SlideShare une entreprise Scribd logo

FulcrumWay - Effective Ways to Assess ERP Controls 2014

F
FulcrumWay

This was presented on Jan. 28, 2014 in FulcrumWay's monthly Webinar sessions, which occur on the 3rd Tuesday of every month. Anyone may attend, just go to http://www.fulcrumway.com/events/upcoming-events for details. Hope to see you there!! This presentation addresses: ERP Control Assessment Approach – 2014 ERP Controls in Scope for Audit Audit Findings and Remediation Oracle Advanced Controls – Case Study

Technologie
1  sur  44
Télécharger pour lire hors ligne
Is Oracle ERP in Scope for 2014 Audit Plan? Learn, from our client case-studies, effective ways to assess ERP Controls A Leader in Risk Based Enterprise Controls Management Solutions Risk and Compliance Financial Reporting Internal Audit Controls Catalog Application Security Advanced Analytics Webinar – January 28th, 2014 Adil Khan Managing Director Leverage Technology: Move Your Business Forward™ Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright ©. Fulcrum Information Technology, Inc.
Agenda Is Oracle ERP in Scope for 2014 Audit Plan? Introductions ERP Control Assessment Approach – 2014 ERP Controls in Scope for Audit Audit Findings and Remediation Oracle Advanced Controls – Case Study Copyright © FulcrumWay Page 2 www.fulcrumway.com
Agenda Is Oracle ERP in Scope for 2014 Audit Plan? Introductions ERP Control Assessment Approach – 2014 ERP Controls in Scope for Audit Audit Findings and Remediation Oracle Advanced Controls – Case Study Copyright © FulcrumWay Page 3 www.fulcrumway.com
FulcrumWay A Leader in Risk Based Controls Management™ FulcrumWay: is the #1 End-to-End Provider of Risk Based Enterprise Controls Management Solutions for Oracle EBS, PeopleSoft and JDE customers with over 200 Fortune-500 to Middle Market clients. Since 2003, we have successfully assisted companies across all major industry segments. Expertise: Risk Advisory Services. Advanced Controls Design for Enterprise Applications. Best Practices for Risk Mitigation and Internal Controls Automation. Audit, Compliance, Financial, Enterprise and Operational Risk Assessments. Risk Remediation Services. Packaged Solutions: FulcrumWay is the #1 choice of Oracle customers for Oracle GRC Advanced Controls, GRC Manager, and GRC Intelligence/OBIEE software implementation. Oracle has certified us as the only partner with Accelerators for Oracle GRC. We also provide Managed Services Software Services: Risk Assessment for ERP systems, Control Design and Management Tools, Controls Catalog, Enterprise Risk Manager, Financial Reporting Manager, Audit Manager USA Presence: Privately held Delaware Corporation with US offices in New York City, Dallas and San Francisco International Presence: in Auckland, Chennai, Johannesburg, London, Mexico City Copyright © FulcrumWay Page 4 www.fulcrumway.com
Successful Track Record Government Communications Media/Entertainment Copyright © FulcrumWay FulcrumWay Clients Oil and Gas Financial Services Transportation Manufacturing Healthcare High Tech Page 5 Retail Natural Resources Life Sciences www.fulcrumway.com
FulcrumWay™ Insight Proven Expertise Thought Leadership Co-Authored GRC Book: First book on GRC for Oracle Applications Webcasts – GRC Best Practices, Trends and Expert Insight – February 19th Executive Round Table – GRC Advanced Controls Luncheon, Los Angeles, February 21st Executive Round Table - March 13th Chicago: GRC Case Studies and Best Practices Collaborate 14 – GRC Client Appreciation Dinner April 9th , 2014 Las Vegas Oracle Open World – Annual GRC Dinner on September 23rd , 2014 W Hotel San Francisco LinkedIn –FulcrumWay Risk, Compliance and Audit Software Group YouTube Podcasts – FulcrumWay Instant Insight in 10 min or less Copyright © FulcrumWay Page 6 www.fulcrumway.com
Agenda Is Oracle ERP in Scope for 2014 Audit Plan? Introductions ERP Control Assessment Approach – 2014 ERP Controls in Scope for Audit Audit Findings and Remediation Oracle Advanced Controls – Case Study Copyright © FulcrumWay Page 7 www.fulcrumway.com
ERP Controls Why include ERP Controls in Audit ? An Audit of Internal Control Over Financial Reporting That is Integrated with An Audit of Financial Statements, states that benchmarking of application controls can be used because these controls are generally not subject to breakdowns due to human failure. If general controls that are used to monitor program changes, access to programs, and computer operations are effective and continue to be tested on a regular basis, the auditor can conclude that the application control is effective without having to repeat the previous year’s control test. This is especially true if the auditor verifies that the application control has not changed since the auditor last tested the application control U.S. Public Company Accounting Oversight Board’s (PCAOB) Copyright © FulcrumWay Page 8 www.fulcrumway.com
What are ERP Application Controls Inputs  Control Points System Control Documents  Business Policies Output ERP Configurations Board of Directors User Inputs Data Input Validation Posting Processing Output External Interface Stockholders Data Storage Web Services Banks  Copyright © FulcrumWay Audit Logs  Page 9 Data Archives www.fulcrumway.com
Input data is accurate, complete, authorized, and correct Inputs  What are ERP Application Controls Control Points System Control Documents  Business Policies Output ERP Configurations Board of Directors User Inputs Data Input Validation Posting Processing Output External Interface Stockholders Data Storage Web Services Banks  Copyright © FulcrumWay Audit Logs  Page 10 Data Archives www.fulcrumway.com
Input data is accurate, complete, authorized, and correct Inputs  What are ERP Application Controls Control Points System Control Documents  Business Policies Output ERP Configurations Board of Directors User Inputs Data Input Validation Posting Processing Output External Interface Stockholders Data Storage Web Services Banks  Audit Logs  Data Archives Data is processed as intended in an acceptable time period Copyright © FulcrumWay Page 11 www.fulcrumway.com
Input data is accurate, complete, authorized, and correct Inputs  What are ERP Application Controls Data stored is accurate and complete. System Control Documents  Business Policies Control Points Output ERP Configurations Board of Directors User Inputs Data Input Validation Posting Processing Output External Interface Stockholders Data Storage Web Services Banks  Audit Logs  Data Archives Data is processed as intended in an acceptable time period Copyright © FulcrumWay Page 12 www.fulcrumway.com
Input data is accurate, complete, authorized, and correct Inputs  What are ERP Application Controls Data stored is accurate and complete. System Control Documents  Business Policies Control Points Output ERP Configurations Board of Directors User Inputs Data Input Validation Posting Processing Output External Interface Stockholders Data Storage Web Services Outputs are accurate and complete. Banks  Audit Logs  Data Archives Data is processed as intended in an acceptable time period Copyright © FulcrumWay Page 13 www.fulcrumway.com
