Top 10 P2P Advanced Controls to improve your bottom line!

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal1
Top 10 Advanced Controls
for Procure to Pay to
Improve the Bottom-Line
Mary Schaeffer
Publisher & Editorial Director, AP Now
Vital Nattuva
IT Manager, CISCO Systems
Swarnali Bag
Product Strategy, Oracle Corporation

The following is intended to outline our general product
direction. It is intended for information purposes only,
and may not be incorporated into any contract.
It is not a commitment to deliver any material, code, or
functionality, and should not be relied upon in making
purchasing decisions. The development, release, and
timing of any features or functionality described for
Oracle’s products remains at the sole discretion of
Oracle.

Program Agenda
 Introduction
 Top 10 P2P Issues that Impact the Bottom-Line
 Oracle Advanced Controls Solution
 Case Study: CISCO
 Q & A

About Mary Schaeffer
Editorial Director & Publisher
CRYSTALLUS, Inc. publisher Accounts Payable Now & Tomorrow newsletter
 Nationally recognized accounts payable expert and consultant
 Write free weekly ezine on AP issues read by over 7,500 professionals
 Creator of Institute of Financial Operations Accounts Payable Innovation
Certificate program
 Editor-at-Large CFO Publishing’s Learning Pro: AP Edition
 Frequent speaker at seminars, conferences and online events
 Creator of half a dozen CPE courses for CPAs
 Writes a free weekly e-zine, e-AP News
 Author 18 business books including 101 Best Practices for Accounts Payable
 BS in Math from York College (CUNY) and a MBA in Finance from New York Univ
 She can be reached at marys@ap-now.com

About Vital Nattuva
IT Manager, Cisco Systems Inc
 IT Manager in Finance IT
 IT Service Owner for Payable & Expenses, Corporate Accounting and
Procurement Services
 Has been part of the transformational efforts at Cisco to consolidate multiple
geographically aligned Finance instances into Single Global Instance on R12
 Before Cisco, he has played an instrumental role in Implementing Oracle
financials at various renowned companies across the Globe.

Program Agenda
 Introduction
 Oracle GRC Advanced Control Solution
 Case Study: CISCO
 Q & A

What Do We Mean by Control ‘Issues’
 The processes that ensure:
 Efficient and effective operations
 Reliable and accurate reporting
 Fraud resistant operation
 Internal
 External
 Regulatory compliant
(c) 2013 Mary S. Schaeffer7

Financial Impact
 Duplicate pays – often not huge amounts of $$
individually
 What’s the big deal?
1)They add up!
2)Impact on sales
3)Impact on EPS
4)Fraud and the honest mistake

Impact on Sales
 $1000 – right off the bottom line
 1% margin = $100,000 in sales
 5% margin = $20,000 in sales
 $1,000,000
 1% margin = $100,000,000 in sales
 5% margin = $20,000,000 in sales

Earnings Per Share (EPS)
 A= Total amount of duplicate and erroneous payments
 B = Total number of shares of stock
 A/B
 Number should be small – like half a cent
 Hypothetical example, a big company with a $10
million excess might have a hit on EPS of half a cent

Issue #1: Duplicate Payments – Two invoices
 Late payments
 Payment stretching
 Discrepant invoices
 Unresolved
 Poor processes
 Invoices to AP late

Issue #2: Duplicate Payments – Two Payment
Vehicles
Most Common
 Invoice and p-cards
 Expense report and petty cash
 Statements
Best Practice Takeaways
 Never pay invoices on expense reports
 Get rid of petty cash
 Limit payments to one vehicle per vendor

Issue #3: Erroneous Charges on Invoices
 Who pays freight, insurance etc.
 Complete POs
 Special deals

Issue #4: Paying before Due Date
 The clean desk syndrome
 Due date setting in system
Real Life Example
 Companies with problems who automate and forget they have
due date set to pay on receipt
 When was the last time you checked the due date settings in
your ERP system?

Issue #5: Late fees
 “We never pay late fees”
 Open vendor credits
 Avoid the issue completely
 Pay on time

Issue #6: Duplicate Vendors in Master Vendor File
 Potential duplicate payments
 Correspondence issues
 Internal control issue
 If processors enter data
 Segregation of duties concern
 Rigid coding standards/naming convention

© 2013 Mary S. Schaeffer
Issue #7: Inappropriate T&E Expense
 T&E = Travel & Entertainment
 The Alcohol Issue
 The IRS factor
 The morale issue
 The bottom line factor
17

© 2013 Mary S. Schaeffer
Make Managers Responsible
 Look before they sign!!!
 Consequences
 Firing - rare
 Part of annual review
18

