Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013
Post on 20-Aug-2015
139 Views
Preview:
Transcript
Leverage T echnology: Move Your Business Forward™
Enterprise Risk Management Financial Close Monitor Advanced Controls Catalog Enterprise Audit GRC Monitor
FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions
Copyright ©. Fulcrum Information Technology, Inc. Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes
Top 10 Accounts Payables Control to Improve the Bottom-Line
Swarnali Bag Product Strategy, Oracle Corporation
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 2
The following is intended to outline our general product
direction. It is intended for information purposes only,
and may not be incorporated into any contract.
It is not a commitment to deliver any material, code, or
functionality, and should not be relied upon in making
purchasing decisions. The development, release, and
timing of any features or functionality described for
Oracle’s products remains at the sole discretion of
Oracle.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 3
Program Agenda
Introduction
Top 10 Challenges Addressed by Advanced Controls
Oracle GRC Advanced Controls Solution
Case Study
Q & A
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 4
What Do We Mean by Control ‘Issues’
4
• Issues with a definite impact on the bottom line
Example: Duplicate Vendor Payment
• Issues with a potential impact on the bottom line
Example: Split Purchase Order
• Issues with Cash Flow Impact on the bottom line
Example: Incorrect Vendor Payment Term
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 5
Financial Impact
Duplicate pays – often not huge amounts of $$
individually
What’s the big deal?
1. They add up!
2. Impact on sales
3. Impact on EPS
4. Prevent fraud and the honest mistakes
5
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 6
Impact on Sales
Profile
Centralized Payables Operation
Well Staffed
Clean Sox Audit
Post Audit Recovery
$17.5M Total Payment Errors Found
$6.8M Total Recovery
$4.08M After Fees
18 Month Cycle
UNINTENTIONAL ERRORS AND LEAKAGE
Global, Fortune 500 Firm, High-Tech
• Over 4 Quarters, consultants found $17.5M in payment
errors
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 7
Program Agenda
Introduction
Top 10 Challenges Addressed by Advanced Controls
Oracle GRC Advanced Control Solution
Case Study
Q & A
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 8
Advanced Controls
Layer of automated controls over ERP controls
Continuously monitor key controls
Detect and Report issues as they occur
Prevent issues from occurring
Quickly see high risk issues with exception based dashboards
Address issues that affect the bottom line
Reduces operational risk and process effectiveness
What is it?
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 9
Standard + Advanced Controls
User Roles
3-Way
Match
Track
Payments
Sentiment
Analysis
Split
Purchase
Orders Hide
Displays of
Sensitive
Data
Duplicate
Payments
Transaction
Threshold
Amounts
Duplicate
Vendors
Fine-
grained
User
Access
Configuration
Snapshots &
Audit Trial
Transaction
Pattern
Analysis
Fuzzy
Logic,
‘similar
values’
Advanced
Controls
Standard
Controls
Approval
Hierarchies Track
Discounts
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 10
Top 10 Accounts Payable Issues How does it affect the bottom line?
Top 10 Issues Business Risk Bottom Line Impact
Duplicate Invoices – 2 invoices Overpayment to Supplier Cash Leakage
Duplicate Invoices – 2 vehicle Overpayment to Supplier Cash Leakage
Erroneous Charges to Invoice Overpayment to Supplier Cash Leakage
Late Payment Overpayment to Supplier Cash Leakage
Tax Errors Inaccurate Tax Cash Leakage
Duplicate Vendor in Vendor Master File Inaccurate Vendor Master Cash Leakage
Purchase order Related Issues Financial Fraud and Misuse Cash Leakage
Early Payment Untimely Payment to Supplier Negative Cash Flow
Missed Discounts Untimely Payment to Supplier Negative Cash Flow
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 11
Advanced Control
Detective:
Detect invoices with “Similar” invoice number, same amount to the one supplier
Detect invoices made to the same suppliers but in different business unit
Detect invoices made to different vendor with very similar names
Preventive:
• Put duplicate invoices on hold until proper investigation is complete
Issue1: Duplicate Invoices – 2 Invoices
•Discrepant Invoices
•Late Payments
•Honest mistake/ Fraud
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 12
Advanced Control
Detective:
Detect suppliers with multiple method of payment
Detect payment made by procurement card and checks
Preventive:
• Put duplicate invoices on hold until proper investigation is complete
• Prevent Supplier from getting paid through paper invoice if he is setup for electronic payment
Issue2: Duplicate Payments – 2 Vehicle
• 2 Vehicles like Invoices and P-Card
• Paper Invoice and Electronic Process
• Expense Report and Petty Cash
• Multiple payment vehicle for a vendor
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 13
Advanced Control
Detective:
Detect invoices where freight was charged when in PO it was supposed to be pre-paid by the
vendor
Detect invoices where freight was charged and warehouse charged freight separately
Detect invoices billed for quantities than what was actually shipped
Preventive:
• Put suspect invoices on hold until proper investigation is complete
Issue3: Erroneous Charges to Invoice
• Who pays freight, insurance?
