Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
Cargando en…3
×
1 de 47

Webinar mar 22 23 ccm contineous controls monitoring

0

Compartir

Descargar para leer sin conexión

Today more than ever, organizations need to transform risk management practices from manual controls to automated fine-grained controls that monitor business activities enabled by enterprise applications.
We are rapidly moving into a digital universe where an increasing number of people are connected to enterprise applications online (cloud-computing), and “things” (smart devices) connected to the internet are unleashing new waves of opportunities. However, some of the same advances in technology also present the biggest business threats challenging management to reexamine internal controls, information security, fraud protection, and data privacy
Is this session you will learn how Continuous controls monitoring (CCM) can prevent business losses and reduce the cost of audits through continuous auditing of the controls in financial and other transactional applications.

Audiolibros relacionados

Gratis con una prueba de 30 días de Scribd

Ver todo

Webinar mar 22 23 ccm contineous controls monitoring

  1. 1. Leverage Technology: Move Your Business Forward™ Risk and Compliance Financial Reporting Internal Audit Controls Catalog Application Security Advanced Analytics A Leader in Risk Based Enterprise Controls Management Solutions Copyright ©. Fulcrum Information Technology, Inc.Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Gain Actionable Business Insight with Continuous Controls Monitoring (CCM) Adil Khan, Managing Director Mar 23rd , 2017 – 12:00 NYC Time Mar 22, 2017 – 12:00 London Time
  2. 2. www.fulcrumway.comPage 2Copyright © FulcrumWay Gain Actionable Business Insight with CCM Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda
  3. 3. www.fulcrumway.comPage 3Copyright © FulcrumWay Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda Gain Actionable Business Insight with CCM
  4. 4. www.fulcrumway.comPage 4Copyright © FulcrumWay FulcrumWay™ Insight Global Thought Leadership Oracle Cloud – London – Feb 1-2 GRC Round Table, London, UK Educational Webinar – Mar 23rd – Continuous Controls Monitoring Collaborate 17 – April 2-6 Las Vegas GRC Open House Oracle Modern Finance Experience – April 11-13 Boston – FEMSA Oracle Risk Cloud Case Study Educational Webinar – April 20th – Internal Audit Management with Advanced Control Analytics Oracle Open World – October 1-5 – Mascone West, San Francisco, CA Gitex – October 8-12 – GRC Round Table, Dubai UAE Oracle UK Users Group – December – GRC Round Table, Birmingham, UK Oracle Connect Africa – October – GRC Round Table, South Africa Proven Expertise
  5. 5. www.fulcrumway.comPage 5Copyright © FulcrumWay FulcrumWay Client StudiesSuccessful Track Record Government Oil and Gas Healthcare Communications Financial Services Transportation Natural ResourcesManufacturing Retail High TechMedia/Entertainment Life Sciences
  6. 6. www.fulcrumway.comPage 6Copyright © FulcrumWay Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda Gain Actionable Business Insight with CCM
  7. 7. www.fulcrumway.comCopyright © FulcrumWay Continuous Controls MonitoringOverview Continuous controls monitoring (CCM) is a set of technologies to reduce business losses through continuous monitoring and reducing the cost of audits through continuous auditing of the controls in financial and other transactional applications.
  8. 8. www.fulcrumway.comCopyright © FulcrumWay Monitoring prevents unpleasant surprisesOverview Manual Controls Mostly detective Invasive, with little direct business benefit. Focus on what's visible Automated Controls Mostly preventive. Continuous, with direct performance benefits. Often inherent in the system
  9. 9. www.fulcrumway.comCopyright © FulcrumWay CCM Benefits Complete testing coverage …100% Improved timeliness of testing Consistent Results Remediation based on Trends Analysis Lower Risk with Faster Corrective Actions Overview