Issue #8: Not Earning all Early Pay Discounts
 Best financial return for any company
 2/10 net 30 36%
 Efficient processing
 Track discounts lost
 Investigate why
 Fix root causes wherever possible

Tracking Discrepant Invoices, Lost Early Pay
Discounts etc.
 Why
 Duplicates etc.
 Fraud
 In Excel or system
 Regular Follow up and reporting
 The list no one wants to be on
 Analyze

Issue #9: Tax Errors: Sales and Use Tax, VAT
 Wrong amounts
 Proper jurisdiction
 Proper documentation
 VAT Reclaim

Issue #10:Purchase Order (PO) Problems
 Split POs
 Blanket POs
 After-the-fact POs
Real Life Example
 Is anyone really monitoring ?
 Does the PO ever get extinguished?
 POs necessary to ensure proper payment
 Best bet: All POs done before the fact

Program Agenda
 Introduction
 Oracle Advanced Controls Solution
 Use Case – CISCO Systems
 Q & A

Advanced Controls
 Layer of automated controls over ERP controls
 Continuously monitor key controls
 Detect and Report issues as they occur
 Prevent issues from occurring
 Quickly see high risk issues with exception based dashboards
 Address issues that affect the bottom line
 Reduces operational risk and process effectiveness
What is it?

Standard + Advanced Controls
User Roles
3-Way
Match
Track
Payments
Sentiment
Analysis
Split
Purchase
Orders
Hide
Displays of
Sensitive
Data
Duplicate
Payments
Transaction
Threshold
Amounts
Duplicate
Vendors
Fine-
grained
User
Access
Configuration
Snapshots &
Audit Trial
Transaction
Pattern
Analysis
Fuzzy
Logic,
‘similar
values’
Advanced
Controls
Standard
Controls
Approval
Hierarchies
Track
Discounts

Business Risks Bottom Line Impact
 Incorrect Vendor Payment • Cash leakage
• P/L Impact
ERP Control
 Prevent the same invoice number from being entered for the same supplier and same supplier site
Advanced Control
Detective:
 Detect invoices with “Similar” invoice number, same amount to the same supplier
 Detect invoices made to the same suppliers but in different business unit
 Detect invoices made to incorrect vendor with very similar names
Preventive:
• Put duplicate invoices on hold until proper investigation is complete
Duplicate Vendor Payments

GRC Advanced Controls
One Enterprise Foundation
Enterprise Risk & Controls Foundation
Dashboards, Reports and Alerts
NotificationsWorklists Email PerspectivesSearch
Risk, Controls & Compliance Management
ReviewsDocumentation Assessments RemediationSurveys
Continuous Controls & Risk Monitoring
SetupsAccess Master Data Audit TestsTransactions
User Authored ControlsData Connectors Fraud & Error Patterns
RoleBasedAccessSecurity
WebServices&APIs
Custom or Legacy
Applications
 Risk & Controls Repository
 Assess and Certify
 Detect Policy Violations
 All Users & Applications
 100% of Transactions
 All Processes
̶ Procure to Pay
̶ Order to Cash
̶ Financial Reporting
̶ User Access
 Manage by Exception
 Optimize Processes

Comprehensive Risk & Controls Mgmt.
Identification
Analysis
Evaluate
Document
Assessments
Reviews
Author
Execute
Investigate
Steps
BUSINESS RISKS
CONTROL OBJECTIVES
CONTINUOUS MONITORS
Assess Risk
and Compliance
Detect and
Fix Issues
Continuous Improvement
& Monitoring

Optimization Cash Flow Prevent Leakage
Business Risks Controls Objectives Continuous Monitors
Unapproved or
Illegal Suppliers
Delayed Supplier
payments
Incorrect Vendor
Payment
Capture all
Discounts
Accurate Supplier
Information
Valid Invoice
Payments
Valid Purchase
Orders
Duplicate Invoice
Payments
Incident !
Incident !
Incident !
Investigate
Close
Incident !
ERP Transaction Payment Hold
Supplier and Invoices
Created by Same User
Discounts Lost due to
Delays in Payment
Multiple Suppliers with
the similar email domain
Erroneous Payment Purchase Orders
created after Invoice
Duplicate vendor in
vendor master file Split Purchase Order
Oracle Advance Control Process Overview

Exception Based Dashboard

Continuous Monitor – Duplicate Invoices

Control Definition

Incident Management

Preventive Measure

Preventive Measure
• Enforce controls & policy within the ERP systems

…by
Continuously
Monitoring
Your
ERP
Applications
Advanced Controls
Enables you to:
Improve Bottom-Line
Reduce Operational Risk
Increase Process Effectiveness

