Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture. Natasak Rodjanapiches, Managing Director, Oracle Corporation (Thailand) 1
Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture.
Natasak Rodjanapiches, Managing Director, Oracle Corporation (Thailand)
1
Governance, Risk, and Compliance (GRC)
Natasak RodjanapichesRegional Managing Director - ASEAN
2
3
The Finance Imperative
VISIBILITYDeliver Better Business Information
CONTROLAttain Sustainable Compliance
EFFICIENCYImprove Business Processes at the Lowest Cost
4
Recommended Process Executed by
1. Governance (G) The board of director, corporate secretary and governance professionals including board management
2. Strategy Chief Executive Officer (CEO) or “c-suite”
3. Risk Management (R) Chief Risk Officer (CRO), business line and other executives
4. Audit Chief Audit Executives, internal audit, audit committee and external auditors
5. Legal The general counsel and legal staff
6. Compliance (C) The general conunsel, chief compliance and ethics officer, compliance professionals and other legal staff
7. Information Technology Chief Information Officer (CIO), privacy officer and /or security officer
8. Ethics & Corporate Social Responsibility Chief Ethics Officer and Chief Responsibility Officer
9. Quality Management Quality professionals throughout the organization
10. Human Capital & Culture Human resource professionals and organizational design and development professionals
กระบวนการของแนวคิด “GRC”
5
Oracle Solutions for GRC
Pre-integrated with Oracle applications and technology, supports heterogeneous environments
Purpose-built business solutions for key industries and GRC initiatives
Best-in-class GRC core solutions to support all mandates and regulations
Custom or Legacy Applications
GRC Infrastructure Controls
SystemsMgmt
Digital Rights
Data Security
Identity Mgmt
Records & Content Mgmt
GRC Application Controls
TransactionMonitoring
SOD & Access
Application Configuration
GRC Process Management
Risk & Control KPIs
Certification KPIs
Access Policy KPIs
GRC Reporting & Analytics
Management Assessments
Issues & Remediation
Documentation& Reporting
6
Deliver unified view of financial results, processes,
risks, and underlying internal controls
Oracle Delivers ControlManage and Control Risk
7
Oracle Internal Controls ManagerAttain Sustainable Compliance
More Efficient Internal Control Testing
Higher Certainty in Your Risk Assessment
Lower External Audit Verification Costs
8
Oracle Internal Controls ManagerStreamline Internal Control and Risk Management
Define and Manage the Control Environment– Associate processes to organizations – Process documentation and approval – Segregation of duties
Plan and Control Audit Operations– Risk assessment – Audit projects – Findings and remediations
Streamline the Certification Process– Business process certification – Financial statement certification
9
Oracle’s Governance, Risk and Compliance Solution
Corporate Performance Management
iLearning, isurveyPolicies and Procedures
Business Process Management Content and Records Mgmt
Identity Management
Data Protection
Risk and Control Management Policy Management
Universal Content
Management
Information Rights Mgmt
Access Manager
Identity Federation
Identity Manager
EnterpriseManager
AuditVault
Web Service Security
DatabaseVault
Database Security
DataMining
Planning & Budgeting
Balanced Scorecard PortalFinancial
Consolidation Profitability
ManagerOperational
Analytics
GRC Manager Reveleus
ERP Application TutorUPK
BPEL BAM
J2EESecurity
Infrastructure Security
Identity & RoleAdministration
Identity Audit & Compliance
Directory Security
PII Security Vault
DataAggregation& ReportingPSFT ICE
10
11
Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture.
Natasak Rodjanapiches, Managing Director, Oracle Corporation (Thailand)
12