Input data is accurate, complete, authorized, and correct Inputs  What are ERP Application Controls Data stored is accurate and complete. System Control Documents  Business Policies Control Points Output A record is maintained to track the process of data ERP Configurations from input to storage and to the eventual output Board of Directors User Inputs Data Input Validation Posting Processing Output External Interface Stockholders Data Storage Web Services Outputs are accurate and complete. Banks  Audit Logs  Data Archives Data is processed as intended in an acceptable time period Copyright © FulcrumWay Page 14 www.fulcrumway.com
Assessment Approach Top Down Risk Based Approach to Application Controls What are the enterprise wide risks that need to be Assessed? Which business processes are impacted by these risks? Which ERP apps are used to perform these processes Where (business locations) are the processes performed What application functions control the processes? Copyright © FulcrumWay Page 15 www.fulcrumway.com
Agenda Is Oracle ERP in Scope for 2014 Audit Plan? Introductions ERP Control Assessment Approach – 2014 ERP Controls in Scope for Audit Audit Findings and Remediation Oracle Advanced Controls – Case Study Copyright © FulcrumWay Page 16 www.fulcrumway.com
Application Risk Factors ERP Scope INV INV PR List of Apps HR PO Custom Code Freq. of Changes Audit Logs Risk Rating 8 9 5 9 8 34 7 7 6 8 9 32 AR 7 7 9 9 7 39 FA 5 5 5 5 5 25 PO GL AP AR Financial /Sensitive Data AP OM Primary Process Enabler GL FA 5 5 4 6 4 24 AR Risk Threshold Copyright © FulcrumWay AP GL Page 17 Risk Scale: Highest 10 Risk Threshold: Over 30 www.fulcrumway.com
Access Controls ERP Scope FulcrumWay Controls Catalog Access Control Process ERP App Risk Type Risk Rating Enter Journal and Post Journal Can cause frauds or errors resulting in over or under stated financial statements R2R GL Fin High Create Suppliers and Create Invoices - R12 Can lead to an overstatement of liabilities if fictitious suppliers are created and invoiced. P2P AP Fin High Create Customer and Create Sales Order - R12 Copyright © FulcrumWay Risk Description Can lead to an overstatement of revenues. O2C AR Fin High Page 18 www.fulcrumway.com
ERP Scope Configuration Controls FulcrumWay Controls Catalog Configuration Control Process ERP App Risk Type Risk Rating R2R GL Fin High Adjustments made to invoice distributions P2P after payment is issued can cause errors in reconciliation … Define Credit Usage Rules In Credit Management, credit usage rule sets O2C ensure that all transactions for the specified currencies are converted to the credit ... AP Fin High AR Fin High Journal Authorization Limits Risk Description Authorization limits for employees. Payment Adjustment Controls Copyright © FulcrumWay Page 19 www.fulcrumway.com
ERP Scope ERP Transaction Controls FulcrumWay Controls Catalog Transaction Control Exchange Rates AP Invoice Over PO AR Invoices Over Threshold Copyright © FulcrumWay Risk Description ERP App Risk Type Risk Rating Identify transactions after the fact R2R monitoring of manual inputs of system exchange rates that are …more than 10% +/Invoice payments in excess of PO / user P2P Invoice approval limit GL Fin High AP Fin High Control monitor returns a record of each O2C customer invoice that is valued in excess of a specified threshold. AR Fin High Page 20 Process www.fulcrumway.com
ERP Control Methods ERP Scope High I M P A C T Medium Risk Mitigate Remediate & Prevent Low Risk Copyright © FulcrumWay Medium Risk Monitor Controls Accept Low High Risk PROBABILITY Page 21 High www.fulcrumway.com
ERP Scope Copyright © FulcrumWay ERP Preventive Controls Page 22 www.fulcrumway.com
Agenda Is Oracle ERP in Scope for 2014 Audit Plan? Introductions ERP Control Assessment Approach – 2014 ERP Controls in Scope for Audit Audit Findings and Remediation Oracle Advanced Controls – Case Study Copyright © FulcrumWay Page 23 www.fulcrumway.com
Findings / Remediation ERP Audit Findings and Remediation Scope Application Controls Assess Risk Establish Test Environment Setup Mitigating Controls Manage Exceptions Detect Violations Analyze Issues Remediate Issues Implement Corrective Actions Monitor Application Environment Application Security Administrator Application Controls Manager Sample ERP Data FulcrumWay DataProbe Application Controls Manager Copyright © FulcrumWay IT/Business Control Teams Page 24 www.fulcrumway.com
Findings Access Controls Violations User: John Doe Role: Purchasing User Menu: CREATE_PMTS Locked User Role Authorized Actions Page: PAYMENT_ACTION_IC Row Security Class Role: Invoice Manager Panel Group Component Component: INVOICESGBL Permission List: Invoices Page: TD_INVOICES Inherent SOD False Conflict Positive Copyright © FulcrumWay Page 25 www.fulcrumway.com
Findings Spend Categories  Oracle Procure-to-Pay Corporate Performance Management  Collaboration Control Points Settlement Strategic Sourcing & Contract Mgmt Indirect & MRO Banks Requisition Direct Materials Purchase Goods / Services Receive Goods / Services Invoice Issue Payments Payment Processors Supplier Collaboration Services SWIFTNet  Copyright © FulcrumWay Business Process Models  Page 26 Service Oriented Architecture www.fulcrumway.com
Oracle Procure-to-Pay Findings Spend Categories  Corporate Performance Management  Collaboration Settlement Strategic Sourcing & Contract Mgmt CONTROLS Indirect & MRO Banks Are there inappropriate associations between a Requisivendor and an employee? tion Direct Materials Do you have duplicate suppliers? Services Receive Goods / Services Invoice Are your vendors compliant with trade regulations? Are the vendors Supplier Collaboration blacklisted? Payment Processors Are you missing critical supplier information? Is the information valid? SWIFTNet  Copyright © FulcrumWay Purchase Goods / Services Are there frequent changes to Supplier Issue information? Payments Business Process Models  Page 27 Service Oriented Architecture www.fulcrumway.com
Oracle Procure-to-Pay Findings Spend Categories  Corporate Performance Management Collaboration Do you have duplicate Purchase Orders? Strategic Sourcing & Contract Mgmt Indirect & MRO Requisition Direct Materials Purchase Goods / Services Receive Goods / Services Are POs created on the Banks same day as goods arrive? Issue Invoice Payments Supplier Collaboration purchases with nonAre there preferred vendors?  Settlement Payment Are there split POs? Processors CONTROLS Services Copyright © FulcrumWay  Business Process Models  Page 28 SWIFTNet Service Oriented Architecture www.fulcrumway.com
Oracle Procure-to-Pay Findings Spend  Corporate Performance Management Categories Are you making accurate and  Collaboration timely payments? Settlement Strategic Sourcing & Contract Mgmt Are payment term changes reviewed before payment? Indirect Banks & MRO Are there duplicate invoice Requisiamounts being processed? tion Direct Purchase Goods / Services Receive Goods / Services Did the person making the Materials payment create or modify the vendor? Invoice Issue Payments CONTROLS Payment Processors Supplier Collaboration Services Are there discrepancies in freight charges?  Copyright © FulcrumWay SWIFTNet Business Process Models  Page 29 Service Oriented Architecture www.fulcrumway.com
Agenda Is Oracle ERP in Scope for 2014 Audit Plan? Introductions ERP Control Assessment Approach – 2014 ERP Controls in Scope for Audit Audit Findings and Remediation Oracle Advanced Controls – Case Study Copyright © FulcrumWay Page 30 www.fulcrumway.com
