Post on 14-Apr-2017
transcript
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Oracle Risk Management Top 10 T&E Reporting Controls for EBS CON7988
Glen Walton Oracle Application Development Oct 28, 2015
Presented with
___________ Source-to-Settle
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
2
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Sangeeta Roy, Senior IT Manager, Finance and Employee Services IT, Cisco Systems
• Jeramie Taylor, Manager Internal Controls, Nobel Energy
• Joel Ninemire, Enterprise Applications Advisor, Noble Energy
• Gena Alexander, Snr Director Operations and Strategy, Oracle’s Source to Settle
• Chris Doxey, Chris Doxey Inc.
3
Today’s Panelists
Sangeeta Roy
Expense Management
October 28, 2015
Oracle Open World 2015
Cisco – GRC Implementation
About Sangeeta Roy
Senior IT Manager, Finance and Employee Services IT
Cisco Systems Inc
IT Service Owner for Payable & Expenses, Procurement Services and Fixed Asset Management Services
IT Service Owner - Oracle Financials platform
Have been part of multiple transformational efforts at Cisco involving Oracle Upgrades to R12 and Large Scale Service Implementations in the past 18 years
Current Focus - Simplification of Services, Transformation of End-to-End Experience, Deeper Insights with Data
Nearly 170,000 volunteer hours
Cisco At A Glance Revenue: $49.16B, Market Cap: 143.71B
$6.3 R&D
More than 71,000 employees
More than 70,000 channel partners
470 global sites doing business in 165+ countries
More than 18,000 patents
26,000+ Cisco Certified Engineers
#1 or #2 in most market segments we serve
More than 170 acquisitions
11,000+ Service professionals
FY15 Stats
Other Stats
Business Opportunity in an Evolving World
The Internet of Everything
Deeper Insights for Greater
Decision Making
Empower People/ Increase Efficiency
Create and Expand New Markets and Services
Create Better Experiences to Build Better Relationships
Need of Compliance Monitoring
Increased Quantity and Complexity of:
Compliance requirement from internal/external audits
Global country regulations
Acquisitions and new Cisco entities
Need for automation is required for:
Solution compliance validation
Capability to monitor 100% of data
Scalability for Oracle and non-Oracle integration
Utilize a Policy Maturity Model to
measure how effectively a policy:
• Identifies policy owner
• Dictates requirements
• Determines violations
• States remediation
• Is able to control
Current process for policy
violation detection and
remediation:
• Manual audit/sampling
• Manual process
design/implementation
• Manual communication
Majority of systems/tools requiring
compliance enforcement are not
integrated, and require:
• Invasive tool development
• Scripts to extract data
• Manual validation across multiple
tools/systems
• Leveraging current capabilities
Policy Process System
Policy
Evaluate policy for requirements and remediation;
increase “policy maturity” when required
Control Rules
Translate policy requirements into data level logic to identify
violations
Data Integration
Environment to consolidate transactions, and apply
logic rules to identify violations
Remediation & Tracking
Track violations, execute and track remediation
Compliance Monitoring with TCG
Policy CCM
Create compliance
rules in TCG
Publish reports for operations
Track and manage history Compliance rules in TCG
Compliance Tx
Reports from TCG
Transactions
Compliance assessment through
Incident and Remediation management
Process
Purchasing
iProcurement
iExpenses
General Ledger
Fixed Assets
Accounts Payable
Financials Landscape And Complexity
Core Financials
Employee
Self-Service
Oracle
R12.1.3
Travel
Legend:
Platform Size 9TB
# of Entities 119
# of Expense Reports/year 800K+
# of lines of Credit Card
Transactions/year
2M+
$ Purchase Reqs processed/year $4B+
Expense Management Controls
Accounts Payable
iExpense
File attachment on Expense Reports (ER) Identify ERs with supporting documents
in un-acceptable formats (like editable
attachments like .txt)
Amex/Cash surfing Verify if same expense has been
claimed both as Amex and cash
Expense splitting ** Identify expenses that were split to avoid policy
violation
Forensic repeat offenders ** Identify expenses claimed in iExpense instead of booking
through approved channels
Collusion – analysis of attendees ** Analysis of attendees to highlight the pattern of
interrelationship with co-workers related to suspicious
ER activity
** Currently not Active
• Cost Savings
• Compliance
• Incident Volume
• Restitution Rate
• Policy violators identified
KPIs and Incident Metrics
200-300 per day
• Total Incidents generated
150-180 per day
• Incidents Resolved
15 active users
Control KPIs Incident Metrics
Benefits Summary
Benefit Description
Cost Savings • $800K-1.2M /year on Duplicate Entries/Payment Invoice Report
Compliance • Improved compliance with Amex Cash surfing logic identifying more than 1400 policy violators
in past year.
