Contenu connexe
Similaire à Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013 (20)
Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013
- 1. Top 10 Accounts Payables Control to Improve the Bottom-Line
FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions
Enterprise Risk Management
Financial Close Monitor
Advanced Controls Catalog
Enterprise Audit
GRC Monitor
Swarnali Bag
Product Strategy, Oracle
Corporation
Leverage Technology:
Move Your Business Forward™
Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes
Copyright ©. Fulcrum Information Technology, Inc.
- 2. The following is intended to outline our general product
direction. It is intended for information purposes only,
and may not be incorporated into any contract.
It is not a commitment to deliver any material, code, or
functionality, and should not be relied upon in making
purchasing decisions. The development, release, and
timing of any features or functionality described for
Oracle’s products remains at the sole discretion of
Oracle.
2
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 3. Program Agenda
Introduction
Top 10 Challenges Addressed by Advanced Controls
Oracle GRC Advanced Controls Solution
Case Study
Q&A
3
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 4. What Do We Mean by Control ‘Issues’
• Issues with a definite impact on the bottom line
Example: Duplicate Vendor Payment
• Issues with a potential impact on the bottom line
Example: Split Purchase Order
• Issues with Cash Flow Impact on the bottom line
Example: Incorrect Vendor Payment Term
4
4
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 5. Financial Impact
Duplicate pays – often not huge amounts of $$
individually
What’s the big deal?
1. They add up!
2. Impact on sales
3. Impact on EPS
4. Prevent fraud and the honest mistakes
5
5
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 6. Impact on Sales
UNINTENTIONAL ERRORS AND LEAKAGE
Global, Fortune 500 Firm, High-Tech
• Over 4 Quarters, consultants found $17.5M in payment
errors
Profile
Centralized Payables Operation
Well Staffed
Clean Sox Audit
Post Audit Recovery
$17.5M Total Payment Errors Found
$6.8M Total Recovery
$4.08M After Fees
18 Month Cycle
6
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 7. Program Agenda
Introduction
Top 10 Challenges Addressed by Advanced Controls
Oracle GRC Advanced Control Solution
Case Study
Q&A
7
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 8. Advanced Controls
What is it?
Layer of automated controls over ERP controls
Continuously monitor key controls
Detect and Report issues as they occur
Prevent issues from occurring
Quickly see high risk issues with exception based dashboards
Address issues that affect the bottom line
Reduces operational risk and process effectiveness
8
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 9. Standard + Advanced Controls
Standard
Controls
Track
Payments
User Roles
Hide
Displays of
Sensitive
Data
3-Way
Match
Approval
Hierarchies
Track
Discounts
Split
Purchase
Orders
Duplicate
Vendors
Transaction
Threshold
Amounts
Duplicate
Payments
Fuzzy
Logic,
‘similar
values’
9
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
Transaction
Pattern
Analysis
Advanced
Controls
Sentiment
Analysis
Finegrained
User
Access
Configuration
Snapshots &
Audit Trial
- 10. Top 10 Accounts Payable Issues
How does it affect the bottom line?
Top 10 Issues
Bottom Line Impact
Duplicate Invoices – 2 invoices
Overpayment to Supplier
Cash Leakage
Duplicate Invoices – 2 vehicle
Overpayment to Supplier
Cash Leakage
Erroneous Charges to Invoice
Overpayment to Supplier
Cash Leakage
Late Payment
Overpayment to Supplier
Cash Leakage
Tax Errors
Inaccurate Tax
Cash Leakage
Duplicate Vendor in Vendor Master File
Inaccurate Vendor Master
Cash Leakage
Purchase order Related Issues
Financial Fraud and Misuse
Cash Leakage
Early Payment
Untimely Payment to Supplier
Negative Cash Flow
Missed Discounts
10
Business Risk
Untimely Payment to Supplier
Negative Cash Flow
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 11. Issue1: Duplicate Invoices – 2 Invoices
•Discrepant Invoices
•Late Payments
•Honest mistake/ Fraud
Advanced Control
Detective:
Detect invoices with “Similar” invoice number, same amount to the one supplier
Detect invoices made to the same suppliers but in different business unit
Detect invoices made to different vendor with very similar names
Preventive:
• Put duplicate invoices on hold until proper investigation is complete
11
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 12. Issue2: Duplicate Payments – 2 Vehicle
• 2 Vehicles like Invoices and P-Card
• Paper Invoice and Electronic Process
• Expense Report and Petty Cash
• Multiple payment vehicle for a vendor
Advanced Control
Detective:
Detect suppliers with multiple method of payment
Detect payment made by procurement card and checks
Preventive:
• Put duplicate invoices on hold until proper investigation is complete
• Prevent Supplier from getting paid through paper invoice if he is setup for electronic payment
12
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 13. Issue3: Erroneous Charges to Invoice
• Who pays freight, insurance?