• Are invoices based on POs?
• Special deals
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 14
Advanced Control
Detective:
Detect invoices that are approaching due date base on supplier/ PO payment term
Identify users who have consistently not paid vendors on time
Detect payments to vendors that are consistently late
Preventive:
• Send alerts on upcoming payments that are approaching due dates
Issue4: Late Payments
• “Never pay late fees”
• Open Vendor Credit
• Can result in Duplicate Payment
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 15
Advanced Control
Detective:
Detect sales tax invoices by vendors for non-taxable items
Identifies use tax in error on non-taxable goods and services
Identify all VAT invoices that are approaching due date of the calendar year
Detect if sales tax goes over a threshold value
Identify supplier invoices where VAT is charged based on supplier location vs where the service
is rendered
Issue5: Tax Errors - Sales/ Use/ VAT
•Wrong Amounts
•Proper jurisdiction
•Proper documentation
•VAT Reclaim
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 16
Advanced Control
Detective:
Duplicate payment made to multiple entities of the same supplier
Identify purchases made from unapproved vendors
Identify suppliers with similar or different names but with same Tax ID Number or address
Identify suppliers who exists in the “Do not do business with” suppliers
Preventive:
Ensure Segregation of duties between supplier creation and other conflicting functions
Detect suppliers with similar names at the time of supplier creation
Issue6: Master Vendor Management
•Potential duplicate payments
•Segregation of Duties Concern
•Correspondence Issues
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 17
Advanced Control
Detective:
Detect Split PO to work around approval threshold
Detect standard PO issued to a supplier where a blanket PO exists
Preventive:
POs over a certain threshold require approvals
Good receipts cannot take place without an approved PO
Mandate PO number during invoice creation
Issue7: Purchase Order Problems
• Split Purchase Order
• Blanket Purchase Order
• After the Fact PO
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 18
Advanced Control
Detective:
Identifies special rebate from the PO contract that the invoice failed to mention
Track invoices that missed discount date by a little margin
Preventive:
• Send alerts on upcoming discounts available for payments above a threshold
Issue8: Missed Discounts
•Inefficient processing
•Best financial return for any company
•Track discount lost and why
•Fix root causes whenever possible
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 19
Advanced Control
Detective:
Detect payments made earlier than supplier payment term
Alerts a user if payment term setup is changed
Preventive:
• Set up an approval process if payment term is changed
• Prevent payment term to be changed
• Ensures segregation of duties between invoice creation and supplier creation
Issue9: Early Payment
• Negative cash flow
• Fraud
• Analyze early payments
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 20
Advanced Control
Detective:
Identify suspicious activity between coworkers to highlight the pattern of interrelationship in the
expense reports
Detect expenses claimed in an expense report instead of booking through approved channels
Detect expense splitting
Preventive:
• Deny expenses through unapproved channels unless approved by senior management
Issue10: Travel & Entertainment
• Employee misuse
• Constant leakage to the bottom line
• Make manager responsible
• Part of annual review
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 21
Program Agenda
Introduction
Top 10 Challenges Addressed by Advanced Controls
Oracle GRC Advanced Controls Solution
Case Study
Q & A
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 22
GRC Advanced Controls One Enterprise Foundation
Enterprise Risk & Controls Foundation
Dashboards, Reports and Alerts
Notifications Worklists Email Perspectives Search
Risk, Controls & Compliance Management
Reviews Documentation Assessments Remediation Surveys
Continuous Controls & Risk Monitoring
Setups Access Master Data Audit Tests Transactions
User Authored Controls Data Connectors Fraud & Error Patterns
Ro
le B
as
ed
Ac
ce
ss
Se
cu
rity
We
b S
erv
ice
s &
AP
Is
Custom or Legacy Applications
Risk & Controls Repository
Assess and Certify
Detect Policy Violations
All Users & Applications
100% of Transactions
All Processes Procure to Pay
Order to Cash
Financial Reporting
User Access
Manage by Exception
Optimize Processes
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 23
Optimization Cash Flow Prevent Leakage
Business Risks Controls Objectives Continuous Monitors
Unapproved or
Illegal Suppliers
Delayed Supplier
payments
Incorrect Vendor
Payment
Capture all
Discounts
Accurate Supplier
Information
Valid Invoice
Payments
Valid Purchase
Orders
Duplicate Invoice
Payments Incident !
