FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions

Similar documents
Oracle Buys Automated Applications Controls Leader LogicalApps

INTELLIGENCE DRIVEN GRC FOR SECURITY

Hyperion Application Access Control Governor Blueprint for Oracle GRC Applications

A Global Look at IT Audit Best Practices

Article II - Standards Section V - Continuing Education Requirements

GRC SURVEY RESULT Please indicate your profession

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

The risk of SQL forms within the Oracle Applications- How did that Happen?

The Customer Relationship:

Cybersecurity Session IIA Conference 2018

REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009

locuz.com SOC Services

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

OPTIMIZATION MAXIMIZING TELECOM AND NETWORK. The current state of enterprise optimization, best practices and considerations for improvement

Achieving effective risk management and continuous compliance with Deloitte and SAP

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

PeopleSoft Finance Access and Security Audit

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Accelerate Your Enterprise Private Cloud Initiative

Uncovering the Risk of SAP Cyber Breaches

Turning Risk into Advantage

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

OVERVIEW BROCHURE GRC. When you have to be right

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Pave the way: Build a value driven SAP GRC roadmap March 2015

REPORT 2015/149 INTERNAL AUDIT DIVISION

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES

Cybersecurity. Securely enabling transformation and change

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

CYBERSECURITY AND THE MIDDLE MARKET

In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.

Heading Text. Manage your Organization s Governance, Risks, and Compliance Requirements and Transform your Business Potential with SAP GRC

NYDFS Cybersecurity Regulations

Improve Internal Controls with Governance, Risk, and Compliance Solutions

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:

Annual Report for the Utility Savings Initiative

NORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives

Why GRC is important to you and your customers/prospects What do we mean by GRC? How does it relate to Oracle? Brian Gregory, ACA, EMEA GRC

Cell and PDAs Policy

THE CORPORATE CON: INTERNAL FRAUD AND THE AUDITOR

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Gujarat Forensic Sciences University

The Business Value of including Cybersecurity and Vendor Risk in ERM

Oracle Audit Vault Implementation

How Secure is Blockchain? June 6 th, 2017

San Francisco Chapter. What an auditor needs to know

A Framework for Managing Crime and Fraud

SAP Security Remediation: Three Steps for Success Using SAP GRC

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC

Capitalize on Your Content Webinar 3 Simple Steps to Optimize Order-To-Pay

Future of the Data Center

Government IT Modernization and the Adoption of Hybrid Cloud

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

IN THE FRAME. Computacenter Public Sector Frameworks FRAMEWORK

Transforming IT: From Silos To Services

Agenda. Introduction. Key Concepts. The Role of Internal Auditors. Business Drivers Identity and Access Management Background

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Driving Global Resilience

Enabling efficiency through Data Governance: a phased approach

Cisco Enterprise Agreement

IDC FutureScape: Worldwide Security Products and Services 2017 Predictions

Oracle Data Cloud ( ODC ) Inbound Security Policies

IIA Academy YOUR PARTNER IN PROFESSIONAL DEVELOPMENT

Lakeshore Technical College Official Policy

Cloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION

Heads of Internal Audit Webinar. Integrated Assurance. 24 July In partnership with

Governance for the Public Sector Cloud

Accenture Texas. Delivering High Performance in Health & Public Service

Symantec Data Center Transformation

Alternative Fuel Vehicles in State Energy Assurance Planning

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Healthcare Security Success Story

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

IBM Security Services Overview

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

Connected Query. PS NW RUG May 12, 2015

Your Trusted Partner in Europe European Business Reliance Centre

Business Resiliency Strategies for the Cloud. Summary Results September 2017

Information Technology Risks & Controls for Financial Systems PEM-PAL Treasury CoP Workshop 2011 Kristin Lado Tufan

Security and Privacy Governance Program Guidelines

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

IT risks and controls

Global Prepaid Card Market with Focus on The United States ( ) April 2016

Microsoft Security Management

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

REPORT 2015/186 INTERNAL AUDIT DIVISION

Powering Resilience. Keep your business on 24/7. Proposition series September 2017

UNEP Finance Initiative Regional Roundtable in Latin America 5-6 th September, 2017, Buenos Aires. Benoit Lebot, IPEEC

Improving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Data Governance. Mark Plessinger / Julie Evans December /7/2017

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Corporate IT Survey Messaging & Collaboration,

Innovation Infrastructure Partnership

What It Takes to be a CISO in 2017

Transcription:

Public Sector Best Practices that Protect the Citizens against Financial Losses, Waste and Fraud Using Advanced Controls FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions Enterprise Risk Management Financial Close Monitor Advanced Controls Catalog Enterprise Audit GRC Monitor Robert Enders Client Services Director July 23, 2013 Leverage T echnology: Move Your Business Forward Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright. Fulcrum Information Technology, Inc.

