeopleSoft SAP Legacy/Custom
Significant Business Processes / Operations ManagementSignificant Business Processes / Operations Management
Financial Close Procure to Pay Hire to Retire Other …Order to Cash
Financial ManagementFinancial Management Operations ManagementAudit / ComplianceAudit / Compliance
Enterprise ManagementEnterprise Management
Corporate Governance Planning and Forecasting Performance Management Risk Management
Reporting
Budgeting Reconciliation
Audit Planning Assessment / Testing
Issues / Actions
Enterprise Model
www.mantala.com.mtPage 10
Continuous Controls Monitoring / IT Governance Continuous Controls Monitoring / IT Governance
Oracle EBS Hyperion JD Edwards PeopleSoft SAP Legacy/Custom
Process MonitoringProcess Monitoring
Financial Close Procure to Pay Hire to Retire Other …Order to Cash
Financial GovernanceFinancial Governance Operations ManagementAudit / Compliance Audit / Compliance AutomationAutomation
Enterprise Risk ManagementEnterprise Risk Management
Corporate Governance Planning and Forecasting Performance Management Risk Management
Reporting
Budgeting Reconciliation
Audit Planning Assessment / Testing
Issues/ Actions
FulcrumWay Enterprise Solutions Framework
GR
C I
nte
gra
tio
nG
RC
In
teg
rati
on
www.mantala.com.mtPage 11
Continuous Controls Monitoring / IT GovernanceContinuous Controls Monitoring / IT Governance
Process MonitoringProcess Monitoring
Financial GovernanceFinancial Governance Operations ManagementAudit / Compliance Audit / Compliance AutomationAutomation
Enterprise Risk ManagementEnterprise Risk Management
FulcrumWay End to End GRC ServicesG
RC
In
teg
rati
on
GR
C I
nte
gra
tio
n
Financial Risk Dashboard Governance/Policy Dashboard Operational Risk Dashboard KPI/KRI Dashboard
Automated Reconciliation
Disclosure Workflow Financial Intelligence
Plan Optimizer Test AutomationSelf-Assessment
Issue / Remediation Workflow
Close Monitor P2P Monitor T&E Monitor O2C Monitor H2R Monitor
Segregation of Duties Privileged AccessTransactions Configurations e-DiscoveryIdentity
www.mantala.com.mtPage 12
FulcrumWay™™ GRC Strategic Opportunity Assessment
AssessAssessRisksRisks Scope AuditScope Audit
PlanPlan
PreparePrepareWorkWork
PapersPapers
TestTestInternalInternalControlsControls
CertifyCertifyResultsResults
DiscloseDiscloseBusinessBusinessResultsResults
GatherGatherGRCGRCDataData
EstablishEstablishRisk &Risk &
ControlsControlsLibraryLibrary
DocumentDocumentIssues/Issues/ActionsActions
ImplementImplementChangesChanges
Senior Management
BoardProcess Owner
Chief OfficerChief Auditor
EstablishEstablishControlControl
EnvironmentEnvironment
Audit Managers / Control Owners
www.mantala.com.mtPage 13
FulcrumWay Expertise, Packaged Solutions and Software Services
www.mantala.com.mtPage 14
FulcrumWay Touch-less Integration ™
Financial adapters for Oracle E-Business Suite, Oracle’s PeopleSoft Enterprise, and Oracle’s JD Edwards EnterpriseOne. Universal adapters to extract and load data from non-Oracle or legacy applications
www.mantala.com.mtPage 15
Control
ConfigurationControls
Configuration Change
Enforce & validate allowable values. Ensure appropriate entitlement to change data is mapped to SOD rules
Provide audit history of changes to critical application data
TransactionControls
TransactionValidation
Validate transaction against business policy rules. Including fail safe monitoring for SOD rules.
