Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013

Leverage T echnology: Move Your Business Forward™

Enterprise Risk Management Financial Close Monitor Advanced Controls Catalog Enterprise Audit GRC Monitor

FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions

Copyright ©. Fulcrum Information Technology, Inc. Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes

Top 10 Accounts Payables Control to Improve the Bottom-Line

Swarnali Bag Product Strategy, Oracle Corporation

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 2

The following is intended to outline our general product

direction. It is intended for information purposes only,

and may not be incorporated into any contract.

It is not a commitment to deliver any material, code, or

functionality, and should not be relied upon in making

purchasing decisions. The development, release, and

timing of any features or functionality described for

Oracle’s products remains at the sole discretion of

Oracle.


Program Agenda

Introduction

Top 10 Challenges Addressed by Advanced Controls

Oracle GRC Advanced Controls Solution

Case Study

Q & A


What Do We Mean by Control ‘Issues’

4

• Issues with a definite impact on the bottom line

Example: Duplicate Vendor Payment

• Issues with a potential impact on the bottom line

Example: Split Purchase Order

• Issues with Cash Flow Impact on the bottom line

Example: Incorrect Vendor Payment Term


Financial Impact

Duplicate pays – often not huge amounts of $$

individually

What’s the big deal?

1. They add up!

2. Impact on sales

3. Impact on EPS

4. Prevent fraud and the honest mistakes

5


Impact on Sales

Profile

Centralized Payables Operation

Well Staffed

Clean Sox Audit

Post Audit Recovery

$17.5M Total Payment Errors Found

$6.8M Total Recovery

$4.08M After Fees

18 Month Cycle

UNINTENTIONAL ERRORS AND LEAKAGE

Global, Fortune 500 Firm, High-Tech

• Over 4 Quarters, consultants found $17.5M in payment

errors


Program Agenda

Introduction


Oracle GRC Advanced Control Solution

Case Study

Q & A


Advanced Controls

Layer of automated controls over ERP controls

Continuously monitor key controls

Detect and Report issues as they occur

Prevent issues from occurring

Quickly see high risk issues with exception based dashboards

Address issues that affect the bottom line

Reduces operational risk and process effectiveness

What is it?


Standard + Advanced Controls

User Roles

3-Way

Match

Track

Payments

Sentiment

Analysis

Split

Purchase

Orders Hide

Displays of

Sensitive

Data

Duplicate

Payments

Transaction

Threshold

Amounts

Duplicate

Vendors

Fine-

grained

User

Access

Configuration

Snapshots &

Audit Trial

Transaction

Pattern

Analysis

Fuzzy

Logic,

‘similar

values’

Advanced

Controls

Standard

Controls

Approval

Hierarchies Track

Discounts


Top 10 Accounts Payable Issues How does it affect the bottom line?

Top 10 Issues Business Risk Bottom Line Impact

Duplicate Invoices – 2 invoices Overpayment to Supplier Cash Leakage

Duplicate Invoices – 2 vehicle Overpayment to Supplier Cash Leakage

Erroneous Charges to Invoice Overpayment to Supplier Cash Leakage

Late Payment Overpayment to Supplier Cash Leakage

Tax Errors Inaccurate Tax Cash Leakage

Duplicate Vendor in Vendor Master File Inaccurate Vendor Master Cash Leakage

Purchase order Related Issues Financial Fraud and Misuse Cash Leakage

Early Payment Untimely Payment to Supplier Negative Cash Flow

Missed Discounts Untimely Payment to Supplier Negative Cash Flow


Advanced Control

Detective:

Detect invoices with “Similar” invoice number, same amount to the one supplier

Detect invoices made to the same suppliers but in different business unit

Detect invoices made to different vendor with very similar names

Preventive:

• Put duplicate invoices on hold until proper investigation is complete

Issue1: Duplicate Invoices – 2 Invoices

•Discrepant Invoices

•Late Payments

•Honest mistake/ Fraud


Advanced Control

Detective:

Detect suppliers with multiple method of payment

Detect payment made by procurement card and checks

Preventive:

• Put duplicate invoices on hold until proper investigation is complete

• Prevent Supplier from getting paid through paper invoice if he is setup for electronic payment

Issue2: Duplicate Payments – 2 Vehicle

• 2 Vehicles like Invoices and P-Card

• Paper Invoice and Electronic Process

• Expense Report and Petty Cash

• Multiple payment vehicle for a vendor


Advanced Control

Detective:

Detect invoices where freight was charged when in PO it was supposed to be pre-paid by the

vendor

Detect invoices where freight was charged and warehouse charged freight separately

Detect invoices billed for quantities than what was actually shipped

Preventive:

• Put suspect invoices on hold until proper investigation is complete

Issue3: Erroneous Charges to Invoice

• Who pays freight, insurance?