Case Study Company Overview  Corporate Overview • Large Mining, Chemical, Energy & Oil company headquartered in West Palm Beach, FL • 1,200 Employees worldwide and $4B annual revenue • Own Oracle E Business Suite R12 and several Non-Oracle Systems  Overall Challenges and the Need for ERP Controls • Heterogeneous business application environment • Inability to track unusual activity on sensitive financial data • Lack of proper internal controls in various processes • Insufficient documentation on access, configurations and transaction controls Copyright © FulcrumWay Page 31 31 www.fulcrumway.com
Controls in Scope User security to prevent improper access to business functions Segregation of Requisitions from Purchase Orders – Auto Create of Purchase Orders/RFQ from Requisitions One, Two or Three way matching of purchases to payments Purchasing and Payment tolerances Vendor purchasing/pay site configuration One-time vendor indicator Purchasing Approvals – Based on dollar value – Commodity Type Copyright © FulcrumWay Page 32 www.fulcrumway.com
Controls in Scope Purchasing – – – – – – Compare Vendor Address with Employee address, looking for similarities Duplicate Suppliers, similar names or same tax ID One time vendors, Audit rules on the one-time vendor flag changes PO creation date is the same as the receiving date Split purchase orders Duplicate purchase orders Accounts Payable – – – Copyright © FulcrumWay Change rule for change in payment terms & Change tracking object for terms and tolerances Duplicate Invoices Control Same employee create vendor and invoice to vendor Page 33 www.fulcrumway.com
Controls in Scope Open/Closing Accounting Periods Adding KFF Account values Hiding private/sensitive data – Social Security Number – Bank Account information – Home addresses Automated period close and consolidation process Copyright © FulcrumWay Page 34 www.fulcrumway.com
IT/Super User Change Tracking Security Rules Cross Validation Rules Foreign Currency exchange rate changes Key Flexfield Segments System Profiles ERP Responsibilities Payment Terms and Tolerances Form Changes Alert Changes Bank Account Information Journal Sources and Categories Copyright © FulcrumWay Page 35 www.fulcrumway.com
Oracle Advanced Controls Implementation Access Controls Transaction Controls Copyright © FulcrumWay 36 Segregation of Duties i.e. Policy Load User Provisioning i.e. Detection and remediation of SODs Conflict Reports i.e. Report on Intra and Inter Responsibility conflicts Form Rules i.e. limiting access to a field Flow Rules i.e. approval rule informational message on trigger Audit Rules i.e. track changes Change Control Rules i.e. reason code as to why a field is changed Business Objects i.e. Tables and fields within EBS Suite Parameters i.e. Filters, Patterns and Functions TCG Models i.e. string of business objects that generate suspects Page 36 Snapshots i.e. capturing specific setup/configuration info Comparisons i.e. comparing snapshots between ledgers, operating units, instances Change Tracking i.e. monitor any change to configuration Preventive Controls Configuration Controls www.fulcrumway.com
Transaction Control Monitors AP Invoices Over Threshold Identify AP Invoices that are over a certain Threshold Amount Dormant Inventory Items Check for Dormant Inventory Items Dormant User IDs Identify dormant user IDs Duplicate Vendor Payments Identify Duplicate Vendor Payments within a specified time period Enter Post Journals SOD Violation Identify Journals that are entered and posted by the same user. Manual Journal Entries over Threshold Amount Identify Manual Journals created in General Ledger that are above the specified threshold amount PO Over Threshold Amount Identify Purchase Orders that are over a certain Threshold Amount. Sales Order Over Credit Limit Control Monitor for Sales Order over Credit Limit Sales Order Over Threshold Amount Identify Sales Orders that were booked for a value over a threshold amount SOD Violation between AP Invoices and PO Documents Identify purchasing and payables documents entered by the same user. Terminated Employees with Active User Ids Identify Terminated Employees with Active User Ids Copyright © FulcrumWay Page 37 www.fulcrumway.com
Transaction Control Monitors Define credit usage rules In Order Management, credit usage rule sets define the set of currencies that will share a predefined credit limit during the credit checking process, and enable the grouping currencies for global credit checking. Customer reporting hierarchy Receivables uses the following hierarchy to determine the default payment term for your transactions, stopping when one is found: 1. Bill–to site 2. Customer Address 3. Customer 4. Transaction Type Approval limits Approval limits affect the Adjustments, Submit Auto Adjustments, and Approve Adjustments windows as well as the Credit Memo Request Workflow. Define approval limits to determine whether a Receivables user can approve adjustments or credit memo requests. You define approval limits by document type, dollar amount, reason code, and currency. Aging buckets Define aging buckets to review and report on open receivables based on the number of days each item is past due. For example, the 4–Bucket Aging bucket that Receivables provides consists of four periods: –999 to 0 days past due, 1 to 30 days past due, 31–61 days past due, and 61–91 days past due. Copyright © FulcrumWay Page 38 38 www.fulcrumway.com
Change Tracking Query a change tracker to identify changes across multiple instances. Select multiple applications to monitor Query requires Change Tracking Transfer program to run before any data can be collected. (This program transfers change tracking data from the ERP instances to CCG.) Copyright © FulcrumWay Page 39 www.fulcrumway.com
Change Tracking Monitor Configuration Changes Users and administrators can monitor before-and-after values, responsible user, and time stamp Copyright © FulcrumWay Page 40 www.fulcrumway.com
EBS Form Rule Capabilities • Defines what actions the element performs • Empowers the user to make changes to EBS forms and processes Set security attributes Compile lists of values (LOV) Establish navigation paths Set field attributes Display messages Run SQL statements Define default values for fields Execute Flow Rule process Copyright © FulcrumWay 41 Page 41 www.fulcrumway.com
Form Rule Highlights Hidden Field Modify Security Settings Create Messages Field Required Edit Messages Edit Background Edit Field Properties Hide Field Data Copyright © FulcrumWay Page 42 Edit Prompt www.fulcrumway.com
Procure to Pay with Oracle Advanced Controls Optimization Business Risks Unapproved or Illegal Suppliers Delayed Supplier payments Unauthorized Purchases Continuous Monitors Controls Objectives Capture all Discounts Accurate Supplier Information Split purchase orders Discounts Lost due to Delays in Payment Supplier and Invoices Created by Same User Multiple Suppliers with the similar email domain Incident ! Incident ! Incident ! Valid Purchase Orders Ensure Separation of Duties in Procurement Copyright © FulcrumWay Prevent Leakage Cash Flow Multiple Suppliers with the same Tax ID Multiple Suppliers with the same Bank Account Number Page 43 Purchase Orders issued to Blocked Suppliers Monitor purchases of unauthorized items, such as contraband Incident ! Investigate Close www.fulcrumway.com
Q&A Download DataProbe Leader in Risk Based Enterprise Controls One-on-One with Experts Follow FulcrumWay on LinkedIn for ERP Risk and Controls Copyright © FulcrumWay Page 44 www.fulcrumway.com