Advanced Controls
Make Processes More Effective, Efficient
Reduce Operational Risk
Improve Bottom Line
Detect unwanted transactions
Detect settings that cause loss
Detect problematic exceptions
Automate policy management

Program Agenda
 Introduction
 Top 10 P2P Issues that Impact Bottom-Line
 GRC Advanced Control Solution
 Q & A

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 40
Oracle Advanced Controls –
Customer Experience
Vital Nattuva
IT Manager

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
 Company Overview
 Need for Compliance
 GRC Advanced Control Use Cases
 Implementation Approach
 Lessons Learned

Our Vision and Strategy
Strategy
Solve our customers’ most important business challenges
by delivering intelligent networks and technology
architectures built on integrated products, services and
software platforms
Vision
Change the way the world
works, lives, plays and
learns
Quick Facts
Founded in 1984
FY 2013 Revenue: $48.6 billion
FY 2013 Earnings per Share: $1.86 GAAP; $2.02 non-GAAP
Q4 FY'13 Employee Count: 75,049

Business Opportunity in an Evolving World
The Internet of Everything
Deeper Insights for
Greater Decision Making
Empower People/
Increase Efficiency
Create and Expand New Markets
and Services
Create Better Experiences to Build
Better Relationships

Our Priorities Align to Solve your Business Challenges
Mobile | Social | Visual | Virtual
Video CollaborationData Center/
Virtualization/
Cloud
Architectures
for Business
Transformation
Intelligent Network
• Routing
• Switching
• Services
Leadership
in the Core…
Strategic Building Blocks
Mobility | Security | Any to Any

Purchasing
iProcurement
iExpenses
General
Ledger
Fixed Assets
Accounts
Payable
Core
Financials
Employee
Self-Service
R12.1.3
Travel

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46Cisco Confidential 46© 2010 Cisco and/or its affiliates. All rights reserved.
Increased quantity and complexity of:
 compliance requirement from internal/external audits
 global country regulations
 acquisitions and new Cisco entities
Need for automation is required for:
 solution compliance validation
 capability to monitor 100% of data
 scalability for Oracle and non-Oracle integration
Utilize a Policy Maturity Model to
measure how effectively a policy:
• Identifies policy owner
• Dictates requirements
• Determines violations
• States remediation
• Is able to control
Current process for policy
violation detection and
remediation:
• Manual audit/sampling
• Manual process
design/implementation
• Manual communication
Majority of systems/tools requiring
compliance enforcement are not
integrated, and require:
• Invasive tool development
• Scripts to extract data
• Manual validation across multiple
tools/systems
• Leveraging current capabilities
Policy Process System

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47Cisco Confidential 47© 2010 Cisco and/or its affiliates. All rights reserved.
Policy
Evaluate policy for requirements and remediation;
increase “policy maturity” when required
Control Rules
Translate policy requirements into data level logic to identify
violations
Data Integration
Environment to consolidate transactions, and apply
logic rules to identify violations
Remediation & Tracking
Track violations, execute and track remediation
Policy
CCM
Create compliance
rules in TCG
Publish reports for operations
Track and manage history
Compliance rules in TCG
Compliance Tx
Reports from TCG
Transactions
Compliance assessment through
Incident and Remediation management
Process

Duplicate vendors
Identify creation of
duplicate vendor sites
Duplicate payments by
vendor
Identify duplicate invoice
processing by vendor
Maverick buying
PO date should be
prior to the invoice
date
Duplicate payments by
invoice
Identify duplicate invoices by
similar invoice and by vendor
Accounts
Payable
(Phase I)
$
Duplicate invoice
Duplicate invoice
Duplicate vendor in
vendor master file
PO related problems

Withholding Tax (APAC)
Identify the suppliers/ invoices
where the incorrect rate of
WHT was applied
Identifying erroneous
high value payments
Payments more than 30%
increase of the last rolling 6
months payment to the vendor
VAT rate
Identify different VAT rates
applied by the same vendor, for
same goods/services, for same
bill to entity
Accounts
Payable
(Phase II)
$
Tax errors
Tax errors
Erroneous payment

Collusion – analysis of
attendees
Analysis of attendees to highlight the
pattern of interrelationship with co-
workers related to suspicious ER activity
Amex/cash surfing
Verify if same expense has
been claimed both as Amex
and cash
Forensic repeat offenders
Identify expenses claimed in
iExpenses instead of booking
through approved channels
Expense splitting
Identify expenses that were split
to avoid policy violation
iExpense
(Phase II)
$
Key word search in category
Identify the expenses claimed using unapproved
channels, and by wrong categorization to avoid
activating the report for audit
File attachment on Expense Reports (ER)
Identify ERs with supporting documents in un-
acceptable formats (like editable attachments like .txt)
Noncompliant expenses
Inappropriate T&E claim
Duplicate expenses

