Enabling an agile infrastructure to better support Real Time Collaboration
Enabling Agile Businesses … with Oracle Governance, Risk ... · 1 Dr. Frank Schoenthaler,...
Transcript of Enabling Agile Businesses … with Oracle Governance, Risk ... · 1 Dr. Frank Schoenthaler,...
11
Dr. Frank Schoenthaler, PROMATIS software GmbHVienna, September 27th, 2010
Enabling Agile Businesses
… with Oracle Governance, Risk, and Compliance Management (GRC) Solutions
Enabling Agile BusinessesContents
� About the Nature of Agile Businesses
� Governance, Risk and Compliance− Core Competence of Agile Businesses
− Influencing Factors and GRC Mechanisms
− GRC Covers all Spheres of Business Activity
� Avoidance of Information Islands
22 © 2010 PROMATIS software GmbH September 27, 2010
� Avoidance of Information Islands− Business Modeling Drives Complexity out of GRC
− Example Model: Excerpt from Finance- & Audit GRC
� Oracle GRC Solutions− Initial Orientation: Solution Landscape
− Dedicated Oracle GRC Products
� Conclusion
About the Nature of Agile BusinessesLong-Term Planning in „Traditional“ Businesses
Investors
Cap
ital
Business Organization
LaborMarket
Labor
SuppliersPre-ProductsTrade Goods
33 © 2010 PROMATIS software GmbH September 27, 2010
Environment
Natural
Resources
MarketsProducts
Mission Goals StrategiesBusiness
ProcessesOrganization& IT-Systems
Society
Values, Rules
Raw MaterialSuppliers
Raw Material
About the Nature of Agile BusinessesContinuous Change in Today‘s Business Environmts.
Mission Goals StrategiesBusiness
Processes
Organization& IT-Systems
44 © 2010 PROMATIS software GmbH September 27, 2010
� Continuous monitoring and improvement of business processes and information systems.
� Monitoring and benchmarking of the effectiveness and sustainability of business models and strategies.
About the Nature of Agile BusinessesDemands on Agile Businesses
� Agile Businesses are prepared and enabled for Continuous Change.
� Scenario-based Strategic- and Tactical Planning.
55 © 2010 PROMATIS software GmbH
sustainability of business models and strategies.
September 27, 2010
Agile BusinessesGovernance-, Risk- &
Compliance Management
severe challenges
Strong Interactions:
enables
� Effective, forward-looking, and secure Piloting and management becomes the most critical success factor of agile businesses!
Governance, Risk and ComplianceCore Competence of Agile Businesses
� Governance is the management of a company based on clearly and understandably formulated business goals and codes of conduct. Important conditions come from conformity with legal guidelines and completeness. Governance spans across all business areas and levels.
� Risk Management describes the entirety of all measures to handle known and unknown internal and external business risks. This includes the establishment of early warning systems to recognize risks, as well as measures
66 © 2010 PROMATIS software GmbH
establishment of early warning systems to recognize risks, as well as measures to eliminate risk potentials and to treat occurred risks.
� Compliance describes the fulfillment, accordance and/or conformity with governmental laws and with rules and specifications, with (ethnical and moral) principles and procedures as well as with standards (e.g. ISO) and conventions, which are clearly defined. The fulfillment of compliance can be either based on restraints (e.g. by law) or also on a voluntary basis (e.g. abiding standards).