• Are invoices based on POs?
• Special deals
Advanced Control
Detective:
Detect invoices where freight was charged when in PO it was supposed to be pre-paid by the
vendor
Detect invoices where freight was charged and warehouse charged freight separately
Detect invoices billed for quantities than what was actually shipped
Preventive:
• Put suspect invoices on hold until proper investigation is complete
13
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 14. Issue4: Late Payments
• “Never pay late fees”
• Open Vendor Credit
• Can result in Duplicate Payment
Advanced Control
Detective:
Detect invoices that are approaching due date base on supplier/ PO payment term
Identify users who have consistently not paid vendors on time
Detect payments to vendors that are consistently late
Preventive:
• Send alerts on upcoming payments that are approaching due dates
14
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 15. Issue5: Tax Errors - Sales/ Use/ VAT
•Wrong Amounts
•Proper jurisdiction
•Proper documentation
•VAT Reclaim
Advanced Control
Detective:
Detect sales tax invoices by vendors for non-taxable items
Identifies use tax in error on non-taxable goods and services
Identify all VAT invoices that are approaching due date of the calendar year
Detect if sales tax goes over a threshold value
Identify supplier invoices where VAT is charged based on supplier location vs where the service
is rendered
15
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 16. Issue6: Master Vendor Management
•Potential duplicate payments
•Segregation of Duties Concern
•Correspondence Issues
Advanced Control
Detective:
Duplicate payment made to multiple entities of the same supplier
Identify purchases made from unapproved vendors
Identify suppliers with similar or different names but with same Tax ID Number or address
Identify suppliers who exists in the “Do not do business with” suppliers
Preventive:
Ensure Segregation of duties between supplier creation and other conflicting functions
Detect suppliers with similar names at the time of supplier creation
16
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 17. Issue7: Purchase Order Problems
• Split Purchase Order
• Blanket Purchase Order
• After the Fact PO
Advanced Control
Detective:
Detect Split PO to work around approval threshold
Detect standard PO issued to a supplier where a blanket PO exists
Preventive:
POs over a certain threshold require approvals
Good receipts cannot take place without an approved PO
Mandate PO number during invoice creation
17
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 18. Issue8: Missed Discounts
•Inefficient processing
•Best financial return for any company
•Track discount lost and why
•Fix root causes whenever possible
Advanced Control
Detective:
Identifies special rebate from the PO contract that the invoice failed to mention
Track invoices that missed discount date by a little margin
Preventive:
• Send alerts on upcoming discounts available for payments above a threshold
18
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 19. Issue9: Early Payment
• Negative cash flow
• Fraud
• Analyze early payments
Advanced Control
Detective:
Detect payments made earlier than supplier payment term
Alerts a user if payment term setup is changed
Preventive:
• Set up an approval process if payment term is changed
• Prevent payment term to be changed
• Ensures segregation of duties between invoice creation and supplier creation
19
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 20. Issue10: Travel & Entertainment
• Employee misuse
• Constant leakage to the bottom line
• Make manager responsible
• Part of annual review
Advanced Control
Detective:
Identify suspicious activity between coworkers to highlight the pattern of interrelationship in the
expense reports
Detect expenses claimed in an expense report instead of booking through approved channels
Detect expense splitting
Preventive:
• Deny expenses through unapproved channels unless approved by senior management
20
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 21. Program Agenda
Introduction
Top 10 Challenges Addressed by Advanced Controls
Oracle GRC Advanced Controls Solution
Case Study
Q&A
21
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 22. GRC Advanced Controls
One Enterprise Foundation
Risk & Controls Repository
Assess and Certify
Detect Policy Violations
Dashboards, Reports and Alerts
Worklists
Notifications
Email
Search
Perspectives
Risk, Controls & Compliance Management
Documentation
Reviews
Assessments
Surveys
Remediation
Continuous Controls & Risk Monitoring
Access
Setups
Data Connectors
Master Data
Transactions
User Authored Controls
Audit Tests
Fraud & Error Patterns
Custom or Legacy
Applications
22
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
Web Services & APIs
Role Based Access Security
Enterprise Risk & Controls Foundation
All Users & Applications
100% of Transactions
All Processes
̶ Procure to Pay
̶ Order to Cash
̶ Financial Reporting
̶ User Access
Manage by Exception
Optimize Processes
- 23. Oracle Advance Control Process Overview
Optimization
Cash Flow
Prevent Leakage
Business Risks
Controls Objectives
Continuous Monitors
Unapproved or
Illegal Suppliers
Capture all
Discounts
Duplicate Invoice
Payments
Supplier and Invoices
Created by Same User
Delayed Supplier
payments
Accurate Supplier
Information
Discounts Lost due to
Delays in Payment
Multiple Suppliers with
the similar email domain
Incorrect Vendor
Payment
Valid Invoice
Payments
Erroneous Payment
Purchase Orders
created after Invoice
Incident !