Recommandé

Managing and Rationalizing the Application Portfolio with CA PPM
Managing and Rationalizing the Application Portfolio with CA PPMManaging and Rationalizing the Application Portfolio with CA PPM
Managing and Rationalizing the Application Portfolio with CA PPM
CA Technologies
 
RPA Architecture
RPA Architecture RPA Architecture
RPA Architecture
Apsara G
 
Chatbots rpa-ia
Chatbots rpa-iaChatbots rpa-ia
Chatbots rpa-ia
houda zaidi
 
Techweb State Of ERP
Techweb State Of ERPTechweb State Of ERP
Techweb State Of ERP
guestee4e08
 
Software Systems & Application Rationalization
Software Systems & Application RationalizationSoftware Systems & Application Rationalization
Software Systems & Application Rationalization
Ambareesh Kulkarni
 
Life sciences quality management system vendor software benchmark survey feb2014
Life sciences quality management system vendor software benchmark survey feb2014Life sciences quality management system vendor software benchmark survey feb2014
Life sciences quality management system vendor software benchmark survey feb2014
Quality & Regulatory Network LLC
 
Whitepaper Robotic Process Automation
Whitepaper Robotic Process AutomationWhitepaper Robotic Process Automation
Whitepaper Robotic Process Automation
Sandeep Maurya 8800719707
 
Using oracle grc software to automate and proactively monitor your e business...
Using oracle grc software to automate and proactively monitor your e business...Using oracle grc software to automate and proactively monitor your e business...
Using oracle grc software to automate and proactively monitor your e business...
bradleywstorts
 

Recommandé

Managing and Rationalizing the Application Portfolio with CA PPM
Managing and Rationalizing the Application Portfolio with CA PPMManaging and Rationalizing the Application Portfolio with CA PPM
Managing and Rationalizing the Application Portfolio with CA PPM
CA Technologies
 
RPA Architecture
RPA Architecture RPA Architecture
RPA Architecture
Apsara G
 
Chatbots rpa-ia
Chatbots rpa-iaChatbots rpa-ia
Chatbots rpa-ia
houda zaidi
 
Techweb State Of ERP
Techweb State Of ERPTechweb State Of ERP
Techweb State Of ERP
guestee4e08
 
Software Systems & Application Rationalization
Software Systems & Application RationalizationSoftware Systems & Application Rationalization
Software Systems & Application Rationalization
Ambareesh Kulkarni
 
Life sciences quality management system vendor software benchmark survey feb2014
Life sciences quality management system vendor software benchmark survey feb2014Life sciences quality management system vendor software benchmark survey feb2014
Life sciences quality management system vendor software benchmark survey feb2014
Quality & Regulatory Network LLC
 
Whitepaper Robotic Process Automation
Whitepaper Robotic Process AutomationWhitepaper Robotic Process Automation
Whitepaper Robotic Process Automation
Sandeep Maurya 8800719707
 
Using oracle grc software to automate and proactively monitor your e business...
Using oracle grc software to automate and proactively monitor your e business...Using oracle grc software to automate and proactively monitor your e business...
Using oracle grc software to automate and proactively monitor your e business...
bradleywstorts
 
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay
 
FulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP SystemFulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay
 
Reduce sod access violations with effective roles management techniques
Reduce sod access violations with effective roles management techniquesReduce sod access violations with effective roles management techniques
Reduce sod access violations with effective roles management techniques
actjax
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC Solutions
Mantala
 
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
FulcrumWay
 
FulcrumWay - Leverage Advanced Controls for EBS R12 to Streamline Record to R...
FulcrumWay - Leverage Advanced Controls for EBS R12 to Streamline Record to R...FulcrumWay - Leverage Advanced Controls for EBS R12 to Streamline Record to R...
FulcrumWay - Leverage Advanced Controls for EBS R12 to Streamline Record to R...
FulcrumWay
 
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay
 
Identify and monitoring multi-platform and cross-platform access control
Identify and monitoring multi-platform and cross-platform access controlIdentify and monitoring multi-platform and cross-platform access control
Identify and monitoring multi-platform and cross-platform access control
Alice Cantu
 
ManageEngine - Forrester Webinar: Maximize your application performance to en...
ManageEngine - Forrester Webinar: Maximize your application performance to en...ManageEngine - Forrester Webinar: Maximize your application performance to en...
ManageEngine - Forrester Webinar: Maximize your application performance to en...
ManageEngine
 
