GRC Contorls Overview
Transcript of GRC Contorls Overview
-
8/3/2019 GRC Contorls Overview
1/13
GRC Applications Suite
-
8/3/2019 GRC Contorls Overview
2/13
GRC ControlsAutomated Application Controls Monitoring
Monitor Control Effectiveness
Enforce Policies in Context
What userscan do
How is the processset up
How users executeprocesses
What usershave done
Whats changed inthe process
What are theexecution patterns
SOD & Access
Application
Configuration
Transaction
Monitoring
Preventive
GRC Manager
SOD &
Access
Application
Configuration
Transaction
Monitoring
GRC Intelligence
GRC Controls
Preventive Controls
-
8/3/2019 GRC Contorls Overview
3/13
Manage Data
Integrity
Enforce
Change
Control
Monitor
Configuration
Changes
Document or
Compare
Configurations
Configuration Controls GovernorEnsure Integrity of Critical Application Setups
Tightly control change management toaccelerate development, testing
Track complete audit trails for changesto key configurations (before & afterupgrade)
Achieve consistent setup andoperating standards across releases,multiple instances
Define
Configuration
Controls
Detection
Prevention
GRC Manager
SOD &
Access
Application
Configuration
Transaction
Monitoring
GRC Intelligence
GRC Controls
Preventive Controls
-
8/3/2019 GRC Contorls Overview
4/13
Automate the creation of BR-100s
Ensure instances are synchronized (ex: Test vs. Prod)
ReduceUpgradeTime and
Cost
Reduce testing/debug time- identify changes
Reduce need for Oracle support and SR creation
Reduce and eliminate costs due toundocumented/unknown configuration settings
ReduceTesting
Time andCost
LowerGo-Live
Risks/Costs
GRC Manager
SOD &
Access
Application
Configuration
Transaction
Monitoring
GRC Intelligence
GRC Controls
Preventive Controls
Configuration Controls
-
8/3/2019 GRC Contorls Overview
5/13
Compensating
Policies
Preventive
Provisioning
Remediation
(Clean
-
up)
Access
Analysis
Application Access Controls GovernorEnforce Proper Segregation of Duties in Applications
Accelerate deployment and time tovalue with ready-made controls library
Mitigate risk of inappropriate useraccess with approval workflow andaudit trails
Simplify segregation of dutiesenforcement with simulation andremediation
Define Access
Controls
Detection
Prevention
GRC Manager
SOD &
Access
Application
Configuration
Transaction
Monitoring
GRC Intelligence
GRC Controls
Preventive Controls
-
8/3/2019 GRC Contorls Overview
6/13
GRC Manager
SOD &
Access
Application
Configuration
Transaction
Monitoring
GRC Intelligence
GRC Controls
Preventive Controls
Best practice SOD policy library for EBS R12
Design compliant roles
Quickly detect and remediate access controlviolations
Comply with access policies from day one
ReduceUpgradeTime and
Cost
Automate compliant user access provisioning
Integrate with Identity Management solutions
Allow customer to define and manage complexmulti-platform, multi instance global accesspolicies
EnforceAccessPolicies
CrossPlatformSupport
Access Controls
-
8/3/2019 GRC Contorls Overview
7/13
Transaction Controls GovernorIdentify Inaccurate or Fraudulent Transactions
Continuously monitortransaction accuracy, mitigatefraud exposure
Test against thresholds
Search for anomalies
Perform transaction sampling
Detection Prevention
PreventiveTransaction
Controls
Review andAddress
Suspects
PerformTransaction
Analysis
DefineTransaction
Controls
Business Elements fromDesignated Nationals list
Business ElementsSuppliers from variousbusiness applications
Business Rules, written in Plain English,by Business People No Coding/Scripting
Business Elements fromDesignated Nationals listBusiness Elements fromDesignated Nationals list
Business ElementsSuppliers from variousbusiness applications
Business ElementsSuppliers from variousbusiness applications
Business ElementsSuppliers from variousbusiness applications
Business Rules, written in Plain English,by Business People No Coding/ScriptingBusiness Rules, written in Plain English,by Business People No Coding/ScriptingBusiness Rules, written in Plain English,by Business People No Coding/Scripting
GRC Manager
SOD &Access
ApplicationConfiguration
TransactionMonitoring
GRC Intelligence
GRC Controls
Preventive Controls
-
8/3/2019 GRC Contorls Overview
8/13
GRC Manager
SOD &Access
ApplicationConfiguration
TransactionMonitoring
GRC Intelligence
GRC Controls
Preventive Controls
Test upgraded business flows and have insight intotransactions before they hit the General Ledger
Be aware of erroneous transactions stuck insubledgers or interface tables
ReduceUpgradeTime and
Cost
Identify transaction processing errors due tochanged procedures resulting in expense leakageand an increase in post audit recovery losses
Reduce internal and external costs where keycontrol changes are necessary due to changedfunctionality
ReduceOperational
Risk
ReduceCompliance
Cost
Transaction Controls
-
8/3/2019 GRC Contorls Overview
9/13
Review AuditReports
EnforceField
Validation
InitiateApprovalWorkflow
Prevent Read orWrite Access
Preventive Controls GovernorEmbed Controls Natively in Enterprise Apps
Enforce preventive controls forspecific users and events
Mitigate risk of application changeswith approval workflow and audit trails
Protect sensitive application data Reduce audit costs,
reduce maintenance costs,increase IT productivity
DefinePreventive
Controls
Prevention
GRC Manager
SOD &Access
ApplicationConfiguration
TransactionMonitoring
GRC Intelligence
GRC Controls
Preventive Controls
-
8/3/2019 GRC Contorls Overview
10/13
Preventive Controls
Avoid customizations with configurations and thecreation of controls
ReduceUpgradeTime and
Cost
Reduce risk, time and cost of identifying, andcorrecting errant or fraudulent transactions thatviolate control policies within the Oracle EBSsystem
Reduce risk, time and cost of identifying, andcorrecting errant or fraudulent transactions thatviolate control policies within the Oracle EBSsystem
ReduceOperational
Risk
LowerGo- Live
Risks/Costs
GRC Manager
SOD &Access
ApplicationConfiguration
TransactionMonitoring
GRC Intelligence
GRC Controls
Preventive Controls
-
8/3/2019 GRC Contorls Overview
11/13
Copyright 2010, Oracle. All rights reserved.
Oracle Confidential
Business Process Common Customizations Satisfywith PCG
Procure to Pay Require authorization to change invoice details
Order to Cash
Prevent discount level breach on sales order agreements
Order type controls
Sales order approvals and credit checksItem management (creation, change control, attributes,cost)
Hire to RetireSend notifications of salary increases over certainpercentage or outside of pay grade
Project Accounting Change control on Costing/Billing settings
Reconcile to Report
(including Fin. Close)Require approvals prior to reopening a closed period
Application SetupPrevent and audit changes to roles and responsibilities
Conditional inquiry only
Preventive ControlsCustomizations avoided
-
8/3/2019 GRC Contorls Overview
12/13
-
8/3/2019 GRC Contorls Overview
13/13