Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Using Oracle GRC Advanced Controls to Achieve Your Procure-to-Pay Process Objectives CON7987
Hal Kazi Oracle GRC Product Development Oct 27, 2015
Presented with
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
2
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Agenda
Introduction
The Business Challenges : Jon Casher
Case study : OCI
Case Study : CISCO
Ensuring Success : PWC
Wrap-up & Q&A
1
2
3
4
5
3
6
Why Focus on Your P2P Process? Impact of P2P on Your Company’s Bottom Line
• Other than investments, 30-70% of all funds that flow out of non-financial institutions go out through your Procure-to-Pay process
• Potential Negative Impact – Fraudulent P2P Transactions – Uncaught Duplicate Payments – Uncaught Overpayments – Missed Discounts – Maverick Spend – Penalties and Fines for Non-Compliance with Laws, Rules and Regulations
Copyright © 2015 Casher Associates, Inc. and Doxey, Inc. Permission to use granted to IOFM and Oracle
Corporation Slide 4
Business Processes with Biggest Fraud Challenges
Copyright © 2015 Casher Associates, Inc. and Doxey, Inc. Permission to use granted to IOFM and Oracle
Corporation Slide 5
Source: 2014 Aberdeen Survey
Top 6 P2P Governance Challenges
• Up-to-Date Policies and Procedures • Appropriate Internal Controls • Actionable Metrics and Key Performance Indicators • Relevant Standards and Guidelines • Dealing With Mergers, Acquisitions, Divestitures • Addressing Cultural and Geopolitical Differences and Needs
Slide 6 Copyright © 2015 Casher Associates, Inc. and Doxey, Inc. Permission to use granted to IOFM and Oracle
Corporation
Top 10 P2P Risk Management Challenges
• Supplier Financial Stability • Supplier Capacity, Product/Service Quality and Timeliness • Ethics, Bribery, Corruption and Conflict of Interest • Supplier Invoice Accuracy • Your Own and Supplier Compliance With Laws, Rules and Regulations • Your Own and Supplier Business Continuity and Disaster Recovery • Your Own and Supplier Data Accuracy, Privacy and Security • Subcontractors and Third Parties Involved in the P2P Process • Your Own and Supplier Internal Processes and Controls • Insufficient People Resources and/or Technology to Monitor and Control Compliance
Copyright © 2015 Casher Associates, Inc. and Doxey, Inc. Permission to use granted to IOFM and Oracle
Corporation Slide 7
Top P2P Compliance Challenges
• Regulatory Compliance and Reporting – Federal, State, Local, International
• Policy Compliance – Supplier Selection, Transaction Approval, Payment Terms
• Contracts and Purchase Order Compliance – Terms and Conditions – Accuracy, Completeness and Timeliness of Order Fulfillment – Accuracy and Timeliness of Invoice Details and Submission
Copyright © 2015 Casher Associates, Inc. and Doxey, Inc. Permission to use granted to IOFM and Oracle
Corporation Slide 8
Procure-to-Pay Processes with Biggest Challenges
Copyright © 2015 Casher Associates, Inc. and Doxey, Inc. Permission to use granted to IOFM and Oracle
Corporation Slide 9
Source: 2014 Aberdeen Survey
Key Areas of Procure-to-Pay Process Risk
• Supplier Selection, Contracting and Ordering • Vendor Master File • Invoice Processing • Disbursements • Purchasing and Credit Card Transactions
Copyright © 2015 Casher Associates, Inc. and Doxey, Inc. Permission to use granted to IOFM and Oracle
Corporation Slide 10
Key Internal Control Productivity Metrics Disbursements
Copyright © 2015 Casher Associates, Inc. and Doxey, Inc. Permission to use granted to IOFM and Oracle
Corporation
Metrics Weekly Monthly Quarterly Annually
4) Forensics / Quality Resources
• Number of incidences per period
• Average value of incidences identified per period
• Estimate of total value of incidences identified per period
• Average hourly rate of person remediating incidents
• Average number of hours taken to remediate an incident found pre -invoice payment run
• Average number of hours taken to remediate an incident found post -invoice payment run
• Number of incidents found pre-invoice payment
• Number of incidents found post invoice payment
• Total Value of incidents found pre-payment run
• Total Value of incidents found post-payment run
• Total Percentage amount recovered on incidents of post invoice payment error
• Average value of invoice errors for paid invoices
• Known control weaknesses which results in (regular) incident events not currently addressed by Forensics
or Quality teams
• Number of payment transactions per week
• Average value of payments transactions per week
• % of transactions tested
• Number of hours of internal audit pre CCM
• Number of hours of internal audit post CCM
• Number of internal controls tested per test internal controls program
Slide 11
Roles of the Decision Makers: CFOs and Controllers
Copyright © 2015 Casher Associates, Inc. and Doxey, Inc. Permission to use granted to IOFM and Oracle
Corporation
1. Stewards: Protect and preserve the assets of the organization.
2. Operators: Balance capabilities, costs and service levels to fulfill the finance organization's responsibilities.
3. Strategists: Provide financial leadership in determining strategic business direction and align financial strategies.
4. Catalysts: Stimulate behaviors across the organization to achieve strategic and financial objectives.
Internal Controls and Fraud Prevention
Prevent Cash Leakage
Align Capabilities and Cost
Ensure the Achievement of Both the Business and Financial Strategy
Change Behaviors to Achieve Objectives
Slide 12
CFO and Controller Internal Control “Pain Points”
• Complexity and Cost • Too Many Systems • Way Too Many Spreadsheets • Not Enough Time • Untrustworthy Data • Ongoing Validation That Controls are Working
Copyright © 2015 Casher Associates, Inc. and Doxey, Inc. Permission to use granted to IOFM and Oracle
Corporation Slide 14
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
15