Con8208 achieve a quicker and compliant financial close

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 1

Follow Us & join the conversation .

Oracle GRC Advanced Controls Group

_______________________________________________________________

OracleAdvControls@OracleAdvCntrls

https://www.linkedin.com/groups/Oracle-GRC-Advanced-Controls-5185359

https://twitter.com/OracleAdvCntrls

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

3


GRC ApplicationsAchieve a Quicker and Compliant Financial Close with Oracle Governance, Risk and ComplianceCON8208 Thursday Oct 2nd 10.15-11am

Panellist:

Dan Chaffer, Qualcomm

Matt Ruetz, Oracle Managed Cloud Services

Brad Straw, KPMG

Moderator: Glen Walton, Oracle GRC Product Strategy

Brad is a Director at KPMG with over 18 years of management and consulting experience.

A majority of his consulting experience has been associated with Oracle solutions including EBS and PeopleSoft. His experience spans business process and controls development, internal auditing, and compliance and security software implementation.

He’s been implementing Oracle Advanced Controls for over 6 years for clients for clients in the Federal Civilian, Industrial Manufacturing, Retail, Energy, and Insurance industries.

In addition to his industry and technical skills, Brad is also a Level 4 Oracle project manager and has managed multi-national teams for both internal and client-facing, multi-million dollar projects.

Brad Straw

https://www.facebook.com/KPMGUS


http://www.linkedin.com/company/kpmg-us


http://twitter.com/kpmg_us


http://www.youtube.com/user/KPMGMediaChannel


6

Dan Chaffer is a Senior Manager at Qualcomm and has led the team that expanded Oracle from one country and 19 Operating Units to over 45 countries and over 80 Operating Units

Board member Multi-National SIG Group

Specialist in Global Oracle rollout strategy, Intercompany, SOX (GRC) solutions and a passionate advocate for continuous process improvement

[email protected]@gmail.com

Dan Chaffer

mailto:[email protected]

mailto:[email protected]


Matt RuetzSenior Principal Program Manager

• 20+ Years Audit and Compliance Experience including:

– Public Accounting

– Internal Audit

– SOX Compliance

– SOC1, SOC2, and SOC3 Compliance

• Companies

– Oracle

– Sun Microsystems

– Coopers & Lybrand

• Licenses and Certifications

– Certified Public Accountant (CPA)

– Certified Information Systems Auditor (CISA)


Custom or Legacy Applications

Enterprise Risk and Controls FoundationOne Unified Platform

Flexible

• Graphical Authoring• Detect and Prevent• Access, Transactions, Setups

Data Driven

• 100% of Transactions• Manage by Exception• Pattern Analysis

Comprehensive

• Multiple GRC Projects• From Documentation to Test• Closed Loop Approach

Enterprise Risk & Controls Foundation

Dashboards, Reports and Alerts

NotificationsWorklists Email PerspectivesSearch

Risk, Controls & Compliance Management

ReviewsDocumentation Assessments RemediationSurveys

Continuous Controls & Risk Monitoring

SetupsAccess Master Data Audit TestsTransactions

User Authored ControlsData Connectors Fraud & Error Patterns

Ro

le B

ased

Acc

ess

Secu

rity

Web

Se

rvic

es

& A

PIs

WE HELPyou realize its potential

THEY SAY the futureis here

Oracle Open World

Achieve a Quicker and

Compliant Financial Close

with Oracle Governance,

Risk, and Compliance

© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member

firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 29251010



Agenda

1 Executive Summary

2 KPMG’s Research

3 Overview of Common Closing Issues

4 Common ERP Features and Challenges

5 Examples of Advanced Controls Solutions

6 Self Assessment

Not permissible for KPMG audit clients and their affiliates.





Executive Summary• Financial reporting and other related regulations

are ever expanding.

• Since 2002: Sarbanes-Oxley, Basel II, Dodd-

Frank, Basel III, Clean Air Act, etc.

• Increasing regulations on reporting is placing

added pressure to report complex information

timely.

• Organizations are looking for the most benefit from

their enterprise accounting systems.

1998 2002 2006 2010 2014Data

Protection ActSarbanes

Oxley

Regulation Fair Disclosure

Gramm–Leach–Bliley

Basel II

Dodd-Frank

Clean Air Act

Basel III






Executive Summary

• Standard, out-of-the-box enterprise resource

planning (ERP) systems have robust functionality.

• ERPs are very good at the common business

processes and the associated process controls.

• ERP features do not natively address all of the

fine-grained controls required by organizations.

• Custom development is quite often the only way to

fill these gaps.

• The cost of maintaining customizations equates to

a repurchase of those customizations every 5

years.

Customizations are Repurchased Every

5 Years!

Bu

sin

ess

Req

uir

em

en

ts

Customizations: Analytics

Customizations: Operational Reporting, Extensions, and

Interfaces

Standard ERP Functionality






KPMG’s Research

• On an annual basis, KPMG LLP (KPMG) conducts a

formal, online survey of over 200 companies.

• Survey includes close and reporting processes.

• 43 percent of survey respondents indicated that they

require at least 11 days completing the monthly

financial close.

• Almost 20% of the respondents require 15 days or

more to close.

• Close to 50% of the respondents are striving to focus

on shortening the close time to less than seven days.