Introducing Oracle Advanced Financial Controls Cloud Service
Introducing Oracle Advanced Financial Controls Cloud ServiceIntroducing Oracle Advanced Financial Controls Cloud Service
Introducing Oracle Advanced Financial Controls Cloud Service
Dane Roberts
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
Emma Kelly
 
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controls
Oracle
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...
Oracle
 
Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...
Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...
Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...
Oracle
 
How Morgan Stanley is Using Apps to Transform the Workplace
How Morgan Stanley is Using Apps to Transform the WorkplaceHow Morgan Stanley is Using Apps to Transform the Workplace
How Morgan Stanley is Using Apps to Transform the Workplace
Dreamforce
 
Success Story: Testing Education Domain - CRM Testing
Success Story: Testing Education Domain - CRM Testing Success Story: Testing Education Domain - CRM Testing
Success Story: Testing Education Domain - CRM Testing
Indium Software
 
Testing CRM in Education Domain – Success Story
Testing CRM in Education Domain – Success StoryTesting CRM in Education Domain – Success Story
Testing CRM in Education Domain – Success Story
Indium Software
 
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
Oracle
 
How to Launch Your AppExchange App at Dreamforce
How to Launch Your AppExchange App at DreamforceHow to Launch Your AppExchange App at Dreamforce
How to Launch Your AppExchange App at Dreamforce
CodeScience
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Deepika Singh
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Contenu connexe

Similaire à FulcrumWay - Effective Ways to Assess ERP Controls 2014

FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay
 
Reduce sod access violations with effective roles management techniques
Reduce sod access violations with effective roles management techniquesReduce sod access violations with effective roles management techniques
Reduce sod access violations with effective roles management techniques
actjax
 
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
FulcrumWay
 
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
Emma Kelly
 
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controls
Oracle
 
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
Oracle
 

Similaire à FulcrumWay - Effective Ways to Assess ERP Controls 2014 (20)

FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
 
FulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP SystemFulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP System
 
Reduce sod access violations with effective roles management techniques
Reduce sod access violations with effective roles management techniquesReduce sod access violations with effective roles management techniques
Reduce sod access violations with effective roles management techniques
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC Solutions
 
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
 
FulcrumWay - Leverage Advanced Controls for EBS R12 to Streamline Record to R...
FulcrumWay - Leverage Advanced Controls for EBS R12 to Streamline Record to R...FulcrumWay - Leverage Advanced Controls for EBS R12 to Streamline Record to R...
FulcrumWay - Leverage Advanced Controls for EBS R12 to Streamline Record to R...
 
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
 
Identify and monitoring multi-platform and cross-platform access control
Identify and monitoring multi-platform and cross-platform access controlIdentify and monitoring multi-platform and cross-platform access control
Identify and monitoring multi-platform and cross-platform access control
 
ManageEngine - Forrester Webinar: Maximize your application performance to en...
ManageEngine - Forrester Webinar: Maximize your application performance to en...ManageEngine - Forrester Webinar: Maximize your application performance to en...
ManageEngine - Forrester Webinar: Maximize your application performance to en...
 
Introducing Oracle Advanced Financial Controls Cloud Service
Introducing Oracle Advanced Financial Controls Cloud ServiceIntroducing Oracle Advanced Financial Controls Cloud Service
Introducing Oracle Advanced Financial Controls Cloud Service
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
 
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controls
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...
 
Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...
Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...
Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...
 
How Morgan Stanley is Using Apps to Transform the Workplace
How Morgan Stanley is Using Apps to Transform the WorkplaceHow Morgan Stanley is Using Apps to Transform the Workplace
How Morgan Stanley is Using Apps to Transform the Workplace
 
Success Story: Testing Education Domain - CRM Testing
Success Story: Testing Education Domain - CRM Testing Success Story: Testing Education Domain - CRM Testing
Success Story: Testing Education Domain - CRM Testing
 
Testing CRM in Education Domain – Success Story
Testing CRM in Education Domain – Success StoryTesting CRM in Education Domain – Success Story
Testing CRM in Education Domain – Success Story
 
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
 
How to Launch Your AppExchange App at Dreamforce
How to Launch Your AppExchange App at DreamforceHow to Launch Your AppExchange App at Dreamforce
How to Launch Your AppExchange App at Dreamforce
 

Dernier

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Dernier (20)