Page 2 Agenda Risks in the Public Sector Introduction Risk in Public Sector Overview of Advanced Controls Oracle Advanced Controls Overview and Demonstration Q&A

Page 3 Agenda Risks in the Public Sector Introduction Risk in Public Sector Overview of Advanced Controls Oracle Advanced Controls Overview and Demonstration Q&A

Page 5 Introduction FulcrumWay Intelligent, Integrated Instant Risk Management FulcrumWay: is the #1 End-to-End Provider of Enterprise Risk Management Expertise, Solutions and Software Services for Oracle EBS, PeopleSoft and JDE customers with over 200 Fortune-500 to Middle Market clients. Since 2003, we have successfully assisted companies across all major industry segments. Expertise: Risk Advisory Services. Advanced Controls Design for Enterprise Business Applications. Best Practices for Risk Mitigation and Internal Controls Automation. Audit, Compliance, Financial, Enterprise and Operational Risk Assessments. Risk Remediation Services such as Segregation of Duties. Packaged Solutions: FulcrumWay is the #1 choice of Oracle customers for Oracle GRC Manager, GRC Controls and GRC Intelligence/OBIEE software implementation. Oracle has certified us as the only partner with Accelerators for Oracle GRC. We also provide Managed Services and Hosting for Oracle GRC applications. Software Services: Risk Management Tools: Enterprise Risk Manager, Financial Risk Manager, Risk Based Audit Manager, IT Risk Workbench, and Advanced Controls Catalog. Data Management Tools: Rules Repository, DataProbe and Data Hub for Intelligent, integrated, and Instant Risk Management USA Presence: Privately held Delaware Corporation with US offices in New York City, Dallas and San Francisco

Page 6 Our Experience FulcrumWay Clients Government Oil and Gas Financial Services Retail Communications Manufacturing Industrial Equipment Natural Resources Media and Entertainment Healthcare High Tech Life Sciences

Page 7 Our Experience FulcrumWay Insight Thought Leadership Co-Authored GRC Book: First book on GRC for Oracle Applications Executive Round Tables GRC Solutions for Energy Industry, Houston, November 2012 OAUG GRC Solution Lab - April 7 th 11 th Denver: GRC Case Studies and Best Practices IIA - Presentations - Top Five Reasons for Automating Application Controls Collaborate 13 GRC Client Appreciation Dinner April 9 th, 2013 Denver Webcasts GRC Best Practices, Trends and Expert Insight Oracle Open World Annual GRC Dinner on September 23 rd, 2013 W Hotel San Francisco LinkedIn FulcrumWay Risk, Compliance and Audit Software Group YouTube Podcasts FulcrumWay Instant Insight in 10 min or less

GRC Analytics Implementation Approach Copyright FulcrumWay FulcrumWay ERP Risk Analytics, Mitigation and Remediation Page 8 Enterprise Risk Management (ERM) Risk Monitor Survey Monitor Policy Monitor Incident Monitor Controls Monitor Financial Governance Audit / Compliance Automation Operations Management Task Monitor Enterprise Audit Manager Audit Planner Variance Analytics Reconciliation Analytics Compliance Monitor Control Analytics Financial Controls: (GL,AP,AR,FA,CM) Business Process Rules Repository HCM/HR Controls : (HR,PR) Distribution Controls: (OM,INV,WMS,PO) Supply Chain Controls : (ENG,QP,WIP,BOM) IT Governance/Application Life Cycle Risk Management Access Monitor Data Monitor Transaction Monitor Audit Log Monitor Database Monitor