Enforce & Identify transactions for validation and audit history for SOD
Detective & Preventive ControlsDetective & Preventive Controls
PreventiveValidation
TransactionMonitor
AccessControls
AccessValidation
AccessMonitoring
Segregation of Duties: Ensure no conflicts of interest for a given user or role
Identify user access events for validation and audit history
Enforce additional access restrictions based on user entitlements based on SOD rules
FormRestriction
www.mantala.com.mtPage 16
User Access Validation
www.mantala.com.mtPage 17
Segregation of Duties Violation Report
Once the Account
Balance / Entity data
in loaded into GRCi.
Management will be able
analyze multiple Risk Scenarios to
determine Scope
www.mantala.com.mtPage 18
Application Configuration Controls Library
www.mantala.com.mtPage 19
Improving User Provisioning & Segregation of Duties
Our Client Wholly owned subsidiary of Fortune 500 focused on communication and information technologies for security, safety and lifestyle enhancementsOperations in more than 30 countriesOracle E-Business Suite
ChallengesComply with SOX Needed to automate a manual and labor-intensive process to define and approve user accessSegregation of Duties ConcernsOracle E-Business Environment
40 Modules 2,500 Users, 100 + user responsibilities
FulcrumWay Solutions Automate User Access Provisioning Compliant with SOD Policies
Successes Implemented access provisioning solution to identify user violations and allow auditable override capability for authorized access Security provisioning time reductionSenior Management Commitment to GRCSOD Rules Content jump-started comprehensive GRC management processesDetected over 5,000 violationsReduced access provisioning time from 14 days to 4 hoursTrained Process Owners through online self-service portal
www.mantala.com.mtPage 20
Cost Reduction through Integrated Compliance and Control
Our ClientWorld’s pre-eminent gold producer, with a portfolio of 27 operating minesMany advanced exploration and development projects located across five continentsThe largest gold reserves in the industry
ChallengesNeed to reduce SOX Compliance Audit expenseImplement continuous controls monitoringBaseline ERP Configurable Controls for AS5
FulcrumWay Solutions
Identify Controls for full or partial automation Benchmark ERP ConfigurationsSetup audit logs on all configuration changes
SuccessesAnalyzed over 1,000 controlsApplication Audit Portal provides audit trail on all configuration changes in ERP SystemsTrack changes to key application setup data and codeApproval workflows and notifications facilitate change management without negatively impacting core business operations Increase visibility into the actual operations of the controls environment Reduced Testing Time by 30%
www.mantala.com.mtPage 21
Data Protection And Security
The FulcrumWay servers are hosted in Dallas, Texas in 78,500 sq. ft. facilities with 35,500 sq. ft. raised floor (23) HVAC units totaling 574 tons which includes Very Early Smoke Detection Apparatus (VESDA) Pre-action dry pipe sprinkler system Over 500 smoke detectors in integrated system. Physical access is protected byNorthern Proximity security badge entry/exit.
Server Availability is ensured through Multiple TXU electrical grids: 4800 amps of 480v input power. Backup power is provided by three main transfer switches 500KVA Powerware UPS units, 90 batteries each Standalone PDUs at each cabinet row 1-megawatt generator (2000 gallon tank) 1.5-megawatt generator (2200 gallon tank) DataTrax monitoring for all datacenter infrastructure
FulcrumWay utilizes some of the most advanced technology for Internet security available today. When you access our site using Netscape Navigator 6.0 or Microsoft Internet Explorer versions 5.5 or higher, Secure Socket Layer (SSL) technology protects your information using both server authentication and data encryption, ensuring that your data is safe, secure, and available only to registered Users in your organization. FulcrumWay provides each User in your organization with a unique user name and password that must be entered each time a User logs on. We issue a session "cookie" only to record encrypted authentication information for the duration of a specific session. The session "cookie" does not include either the username or password of the user.
www.mantala.com.mtPage 22
FulcrumWay Risk Assessment Options
Risk Assessment Service: You can utilize our Risk Assessment software services any time you need. This low cost service can quickly provide you a detail view of Security and Data Access risks in your system and help you determine the scope of work needed to improve controls and security.