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 

FulcrumWay - Effective Ways to Assess ERP Controls 2014

  • 1. Is Oracle ERP in Scope for 2014 Audit Plan? Learn, from our client case-studies, effective ways to assess ERP Controls A Leader in Risk Based Enterprise Controls Management Solutions Risk and Compliance Financial Reporting Internal Audit Controls Catalog Application Security Advanced Analytics Webinar – January 28th, 2014 Adil Khan Managing Director Leverage Technology: Move Your Business Forward™ Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright ©. Fulcrum Information Technology, Inc.
  • 2. Agenda Is Oracle ERP in Scope for 2014 Audit Plan? Introductions ERP Control Assessment Approach – 2014 ERP Controls in Scope for Audit Audit Findings and Remediation Oracle Advanced Controls – Case Study Copyright © FulcrumWay Page 2 www.fulcrumway.com
  • 3. Agenda Is Oracle ERP in Scope for 2014 Audit Plan? Introductions ERP Control Assessment Approach – 2014 ERP Controls in Scope for Audit Audit Findings and Remediation Oracle Advanced Controls – Case Study Copyright © FulcrumWay Page 3 www.fulcrumway.com
  • 4. FulcrumWay A Leader in Risk Based Controls Management™ FulcrumWay: is the #1 End-to-End Provider of Risk Based Enterprise Controls Management Solutions for Oracle EBS, PeopleSoft and JDE customers with over 200 Fortune-500 to Middle Market clients. Since 2003, we have successfully assisted companies across all major industry segments. Expertise: Risk Advisory Services. Advanced Controls Design for Enterprise Applications. Best Practices for Risk Mitigation and Internal Controls Automation. Audit, Compliance, Financial, Enterprise and Operational Risk Assessments. Risk Remediation Services. Packaged Solutions: FulcrumWay is the #1 choice of Oracle customers for Oracle GRC Advanced Controls, GRC Manager, and GRC Intelligence/OBIEE software implementation. Oracle has certified us as the only partner with Accelerators for Oracle GRC. We also provide Managed Services Software Services: Risk Assessment for ERP systems, Control Design and Management Tools, Controls Catalog, Enterprise Risk Manager, Financial Reporting Manager, Audit Manager USA Presence: Privately held Delaware Corporation with US offices in New York City, Dallas and San Francisco International Presence: in Auckland, Chennai, Johannesburg, London, Mexico City Copyright © FulcrumWay Page 4 www.fulcrumway.com
  • 5. Successful Track Record Government Communications Media/Entertainment Copyright © FulcrumWay FulcrumWay Clients Oil and Gas Financial Services Transportation Manufacturing Healthcare High Tech Page 5 Retail Natural Resources Life Sciences www.fulcrumway.com
  • 6. FulcrumWay™ Insight Proven Expertise Thought Leadership Co-Authored GRC Book: First book on GRC for Oracle Applications Webcasts – GRC Best Practices, Trends and Expert Insight – February 19th Executive Round Table – GRC Advanced Controls Luncheon, Los Angeles, February 21st Executive Round Table - March 13th Chicago: GRC Case Studies and Best Practices Collaborate 14 – GRC Client Appreciation Dinner April 9th , 2014 Las Vegas Oracle Open World – Annual GRC Dinner on September 23rd , 2014 W Hotel San Francisco LinkedIn –FulcrumWay Risk, Compliance and Audit Software Group YouTube Podcasts – FulcrumWay Instant Insight in 10 min or less Copyright © FulcrumWay Page 6 www.fulcrumway.com
  • 7. Agenda Is Oracle ERP in Scope for 2014 Audit Plan? Introductions ERP Control Assessment Approach – 2014 ERP Controls in Scope for Audit Audit Findings and Remediation Oracle Advanced Controls – Case Study Copyright © FulcrumWay Page 7 www.fulcrumway.com
  • 8. ERP Controls Why include ERP Controls in Audit ? An Audit of Internal Control Over Financial Reporting That is Integrated with An Audit of Financial Statements, states that benchmarking of application controls can be used because these controls are generally not subject to breakdowns due to human failure. If general controls that are used to monitor program changes, access to programs, and computer operations are effective and continue to be tested on a regular basis, the auditor can conclude that the application control is effective without having to repeat the previous year’s control test. This is especially true if the auditor verifies that the application control has not changed since the auditor last tested the application control U.S. Public Company Accounting Oversight Board’s (PCAOB) Copyright © FulcrumWay Page 8 www.fulcrumway.com
  • 9. What are ERP Application Controls Inputs  Control Points System Control Documents  Business Policies Output ERP Configurations Board of Directors User Inputs Data Input Validation Posting Processing Output External Interface Stockholders Data Storage Web Services Banks  Copyright © FulcrumWay Audit Logs  Page 9 Data Archives www.fulcrumway.com
  • 10. Input data is accurate, complete, authorized, and correct Inputs  What are ERP Application Controls Control Points System Control Documents  Business Policies Output ERP Configurations Board of Directors User Inputs Data Input Validation Posting Processing Output External Interface Stockholders Data Storage Web Services Banks  Copyright © FulcrumWay Audit Logs  Page 10 Data Archives www.fulcrumway.com
  • 11. Input data is accurate, complete, authorized, and correct Inputs  What are ERP Application Controls Control Points System Control Documents  Business Policies Output ERP Configurations Board of Directors User Inputs Data Input Validation Posting Processing Output External Interface Stockholders Data Storage Web Services Banks  Audit Logs  Data Archives Data is processed as intended in an acceptable time period Copyright © FulcrumWay Page 11 www.fulcrumway.com
  • 12. Input data is accurate, complete, authorized, and correct Inputs  What are ERP Application Controls Data stored is accurate and complete. System Control Documents  Business Policies Control Points Output ERP Configurations Board of Directors User Inputs Data Input Validation Posting Processing Output External Interface Stockholders Data Storage Web Services Banks  Audit Logs  Data Archives Data is processed as intended in an acceptable time period Copyright © FulcrumWay Page 12 www.fulcrumway.com
  • 13. Input data is accurate, complete, authorized, and correct Inputs  What are ERP Application Controls Data stored is accurate and complete. System Control Documents  Business Policies Control Points Output ERP Configurations Board of Directors User Inputs Data Input Validation Posting Processing Output External Interface Stockholders Data Storage Web Services Outputs are accurate and complete. Banks  Audit Logs  Data Archives Data is processed as intended in an acceptable time period Copyright © FulcrumWay Page 13 www.fulcrumway.com
  • 14. Input data is accurate, complete, authorized, and correct Inputs  What are ERP Application Controls Data stored is accurate and complete. System Control Documents  Business Policies Control Points Output A record is maintained to track the process of data ERP Configurations from input to storage and to the eventual output Board of Directors User Inputs Data Input Validation Posting Processing Output External Interface Stockholders Data Storage Web Services Outputs are accurate and complete. Banks  Audit Logs  Data Archives Data is processed as intended in an acceptable time period Copyright © FulcrumWay Page 14 www.fulcrumway.com