Incident !
Incident !
Valid Purchase
Orders
Duplicate vendor in
vendor master file
Split Purchase Order
Incident !
Investigate
Close
ERP Transaction Payment Hold
23
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 25. Continuous Monitor – Duplicate Invoices
25
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 30. Preventive Measure
• Enforce controls & policy within the ERP systems
30
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 31. Advanced Controls
Enables you to:
Increase Process Effectiveness
Improve Bottom-Line
Reduce Operational Risk
31
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
…by
Continuously
Monitoring
Your
ERP
Applications
- 32. Advanced Controls
Detect unwanted transactions
Improve Bottom Line
Detect settings that cause loss
Make Processes More Effective, Efficient
Detect problematic exceptions
Reduce Operational Risk
Automate policy management
32
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 33. Program Agenda
Introduction
Top 10 Challenges Addressed by Advanced Controls
Oracle GRC Advanced Control Solution
Case Study
Q&A
33
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 35. Why Oracle GRC Advanced Control?
•Compliance Requirement from internal/external audits
•Global country regulations
•Acquisitions and new legal entities
•Solution Compliance Variation
•Capability to monitor 100% of data
•Scalability for Oracle and non Oracle integration
35
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 36. Use Cases - Scope
Duplicate payments by
invoice
Maverick buying
PO date should be
prior to the invoice
date
$
Identify duplicate invoices by
similar invoice and by vendor
PO related problems
Duplicate invoice
Accounts
Payable
(Phase I)
Duplicate vendors
Duplicate payments by
vendor
Identify creation of
duplicate vendor sites
Identify duplicate invoice
processing by vendor
Duplicate vendor in
vendor master file
36
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Duplicate invoice
Confidential – Oracle Internal
- 37. Use Cases – Scope
Identifying erroneous
high value payments
Payments more than 30%
increase of the last rolling 6
months payment to the vendor
VAT rate
Identify different VAT rates
applied by the same vendor, for
same goods/services, for same
bill to entity
$
Accounts
Payable
(Phase II)
Erroneous payment
Tax errors
Withholding Tax (APAC)
Identify the suppliers/ invoices
where the incorrect rate of
WHT was applied
Tax errors
37
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 38. Use Cases - Scope
File attachment on Expense Reports (ER)
Identify ERs with supporting documents in unacceptable formats (like editable attachments like .txt)
Noncompliant expenses
Forensic repeat offenders
Identify expenses claimed in
iExpenses instead of booking
through approved channels
Expense splitting
Identify expenses that were split
to avoid policy violation
Inappropriate T&E claim
iExpense
(Phase II)
Collusion – analysis of
attendees
$
Analysis of attendees to highlight the
pattern of interrelationship with coworkers related to suspicious ER activity
Inappropriate T&E claim
Identify the expenses claimed using unapproved
channels, and by wrong categorization to avoid
activating the report for audit
Inappropriate T&E claim
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Amex/cash surfing
Verify if same expense has
been claimed both as Amex
and cash
Duplicate expenses
Key word search in category
38
Inappropriate T&E claim
Confidential – Oracle Internal
- 39. Phase1 Facts
Date Analyzed
Graph Initial Build
130M records processed
Graph
Incremental Build
1.3M records processed
No. of Entities
Approximately 150+
No. of Use Cases
39
For One (1) Year
Four use cases in Accounts Payables
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal
- 40. Lessons Learned
Hardware
Configuration
ETL Performance
Assessment
Model & Control
Analysis Assessment
• TCG analyzes millions of
• Perform multiple
iterations of graph build.
Monitor sys resources
• Optimize the design of
models
transactions so it needs
enough resources (disk
space and memory)
• Follow Oracle
recommended h/w and
s/w and make
adjustments based on
the volume of
transactions
40
• Analyze transaction
volume of each business
object used in models
• Understand the ETL
design and Data
Extraction criterion
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
• Replicate read-only
schema instead of using
apps schema of EBS
• Implement control data
level security (by region)
so incidents can only be
viewed by the right user
for that region
Confidential – Oracle Internal
Fit/Gap Analysis
Oracle Support
• Verify the availability of
business objects for the
use cases
• Early engagement with
Oracle
• Validate the model
results first before
running the controls
• If you don’t need to
secure your incidents,
then do not use
perspective for security
• Tight collaboration and
partnership with Oracle
- 41. Thank You! Join us on LinkedIn to view
Summary and Q&A
webinar and discussion
41
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Confidential – Oracle Internal