Unlimited Use Service: You can have full unlimited access to our Risk Assessment and Monitoring Software Services so that you can analyze SOD risk as often as you like, manage violations, track remediate actions, continuously monitor access controls, and obtain periodic access control verifications from process owners.
Limited Use Service: You can have limited access to the Risk Assessment Software Service to perform Quarterly testing, manage violations and track remediation actions.
Implementation Services: In addition to the above Risk Assessment and Controls Monitoring services, we also offer Professional Services to implement Oracle GRC Manager and GRC Intelligence software applications to help build an integrated platform for all your Governance, Risk and Compliance activities. This solution will help you consolidate multiple GRC activities into a single platform to reduce costs and provide management better visibility.
www.mantala.com.mtPage 23
Define Application Controls
Analyze Violations Tasks:
•Define Application Controls based on Company Control objectives•Assign Risk Rating to each Rule•Mark Waivers and Exceptions•Configure Snapshot ERP Data Manger•Setup Application Test Environment •Finalize project plan
Duration Duration Duration
Remediate Violations Tasks:
•Detect SOD Violations•Detect Configuration Baseline /Threshold Violations•Detect suspicious transactions•Setup Application Control Owners •Notify Controls Owners•Analyze SOD Violations•Analyze Configuration Violations•Analyze Transaction Violations
Tasks:
• Create Corrective Action Plan•Redesign Roles•Reassign Users•Change Configurations•Restrict Transactions •Resolve Issues•Migrate to Production
Duration
Knowledge Transfer / Train the Trainer
Monitor Controls
Tasks:
• Setup Access Monitor•Setup Trx. Monitors•Setup Configuration Change Monitors•Complete Training
FulcrumWay Risk Advisory Services
www.mantala.com.mtPage 24
FulcrumWay delivers Rapid Return on Investment (ROI). Auditors and other users can access the application and controls library within 24 hours after signing-up. There is NO requirements to install software or hardware.
FulcrumWay delivers high user productivity. The web based software services are designed for ease to use for successful adoption amongst a wide range of enterprise users. Powerful Business Intelligence reporting capabilities empower users to integrate GRC into existing business processes.
FulcrumWay delivers lower total cost of ownership. Application owners can administer all aspects of the application without requiring IT support resources.
FulcrumWay delivers thought leadership and best practices. We employ a wide range of GRC Professionals including leading Sarbanes-Oxley Compliance Management Experts, Ex-Auditors with CPA, CIA and CISA Credentials, Certified Technology Professionals with deep knowledge of ERP Implementations, and Senior Oracle DBA’s to ensure superior quality of service.
FulcrumWay has a Successful Track Record of assisting Oracle ERP customers with compliance initiatives around Application Controls such as Segregation of Duties, Configurations, and Transactions Controls since 2003.
FulcrumWay Advantage
www.mantala.com.mtPage 25
FulcrumWay Services:Key Business Benefits
www.mantala.com.mtPage 26
Continuous Controls Monitoring / IT GovernanceContinuous Controls Monitoring / IT Governance
Process MonitoringProcess Monitoring
Financial GovernanceFinancial Governance Operations ManagementAudit / Compliance Audit / Compliance AutomationAutomation
Enterprise Risk ManagementEnterprise Risk Management
GR
C I
nte
gra
tio
nG
RC
In
teg
rati
on
Financial Risk Dashboard Governance/Policy Dashboard Operational Risk Dashboard KPI/KRI Dashboard
Automated Reconciliation
Disclosure Workflow Financial Intelligence
Plan Optimizer Test AutomationSelf-Assessment
Issue / Remediation Workflow
Close Monitor P2P Monitor T&E Monitor O2C Monitor H2R Monitor
Segregation of Duties Privileged AccessTransactions Configurations e-DiscoveryIdentity
Next Steps Proof of Concept and Assessment
www.mantala.com.mtPage 27
A FulcrumWay International Regional Service Partner
Info:
www.mantala.com.mt