  • 15. Assessment Approach Top Down Risk Based Approach to Application Controls What are the enterprise wide risks that need to be Assessed? Which business processes are impacted by these risks? Which ERP apps are used to perform these processes Where (business locations) are the processes performed What application functions control the processes? Copyright © FulcrumWay Page 15 www.fulcrumway.com
  • 16. Agenda Is Oracle ERP in Scope for 2014 Audit Plan? Introductions ERP Control Assessment Approach – 2014 ERP Controls in Scope for Audit Audit Findings and Remediation Oracle Advanced Controls – Case Study Copyright © FulcrumWay Page 16 www.fulcrumway.com
  • 17. Application Risk Factors ERP Scope INV INV PR List of Apps HR PO Custom Code Freq. of Changes Audit Logs Risk Rating 8 9 5 9 8 34 7 7 6 8 9 32 AR 7 7 9 9 7 39 FA 5 5 5 5 5 25 PO GL AP AR Financial /Sensitive Data AP OM Primary Process Enabler GL FA 5 5 4 6 4 24 AR Risk Threshold Copyright © FulcrumWay AP GL Page 17 Risk Scale: Highest 10 Risk Threshold: Over 30 www.fulcrumway.com
  • 18. Access Controls ERP Scope FulcrumWay Controls Catalog Access Control Process ERP App Risk Type Risk Rating Enter Journal and Post Journal Can cause frauds or errors resulting in over or under stated financial statements R2R GL Fin High Create Suppliers and Create Invoices - R12 Can lead to an overstatement of liabilities if fictitious suppliers are created and invoiced. P2P AP Fin High Create Customer and Create Sales Order - R12 Copyright © FulcrumWay Risk Description Can lead to an overstatement of revenues. O2C AR Fin High Page 18 www.fulcrumway.com
  • 19. ERP Scope Configuration Controls FulcrumWay Controls Catalog Configuration Control Process ERP App Risk Type Risk Rating R2R GL Fin High Adjustments made to invoice distributions P2P after payment is issued can cause errors in reconciliation … Define Credit Usage Rules In Credit Management, credit usage rule sets O2C ensure that all transactions for the specified currencies are converted to the credit ... AP Fin High AR Fin High Journal Authorization Limits Risk Description Authorization limits for employees. Payment Adjustment Controls Copyright © FulcrumWay Page 19 www.fulcrumway.com
  • 20. ERP Scope ERP Transaction Controls FulcrumWay Controls Catalog Transaction Control Exchange Rates AP Invoice Over PO AR Invoices Over Threshold Copyright © FulcrumWay Risk Description ERP App Risk Type Risk Rating Identify transactions after the fact R2R monitoring of manual inputs of system exchange rates that are …more than 10% +/Invoice payments in excess of PO / user P2P Invoice approval limit GL Fin High AP Fin High Control monitor returns a record of each O2C customer invoice that is valued in excess of a specified threshold. AR Fin High Page 20 Process www.fulcrumway.com
  • 21. ERP Control Methods ERP Scope High I M P A C T Medium Risk Mitigate Remediate & Prevent Low Risk Copyright © FulcrumWay Medium Risk Monitor Controls Accept Low High Risk PROBABILITY Page 21 High www.fulcrumway.com
  • 22. ERP Scope Copyright © FulcrumWay ERP Preventive Controls Page 22 www.fulcrumway.com
  • 23. Agenda Is Oracle ERP in Scope for 2014 Audit Plan? Introductions ERP Control Assessment Approach – 2014 ERP Controls in Scope for Audit Audit Findings and Remediation Oracle Advanced Controls – Case Study Copyright © FulcrumWay Page 23 www.fulcrumway.com
  • 24. Findings / Remediation ERP Audit Findings and Remediation Scope Application Controls Assess Risk Establish Test Environment Setup Mitigating Controls Manage Exceptions Detect Violations Analyze Issues Remediate Issues Implement Corrective Actions Monitor Application Environment Application Security Administrator Application Controls Manager Sample ERP Data FulcrumWay DataProbe Application Controls Manager Copyright © FulcrumWay IT/Business Control Teams Page 24 www.fulcrumway.com
  • 25. Findings Access Controls Violations User: John Doe Role: Purchasing User Menu: CREATE_PMTS Locked User Role Authorized Actions Page: PAYMENT_ACTION_IC Row Security Class Role: Invoice Manager Panel Group Component Component: INVOICESGBL Permission List: Invoices Page: TD_INVOICES Inherent SOD False Conflict Positive Copyright © FulcrumWay Page 25 www.fulcrumway.com
  • 26. Findings Spend Categories  Oracle Procure-to-Pay Corporate Performance Management  Collaboration Control Points Settlement Strategic Sourcing & Contract Mgmt Indirect & MRO Banks Requisition Direct Materials Purchase Goods / Services Receive Goods / Services Invoice Issue Payments Payment Processors Supplier Collaboration Services SWIFTNet  Copyright © FulcrumWay Business Process Models  Page 26 Service Oriented Architecture www.fulcrumway.com
  • 27. Oracle Procure-to-Pay Findings Spend Categories  Corporate Performance Management  Collaboration Settlement Strategic Sourcing & Contract Mgmt CONTROLS Indirect & MRO Banks Are there inappropriate associations between a Requisivendor and an employee? tion Direct Materials Do you have duplicate suppliers? Services Receive Goods / Services Invoice Are your vendors compliant with trade regulations? Are the vendors Supplier Collaboration blacklisted? Payment Processors Are you missing critical supplier information? Is the information valid? SWIFTNet  Copyright © FulcrumWay Purchase Goods / Services Are there frequent changes to Supplier Issue information? Payments Business Process Models  Page 27 Service Oriented Architecture www.fulcrumway.com
  • 28. Oracle Procure-to-Pay Findings Spend Categories  Corporate Performance Management Collaboration Do you have duplicate Purchase Orders? Strategic Sourcing & Contract Mgmt Indirect & MRO Requisition Direct Materials Purchase Goods / Services Receive Goods / Services Are POs created on the Banks same day as goods arrive? Issue Invoice Payments Supplier Collaboration purchases with nonAre there preferred vendors?  Settlement Payment Are there split POs? Processors CONTROLS Services Copyright © FulcrumWay  Business Process Models  Page 28 SWIFTNet Service Oriented Architecture www.fulcrumway.com
  • 29. Oracle Procure-to-Pay Findings Spend  Corporate Performance Management Categories Are you making accurate and  Collaboration timely payments? Settlement Strategic Sourcing & Contract Mgmt Are payment term changes reviewed before payment? Indirect Banks & MRO Are there duplicate invoice Requisiamounts being processed? tion Direct Purchase Goods / Services Receive Goods / Services Did the person making the Materials payment create or modify the vendor? Invoice Issue Payments CONTROLS Payment Processors Supplier Collaboration Services Are there discrepancies in freight charges?  Copyright © FulcrumWay SWIFTNet Business Process Models  Page 29 Service Oriented Architecture www.fulcrumway.com
  • 30. Agenda Is Oracle ERP in Scope for 2014 Audit Plan? Introductions ERP Control Assessment Approach – 2014 ERP Controls in Scope for Audit Audit Findings and Remediation Oracle Advanced Controls – Case Study Copyright © FulcrumWay Page 30 www.fulcrumway.com
