1 / 29

Governance, Risk, and Compliance (GRC)

Run Your Business Better and Prove it. Governance, Risk, and Compliance (GRC). Tony Manocchio, GRC Sales Specialist Naomi Iseri, GRC Sr. Solution Consultant. Safe Harbor Statement.

akremer
Download Presentation

Governance, Risk, and Compliance (GRC)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Run Your Business Better and Prove it Governance, Risk, and Compliance (GRC) Tony Manocchio, GRC Sales Specialist Naomi Iseri, GRC Sr. Solution Consultant

  2. Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

  3. AgendaPreventive Controls Governor • Governance, Risk, & Compliance Landscape • Why Oracle • How to Enforce Policies and Controls with EBS • Wrap-up

  4. Why Tighten Security & Controls Now? • “It Won’t Happen To Me..” • “We don’t have a Problem..” • “We Trust our People..” 4

  5. 85%of internal controls at an average firm are manual. - Financial Executives Research Foundation Through 2010, companies that select individual solutions for each regulatory challenge they face will spend 10 times more…than companies that take a proactive and more integrated approach. - Gartner More than half (55 percent) of Certified Fraud Examiners say the number of frauds increased during the past year when compared to the level of fraud they’ve investigated or observed in years prior. In addition, 49 percent observed an increase in the dollar amount lost to fraud during the same period. Compliance Week – April 2009 “Some 68 percent of staff admit to bypassing their employer’s information security controls in order to do their jobs.” Financial Times, May 2008

  6. Oracle Governance, Risk and Compliance GRC Intelligence 360º Visibility • Single source of GRC Information • Pre-built dashboards • Respond to KRI and issues Executive Dashboards KRIs and KPIs Ad-Hoc Analysis GRC Manager Centralized GRC Oversight • Common Repository for GRC • Audit and Assessment of Controls • Integrated remediation management Enterprise Risk Management Compliance Management Remediation Management GRC Controls Embedded Controls • Detective, Preventive, Contextual • Automated controls testing • Pre-built controls library SOD & Access Application Configuration Transaction Monitoring Custom or Legacy Applications

  7. Why Oracle GRCLet’s look at Paul From Accounting… Trusted long-time employee Created phony invoices to pay himself £3.7 million (US$6M) over three years Company’s financial automation never noticed – Paul turned in by tipster Money long gone timesonline.co.uk

  8. How’d He Do It? Created bogus firm to pay Paid/stole £100k-300k at a time One way he could have done it: Could this have been detected? Purchase Order #1 To: Supplier A Remit-ToOverride InvoiceRe: Purch. Order #1 From: Supplier B Supplier B

  9. Oracle GRC Would Have Flagged Paul’s Overly-broad Access

  10. Oracle GRC Would Have Flagged Paul’s Overly-broad Access

  11. GRC Would Have Flagged Paul’s Setup Changes

  12. GRC Would Have Flagged Paul’s Transactions

  13. Oracle GRC Would Have Warned Us that…

  14. Oracle GRC Would Have Warned Us that…

  15. Oracle GRC Would Have Flagged Paul’s Setup Changes

  16. Oracle GRC Could Require Approval of Setup Change

  17. PreventiveControls GovernorEmbed Controls Natively in Enterprise Apps GRC Intelligence GRC Manager GRC Controls SOD &Access Application Configuration Transaction Monitoring Preventive Controls • Enforce preventive controls for specific users and events natively within enterprise application • Mitigate risk of application changes with approval workflow and audit trails • Protect sensitive application data • Reduce audit costs, reduce maintenance costs, increase IT productivity Prevention Define Preventive Controls Prevent Read or Write Access Initiate Approval Workflow Enforce Field Validation Review Audit Reports

  18. Preventive Controls Governor

  19. Form Rules – modifies security, navigation, field and data properties Process Flow Rules – defines and implements business processes Audit Rules – tracks changes to the value of fields in the database tables in Oracle EBS and/or regulates changes to the value of fields in Oracle EBS Preventive Controls Governor (PCG)Components

  20. Enable security Navigate to other forms Extend seeded forms to store additional information Add messages Default values Create and/or modify List of Values (LOV) Set field Attributes Interface to SQL*Plus to create procedures to implement more complex rules PCG: Form Rule FeaturesImplement field, block, and/or form-level controls to hide, mask or validate information Form Rules

  21. Each tab represents the different capabilities available to implement controls on a form. • You can define conditions or “Subscribers” for each rule to create granular controls. For example, you can apply rules to certain users or responsibilities.

  22. Notify or request approval Alert designated persons to errors or exceptional conditions Event driven notifications or approvals Implement a constraint condition Provides a tool for migrating rules from one EBS instance to another PCG: Process Flow Rule FeaturesEnforce business policy through additional automated processes Flow Rules

  23. Track changes to the values of fields with optimized approach to minimize performance impact Configure via rules based application wizard Manage via individuals or with audit groups Perform translations for audited information to make more meaningful to the business PCG: Audit Rule FeaturesMitigate risk of application changes with approval workflow and audit trails Audit Rules

  24. PCG Applied Benefits Review

  25. PCG Applied Benefits Review

More Related