Incident !
Incident !
Investigate
Close
Incident !
ERP Transaction Payment Hold
Supplier and Invoices
Created by Same User
Discounts Lost due to
Delays in Payment
Multiple Suppliers with
the similar email domain
Erroneous Payment Purchase Orders
created after Invoice
Duplicate vendor in
vendor master file Split Purchase Order
Oracle Advance Control Process Overview
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 24
Exception Based Dashboard
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 25
Continuous Monitor – Duplicate Invoices
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 26
Control Definition
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 27
Incident Management
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 28
Incident Management
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 29
Preventive Measure
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 30
Preventive Measure
• Enforce controls & policy within the ERP systems
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 31
…by
Continuously
Monitoring
Your
ERP
Applications
Advanced Controls
Enables you to:
Improve Bottom-Line
Reduce Operational Risk
Increase Process Effectiveness
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 32
Advanced Controls
Make Processes More Effective, Efficient
Reduce Operational Risk
Improve Bottom Line
Detect unwanted transactions
Detect settings that cause loss
Detect problematic exceptions
Automate policy management
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 33
Program Agenda
Introduction
Top 10 Challenges Addressed by Advanced Controls
Oracle GRC Advanced Control Solution
Case Study
Q & A
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 34
Case Study
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 35
Why Oracle GRC Advanced Control?
•Compliance Requirement from internal/external audits
•Global country regulations
•Acquisitions and new legal entities
•Solution Compliance Variation
•Capability to monitor 100% of data
•Scalability for Oracle and non Oracle integration
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 36
Use Cases - Scope
Duplicate vendors Identify creation of
duplicate vendor sites
Duplicate payments by vendor Identify duplicate invoice
processing by vendor
Maverick buying PO date should be
prior to the invoice
date
Duplicate payments by invoice Identify duplicate invoices by
similar invoice and by vendor
Accounts Payable (Phase I)
$ Duplicate invoice
Duplicate invoice Duplicate vendor in
vendor master file
PO related problems
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 37
Use Cases – Scope
Withholding Tax (APAC) Identify the suppliers/ invoices
where the incorrect rate of
WHT was applied
Identifying erroneous high value payments Payments more than 30%
increase of the last rolling 6
months payment to the vendor
VAT rate Identify different VAT rates
applied by the same vendor, for
same goods/services, for same
bill to entity
Accounts Payable
(Phase II)
$ Tax errors
Tax errors
Erroneous payment
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 38
Use Cases - Scope
Collusion – analysis of attendees Analysis of attendees to highlight the
pattern of interrelationship with co-
workers related to suspicious ER activity
Amex/cash surfing Verify if same expense has
been claimed both as Amex
and cash
Forensic repeat offenders Identify expenses claimed in
iExpenses instead of booking
through approved channels
Expense splitting Identify expenses that were split
to avoid policy violation
iExpense (Phase II)
$
Key word search in category Identify the expenses claimed using unapproved
channels, and by wrong categorization to avoid
activating the report for audit
File attachment on Expense Reports (ER) Identify ERs with supporting documents in un-
acceptable formats (like editable attachments like .txt)
Noncompliant expenses
Inappropriate T&E claim
Duplicate expenses
Inappropriate T&E claim
Inappropriate T&E claim
Inappropriate T&E claim
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 39
Phase1 Facts
For One (1) Year Date Analyzed
Approximately 150+ No. of Entities
Four use cases in Accounts Payables
No. of Use Cases
Graph Initial Build
130M records processed
1.3M records processed Graph
Incremental Build
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 40
Lessons Learned
Hardware Configuration
• TCG analyzes millions of
transactions so it needs
enough resources (disk
space and memory)
• Follow Oracle
recommended h/w and
s/w and make
adjustments based on
the volume of
transactions
Model & Control
Analysis Assessment
• Optimize the design of
models
• Replicate read-only
schema instead of using
apps schema of EBS
• Implement control data
level security (by region)
so incidents can only be
viewed by the right user
for that region
Fit/Gap Analysis
• Verify the availability of
business objects for the
use cases
• Validate the model
results first before
running the controls
• If you don’t need to
secure your incidents,
then do not use
perspective for security
Oracle Support
• Early engagement with
Oracle
• Tight collaboration and
partnership with Oracle
ETL Performance Assessment
• Perform multiple
iterations of graph build.
Monitor sys resources
• Analyze transaction
volume of each business
object used in models
• Understand the ETL
design and Data
Extraction criterion
top related