Con8208 achieve a quicker and compliant financial close
description
Transcript of Con8208 achieve a quicker and compliant financial close
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 1
Follow Us & join the conversation .
Oracle GRC Advanced Controls Group
_______________________________________________________________
OracleAdvControls@OracleAdvCntrls
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
3
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
GRC ApplicationsAchieve a Quicker and Compliant Financial Close with Oracle Governance, Risk and ComplianceCON8208 Thursday Oct 2nd 10.15-11am
Panellist:
Dan Chaffer, Qualcomm
Matt Ruetz, Oracle Managed Cloud Services
Brad Straw, KPMG
Moderator: Glen Walton, Oracle GRC Product Strategy
Brad is a Director at KPMG with over 18 years of management and consulting experience.
A majority of his consulting experience has been associated with Oracle solutions including EBS and PeopleSoft. His experience spans business process and controls development, internal auditing, and compliance and security software implementation.
He’s been implementing Oracle Advanced Controls for over 6 years for clients for clients in the Federal Civilian, Industrial Manufacturing, Retail, Energy, and Insurance industries.
In addition to his industry and technical skills, Brad is also a Level 4 Oracle project manager and has managed multi-national teams for both internal and client-facing, multi-million dollar projects.
Brad Straw
6
Dan Chaffer is a Senior Manager at Qualcomm and has led the team that expanded Oracle from one country and 19 Operating Units to over 45 countries and over 80 Operating Units
Board member Multi-National SIG Group
Specialist in Global Oracle rollout strategy, Intercompany, SOX (GRC) solutions and a passionate advocate for continuous process improvement
[email protected]@gmail.com
Dan Chaffer
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Matt RuetzSenior Principal Program Manager
• 20+ Years Audit and Compliance Experience including:
– Public Accounting
– Internal Audit
– SOX Compliance
– SOC1, SOC2, and SOC3 Compliance
• Companies
– Oracle
– Sun Microsystems
– Coopers & Lybrand
• Licenses and Certifications
– Certified Public Accountant (CPA)
– Certified Information Systems Auditor (CISA)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Custom or Legacy Applications
Enterprise Risk and Controls FoundationOne Unified Platform
Flexible
• Graphical Authoring• Detect and Prevent• Access, Transactions, Setups
Data Driven
• 100% of Transactions• Manage by Exception• Pattern Analysis
Comprehensive
• Multiple GRC Projects• From Documentation to Test• Closed Loop Approach
Enterprise Risk & Controls Foundation
Dashboards, Reports and Alerts
NotificationsWorklists Email PerspectivesSearch
Risk, Controls & Compliance Management
ReviewsDocumentation Assessments RemediationSurveys
Continuous Controls & Risk Monitoring
SetupsAccess Master Data Audit TestsTransactions
User Authored ControlsData Connectors Fraud & Error Patterns
Ro
le B
ased
Acc
ess
Secu
rity
Web
Se
rvic
es
& A
PIs
WE HELPyou realize its potential
THEY SAY the futureis here
Oracle Open World
Achieve a Quicker and
Compliant Financial Close
with Oracle Governance,
Risk, and Compliance
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 29251010
WE HELPyou realize its potential
THEY SAY the futureis here
Agenda
1 Executive Summary
2 KPMG’s Research
3 Overview of Common Closing Issues
4 Common ERP Features and Challenges
5 Examples of Advanced Controls Solutions
6 Self Assessment
Not permissible for KPMG audit clients and their affiliates.
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 29251011
WE HELPyou realize its potential
THEY SAY the futureis here
Executive Summary• Financial reporting and other related regulations
are ever expanding.
• Since 2002: Sarbanes-Oxley, Basel II, Dodd-
Frank, Basel III, Clean Air Act, etc.
• Increasing regulations on reporting is placing
added pressure to report complex information
timely.
• Organizations are looking for the most benefit from
their enterprise accounting systems.
1998 2002 2006 2010 2014Data
Protection ActSarbanes
Oxley
Regulation Fair Disclosure
Gramm–Leach–Bliley
Basel II
Dodd-Frank
Clean Air Act
Basel III
Not permissible for KPMG audit clients and their affiliates.
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 29251012
WE HELPyou realize its potential
THEY SAY the futureis here
Executive Summary
• Standard, out-of-the-box enterprise resource
planning (ERP) systems have robust functionality.
• ERPs are very good at the common business
processes and the associated process controls.
• ERP features do not natively address all of the
fine-grained controls required by organizations.
• Custom development is quite often the only way to
fill these gaps.
• The cost of maintaining customizations equates to
a repurchase of those customizations every 5
years.
Customizations are Repurchased Every
5 Years!
Bu
sin
ess
Req
uir
em
en
ts
Customizations: Analytics
Customizations: Operational Reporting, Extensions, and
Interfaces
Standard ERP Functionality
Not permissible for KPMG audit clients and their affiliates.
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 29251013
WE HELPyou realize its potential
THEY SAY the futureis here
KPMG’s Research
• On an annual basis, KPMG LLP (KPMG) conducts a
formal, online survey of over 200 companies.
• Survey includes close and reporting processes.
• 43 percent of survey respondents indicated that they
require at least 11 days completing the monthly
financial close.
• Almost 20% of the respondents require 15 days or
more to close.
• Close to 50% of the respondents are striving to focus
on shortening the close time to less than seven days.