  10. 10. www.fulcrumway.comCopyright © FulcrumWay Return on Investment (ROI)Overview Continuous Controls Monitoring (CCM) Comprehensive Monitoring of Internal Controls • Provides most effective control baseline • Minimizes remediation re-work • Long-term cost is lower • Leverages existing controls matrix to automate Annual Controls Audit Annual Audits are reactive, untimely and obsolete • Less start-up cost • Little Monitoring of Controls • Significant Effort through audit period • Internal resources 5x external audit Time $ “Annual” Approach Higher Level of Detail Testing “CCM” Approach
  11. 11. www.fulcrumway.comCopyright © FulcrumWay Return on Investment (ROI)Overview Master Data Data Accuracy and Permissions Audit Trail Application Configuration Presence and Config. of Controls Transactions Working Capital Financial Governance Segregation of Duties Antifraud PII
  12. 12. www.fulcrumway.comCopyright © FulcrumWay Enterprise Governance Risk and Compliance Maturity Model Informal: ▪ Adhoc approach ▪ Compliant but at a high cost to business ▪ Manual control ▪ No best practices Reactive: ▪ Tactical approach ▪ Risks are documented ▪ Manual risk assessment ▪ After the fact reporting Proactive: ▪ Unified, standardized & strategic approach ▪ Policies are enforced ▪ Automated process ▪ Prevent policy Optimized: ▪ Control objectives embedded throughout the organization ▪ Analyze and trend ▪ Automated risk mitigation / Predictive risk assessments Financial Governance Enterprise Risk Management Continuous Monitoring IT Governance Internal Audit and Compliance Management SafePaaS
  13. 13. www.fulcrumway.comCopyright © FulcrumWay Governance Risk and Compliance (GRC) Management Platform Functional Overview MonitorPaaS ProcessPaaS Operations Management RiskPaaS Risk Library KRI ManagerPolicy Manager Financial Close Task Manager Close Controls Manager Reconciliation Manager Audit Manager Audit Planner Compliance Manager Master Data Monitor DataProbeIntegrationServices Risk Assessments RiskPaaS Transaction Monitor App Configuration Monitor Rules Repository Access Monitor SOD Policy Monitor Roles Manager AccessPaaS iAccess Policy based provisioning Issue Manager Survey Manager Enterprise Risk Management Continuous Controls Monitoring Financial Governance Audit and Compliance Automation IT Governance
  14. 14. www.fulcrumway.comCopyright © FulcrumWay Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Q&A Agenda Gain Actionable Business Insight with CCM
  15. 15. www.fulcrumway.comCopyright © FulcrumWay User SecurityStandard Control Oracle EBS User Password Policy User is assigned to the HR Record Active/Inactive User One or more responsibilities assigned to a User A Responsibility has many Menus and Sub-Menus Menu has many functions / forms
  16. 16. www.fulcrumway.comCopyright © FulcrumWay User: John Doe Responsibility: Payables Manager, US Menu: AP_Navigate_GUI12 Submenu: AP_Invoices_Entry Function: Invoice Batches User: Mike Jones Payables Users Responsibility: Payables Supervisor Responsibility: Payables User Menu: UK_AP_Navigate_GUI12 SubMenu: AP_Invoices_Entry SubMenu: AP_Invoices_GUI12_G Menu: AX_Payables_User Responsibility: Payables Supervisor Responsibility: Payables Manager, US Responsibility: Payables User Detect and Prevent Access Policy Violations Prevent SOD/Access Policy Violations by Monitoring User Access Requests Detect SOD/Access Policy Violations in ERP Security Model Continuous Monitoring
  17. 17. www.fulcrumway.comCopyright © FulcrumWay Access/SOD Policy Management Approach Detect SOD/Policy Violations Analyze Violations Correct Role Access Monitor Violation Incidents Application Security Model Application Security Snapshot Exceptions Correct User Access App Control Owners/ IS SecurityIS Security/ Audit/Compliance Control Owners/ IS Security Application Test Environment Access AnalyticsRules Manager Action Workflow Application Administrator Continuous Monitoring Violations ManagerDataProbe ETL Corrective Actions Dashboard Application Access Rules Roles Manager
  18. 18. www.fulcrumway.comCopyright © FulcrumWay A Risk Based Approach to User Provisioning User Registration Request Roles Add/ Update User Monitor Application Access Employee/ Manager List Network User List (AD) Test Access Policy Add/ Update Role Requesters / ApproversIS Security/ Audit/Compliance IS Security Active Employee Users iAccessRules Manager Workflow Application Administrator Rules ManagerDataProbe ETL Process Approval Request Dashboard Application Access Rules DataProbe ETL Continuous Monitoring
