In sync10 grc_suite

Delivering Enterprise Value with Oracle Governance, Risk and Compliance

Svetlana Loncarevic & Brian AmatoOracle

16th August 2010

The most comprehensive Oracle applications & technology content under one roof

Agenda

• Business Challenges

• Solution Overview

• Customer ROI

• Questions

A History Lesson

Enron - $11Billion

Coles Myer - $4.26MSociete Generale - €6.3B

HIH - $5.3Billion collapse

And Even Today… $20M

$2.7M $37M

$3B

Numerous Risks Confront Business

INFORMATION MANAGEMENTDocument Retention / Records MgtElectronic Data ManagementInformation SecurityInformation Privacy

E-COMPLIANCEElectronic Info, E-mail and PostingsInternet SecurityInternet Privacy

ETHICSConflicts of InterestEthical Decision-MakingGifts & GratuitiesRespectful Conduct

INTELLECTUAL PROPERTYCopyrightTrademarkPatent

INTERNATIONAL TRANSACTIONSForeign Negotiation & SalesExport ControlsEconomic EmbargoesGlobal Trade & Competition

CORPORATE GOVERNANCEBoard Structure & ProcessesAudit Committee Structure & Processes

WORKPLACE HEALTH & SAFETYPRODUCT QUALITY & LIABILITYFRAUD & CORRUPTIONInsider TransactionsMoney LaunderingForeign Negotiation and SalesRevenue and Expense Recognition

INDUSTRY SECTORSPharmaceuticalFinancial ServicesAutomotiveUtilitiesOil & Gasand more...

ENVIRONMENTALHazardous Material HandlingEnvironmental ReportingPermit Management

EMPLOYMENTAnt-Discrimination / AccommodationAnti-HarassmentBenefitsCompensationContingent WorkforceEmployee PrivacyExecutive CompensationGlobal Mobility / ImmigrationHiring / Retention

Burden Stems from Core Challenges

FinanceBusiness

Assessment/Audit Groups

IT Security/Risk Management

C1b C2b C3b

C5b C6b C7b

C9b C10b C11b

R1 R2 R3 R1 R2 R3 R1 R2 R3

C1c C2c C3c

C5c C6c C7c

C9c C10c C11c

C1a C2a C3aC5a C6a C7aC9a C10a C11a

Challenge:

Multiple Requirements, Fragmented Response

Challenge:

No ProactiveRisk Management

Challenge:

Ad-hoc Approach withManual Controls

GRC

Business Processes

Risk

React

Smart Strategies to Manage Risk & Compliance

Solution:

Consolidate multiple standards and regulations onto a single platform

Solution:

Manage risk in a disciplined & consistent fashion

Solution: Manage & Automate controls across

standard business processes

R1 R2 R3C1 C2 C3

C5 C6 C7

C9 C10 C11

Business Process

Governance Risk & Compliance

Regulation A

Standard C

Risk B

Budgeting

Oracle Integrated Governance, Risk & Compliance

Custom, Legacy, …

O2CP2P

Logistics

Across Functional BoundariesThroughout the Processes

In the Technology

Financial Close

http://www.salesforce.com/



GRC IntelligenceGRC IntelligenceExecutive Executive DashboardsDashboards KRIs and KPIsKRIs and KPIs Ad-Hoc AnalysisAd-Hoc Analysis

GRC ManagerGRC ManagerEnterprise Risk Enterprise Risk ManagementManagement

Compliance Compliance ManagementManagement

Remediation Remediation ManagementManagement

GRC ControlsGRC Controls

SOD & AccessSOD & Access Application Application ConfigurationConfiguration

Transaction Transaction MonitoringMonitoring

Oracle Governance, Risk and Compliance Suite

Custom or Legacy Applications

Embedded Controls• Detective, Preventive, Contextual• Automated controls testing• Pre-built controls library

Centralized GRC Oversight • Common Repository for GRC• Audit and Assessment of Controls• Integrated remediation management

360º Visibility• Single source of GRC Information• Pre-built dashboards• Respond to KRI and issues

Preventive ControlsPreventive Controls

Monitor AllMonitor AllOpen IssuesOpen Issues

Investigate Investigate Troubling KPIsTroubling KPIs

Configure Risk & Configure Risk & Control KPIsControl KPIs

Governance Risk & Compliance Intelligence

• Risk-based scoping with integrated account balance and GRC information

• Self-service analysis and reporting with interactive dashboards and automated alerts

• 100+ pre-built KPIs for Risk, Certification, Controls, and Issues enable personalized reporting