  • 31. Case Study Company Overview  Corporate Overview • Large Mining, Chemical, Energy & Oil company headquartered in West Palm Beach, FL • 1,200 Employees worldwide and $4B annual revenue • Own Oracle E Business Suite R12 and several Non-Oracle Systems  Overall Challenges and the Need for ERP Controls • Heterogeneous business application environment • Inability to track unusual activity on sensitive financial data • Lack of proper internal controls in various processes • Insufficient documentation on access, configurations and transaction controls Copyright © FulcrumWay Page 31 31 www.fulcrumway.com
  • 32. Controls in Scope User security to prevent improper access to business functions Segregation of Requisitions from Purchase Orders – Auto Create of Purchase Orders/RFQ from Requisitions One, Two or Three way matching of purchases to payments Purchasing and Payment tolerances Vendor purchasing/pay site configuration One-time vendor indicator Purchasing Approvals – Based on dollar value – Commodity Type Copyright © FulcrumWay Page 32 www.fulcrumway.com
  • 33. Controls in Scope Purchasing – – – – – – Compare Vendor Address with Employee address, looking for similarities Duplicate Suppliers, similar names or same tax ID One time vendors, Audit rules on the one-time vendor flag changes PO creation date is the same as the receiving date Split purchase orders Duplicate purchase orders Accounts Payable – – – Copyright © FulcrumWay Change rule for change in payment terms & Change tracking object for terms and tolerances Duplicate Invoices Control Same employee create vendor and invoice to vendor Page 33 www.fulcrumway.com
  • 34. Controls in Scope Open/Closing Accounting Periods Adding KFF Account values Hiding private/sensitive data – Social Security Number – Bank Account information – Home addresses Automated period close and consolidation process Copyright © FulcrumWay Page 34 www.fulcrumway.com
  • 35. IT/Super User Change Tracking Security Rules Cross Validation Rules Foreign Currency exchange rate changes Key Flexfield Segments System Profiles ERP Responsibilities Payment Terms and Tolerances Form Changes Alert Changes Bank Account Information Journal Sources and Categories Copyright © FulcrumWay Page 35 www.fulcrumway.com
  • 36. Oracle Advanced Controls Implementation Access Controls Transaction Controls Copyright © FulcrumWay 36 Segregation of Duties i.e. Policy Load User Provisioning i.e. Detection and remediation of SODs Conflict Reports i.e. Report on Intra and Inter Responsibility conflicts Form Rules i.e. limiting access to a field Flow Rules i.e. approval rule informational message on trigger Audit Rules i.e. track changes Change Control Rules i.e. reason code as to why a field is changed Business Objects i.e. Tables and fields within EBS Suite Parameters i.e. Filters, Patterns and Functions TCG Models i.e. string of business objects that generate suspects Page 36 Snapshots i.e. capturing specific setup/configuration info Comparisons i.e. comparing snapshots between ledgers, operating units, instances Change Tracking i.e. monitor any change to configuration Preventive Controls Configuration Controls www.fulcrumway.com
  • 37. Transaction Control Monitors AP Invoices Over Threshold Identify AP Invoices that are over a certain Threshold Amount Dormant Inventory Items Check for Dormant Inventory Items Dormant User IDs Identify dormant user IDs Duplicate Vendor Payments Identify Duplicate Vendor Payments within a specified time period Enter Post Journals SOD Violation Identify Journals that are entered and posted by the same user. Manual Journal Entries over Threshold Amount Identify Manual Journals created in General Ledger that are above the specified threshold amount PO Over Threshold Amount Identify Purchase Orders that are over a certain Threshold Amount. Sales Order Over Credit Limit Control Monitor for Sales Order over Credit Limit Sales Order Over Threshold Amount Identify Sales Orders that were booked for a value over a threshold amount SOD Violation between AP Invoices and PO Documents Identify purchasing and payables documents entered by the same user. Terminated Employees with Active User Ids Identify Terminated Employees with Active User Ids Copyright © FulcrumWay Page 37 www.fulcrumway.com
  • 38. Transaction Control Monitors Define credit usage rules In Order Management, credit usage rule sets define the set of currencies that will share a predefined credit limit during the credit checking process, and enable the grouping currencies for global credit checking. Customer reporting hierarchy Receivables uses the following hierarchy to determine the default payment term for your transactions, stopping when one is found: 1. Bill–to site 2. Customer Address 3. Customer 4. Transaction Type Approval limits Approval limits affect the Adjustments, Submit Auto Adjustments, and Approve Adjustments windows as well as the Credit Memo Request Workflow. Define approval limits to determine whether a Receivables user can approve adjustments or credit memo requests. You define approval limits by document type, dollar amount, reason code, and currency. Aging buckets Define aging buckets to review and report on open receivables based on the number of days each item is past due. For example, the 4–Bucket Aging bucket that Receivables provides consists of four periods: –999 to 0 days past due, 1 to 30 days past due, 31–61 days past due, and 61–91 days past due. Copyright © FulcrumWay Page 38 38 www.fulcrumway.com
  • 39. Change Tracking Query a change tracker to identify changes across multiple instances. Select multiple applications to monitor Query requires Change Tracking Transfer program to run before any data can be collected. (This program transfers change tracking data from the ERP instances to CCG.) Copyright © FulcrumWay Page 39 www.fulcrumway.com
  • 40. Change Tracking Monitor Configuration Changes Users and administrators can monitor before-and-after values, responsible user, and time stamp Copyright © FulcrumWay Page 40 www.fulcrumway.com
  • 41. EBS Form Rule Capabilities • Defines what actions the element performs • Empowers the user to make changes to EBS forms and processes Set security attributes Compile lists of values (LOV) Establish navigation paths Set field attributes Display messages Run SQL statements Define default values for fields Execute Flow Rule process Copyright © FulcrumWay 41 Page 41 www.fulcrumway.com
  • 42. Form Rule Highlights Hidden Field Modify Security Settings Create Messages Field Required Edit Messages Edit Background Edit Field Properties Hide Field Data Copyright © FulcrumWay Page 42 Edit Prompt www.fulcrumway.com
  • 43. Procure to Pay with Oracle Advanced Controls Optimization Business Risks Unapproved or Illegal Suppliers Delayed Supplier payments Unauthorized Purchases Continuous Monitors Controls Objectives Capture all Discounts Accurate Supplier Information Split purchase orders Discounts Lost due to Delays in Payment Supplier and Invoices Created by Same User Multiple Suppliers with the similar email domain Incident ! Incident ! Incident ! Valid Purchase Orders Ensure Separation of Duties in Procurement Copyright © FulcrumWay Prevent Leakage Cash Flow Multiple Suppliers with the same Tax ID Multiple Suppliers with the same Bank Account Number Page 43 Purchase Orders issued to Blocked Suppliers Monitor purchases of unauthorized items, such as contraband Incident ! Investigate Close www.fulcrumway.com
  • 44. Q&A Download DataProbe Leader in Risk Based Enterprise Controls One-on-One with Experts Follow FulcrumWay on LinkedIn for ERP Risk and Controls Copyright © FulcrumWay Page 44 www.fulcrumway.com