September 27, 2010
Governance, Risk and ComplianceInfluencing Factors and GRC Mechanisms
GovernanceGovernance
Norms andNorms and
Valuesand
EthicalFundamentals
Valuesand
EthicalFundamentals
BusinessGoals
BusinessGoals
RiskRisk
LawsLaws
77 © 2010 PROMATIS software GmbH September 27, 2010
Prevention ReactionExecution
ComplianceManagementCompliance
ManagementRisk
ManagementRisk
Management RisksRisks
Norms andStandardsNorms andStandards Codes of Conduct,
Monitoring, andControlling
Codes of Conduct,Monitoring, and
Controlling
RegulationsRegulations
RiskDirectives
RiskDirectives
BusinessModel
BusinessModel
Governance, Risk and ComplianceGRC Covers all Spheres of Business Activity
Strategies
BusinessProcesses
Finance- & Audit GRC
88 © 2010 PROMATIS software GmbH September 27, 2010
Processes
BusinessSoftware
IT Platform
Legal- & Process
GRC
IT GRC
Avoidance of Information IslandsBusiness Modeling Drives Complexity out of GRC
ObjectModel
Responsibility
Typification of Object StoresE
xecu
tion
Execution /Responsibility / Affiliation
OrganizationModel
Roles
Employees
Affiliation ResourceModel
Ow
ners
hip
Ownership
99 © 2010 PROMATIS software GmbH September 27, 2010
ProcedureModel
Activity
Refinement
Object Stores
Compliance
RuleModel
Exe
cutio
n
Ow
ners
hip
RiskContext
Key FigureContext
Ownership
RiskPrecaution
Key FigureModel
RiskModel
[Source: Horus GRC Manager™]
Avoidance of Information IslandsExample Model: Excerpt from Finance- & Audit GRC
1010 © 2010 PROMATIS software GmbH September 27, 2010
Oracle GRC SolutionsInitial Orientation: Solution Landscape
Strategies
BusinessProcesses
Fu
sio
n G
RC
Inte
llig
ence
En
terp
rise
Man
ager
En
terp
rise
GR
C M
anag
er
GRC Controls
Ho
rus
GR
C M
anag
er
1111 © 2010 PROMATIS software GmbH September 27, 2010
BusinessSoftware
IT Platform
Fu
sio
n G
RC
Inte
llig
ence
En
terp
rise
Man
ager
En
terp
rise
GR
C M
anag
er
SO
A G
ove
rnan
ce
Pre
vent
ive
Con
trol
s
App
licat
ion
Acc
ess
Tran
sact
ions
Con
figur
atio
n
Ho
rus
GR
C M
anag
er
Infrastructure Controls based on Oracle infrastructure products (Fusion Middleware, Database, Enterprise Manager)
� Enterprise GRC ManagerTransparency and efficient GRC processes by automated Compliance management across application borders and different sets of rules.
− The product is based on a comprehensive documentation of critical business regulations, processes and leadership instruments, risks and problem fields.
− By means of defining and retaining controls, it can be defined how and if business processes and the connected risks have to be monitored.
Oracle GRC SolutionsDedicated Oracle GRC Products
1212 © 2010 PROMATIS software GmbH
− Across the entire organization test plans, reviews and certifications can be generated.
− Audit trails allow for a complete pursuit of all processes relevant for GRC by authorized users.
� Fusion GRC IntelligenceBI solution that delivers both role-tailored out-of-the-box dashboards as well as hundreds of pre-delivered metrics.
− Seamless interaction with financial management systems.
− Shows the progress of risk and control activities and coverage of access policies and highlights specific areas of concern such as unmitigated risks, SoDs conflicts and ineffective controls.
September 27, 2010
� GRC ControlsAutomated GRC Controls provide for the safe contact with resources of information at all levels (application, middleware, database) of the IT infrastructure.
− Application Access Controls Governor ACG is used to monitor Conflicts, which can come up in relation to roles and responsibilities regarding SOD (Segregation of Duties). This enables to avoid defenses against task-separation in the run-up.
Oracle GRC SolutionsDedicated Oracle GRC Products
1313 © 2010 PROMATIS software GmbH
defenses against task-separation in the run-up.
− Configuration Controls GovernorCCG controls and tracks changes to key application setup data. With CCG, you can ensure application integrity, audit changes, and continuously monitor setups.
− Enterprise Transaction Controls GovernorTCG recognizes program-technical abnormities and defenses with transactions. TCG helps to avoid risks at an early stage by tracking events that indicate: potential violation of internal controls, heightened levels of risk, reportable events.
− Preventive Controls Governor With PCG, you can limit or control which data fields applications users can change or see, define the types of data users can input in various fields, and limit the values of transactions to enforce regulatory or corporate guidelines.
September 27, 2010
ConclusionSummary and Recommendations
� GRC is not only a wish of the finance department, but spans all business processes and organization units of the company and includes the collaboration with customers and business partners.
� GRC is a mutual task between business and IT. The responsibility remains with the company management.
� GRC enters deep into the company and penetrates it by implementing
1414 © 2010 PROMATIS software GmbH
mechanisms that take effect across all levels – from the strategy to business processes and the application software to the IT platform.
� Oracle offers comprehensive instruments for GRC. However, when deciding on which system to buy, costs and actually retrievable benefits should be compared to one another.
� Often GRC goals can be achieved with the consequent use of standard instruments:
- up to date business models- monitoring important key figures- Business Process- and Business Rules Management
September 27, 2010
PROMATIS software GmbHPforzheimer Str. 16076275 Ettlingen (Karlsruhe Technology Region)
Contact Data
Dr. Frank Schoenthaler Chief Executive Officer
15
76275 Ettlingen (Karlsruhe Technology Region)Germany
Phone +49 7243 2179 0Fax +49 7243 2179 99
eMail: [email protected]: http://www.promatis.com/
15 © 2010 PROMATIS software GmbH September 27, 2010