• Are invoices based on POs?

• Special deals


Advanced Control

Detective:

Detect invoices that are approaching due date base on supplier/ PO payment term

Identify users who have consistently not paid vendors on time

Detect payments to vendors that are consistently late

Preventive:

• Send alerts on upcoming payments that are approaching due dates

Issue4: Late Payments

• “Never pay late fees”

• Open Vendor Credit

• Can result in Duplicate Payment


Advanced Control

Detective:

Detect sales tax invoices by vendors for non-taxable items

Identifies use tax in error on non-taxable goods and services

Identify all VAT invoices that are approaching due date of the calendar year

Detect if sales tax goes over a threshold value

Identify supplier invoices where VAT is charged based on supplier location vs where the service

is rendered

Issue5: Tax Errors - Sales/ Use/ VAT

•Wrong Amounts

•Proper jurisdiction

•Proper documentation

•VAT Reclaim


Advanced Control

Detective:

Duplicate payment made to multiple entities of the same supplier

Identify purchases made from unapproved vendors

Identify suppliers with similar or different names but with same Tax ID Number or address

Identify suppliers who exists in the “Do not do business with” suppliers

Preventive:

Ensure Segregation of duties between supplier creation and other conflicting functions

Detect suppliers with similar names at the time of supplier creation

Issue6: Master Vendor Management

•Potential duplicate payments

•Segregation of Duties Concern

•Correspondence Issues


Advanced Control

Detective:

Detect Split PO to work around approval threshold

Detect standard PO issued to a supplier where a blanket PO exists

Preventive:

POs over a certain threshold require approvals

Good receipts cannot take place without an approved PO

Mandate PO number during invoice creation

Issue7: Purchase Order Problems

• Split Purchase Order

• Blanket Purchase Order

• After the Fact PO


Advanced Control

Detective:

Identifies special rebate from the PO contract that the invoice failed to mention

Track invoices that missed discount date by a little margin

Preventive:

• Send alerts on upcoming discounts available for payments above a threshold

Issue8: Missed Discounts

•Inefficient processing

•Best financial return for any company

•Track discount lost and why

•Fix root causes whenever possible


Advanced Control

Detective:

Detect payments made earlier than supplier payment term

Alerts a user if payment term setup is changed

Preventive:

• Set up an approval process if payment term is changed

• Prevent payment term to be changed

• Ensures segregation of duties between invoice creation and supplier creation

Issue9: Early Payment

• Negative cash flow

• Fraud

• Analyze early payments


Advanced Control

Detective:

Identify suspicious activity between coworkers to highlight the pattern of interrelationship in the

expense reports

Detect expenses claimed in an expense report instead of booking through approved channels

Detect expense splitting

Preventive:

• Deny expenses through unapproved channels unless approved by senior management

Issue10: Travel & Entertainment

• Employee misuse

• Constant leakage to the bottom line

• Make manager responsible

• Part of annual review


Program Agenda

Introduction


Oracle GRC Advanced Controls Solution

Case Study

Q & A


GRC Advanced Controls One Enterprise Foundation

Enterprise Risk & Controls Foundation

Dashboards, Reports and Alerts

Notifications Worklists Email Perspectives Search

Risk, Controls & Compliance Management

Reviews Documentation Assessments Remediation Surveys

Continuous Controls & Risk Monitoring

Setups Access Master Data Audit Tests Transactions

User Authored Controls Data Connectors Fraud & Error Patterns

Ro

le B

as

ed

Ac

ce

ss

Se

cu

rity

We

b S

erv

ice

s &

AP

Is

Custom or Legacy Applications

Risk & Controls Repository

Assess and Certify

Detect Policy Violations

All Users & Applications

100% of Transactions

All Processes Procure to Pay

Order to Cash

Financial Reporting

User Access

Manage by Exception

Optimize Processes


Optimization Cash Flow Prevent Leakage

Business Risks Controls Objectives Continuous Monitors

Unapproved or

Illegal Suppliers

Delayed Supplier

payments

Incorrect Vendor

Payment

Capture all

Discounts

Accurate Supplier

Information

Valid Invoice

Payments

Valid Purchase

Orders

Duplicate Invoice

Payments Incident !