  19. 19. www.fulcrumway.comCopyright © FulcrumWay Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Q&A Agenda Gain Actionable Business Insight with CCM
  20. 20. www.fulcrumway.comPage 20Copyright © FulcrumWay  Business Process Models  Service Oriented Architecture  Corporate Performance Management  Collaboration Strategic Sourcing & Contract Mgmt Supplier Collaboration Spend Categories Indirect & MRO Direct Materials Services SWIFTNet Settlement Payment Processors Requisition Purchase Goods / Services Receive Goods / Services Invoice Issue Payments Banks Oracle Procure-to-Pay Control Points Transaction Controls
  21. 21. www.fulcrumway.comPage 21Copyright © FulcrumWay  Business Process Models  Service Oriented Architecture  Corporate Performance Management  Collaboration Supplier Collaboration Spend Categories Indirect & MRO Direct Materials Services SWIFTNet Settlement Payment Processors Requisi- tion Purchase Goods / Services Receive Goods / Services Invoice Issue Payments Banks Oracle Procure-to-Pay Are your vendors compliant with trade regulations? Are the vendors blacklisted? Do you have duplicate suppliers? Are there inappropriate associations between a vendor and an employee? Are there frequent changes to Supplier information? Are you missing critical supplier information? Is the information valid? Strategic Sourcing & Contract Mgmt CONTROLS Transaction Controls
  22. 22. www.fulcrumway.comPage 22Copyright © FulcrumWay  Business Process Models  Service Oriented Architecture  Corporate Performance Management  Collaboration Strategic Sourcing & Contract Mgmt Supplier Collaboration Spend Categories Indirect & MRO Direct Materials Services SWIFTNet Settlement Payment Processors Receive Goods / Services Invoice Issue Payments Banks Oracle Procure-to-Pay Do you have duplicate Purchase Orders? Are there purchases with non- preferred vendors? Are there split POs? Are POs created on the same day as goods arrive? Requisition Purchase Goods / Services CONTROLS Transaction Controls
  23. 23. www.fulcrumway.comPage 23Copyright © FulcrumWay  Business Process Models  Service Oriented Architecture  Corporate Performance Management  Collaboration Strategic Sourcing & Contract Mgmt Supplier Collaboration Spend Categories Indirect & MRO Direct Materials Services SWIFTNet Settlement Payment Processors Requisi- tion Purchase Goods / Services Banks Oracle Procure-to-Pay Are you making accurate and timely payments? Did the person making the payment create or modify the vendor? Are there discrepancies in freight charges? Receive Goods / Services Invoice Issue Payments CONTROLS Are payment term changes reviewed before payment? Are there duplicate invoice amounts being processed? Transaction Controls
  24. 24. www.fulcrumway.comPage 24Copyright © FulcrumWay Procure to PayStandard Controls Requisitions Require PO Approval
  25. 25. www.fulcrumway.comPage 25Copyright © FulcrumWay Procure to PayStandard Controls Purchase Orders can only be issues to valid suppliers and goods received at valid sites Purchase Orders Require Approval
  26. 26. www.fulcrumway.comPage 26Copyright © FulcrumWay Procure to PayStandard Controls Goods and Services are received based on control configurations
  27. 27. www.fulcrumway.comPage 27Copyright © FulcrumWay Procure to PayStandard Controls Duplicate Invoice numbers are prevented Invoice items are matched with PO and Receiving to ensure 3-Way match
  28. 28. www.fulcrumway.comPage 28Copyright © FulcrumWay Procure to PayStandard Controls Payments are released to valid suppliers and Invoices Payments Terms are enforced
  29. 29. www.fulcrumway.comCopyright © FulcrumWay Transaction Monitor – Metadata Continuous Monitoring
  30. 30. www.fulcrumway.comCopyright © FulcrumWay Transaction Monitor – Duplicate Invoices Continuous Monitoring
  31. 31. www.fulcrumway.comCopyright © FulcrumWay Application Security and Controls Monitoring Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda
  32. 32. www.fulcrumway.comPage 32Copyright © FulcrumWay Navigation: Purchasing Supper User > Setup > Purchasing > Document Types Purchase Order Approval Purchasing Configuration
  33. 33. www.fulcrumway.comCopyright © FulcrumWay Payables Configurations User Invoice Approval Workflow Navigation: Payable Manager--> Setup -->Options--> Payables Options Click on Approval Tab
  34. 34. www.fulcrumway.comCopyright © FulcrumWay Navigation: Payable Manager--> Setup -->Options--> Payables Options Click on Approval Tab Allow Force Approval Payables Configurations
  35. 35. www.fulcrumway.comCopyright © FulcrumWay Navigation: Payables Super User->Supplier ->Entry. Select Supplier, and then Click Invoice Management AP Invoice Payment Discounts Payables Configurations
  36. 36. www.fulcrumway.comPage 36Copyright © FulcrumWay Navigation: Purchasing Supper User ->Setup-> Organizations -> Receiving Options Receiving Tolerance Level Receiving Configurations
  37. 37. www.fulcrumway.comCopyright © FulcrumWay Navigation: Payables Super User->Setup->Options->Payables Options and then click on Invoice Tab. Payable Invoice Posting to GL GL Posting Configurations
  38. 38. www.fulcrumway.comCopyright © FulcrumWay Configuration Control - Deploy Payable Options
  39. 39. www.fulcrumway.comCopyright © FulcrumWay Configuration Control - Results Continuous Monitoring
  40. 40. www.fulcrumway.comCopyright © FulcrumWay Application Security and Controls Monitoring Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda
  41. 41. www.fulcrumway.comCopyright © FulcrumWay Procure to PayStandard Controls Prevent Duplicate Supplier Name and Sites
  42. 42. www.fulcrumway.comCopyright © FulcrumWay Master Data ObjectContinuous Monitoring
  43. 43. www.fulcrumway.comPage 43Copyright © FulcrumWay Continuous Monitoring
  44. 44. www.fulcrumway.comPage 44Copyright © FulcrumWay Application Security and Controls Monitoring Introductions Continuous Controls Monitoring Access Monitoring Transaction Monitoring Configuration Monitoring Master Data Monitoring Case Study Q&A Agenda
  45. 45. www.fulcrumway.comPage 45Copyright © FulcrumWay Fiscal watchdog ensures tens of billions of dollars in payments are lawful and correct Our Client A state government agency responsible for safeguarding financial assets – more than $120 billion of public funds. Helps local governments and nonprofits invest their money with flexibility, security, and confidence. Challenges Replace fragmented legacy system for recovery audit department with a single incident management system Replace manual control checklists with a audit analytics system to identify suspicious vouchers submitted for payments by 28+ agencies across the state. Assign suspension transaction to auditors for final review and approval using a pattern matching system Solutions Transaction Monitoring Results: Reduce erroneous payment processing by 5% on millions of payments processed each day by consolidating all vouchers across 28 agencies into a single data hub. Improve incident investigation process by establishing business rules to assign incidents based upon risk level, investigation type, priority that match the auditor skills and job role Provide management visibility and independent oversight to monitor approved and rejected payments Eliminate inconsistent and contradictory actions by auditors by providing a structured investigation process based on approved investigation checklists based on type of the suspicious transaction. Optimize recover audit business process with integration to the ERP system for vendor management and payment processing Case Study
  46. 46. www.fulcrumway.comPage 46Copyright © FulcrumWay Risk Mitigation = Standard Controls + CCM User Roles 3-Way Match Track Payments Sentiment Analysis Split Purchase Orders SoD/ Access Policy Violations Duplicate Payments Transaction Threshold Amounts Duplicate Vendors Monitor Setup Changes Master Data Audit Trial Transaction Pattern Analysis Fuzzy Logic, ‘similar values’ Continuous Monitoring Standard Controls Approval Hierarchies Track Discounts Case Study
  47. 47. www.fulcrumway.comPage 47Copyright © FulcrumWay Sign-up for FREE 14 Days EvaluationQ & A Register online to try out SafePaaS

×