Implementation Approach
Phase IIPhase I
 Understand
GRC
capabilities
 Identify gaps
and issues
 Stress test
application
performance
 Enable GRC
platform
 Rollout AP use
cases
 Stabilize GRC
platform
 Rollout
iExpense use
cases
 Achieve
adoption
Phase III
 Expand rollout
to other
functions

For One (1) YearDate Analyzed
Approximately 150+No. of Entities
Four use cases in Accounts PayablesNo. of Use Cases
Graph Initial Build 130M records processed
1.3M records processed
Graph
Incremental Build

Hardware
Configuration
• TCG analyzes millions of
transactions so it needs
enough resources (disk
space and memory)
• Follow Oracle
recommended h/w and
s/w and make
adjustments based on
the volume of
transactions
Model & Control
Analysis Assessment
• Optimize the design of
models
• Replicate read-only
schema instead of using
apps schema of EBS
• Implement control data
level security (by region)
so incidents can only be
viewed by the right user
for that region
Fit/Gap Analysis
• Verify the availability of
business objects for the
use cases
• Validate the model
results first before
running the controls
• If you don’t need to
secure your incidents,
then do not use
perspective for security
Oracle Support
• Early engagement with
Oracle
• Tight collaboration and
partnership with Oracle
ETL Performance
Assessment
• Perform multiple
iterations of graph build.
Monitor sys resources
• Analyze transaction
volume of each business
object used in models
• Understand the ETL
design and Data
Extraction criterion

 Expense Management Forensic Strategy Automation
 Potential Cost savings through increased compliance in hotel
bookings (10% increase in compliance may Yield ~ 2/3 M $/Yr savings)
 Potential savings through Procurement spend Channel
alignment (realize higher discounts thru P-card program)
 Reduced internal and External Audit costs
 Cost avoidance of Operations in Audit remediation

Thank you.

Program Agenda
 Introduction
 Top 10 P2P Issues that Impact Bottom-Line
 GRC Advanced Control Solution
 Q & A

Oracle Advance Controls
OOW2013 Sessions &
Demo Pod Slides

Demo Workstation
Moscone West 1st Floor #W-013
Monday Tuesday Wednesday
Demo ID 3532
Workstation #: W--013
9:45 – 6:00 9:45 – 6:00 9:45 – 4:00

Demo Workstation
Moscone West 1st Floor #W-013

General Session: Empowering Modern Governance, Risk, and Compliance
 12:15PM Moscone West – 2006/2008
 GEN8812
Automate Robust User Access and Security Controls for PeopleSoft
 10:45AM Moscone West - 2009
 CON8820
Panel Discussion: Intelligent Controls for Key Business Processes & Upgrades in PeopleSoft
 3:15PM Moscone West - 3020
 CON8822
Deloitte: Leveraging Oracle GRC Technology to Reduce Revenue Loss, Cost Leakage & Fraud
 3:15PM Moscone West - 2000
 CON8822
Learn More About Oracle Advance Controls
Monday

Top 10 Advanced Controls for Procure-to-Pay to Improve the Bottom Line
 10:30AM Moscone West – 2003
 CON8814
Center for Medicare & Medicaid Services Automates Internal Controls with Oracle GRC
 3:45PM St Francis – Elizabethan C/D
 CON9346
Enforce Segregation of Duties with Identity Management and Oracle Advanced Controls
 5:15PM Moscone West – 3018
 CON8827
Tuesday

Optimizing Order-to-Cash with Oracle Advanced Controls for Oracle E-Business Suite
 10:15AM Moscone West – 3018
 CON8816
Reducing Risk for Oracle E-Business Suite Upgrades and Implementations
 CON8830
Panel Discussion: Intelligent Controls for Key Business Processes and Upgrades
 3:30PM Moscone West – 2002 / 2004
 CON8832
Wednesday

Advanced Access and User Security for Oracle E-Business Suite and Fusion Applications
 CON8824
Meet the Governance, Risk, and Compliance Experts
 12:30PM Moscone West 2001A
 MTE9412
Thursday

The preceding is intended to outline our general product direction. It is
intended for information purposes only, and may not be incorporated into
any contract.
It is not a commitment to deliver any material, code, or functionality, and
should not be relied upon in making purchasing decisions. The
development, release, and timing of any features or functionality
described for Oracle’s products remains at the sole discretion of Oracle.