Source: KPMG Record-to-Report e-Survey

43% > 11 days

Over 50% < 7 days


http://www.kpmg.goglobal.com/Record-to-Report/Login-validate.cfm





KPMG’s Research

• Most Difficult Close Activities

• Several barriers inhibit organizations from

achieving that objective:

• Identifying and correcting root causes of

issues (53%)

• Providing adequate time for analysis (52 %)

• Correcting data integrity issues from source

systems (37%)


© 2014 KPMG LLP, a Delaware limited liability

partnership and the U.S. member firm of the KPMG

network of independent member firms affiliated with

KPMG International Cooperative (“KPMG International”),

a Swiss entity. All rights reserved. NDPPS 282510

The KPMG name, logo and “cutting through complexity”

are registered trademarks or trademarks of KPMG

International.











Oracle Managed Cloud Services

Audit and Compliance GRC Implementation

Matt RuetzSenior Manager - Oracle Managed Cloud Services - Audit & Compliance


About Oracle Managed Cloud Services

_________________________

Subscription-based, enterprise-grade Cloud Services

• 550+ global customers

• 5.34 billion database transaction per hour

• 41+ petabytes of managed storage

_______________________

Oracle personnel manage the environment including execution of key IT controls in collaboration with the customer


Oracle Managed Cloud Services and GRC

• Went live in April 2014

• Using Oracle GRC Financial Governance module

• Key Elements Used

– Control Object (with User Defined Attributes) with Review Roles

– Assessments (with User Defined Attributes) with Review Roles

– Issues

© 2014 Oracle Corporation – Proprietary and Confidential


ORACLE Managed Cloud Services - IT Risk Priorities

STANDARDIZE the managementinternal assessments of Oracle’s Managed Cloud Services using a centralized system to facilitate consistent process and work flow.

REPOSITORY for all controls, risks and frameworks to facilitate reporting and identification of common controls and leverage points.

MAINTAIN a history of information and changes throughout the life of the assessments

Provide control owners with a consistent interface and list of open items that need action

Provide business users a streamlined approach for managing issues and their remediation through completion.

REDUCE overall auditing COST


____________________

Key Perspectives:

- Compliance Framework

- Owner

________________________

Control Relationships Established in a Hierarchy* It is important that they are assigned correctly as it is the main driver for security

PERSPECTIVES


Control Management Flow

Audit Field Work

Record Audit ResultsAudit Test Assessment

Manage ControlOwner Verifies Control

Certify Assessment

Request EvidenceOperational Assessment

Resolve Issues

Initiate Audit Cycle

23

Intelligent Controls, Better Data and a Faster Close

Dan Chaffer, Sr. Manager, Corp Accounting, Global Processes, QUALCOMM Incorporated2-Oct-14

24

Making wireless more personal, affordable and accessible to people everywhere

World’s largest fabless semiconductor company, #1 in wireless

S&P 100/ S&P 500/ Fortune 500

….at a glance

Celebrating more than 25 years of driving the evolution of wireless communications

25

Three Oracle instances, HFM for consolidations

Global implementation− CORP Oracle – 37 Primary Ledgers, 80+ Operating Units

Qualcomm closes consolidated GL on Day 2 of following fiscal period

Close ProcessTwo days to GL close

Manufacturing (12.1)

Manufacturing(11.5)

Hyperion (HFM)

Consolidations & Eliminations

LedgerLedger

CORP Oracle(12.1)

Consol

Ledger Ledger Ledger

Advanced Controls are critical to our two-day close!

26

Critical SOX Controls− AACG

− Separation of Duties (SOD) analysis

− CCG

− Configuration Controls

− TCG

− Transaction monitoring

PCG – originally implemented as Logical Apps− In Use at Qualcomm since 2007

Advanced Controls at

Broad spectrum of control

Identify the opportunity

Detect the event

Prevent the potential

27

Item Creation process automation

Form controls

− Field Restrictions

− Limited pick lists

− Security

Next Steps – more “prevention”

− SOD prevention

− Journal Entry Approval (after post)

Module closing scripts (e.g. Project Accounting)

Preventative Controls Governor - PCG

More than just “preventative” controls….

28

For more information on Qualcomm, visit us at: www.qualcomm.com & www.qualcomm.com/blog

©2013-2014 Qualcomm Technologies, Inc. and/or its affiliated companies. All Rights Reserved.

Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries, used with permission. Other product and brand names may be trademarks or registered trademarks of their respective owners.

References in this presentation to “Qualcomm” may mean Qualcomm Incorporated, Qualcomm Technologies, Inc., and/or other subsidiaries or business units within the Qualcomm corporate structure, as applicable.

Qualcomm Incorporated includes Qualcomm’s licensing business, QTL, and the vast majority of its patent portfolio. Qualcomm Technologies, Inc., a wholly-owned subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries, substantially all of Qualcomm’s engineering, research and development functions, and substantially all of its product and services businesses, including its semiconductor business, QCT.

Thank youFollow us on:


Follow Us & join the conversation .

Oracle GRC Advanced Controls Group

_______________________________________________________________

OracleAdvControls@OracleAdvCntrls

https://www.linkedin.com/groups/Oracle-GRC-Advanced-Controls-5185359

https://twitter.com/OracleAdvCntrls



Safe Harbor Statement

The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

41

Documents

Con8208 achieve a quicker and compliant financial close