Natasak Rodjanapiches, Managing Director, Oracle ... · PDF file03.11.2008 · Strategy Chief Executive Officer (CEO) ... Database Security Data Mining Planning & ......

Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture.

Natasak Rodjanapiches, Managing Director, Oracle Corporation (Thailand)

1

Governance, Risk, and Compliance (GRC)

Natasak RodjanapichesRegional Managing Director - ASEAN

2

3

The Finance Imperative

VISIBILITYDeliver Better Business Information

CONTROLAttain Sustainable Compliance

EFFICIENCYImprove Business Processes at the Lowest Cost

4

Recommended Process Executed by

1. Governance (G) The board of director, corporate secretary and governance professionals including board management

2. Strategy Chief Executive Officer (CEO) or “c-suite”

3. Risk Management (R) Chief Risk Officer (CRO), business line and other executives

4. Audit Chief Audit Executives, internal audit, audit committee and external auditors

5. Legal The general counsel and legal staff

6. Compliance (C) The general conunsel, chief compliance and ethics officer, compliance professionals and other legal staff

7. Information Technology Chief Information Officer (CIO), privacy officer and /or security officer

8. Ethics & Corporate Social Responsibility Chief Ethics Officer and Chief Responsibility Officer

9. Quality Management Quality professionals throughout the organization

10. Human Capital & Culture Human resource professionals and organizational design and development professionals

กระบวนการของแนวคิด “GRC”

5

Oracle Solutions for GRC

Pre-integrated with Oracle applications and technology, supports heterogeneous environments

Purpose-built business solutions for key industries and GRC initiatives

Best-in-class GRC core solutions to support all mandates and regulations

Custom or Legacy Applications

GRC Infrastructure Controls

SystemsMgmt

Digital Rights

Data Security

Identity Mgmt

Records & Content Mgmt

GRC Application Controls

TransactionMonitoring

SOD & Access

Application Configuration

GRC Process Management

Risk & Control KPIs

Certification KPIs

Access Policy KPIs

GRC Reporting & Analytics

Management Assessments

Issues & Remediation

Documentation& Reporting

6

Deliver unified view of financial results, processes,

risks, and underlying internal controls

Oracle Delivers ControlManage and Control Risk

7

Oracle Internal Controls ManagerAttain Sustainable Compliance

More Efficient Internal Control Testing

Higher Certainty in Your Risk Assessment

Lower External Audit Verification Costs

8

Oracle Internal Controls ManagerStreamline Internal Control and Risk Management

Define and Manage the Control Environment– Associate processes to organizations – Process documentation and approval – Segregation of duties

Plan and Control Audit Operations– Risk assessment – Audit projects – Findings and remediations

Streamline the Certification Process– Business process certification – Financial statement certification

9

Oracle’s Governance, Risk and Compliance Solution

Corporate Performance Management

iLearning, isurveyPolicies and Procedures

Business Process Management Content and Records Mgmt

Identity Management

Data Protection

Risk and Control Management Policy Management

Universal Content

Management

Information Rights Mgmt

Access Manager

Identity Federation

Identity Manager

EnterpriseManager

AuditVault

Web Service Security

DatabaseVault

Database Security

DataMining

Planning & Budgeting

Balanced Scorecard PortalFinancial

Consolidation Profitability

ManagerOperational

Analytics

GRC Manager Reveleus

ERP Application TutorUPK

BPEL BAM

J2EESecurity

Infrastructure Security

Identity & RoleAdministration

Identity Audit & Compliance

Directory Security

PII Security Vault

DataAggregation& ReportingPSFT ICE

10

11

Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture.

Natasak Rodjanapiches, Managing Director, Oracle Corporation (Thailand)

12