Incident !

Incident !

Investigate

Close

Incident !

ERP Transaction Payment Hold

Supplier and Invoices

Created by Same User

Discounts Lost due to

Delays in Payment

Multiple Suppliers with

the similar email domain

Erroneous Payment Purchase Orders

created after Invoice

Duplicate vendor in

vendor master file Split Purchase Order

Oracle Advance Control Process Overview


Exception Based Dashboard


Continuous Monitor – Duplicate Invoices


Control Definition


Incident Management


Incident Management


Preventive Measure


Preventive Measure

• Enforce controls & policy within the ERP systems


…by

Continuously

Monitoring

Your

ERP

Applications

Advanced Controls

Enables you to:

Improve Bottom-Line

Reduce Operational Risk

Increase Process Effectiveness


Advanced Controls

Make Processes More Effective, Efficient

Reduce Operational Risk

Improve Bottom Line

Detect unwanted transactions

Detect settings that cause loss

Detect problematic exceptions

Automate policy management


Program Agenda

Introduction


Oracle GRC Advanced Control Solution

Case Study

Q & A


Case Study


Why Oracle GRC Advanced Control?

•Compliance Requirement from internal/external audits

•Global country regulations

•Acquisitions and new legal entities

•Solution Compliance Variation

•Capability to monitor 100% of data

•Scalability for Oracle and non Oracle integration


Use Cases - Scope

Duplicate vendors Identify creation of

duplicate vendor sites

Duplicate payments by vendor Identify duplicate invoice

processing by vendor

Maverick buying PO date should be

prior to the invoice

date

Duplicate payments by invoice Identify duplicate invoices by

similar invoice and by vendor

Accounts Payable (Phase I)

$ Duplicate invoice

Duplicate invoice Duplicate vendor in

vendor master file

PO related problems


Use Cases – Scope

Withholding Tax (APAC) Identify the suppliers/ invoices

where the incorrect rate of

WHT was applied

Identifying erroneous high value payments Payments more than 30%

increase of the last rolling 6

months payment to the vendor

VAT rate Identify different VAT rates

applied by the same vendor, for

same goods/services, for same

bill to entity

Accounts Payable

(Phase II)

$ Tax errors

Tax errors

Erroneous payment


Use Cases - Scope

Collusion – analysis of attendees Analysis of attendees to highlight the

pattern of interrelationship with co-

workers related to suspicious ER activity

Amex/cash surfing Verify if same expense has

been claimed both as Amex

and cash

Forensic repeat offenders Identify expenses claimed in

iExpenses instead of booking

through approved channels

Expense splitting Identify expenses that were split

to avoid policy violation

iExpense (Phase II)

$

Key word search in category Identify the expenses claimed using unapproved

channels, and by wrong categorization to avoid

activating the report for audit

File attachment on Expense Reports (ER) Identify ERs with supporting documents in un-

acceptable formats (like editable attachments like .txt)

Noncompliant expenses

Inappropriate T&E claim

Duplicate expenses





Phase1 Facts

For One (1) Year Date Analyzed

Approximately 150+ No. of Entities

Four use cases in Accounts Payables

No. of Use Cases

Graph Initial Build

130M records processed

1.3M records processed Graph

Incremental Build


Lessons Learned

Hardware Configuration

• TCG analyzes millions of

transactions so it needs

enough resources (disk

space and memory)

• Follow Oracle

recommended h/w and

s/w and make

adjustments based on

the volume of

transactions

Model & Control

Analysis Assessment

• Optimize the design of

models

• Replicate read-only

schema instead of using

apps schema of EBS

• Implement control data

level security (by region)

so incidents can only be

viewed by the right user

for that region

Fit/Gap Analysis

• Verify the availability of

business objects for the

use cases

• Validate the model

results first before

running the controls

• If you don’t need to

secure your incidents,

then do not use

perspective for security

Oracle Support

• Early engagement with

Oracle

• Tight collaboration and

partnership with Oracle

ETL Performance Assessment

• Perform multiple

iterations of graph build.

Monitor sys resources

• Analyze transaction

volume of each business

object used in models

• Understand the ETL

design and Data

Extraction criterion


Thank You! Join us on LinkedIn to view

webinar and discussion Summary and Q&A

Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013

Technology

oracle andor

confidential oracle

sole discretion of oracle

control issues issues

erp controls

key controls

report issues

high risk issues