Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Oracle Risk Management (GRC) Product Strategy Update GEN7982 Sid Sinha Oracle Application Development Oct 27, 2015 Presented with
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Oracle Risk Management (GRC) Product Strategy Update GEN7982
Sid Sinha Oracle Application Development Oct 27, 2015
Presented with
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
2
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Introductions
Oracle Confidential – Internal/Restricted/Highly Restricted 3
• Brian Jensen – Director in KPMG’s Oracle Practice focused on Strategy, Operations
and Oracle Risk Consulting, with more than 20 years of management consulting and business development experience. A subject matter processional across multiple functions and industries, Brian has worked with dozens of C-level executives and directors as a trusted advisor, designing operational and risk management strategies using Oracle technology to help them achieve their strategic business objectives.
– Brian has extensive experience leading and implementing ERP, Identity Management & Security & Controls solutions at over 50 customers over the last 20 years. Brian is a thought leader for KPMG in their GRC group, spearheading many initiatives for Oracle Enterprise Solutions.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Agenda
GRC Product Update
Case Study: Harvard Pilgrim HealthCare
Case Study: Skechers
KPMG Best Practice Update
Wrap-up
1
2
3
4
5
4
5 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG: Leading Practices Update
How do you effectively and efficiently balance Cloud
application user enablement with transaction and data
protection?
Not permissible for KPMG audit clients and their affiliates.
6 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG: Cloud ERP Security and Controls Challenge
The Concern The Reality
Most challenging areas when adopting cloud:
“53% of survey
respondents selected
data loss and privacy risk
as the most significant
challenge to doing
business in the cloud…”
Internal Employees Data Breaches:
“Internal actors were
responsible for
43% of data loss”
Source: 2014 Forbes | KPMG Cloud Survey
Source: Intel Security Grand Theft | Data Exfiltration Study 2015: Actors,
Tactics, and Detection
www.mcafee.com/us/resources/reports/rp-data-exfiltration.pdf
7 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG: Cloud
While the challenge posed by cloud-related data loss
and privacy threats are less pronounced in the minds of
global industry leaders, they are still taking the issue
seriously,” said Wright. “The clear trend in the data that
we have collected shows that, even in the face of
significant media attention paid to recent data breaches,
global leaders are still willing to embrace the
transformative potential of the cloud.”
Source: 2014 Forbes | KPMG Cloud Survey
8 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG: Securing the Cloud ERP
An operational view of Cloud ERP
security and controls positioned to
help industry-leading organizations
effectively balance the divergent
tasks of leveraging the cloud to empower ERP business
users, while simultaneously
protecting sensitive data
and transactions.
9 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG: Securing the ERP
10 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG: Securing the Cloud ERP
SecuringtheCloudERP
Cloud
Application
Controls
Cloud Application Controls
Business Process Controls
Automated Controls
Enhancement and Configuration
Controls
Conversion and Interface
Controls
11 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG: Securing the Cloud ERP
SecuringtheCloudERP
Cloud
Application
Security
Cloud Application Security
Adaptive Authentication
Role-Based Access Controls
(RBAC)
Cloud Application Security
Architecture
Sensitive Access and
Segregation of Duties
12 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG: Securing the Cloud ERP
SecuringtheCloudERP
Cyber &
Data
Security
Cyber and Data Security
Information Protection
Cybersecurity
Business and Technology
Resilience
Privilege Access
13 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG: Securing the Cloud ERP
SecuringtheCloudERP
Cloud Security
Operations
Cloud Security Operations
Enhancement Management
for Security and Controls
Cloud ERP Security and
Controls Operations
14 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG: Securing the Cloud ERP
SecuringtheCloudERP
Cloud User Administration and Governance
Cloud User Administration
and Governance
User Access Management
Password Management
User Access Certification
User Analytics
15 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG: Securing the Cloud ERP
Cloud ERP
Controls Catalog
Role Library and
Role Engineering
Tools
Securing the Cloud
ERP
Methodology
Oracle GRC
Advanced Controls
Solution Lab
16 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Risk and Control Content
Record to Report (R2R)
Procure to Pay (P2P)
Order to Cash (O2C)
Hire to Retire (H2R)
KPMG: Cloud ERP Controls Library
KPMG Cloud ERP Controls Library
Cloud Business Process
Risk Control Type
Control Detail
Manual
Automated
17 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Leveraging Controls to
add Value to the Business
Advanced Controls automation to identify operational
improvement opportunities
− Assessment
− Analysis / Data-driven controls
Streamline business processes
Reduce data redundancy and data quality issues
Support global operations
Migration to shared services
KPMG: Cloud ERP Controls Library
KPMG Cloud ERP Controls Library
18 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG: Cloud ERP Security & Controls Operations
Controls Self Assessments
Oracle Financial Reporting Compliance (FRC)
KPMG Cloud ERP Controls Library Manual Controls Management
Focus:
Cloud ERP Risk and Controls
Manage control exceptions,
issues, and violations to closure Compliance Reporting
upload
19 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Client
Workshops
Webinar
Series
Group Web Page
KPMG: Securing the Cloud ERP
Securing the ERP Webcast Series
Is your ERP vulnerable?
Friday, January 30, 2015 | 12:00 p.m.–1:00 p.m. (EDT)
Oracle® ERP solutions have transformed and streamlined back-office
operations, yet most organizations continue to struggle with balancing
the divergent task of empowering ERP business users while
simultaneously protecting sensitive data and transactions and
complying with constantly evolving industry laws and regulations.
On this upcoming KPMG LLP Securing the ERP Webcast (agenda
below), we will review the programmatic approach to leveraging our
Securing the ERP principles to help overcome the operational risk and
compliance challenges associated with Securing an ERP solution.
Register Now >
KPMG Webcast
Details
Friday, January 30,
2015 12:00 noon EDT
Featured speakers
Brian Jensen
Director, KPMG LLP
Brad Straw
Director, KPMG LLP
20 ©2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG: Demo
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle Confidential –
Update Documentation Import Spreadsheets Update Process, Control & Risks Test Plans, Review, Approvals
Automate Assessments Select Controls based on Risk Conduct Surveys Design, Operating & Audit
Resolve Issues Set Priority and Due Dates Remediation Plans Notifications
Manage Incidents Assign Owners, Attach evidence
Remembers decisions for next control run (self-learning)
Graphical Authoring User Defined Controls
Eliminate False Positives Uncover Data Patterns
Detect Suspicious Transactions Pre-built Library of Controls
1350 Data Elements P2P & Expense Controls
21
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Case Studies and Speakers at OpenWorld 2015
Oracle Confidential – Internal/Restricted/Highly Restricted 22
_________________
Source-to-Settle
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 23
Follow Us & join the conversation .
Oracle GRC Advanced Controls Group _______________________________________________________________
OracleAdvControls @OracleAdvCntrls
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Risk Management Cloud Resources
24
cloud.oracle.com
Release 10 Readiness
Documentation
Customer Connect
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 25
Classroom Training
Learning Subscription
Live Virtual Class
Training On Demand
Keep Learning with Oracle University
education.oracle.com
Cloud
Technology
Applications
Industries
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
26