• Vendor duplicates identified and/or resolved in a year – 4000+. This has helped with better aligned
Expense reporting.
CCM AP Experience • Increase in CCM AP satisfaction by eliminating policy management via excel files
• Awareness through increased visibility
Technology Stack and Implementation Facts
• One (1) Year Data Analyzed
• 103 Million records processed Graph Initial
Build
• 800 Thousand records processed
Graph Incremental
Build
• Six (6) Custom Business Objects No. of Custom
BOs
• Six in Accounts Payables
• Five in iExpense No. of Controls
• Synch: Daily
• Controls: AP - Daily; Iexpense – Weekly
Sync and Control Analysis
Schedule
• GRC-all-8.6.5.1645 GRC
Version
• Oracle DB 11.2.0.3.10 Database
• Firefox 24
• Internet Explorer 9x, 8x Browser
• Oracle WebLogic Server 12.1.2 with Oracle JDK 1.7.0_51
• Application Development Runtime 12.1.2 and RCU 12.1.2
Application Server and Middleware
Lessons Learned
Business
• First establish the benchmark
metrics to help in deriving
business value
• Plan for the resources needed
for remediation
• Understand that TCG is not a
reporting tool
• Understand the importance of
Incident Status and State
Code and how it affects the
remediation process
• Iterative process ( fine tuning
to avoid false positives)
Oracle Support
• Early engagement with Oracle
• Tight collaboration and
partnership with Oracle
Hardware Configuration
• TCG analyzes millions of
transactions so it needs
enough resources (disk space
and memory)
• Follow Oracle recommended
h/w and s/w and make
adjustments based on the
volume of transactions
Model & Control
Analysis Assessment
• Optimize the design of models
• Avoid nested UDO
• Validate the model results first
before running the controls
• Verify the availability of
business objects for the use
cases
• Replicate read-only schema
instead of using apps schema
of EBS
ETL Performance Assessment
• Perform and document
multiple iterations of graph
build and Control Analysis.
Monitor sys resources
• Plan to get weekly or daily
refresh of datasource data with
production data
• Analyze transaction volume of
each business object used in
models
• Understand the ETL design
and Data Extraction criterion
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Agenda
Panelist Introductions
Travel and Expense Reporting Controls - Panel Discussion
More Resources
1
2
3
17
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 18
Oracle GRC Wins Ventana Technology Innovation Award!
“Oracle’s GRC solution provides a unique approach to the problem of risk management by automating risk controls which are embedded into critical business
processes; applying leading edge technologies to solve complex risk challenges.”
- Mark Smith, CEO of Ventana Research
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Elite panel of judges (NASA CIO, FCC CIO, Army CIO and others) have selected PA Treasury IT project as one of
the top 10 public sector projects of the nation
19
Pennsylvania Treasury GRC Project Wins Multiple Awards
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Case Studies and Speakers at OpenWorld 2015
Oracle Confidential – Internal/Restricted/Highly Restricted 20
_________________
Source-to-Settle
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 21
Follow Us & join the conversation .
Oracle GRC Advanced Controls Group _______________________________________________________________
OracleAdvControls @OracleAdvCntrls