KPMG Perspective + Oracle Risk cloud gen7982 update# 4

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |

Oracle Risk Management (GRC) Product Strategy Update GEN7982

Sid Sinha Oracle Application Development Oct 27, 2015

Presented with


Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

2


Introductions

Oracle Confidential – Internal/Restricted/Highly Restricted 3

• Brian Jensen – Director in KPMG’s Oracle Practice focused on Strategy, Operations

and Oracle Risk Consulting, with more than 20 years of management consulting and business development experience. A subject matter processional across multiple functions and industries, Brian has worked with dozens of C-level executives and directors as a trusted advisor, designing operational and risk management strategies using Oracle technology to help them achieve their strategic business objectives.

– Brian has extensive experience leading and implementing ERP, Identity Management & Security & Controls solutions at over 50 customers over the last 20 years. Brian is a thought leader for KPMG in their GRC group, spearheading many initiatives for Oracle Enterprise Solutions.


Agenda

GRC Product Update

Case Study: Harvard Pilgrim HealthCare

Case Study: Skechers

KPMG Best Practice Update

Wrap-up

1

2

3

4

5

4

5 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member

firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.

KPMG: Leading Practices Update

How do you effectively and efficiently balance Cloud

application user enablement with transaction and data

protection?

Not permissible for KPMG audit clients and their affiliates.



KPMG: Cloud ERP Security and Controls Challenge

The Concern The Reality

Most challenging areas when adopting cloud:

“53% of survey

respondents selected

data loss and privacy risk

as the most significant

challenge to doing

business in the cloud…”

Internal Employees Data Breaches:

“Internal actors were

responsible for

43% of data loss”

Source: 2014 Forbes | KPMG Cloud Survey

Source: Intel Security Grand Theft | Data Exfiltration Study 2015: Actors,

Tactics, and Detection

www.mcafee.com/us/resources/reports/rp-data-exfiltration.pdf



KPMG: Cloud

While the challenge posed by cloud-related data loss

and privacy threats are less pronounced in the minds of

global industry leaders, they are still taking the issue

seriously,” said Wright. “The clear trend in the data that

we have collected shows that, even in the face of

significant media attention paid to recent data breaches,

global leaders are still willing to embrace the

transformative potential of the cloud.”

Source: 2014 Forbes | KPMG Cloud Survey



KPMG: Securing the Cloud ERP

An operational view of Cloud ERP

security and controls positioned to

help industry-leading organizations

effectively balance the divergent

tasks of leveraging the cloud to empower ERP business

users, while simultaneously

protecting sensitive data

and transactions.



KPMG: Securing the ERP




SecuringtheCloudERP

Cloud

Application

Controls

Cloud Application Controls

Business Process Controls

Automated Controls

Enhancement and Configuration

Controls

Conversion and Interface

Controls




SecuringtheCloudERP

Cloud

Application

Security

Cloud Application Security

Adaptive Authentication

Role-Based Access Controls

(RBAC)

Cloud Application Security

Architecture

Sensitive Access and

Segregation of Duties




SecuringtheCloudERP

Cyber &

Data

Security

Cyber and Data Security

Information Protection

Cybersecurity

Business and Technology

Resilience

Privilege Access




SecuringtheCloudERP

Cloud Security

Operations

Cloud Security Operations

Enhancement Management

for Security and Controls

Cloud ERP Security and

Controls Operations




SecuringtheCloudERP

Cloud User Administration and Governance

Cloud User Administration

and Governance

User Access Management

Password Management

User Access Certification

User Analytics




Cloud ERP

Controls Catalog

Role Library and

Role Engineering

Tools

Securing the Cloud

ERP

Methodology

Oracle GRC

Advanced Controls

Solution Lab



Risk and Control Content

Record to Report (R2R)

Procure to Pay (P2P)

Order to Cash (O2C)

Hire to Retire (H2R)

KPMG: Cloud ERP Controls Library

KPMG Cloud ERP Controls Library

Cloud Business Process

Risk Control Type

Control Detail

Manual

Automated



Leveraging Controls to

add Value to the Business

Advanced Controls automation to identify operational

improvement opportunities

− Assessment

− Analysis / Data-driven controls

Streamline business processes

Reduce data redundancy and data quality issues

Support global operations

Migration to shared services

KPMG: Cloud ERP Controls Library

KPMG Cloud ERP Controls Library



KPMG: Cloud ERP Security & Controls Operations

Controls Self Assessments

Oracle Financial Reporting Compliance (FRC)

KPMG Cloud ERP Controls Library Manual Controls Management

Focus:

Cloud ERP Risk and Controls

Manage control exceptions,

issues, and violations to closure Compliance Reporting

upload



Client

Workshops

Webinar

Series

LinkedIn

Group Web Page


Securing the ERP Webcast Series

Is your ERP vulnerable?

Friday, January 30, 2015 | 12:00 p.m.–1:00 p.m. (EDT)

Oracle® ERP solutions have transformed and streamlined back-office

operations, yet most organizations continue to struggle with balancing

the divergent task of empowering ERP business users while

simultaneously protecting sensitive data and transactions and

complying with constantly evolving industry laws and regulations.

On this upcoming KPMG LLP Securing the ERP Webcast (agenda

below), we will review the programmatic approach to leveraging our

Securing the ERP principles to help overcome the operational risk and

compliance challenges associated with Securing an ERP solution.

Register Now >

KPMG Webcast

Details

Friday, January 30,

2015 12:00 noon EDT

Featured speakers

Brian Jensen

Director, KPMG LLP

Brad Straw

Director, KPMG LLP



KPMG: Demo

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential –

Update Documentation Import Spreadsheets Update Process, Control & Risks Test Plans, Review, Approvals

Automate Assessments Select Controls based on Risk Conduct Surveys Design, Operating & Audit

Resolve Issues Set Priority and Due Dates Remediation Plans Notifications

Manage Incidents Assign Owners, Attach evidence

Remembers decisions for next control run (self-learning)

Graphical Authoring User Defined Controls

Eliminate False Positives Uncover Data Patterns

Detect Suspicious Transactions Pre-built Library of Controls

1350 Data Elements P2P & Expense Controls

21


Case Studies and Speakers at OpenWorld 2015

Oracle Confidential – Internal/Restricted/Highly Restricted 22

_________________

Source-to-Settle

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 23

Follow Us & join the conversation .

Oracle GRC Advanced Controls Group _______________________________________________________________

OracleAdvControls @OracleAdvCntrls

https://www.linkedin.com/groups/Oracle-GRC-Advanced-Controls-5185359

https://www.linkedin.com/groups/Oracle-GRC-Advanced-Controls-5185359

https://twitter.com/OracleAdvCntrls


Risk Management Cloud Resources

24

cloud.oracle.com

Release 10 Readiness

Documentation

Customer Connect

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 25

Classroom Training

Learning Subscription

Live Virtual Class

Training On Demand

Keep Learning with Oracle University

education.oracle.com

Cloud

Technology

Applications

Industries


Safe Harbor Statement

The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

26

Date post:	13-Apr-2017
Category:	Business
Upload:	oracle-risk-management-cloud
View:	328 times
Download:	0 times