Nobel Energy - Oracle GRC advanced controls case study con7988 update# 8
-
Upload
oracle-risk-management-cloud -
Category
Business
-
view
289 -
download
0
Transcript of Nobel Energy - Oracle GRC advanced controls case study con7988 update# 8
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Oracle Risk Management Top 10 T&E Reporting Controls for EBS CON7988
Glen Walton Oracle Application Development Oct 28, 2015
Presented with
___________ Source-to-Settle
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
2
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Agenda
Panelist Introductions
Travel and Expense Reporting Controls - Panel Discussion
More Resources
1
2
3
3
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Sangeeta Roy, Senior IT Manager, Finance and Employee Services IT, Cisco Systems
• Jeramie Taylor, Manager Internal Controls, Nobel Energy
• Joel Ninemire, Enterprise Applications Advisor, Noble Energy
• Gena Alexander, Snr Director Operations and Strategy, Oracle’s Source to Settle
• Chris Doxey, Chris Doxey Inc.
4
Today’s Panelists
5
Oracle Advanced Controls Speaker Bios
Jeramie Taylor, Manager Internal Controls At Noble for 4 years, joined to lead IT Audit function and now lead the Internal Controls
Department
Own the Company’s Internal Controls Program including Planning, Fieldwork and Reporting
Responsible for Oracle Advanced Controls Road Map and Value Creation Through Controls Automation
Formally a Big-4 Auditor focusing on General IT Controls and Advisory Engagements
Joel Ninemire, Enterprise Apps Advisor At Noble for 1 year, joined to lead (re)implementation of GRC
eBS Admin reporting to IT, integrating IT operations with Compliance initiatives
Lead security (RBAC), GRC administration
Formerly GRC implementation (2) and PeopleSoft implementation (1) consultant
IT Audit (3)
Founded in 1932 by Lloyd Noble
Noble Energy is an S&P 500 public company with proved reserves of 1.7 billion barrels of oil equivalent and assets totaling over $22 billion at year-end 2014
Noble Energy's corporate purpose is "Energizing the World, Bettering People's Lives®”
We strive to provide energy for the world through finding and producing hydrocarbons, while positively influencing the lives of our stakeholders. To us, the two responsibilities cannot exist separately.
Company Overview A Company of Growth and Expansion
6
Company Overview Focus on Core Value-add Assets
7
8
Implemented Oracle EBS version 11.5.10 in Q4 of 2007
Current Oracle EBS version 12.1.3
6 instances 1 Prod, 4 Test, 1 Dev
Hosted by Oracle Managed Cloud Services
Core users ~3000
EBS Modules: General Ledger
Financial Reporting
Payables
Receivables
Fixed Assets
Projects
Asset Management
Inventory
Purchasing
iExpense
OTL Time Entry
Human Resources/ iRecruitment
Payroll
P2 Enterprise Upstream: Revenue
Revenue Reporting
Division Orders
Joint Venture Accounting
Production Reporting
GRC/ PCG
Hyperion
Business Intelligence Apps
Numerous Disconnected Apps
Oracle eBS Overview Technology that Enables Business
9
Noble does not sell or manufacture goods in the typical sense, we explore and extract petroleum reserves which are sold at meter stations or processing facilities
International operations, often in politically embattled regions, and as a US public company we must have strict control around managing projects, assets, and related payments
Central governance from Houston-based headquarters of distinct regional offices, each with their own variations of corporate processes
Financial authorization for asset procurement is captured on the requisition; direct entry invoices are scrutinized and also require system approval
Forecasting performed in Hyperion, with resulting budgets loaded into Oracle, and OU performance trending OBIEE dashboards
5-year business objective to mature end-to-end processes through IT-enabled automation, simplification (cloud services), and predictive reporting focused on Requisition-to-Pay, Acquire (Build)-to-Retire, and Asset Life-cycle Maintenance
Control and reporting of T&E are a component of each of these cycles
Oracle eBS Overview Uniquely Noble Operations
Repository (3rd Party GRCM)
10
Oracle Advanced Controls Holistic Solution
AACG
CCG
TCG
PCG
OBIEE
Staff
2014 2015 - Implemented 12 AACG Controls - Defined basic access entitlements from
controls matrix
- Continue refining entitlement - Integration with IT for security fixes,
RBAC implementation
- Implemented 20 CCG Controls - Select baseline definitions being
monitored - Snapshot for year-end audit config
controls
- No change/ additional content - Snapshot alleviates Internal Audit
need for IT involvement
- Implemented 25 TCG controls - 15% are SOX controls - 85% are non-key monitoring controls or
supplemental reports
- 46 TCG controls - 25% SOX - 75% non-key monitoring/ reporting
- 12 PCG controls - 40% used in SOX - 60% used for business automation or
monitoring
- 55 PCG controls - 35% SOX - 65% business automation/
monitoring - User Access Recertification
automated using PCG - eGRC functional but content not yet
defined - No change/ additional content
- Partnership with Navillus for implementation and baseline configuration
- Internal Controls analyst - Integration with IT: GRC application
analyst, DBA, server admin, OBIEE analyst, EBS analysts/ admins
- Navillus partnership concluded - No change in full-time IA, IT staff
11
Lessons Learned: Fragile tech stack—heavy usage and untrained users can cause application or data issues
Clear responsibilities and Integration between IT and Compliance is critical for ongoing success
User training and ownership
Defined content development (and testing) before production use
Top T&E Controls
[TCG] Exception monitoring by Merchant name (e.g. Apple, BestBuy, Home Depot)
[TCG] Exception monitoring by Vendor name for credit services (i.e. Credit, Credit Card Services, Fuel Card)
[TCG] Periodic review of CC transactions prior to expense submission
[TCG] Exception monitoring of supplier bank account same as employee bank account
[eBS] AME workflow approvals for Expense Reports (1-up)
[eBS] Restricted access to AME approval override
[eBS] Audit Rules (i.e. Percentage Review, Select Employees, Expense Date)
[eBS] Expense Templates (duplicates, default flexfield, receipt required)
[T&E] Spending limits by person by card
[T&E] Restricted merchant codes
Oracle eBS Overview T&E Controls
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Agenda
Panelist Introductions
Travel and Expense Reporting Controls - Panel Discussion
More Resources
1
2
3
12
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 13
Oracle GRC Wins Ventana Technology Innovation Award!
“Oracle’s GRC solution provides a unique approach to the problem of risk management by automating risk controls which are embedded into critical business
processes; applying leading edge technologies to solve complex risk challenges.”
- Mark Smith, CEO of Ventana Research
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Elite panel of judges (NASA CIO, FCC CIO, Army CIO and others) have selected PA Treasury IT project as one of
the top 10 public sector projects of the nation
14
Pennsylvania Treasury GRC Project Wins Multiple Awards
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Case Studies and Speakers at OpenWorld 2015
Oracle Confidential – Internal/Restricted/Highly Restricted 15
_________________
Source-to-Settle
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 16
Follow Us & join the conversation .
Oracle GRC Advanced Controls Group _______________________________________________________________
OracleAdvControls @OracleAdvCntrls