@OracleAdvCntrls

Appendix

 Invalid entry of supplier invoices  Cash leakage
ERP Control
 Prevent same invoice number from being entered for the same supplier and same supplier site
Advanced Control
Detective:
 Detect invoices with “Similar” invoice number, same amount to the one supplier
 Detect invoices made to the same suppliers but in different business unit
 Detect invoices made to different vendor with very similar names
 Detect payment made by procurement card and checks
Preventive:
• Put duplicate invoices on hold until proper investigation is complete
Duplicate Vendor Payments

 Overpayment to suppliers  Cash leakage
ERP Control
 Track scheduled payments so that it never goes over the invoice total
 3-way match will compare the purchase order, receipt of goods and invoice if the above two are correct
Advanced Control
Detective:
 Detect invoices where freight was charged when in PO it was supposed to be pre-paid by the
vendor
 Detect invoices where freight was charged and warehouse charged freight separately
 Detect invoices billed for quantities than what was actually shipped
Preventive:
• Put suspect invoices on hold until proper investigation is complete
Erroneous Charges to Invoice

 Untimely payment to supplier
 Negative Credit Rating
 Late payment fines causes negative cash flow
 Lose out on opportunity to take early payment discounts
ERP Control
 Invoice ageing report show invoices due payment
 Advanced Collections flags delinquent or pre-delinquent transactions
 Invoice get paid based on payment term after it is validated and approved
Advanced Control
Detective:
 Detect invoices that are approaching due date base on supplier/ PO payment term
 Identify users who have consistently not paid vendors on time
 Detect payments to vendors that are consistently late
Preventive:
• Send alerts on upcoming payments that are approaching due dates
Late Payments

 Risk of audit/ fines and penalty (regulatory risk)  Cash leakage
ERP Control
 Can mandate original employee receipts for foreign trip to reclaim VAT
 Tax module calculates applicable taxes which provides a check on amounts stated by the supplier
Advanced Control
Detective:
 Detect sales tax invoices by vendors for non-taxable items
 Identifies use tax in error on non-taxable goods and services
 Identify all VAT invoices that are approaching due date of the calendar year
 Detect if sales tax goes over a threshold value
 Identify supplier invoices where VAT is charged based on supplier location vs where the service is
rendered
Tax Errors: Sales/ Use/ VAT

 Inaccurate vendor master  Cash leakage
ERP Control
 Prevents user from entering duplicate supplier names
 When entering a new supplier, it shows you existing suppliers with similar names
Advanced Control
Detective:
 Duplicate payment made to multiple entities of the same supplier
 Identify purchases made from unapproved vendors
 Identify users having supplier creation privileges and purchase order/ Invoice creation privilege
 Identify suppliers with similar or different names but with same Tax ID Number or address
 Identify suppliers who exists in the “Do not do business with” suppliers
Preventive:
 Make supplier Tax ID Number field mandatory
 Prevent POs to be created with unapproved vendors
Master Vendor Management

 Financial fraud and misuse  Cash Leakage
ERP Control
 No good native controls
Advanced Control
Detective:
 Detect Split PO to work around approval threshold
 Detect standard PO issued to a supplier where a blanket PO exists
Preventive:
 POs over a certain threshold require approvals
 Good receipts cannot take place without an approved PO
 Mandate PO number during invoice creation
Purchase Order Problems

 Costly Payment to Vendor  Negative Cash Flow
ERP Control
 Populates payment term of the supplier or the PO during invoice creation
 Based on supplier master configuration, system will force a discount even if discount date has passed
Advanced Control
Detective:
 Identifies special rebate from the PO contract that the invoice failed to mention
 Track invoices that missed discount date by a little margin
Preventive:
• Send alerts on upcoming discounts available for payments above a threshold
• Prevent vendors from deducting late fees from open vendor credit
Missed Discounts

 Untimely payment to supplier  Negative Flow Impact
ERP Control
 Automatically displays payment term during invoice creation
 Payment on receipt option can be disabled
Advanced Control
Detective:
 Detect payments made earlier than supplier payment term
 Alerts a user if payment term setup is changed
Preventive:
• Set up an approval process if payment term is changed
• Prevent payment term to be changed
• Ensures segregation of duties between invoice creation and supplier creation
Early Payment

Top 10 P2P Advanced Controls to improve your bottom line!

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Top 10 P2P Advanced Controls to improve your bottom line!

Similaire à Top 10 P2P Advanced Controls to improve your bottom line! (20)

Plus de Oracle

Plus de Oracle (9)

Dernier

Dernier (20)

Top 10 P2P Advanced Controls to improve your bottom line!