Source: KPMG Record-to-Report e-Survey
43% > 11 days
Over 50% < 7 days
Not permissible for KPMG audit clients and their affiliates.
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 29251014
WE HELPyou realize its potential
THEY SAY the futureis here
KPMG’s Research
• Most Difficult Close Activities
• Several barriers inhibit organizations from
achieving that objective:
• Identifying and correcting root causes of
issues (53%)
• Providing adequate time for analysis (52 %)
• Correcting data integrity issues from source
systems (37%)
Not permissible for KPMG audit clients and their affiliates.
© 2014 KPMG LLP, a Delaware limited liability
partnership and the U.S. member firm of the KPMG
network of independent member firms affiliated with
KPMG International Cooperative (“KPMG International”),
a Swiss entity. All rights reserved. NDPPS 282510
The KPMG name, logo and “cutting through complexity”
are registered trademarks or trademarks of KPMG
International.
Not permissible for KPMG audit clients and their affiliates.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Managed Cloud Services
Audit and Compliance GRC Implementation
Matt RuetzSenior Manager - Oracle Managed Cloud Services - Audit & Compliance
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 17
About Oracle Managed Cloud Services
_________________________
Subscription-based, enterprise-grade Cloud Services
• 550+ global customers
• 5.34 billion database transaction per hour
• 41+ petabytes of managed storage
_______________________
Oracle personnel manage the environment including execution of key IT controls in collaboration with the customer
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Managed Cloud Services and GRC
• Went live in April 2014
• Using Oracle GRC Financial Governance module
• Key Elements Used
– Control Object (with User Defined Attributes) with Review Roles
– Assessments (with User Defined Attributes) with Review Roles
– Issues
© 2014 Oracle Corporation – Proprietary and Confidential
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 19
ORACLE Managed Cloud Services - IT Risk Priorities
STANDARDIZE the managementinternal assessments of Oracle’s Managed Cloud Services using a centralized system to facilitate consistent process and work flow.
REPOSITORY for all controls, risks and frameworks to facilitate reporting and identification of common controls and leverage points.
MAINTAIN a history of information and changes throughout the life of the assessments
Provide control owners with a consistent interface and list of open items that need action
Provide business users a streamlined approach for managing issues and their remediation through completion.
REDUCE overall auditing COST
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 20
____________________
Key Perspectives:
- Compliance Framework
- Owner
________________________
Control Relationships Established in a Hierarchy* It is important that they are assigned correctly as it is the main driver for security
PERSPECTIVES
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 22
Control Management Flow
Audit Field Work
Record Audit ResultsAudit Test Assessment
Manage ControlOwner Verifies Control
Certify Assessment
Request EvidenceOperational Assessment
Resolve Issues
Initiate Audit Cycle
23
Intelligent Controls, Better Data and a Faster Close
Dan Chaffer, Sr. Manager, Corp Accounting, Global Processes, QUALCOMM Incorporated2-Oct-14
24
Making wireless more personal, affordable and accessible to people everywhere
World’s largest fabless semiconductor company, #1 in wireless
S&P 100/ S&P 500/ Fortune 500
….at a glance
Celebrating more than 25 years of driving the evolution of wireless communications
25
Three Oracle instances, HFM for consolidations
Global implementation− CORP Oracle – 37 Primary Ledgers, 80+ Operating Units
Qualcomm closes consolidated GL on Day 2 of following fiscal period
Close ProcessTwo days to GL close
Manufacturing (12.1)
Manufacturing(11.5)
Hyperion (HFM)
Consolidations & Eliminations
LedgerLedger
CORP Oracle(12.1)
Consol
Ledger Ledger Ledger
Advanced Controls are critical to our two-day close!
26
Critical SOX Controls− AACG
− Separation of Duties (SOD) analysis
− CCG
− Configuration Controls
− TCG
− Transaction monitoring
PCG – originally implemented as Logical Apps− In Use at Qualcomm since 2007
Advanced Controls at
Broad spectrum of control
Identify the opportunity
Detect the event
Prevent the potential
27
Item Creation process automation
Form controls
− Field Restrictions
− Limited pick lists
− Security
Next Steps – more “prevention”
− SOD prevention
− Journal Entry Approval (after post)
Module closing scripts (e.g. Project Accounting)
Preventative Controls Governor - PCG
More than just “preventative” controls….
28
For more information on Qualcomm, visit us at: www.qualcomm.com & www.qualcomm.com/blog
©2013-2014 Qualcomm Technologies, Inc. and/or its affiliated companies. All Rights Reserved.
Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries, used with permission. Other product and brand names may be trademarks or registered trademarks of their respective owners.
References in this presentation to “Qualcomm” may mean Qualcomm Incorporated, Qualcomm Technologies, Inc., and/or other subsidiaries or business units within the Qualcomm corporate structure, as applicable.
Qualcomm Incorporated includes Qualcomm’s licensing business, QTL, and the vast majority of its patent portfolio. Qualcomm Technologies, Inc., a wholly-owned subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries, substantially all of Qualcomm’s engineering, research and development functions, and substantially all of its product and services businesses, including its semiconductor business, QCT.
Thank youFollow us on:
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 39
Follow Us & join the conversation .
Oracle GRC Advanced Controls Group
_______________________________________________________________
OracleAdvControls@OracleAdvCntrls
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 40
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
41