Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture.

Transcription

1 Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture. Natasak Rodjanapiches, Managing Director, Oracle Corporation (Thailand) 1

2 Governance, Risk, and Compliance (GRC) Natasak Rodjanapiches Regional Managing Director - ASEAN 2

3 3

4 The Finance Imperative VISIBILITY Deliver Better Business Information CONTROL Attain Sustainable Compliance EFFICIENCY Improve Business Processes at the Lowest Cost 4

5 กระบวนการของแนวค ด GRC Recommended Process Executed by 1. Governance (G) The board of director, corporate secretary and governance professionals including board management 2. Strategy Chief Executive Officer (CEO) or c-suite 3. Risk Management (R) Chief Risk Officer (CRO), business line and other executives 4. Audit Chief Audit Executives, internal audit, audit committee and external auditors 5. Legal The general counsel and legal staff 6. Compliance (C) The general conunsel, chief compliance and ethics officer, compliance professionals and other legal staff 7. Information Technology Chief Information Officer (CIO), privacy officer and /or security officer 8. Ethics & Corporate Social Responsibility Chief Ethics Officer and Chief Responsibility Officer 9. Quality Management Quality professionals throughout the organization 10. Human Capital & Culture Human resource professionals and organizational design and development professionals 5

6 Oracle Solutions for GRC Access Policy KPIs Documentation & Reporting Identity Mgmt SOD & Access GRC Reporting & Analytics GRC Infrastructure Controls Data Security Risk & Control KPIs GRC Process Management Management Assessments GRC Application Controls Application Configuration Systems Mgmt Certification KPIs Issues & Remediation Transaction Monitoring Records & Content Mgmt Digital Rights Purpose-built business solutions for key industries and GRC initiatives Best-in-class GRC core solutions to support all mandates and regulations Pre-integrated with Oracle applications and technology, supports heterogeneous environments Custom or Legacy Applications 6

7 Oracle Delivers Control Manage and Control Risk Deliver unified view of financial results, processes, risks, and underlying internal controls 7

8 Oracle Internal Controls Manager Attain Sustainable Compliance More Efficient Internal Control Testing Higher Certainty in Your Risk Assessment Lower External Audit Verification Costs 8

9 Oracle Internal Controls Manager Streamline Internal Control and Risk Management Define and Manage the Control Environment Associate processes to organizations Process documentation and approval Segregation of duties Plan and Control Audit Operations Risk assessment Audit projects Findings and remediations Streamline the Certification Process Business process certification Financial statement certification 9

10 Oracle s Governance, Risk and Compliance Solution Corporate Performance Management Planning & Budgeting Financial Consolidation Balanced Scorecard Profitability Manager Portal Operational Analytics Risk and Control Management GRC Manager PSFT ICE Reveleus Policy Management ilearning, isurvey Policies and Procedures Data Aggregation & Reporting BPEL Business Process Management BAM Identity & Role Administration ERP Application Identity Manager Tutor UPK Identity Management Identity Audit & Compliance Content and Records Mgmt Universal Content Management Access Manager Information Rights Mgmt Identity Federation Enterprise Manager Audit Vault PII Security Vault Data Protection Infrastructure Security Directory Security Database Vault Database Security Data Mining Web Service Security J2EE Security 10

11 11

12 Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture. Natasak Rodjanapiches, Managing Director, Oracle Corporation (Thailand) 12