Page 9 Agenda Risks in the Public Sector Introduction Risk in the Public Sector Overview of Advanced Controls Oracle Advanced Controls Overview and Demonstration Q&A

Page 10 Uncertainty is All Around Us Global Economic Chaos Decline in Consumer Confidence Market Volatility Political Instability

Risks in the Public Sector Public Sector Organizations face multiple Risk Management Challenges Operational Risk infrastructure, services, natural disasters (Katrina, Sandy), terrorism, etc. Financial Risk Waste, Fraud & Abuse Political Risk Changes in priorities Public depends on Government in the face of any risk event Increased pressure to perform well in existing operations Poor response to Risk or Fraud events lead to a lack of public trust Copyright FulcrumWay Page 11

Risks in the Public Sector - Fraud 91% of organizations expect fraud to increase or remain the same Layoffs and pay cuts result in disgruntled employees Restructuring throws segregation of duties controls into disarray Outsourcing and expansion heightens risk of bribery & corruption It is estimated that 7% of annual public sector budgets are lost to Fraud Increased regulatory requirements to combat potential Fraud Changes occur every 3 months, on average public sector organizations taking up to 6 months to comply Copyright FulcrumWay Page 12

Page 14 Risks in the Public Sector - Fraud

Page 15 Risks in the Public Sector - Fraud

Page 16 Agenda Risks in the Public Sector Introduction Risk in Public Sector Overview of Advanced Controls Oracle Advanced Controls Overview and Demonstration Q&A

Page 17 Advanced Controls What do Advanced Controls do? 1. Augment Standard ERP Controls 2. Bridge GAP Policy Creation and Transaction Systems 3. Automate Policy Enforcement 4. Deliver Business Process Efficiency A well executed business process is run efficiently AND according to organizational policies

Advanced Controls Example - Oracle Procure-to-Pay Procure-to Pay Controls are Required Page 18 Spend Categories Corporate Performance Management Collaboration Control Points Settlement Strategic Sourcing & Contract Mgmt Indirect & MRO Banks Requisition Purchase Goods / Services Receive Goods / Services Invoice Issue Payments Direct Materials Payment Processors Supplier Collaboration Services SWIFTNet Business Process Models Service Oriented Architecture

Page 19 Advanced Controls Spend Categories Example - Oracle Procure-to-Pay Automated Controls for Strategic Sourcing & Contract Mgmt Corporate Performance Management Collaboration Settlement Indirect & MRO Are there inappropriate associations between Requisi- a vendor and an employee? tion Direct Materials Strategic Sourcing & Contract Mgmt Purchase Goods / Services CONTROLS Receive Goods / Services Invoice Banks Are there frequent changes to Supplier Issue information? Payments Payment Processors Do you have duplicate suppliers? Services Business Process Models Are your vendors compliant with trade regulations? Supplier Collaboration Are the vendors blacklisted? Service Oriented Architecture Are you missing critical supplier information? Is the information valid? SWIFTNet

Page 20 Advanced Controls Spend Categories Example - Oracle Procure-to-Pay Automated Controls for Requisitions and Purchases Corporate Performance Management Strategic Sourcing & Contract Mgmt Collaboration Do you have duplicate Purchase Orders? Settlement Indirect & MRO Requisition Purchase Goods / Services Receive Goods / Services Invoice Are POs created on the same day as goods arrive? Issue Payments Banks Direct Materials CONTROLS Are there split POs? Payment Processors Services Business Process Models Supplier Collaboration Are there purchases with nonpreferred vendors? Service Oriented Architecture SWIFTNet

Page 21 Advanced Controls Spend Categories Corporate Performance Management Are you making accurate and timely payments? Example - Oracle Procure-to-Pay Automated Controls for Receiving, Invoices, and Payments Collaboration Settlement Are payment term changes reviewed before payment? Indirect & MRO Strategic Sourcing & Contract Mgmt Banks Are there duplicate invoice Requisiamounts being tion processed? Purchase Goods / Services Receive Goods / Services Invoice Issue Payments Direct Materials Did the person making the payment create or modify the vendor? CONTROLS Payment Processors Services Supplier Collaboration Are there discrepancies in freight charges? Business Process Models Service Oriented Architecture SWIFTNet