Review GRC Review GRC DashboardsDashboards

GRC REPORTING & ANALYSISGRC REPORTING & ANALYSIS

GRC ManagerGRC ManagerGRC IntelligenceGRC Intelligence


Timely Access to Information / Better Decisions

Certify and Certify and PublishPublish

Remediate and Remediate and OptimizeOptimize

Test Controls Test Controls and Analyze and Analyze

ExceptionsExceptions

Assess Scope Assess Scope Based on RiskBased on Risk

Enterprise Governance Risk & Compliance Manager

• Capture issues and manage remediation

• Automate certifications, audits, and management assessments

• Central repository for policy, risk and compliance documentation

Document Risk Document Risk and Control and Control

MatrixMatrix

Risk and Compliance ProcessRisk and Compliance Process

GRC ManagerGRC ManagerGRC IntelligenceGRC Intelligence


Standards & Mandates

Controls

RisksRisks

Manage Risk and Compliance Across the Enterprise

GRC ManagerGRC ManagerSOD &SOD &AccessAccess

Application Application ConfigurationConfiguration


GRC IntelligenceGRC Intelligence


Compensating Compensating PoliciesPolicies

Preventive Preventive ProvisioningProvisioning

Remediation Remediation (Clean-up)(Clean-up)

Access Access AnalysisAnalysis

Application Access Controls GovernorEnforce Proper Segregation of Duties in Applications

• Accelerate deployment and time to value with pre-delivered controls library

• Mitigate risk of privileged user access to enterprise applications with approval workflow and audit trails

• Simplify segregation of duties enforcement with simulation and remediation

Define Access Define Access ControlsControls

DetectionDetection PreventionPrevention












Manage Data Manage Data IntegrityIntegrity

Enforce Change Enforce Change ControlControl

Monitor Monitor Configuration Configuration

ChangesChanges

Document or Document or Compare Compare

ConfigurationsConfigurations

Configuration Controls GovernorEnsure Integrity of Critical Application Setups

• Tightly control change management to accelerate development and test time

• Track complete audit trails for changes to key configurations

• Achieve consistent application setup and operating standards across multiple instances

Define Define Configuration Configuration

ControlsControls












GRC ControlsGRC ControlsTransaction Controls GovernorIdentify Inaccurate or Fraudulent Transactions

• Continuously monitor accuracy of transactions and mitigate exposure to fraud

• Test against thresholds• Search for anomalies• Perform transaction sampling


Preventive Preventive Transaction Transaction

ControlsControls

Review and Review and Address Address

SuspectsSuspects

Perform Perform Transaction Transaction

AnalysisAnalysis

Define Transaction Define Transaction ControlsControls

Pre-delivered Transaction Controls

Suspect Transactions

Pre-delivered Transaction Controls

Suspect Transactions












GRC ControlsGRC ControlsPreventive Controls Governor Enforce granular controls conditionally

PreventionPreventionEnforce LOVs Enforce LOVs & & Field Field AttributesAttributes

Add Messages Add Messages & & Default ValuesDefault Values

Add Navigation Add Navigation & & Extend FormsExtend Forms

Secure & Secure & Audit FieldsAudit Fields

Add Approval Add Approval WorkflowsWorkflows


Implement field-, block- and/or form-level controls to hide, mask or validate information

Enforce business policy using contextual automated processes

Protect sensitive dataMitigate risk of application changes with

approval workflow and audit trailsReduce audit costs, reduce

maintenance costs, increase IT productivity

Preventive Controls Governor Enforce Controls & Proactive Change Management

PreventionPrevention

Enforce Field Enforce Field ValidationValidation

Proactive Proactive Change Change ManagementManagement

Prevent Prevent Read/Write Read/Write AccessAccess

Define Define Preventive Preventive ControlsControls

Review Review Audit ReportsAudit Reports

Enforce Controls to granular level to targeted users and events

Invoke approval workflow / notifications when key risk fields are modified and produce audit trails of key changes

Accelerate deployment and time to value with pre-delivered controls library







The Oracle Difference Enterprise Governance, Risk & Compliance Platform Leader*

33Role-Based Dashboards Provide Real

Time Insight

2211One Platform Satisfies Multiple Regulations

Policy

GRC Controls Integration Enforces Policy

Controls

*Source: 1Gartner Magic Quadrant for Enterprise Governance Risk Compliance Platform, 20092Gartner Magic Quadrant for Continuous Controls Monitoring, 20103Gartner Magic Quadrant for Business Inteligence Platform, 2010

Financial Reporting

GreenCompliance

DataPrivacy

R1 R2 R3

C1c C2c C3c

C5c C6c C7c

C9c C10c C11c

Oracle Helps Reduce Compliance Costs and Control Risk

Reduces controls testing by 65%

Cuts Segregation of Duties audit from 2 months to 2 days

Reduces audit preparation time by 25%

Saves $1 million by avoiding customizations

Access Controls pass rate improved by 27%

Reporting time reduced from 4 days to minutes

Testing costs reduced by 30%

User role violations reduced by 90%

http://www.symantec.com/index.jsp

http://www.barrick.com/Home/default.aspx

Tell us what you think…

• http://feedback.insync10.com.au

In sync10 grc_suite

Technology

risk document risk

grc audit

risk compliance solution

risk compliance custom

test controls

control matrix risk

risk of privileged user

contextual automated