Page 22 Advanced Controls Application Controls Monitoring & Enforcement Monitor Control Effectiveness GRC Intelligence GRC Manager GRC Controls SOD & Access Application Transaction Configuration Monitoring Preventive Controls What users can do How is the process set up How users execute processes SOD & Access Application Configuration Transaction Monitoring Preventive What users have done What s changed in the process What are the execution patterns Enforce Policies in Context

Information System Risk Assessment Copyright FulcrumWay FW Controls Catalog with over 1,000 advance controls Page 23 Select SOD, Master Data, Setup, and Transaction Controls Risk Assessment Detect control weaknesses across ERP system to identify business process optimization opportunities

Advanced Controls Application Controls Monitoring & Enforcement Duplicate Payments Invoice Sequence Anomalies invalid invoice numbers/format Invoice Sequence Anomalies - sequential numbers Split Payments Payment to Prohibited Vendors Invoice Amount Exceeding Limit Duplicate Vendors Multiple Payment to One-time vendors Same bank account multiple vendors Employee reimbursements not on travel expense vouchers Payments to internal departments Vendor Address Incorrect PO Box, Kinkos, other Vendor / Employee relationship Gift, donation, promotion, incentive, payments No supporting detail Missing Vendor Address Copyright FulcrumWay Page 24

Page 25 Agenda Risks in the Public Sector Introduction Risk in Public Sector Overview of Advanced Controls Oracle Advanced Controls Overview and Demonstration Q&A

Page 26 Access Controls Enforce Proper Segregation of Duties in Applications GRC Intelligence GRC Manager GRC Controls Preventive SOD & Access Application Configuration Transaction Monitoring Simplify segregation of duties enforcement with simulation and remediation Mitigate risk of privileged user access to enterprise applications with approval workflow and audit trails Accelerate deployment and time to value with pre-delivered controls library Detection Prevention Define Access Controls Access Analysis Remediation (Clean-up) Preventive Provisioning Compensating Policies

Page 27 Transaction Controls Test integrity of transactions and controls across business processes GRC Intelligence GRC Manager GRC Controls Preventive SOD & Access Application Configuration Transaction Monitoring Continuous Monitoring of Controls and Transactions Apply Advanced Forensic and Pattern Analysis Identify anomalies missed by traditional audit and controls Detection Prevention Define Transaction Controls Transaction Analytics Investigate Incidents Enforce Transaction Controls Prevent Suspicious Transactions

Page 28 Configuration Controls Ensure Integrity of Critical Application Setups GRC Intelligence GRC Manager GRC Controls Preventive SOD & Access Application Configuration Transaction Monitoring Achieve consistent application setup and operating standards across multiple instances Track complete audit trails for changes to key configurations Tightly control change management to accelerate development and test time Detection Prevention Define Configuration Controls Document or Compare Configurations Monitor Configuration Changes Enforce Change Control Manage Data Integrity

Client case Our Client A state government agency responsible for safeguarding financial assets more than $120 billion of public funds. Helps local governments and nonprofits invest their money with flexibility, security, and confidence. Challenges Replace fragmented legacy system for recovery audit department with a single incident management system Replace manual control checklists with a audit analytics system to identify suspicious vouchers submitted for payments by 28+ agencies across the state. Assign suspension transaction to auditors for final review and approval using a pattern matching system Solutions GRC DataProbe GRC Data Hub GRC Incident Monitor Fiscal watchdog ensures tens of billions of dollars in payments are lawful and correct Results: Reduce erroneous payment processing by 5% on millions of payments processed each day by consolidating all vouchers across 28 agencies into a single data hub. Improve incident investigation process by establishing business rules to assign incidents based upon risk level, investigation type, priority that match the auditor skills and job role Provide management visibility and independent oversight to monitor approved and rejected payments Eliminate inconsistent and contradictory actions by auditors by providing a structured investigation process based on approved investigation checklists based on type of the suspicious transaction. Optimize recover audit business process with integration to the ERP system for vendor management and payment processing Copyright FulcrumWay Page 29

Page 30 Agenda Risks in the Public Sector Introduction Risk in Public Sector Overview of Advanced Controls Oracle Advanced Controls Overview and Demonstration Q&A

Page 31 Summary and Q&A Thank You! Join us on LinkedIn to view webinar and discussion

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback