Upload
insync-conference
View
918
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Delivering Enterprise Value With Oracle Governance Risk and Compliance.
Citation preview
Delivering Enterprise Value with Oracle Governance, Risk and Compliance
Svetlana Loncarevic & Brian AmatoOracle
16th August 2010
The most comprehensive Oracle applications & technology content under one roof
Agenda
• Business Challenges
• Solution Overview
• Customer ROI
• Questions
A History Lesson
Enron - $11Billion
Coles Myer - $4.26MSociete Generale - €6.3B
HIH - $5.3Billion collapse
And Even Today… $20M
$2.7M $37M
$3B
Numerous Risks Confront Business
INFORMATION MANAGEMENTDocument Retention / Records MgtElectronic Data ManagementInformation SecurityInformation Privacy
E-COMPLIANCEElectronic Info, E-mail and PostingsInternet SecurityInternet Privacy
ETHICSConflicts of InterestEthical Decision-MakingGifts & GratuitiesRespectful Conduct
INTELLECTUAL PROPERTYCopyrightTrademarkPatent
INTERNATIONAL TRANSACTIONSForeign Negotiation & SalesExport ControlsEconomic EmbargoesGlobal Trade & Competition
CORPORATE GOVERNANCEBoard Structure & ProcessesAudit Committee Structure & Processes
WORKPLACE HEALTH & SAFETYPRODUCT QUALITY & LIABILITYFRAUD & CORRUPTIONInsider TransactionsMoney LaunderingForeign Negotiation and SalesRevenue and Expense Recognition
INDUSTRY SECTORSPharmaceuticalFinancial ServicesAutomotiveUtilitiesOil & Gasand more...
ENVIRONMENTALHazardous Material HandlingEnvironmental ReportingPermit Management
EMPLOYMENTAnt-Discrimination / AccommodationAnti-HarassmentBenefitsCompensationContingent WorkforceEmployee PrivacyExecutive CompensationGlobal Mobility / ImmigrationHiring / Retention
Burden Stems from Core Challenges
FinanceBusiness
Assessment/Audit Groups
IT Security/Risk Management
C1b C2b C3b
C5b C6b C7b
C9b C10b C11b
R1 R2 R3 R1 R2 R3 R1 R2 R3
C1c C2c C3c
C5c C6c C7c
C9c C10c C11c
C1a C2a C3aC5a C6a C7aC9a C10a C11a
Challenge:
Multiple Requirements, Fragmented Response
Challenge:
No ProactiveRisk Management
Challenge:
Ad-hoc Approach withManual Controls
GRC
Business Processes
Risk
React
Smart Strategies to Manage Risk & Compliance
Solution:
Consolidate multiple standards and regulations onto a single platform
Solution:
Manage risk in a disciplined & consistent fashion
Solution: Manage & Automate controls across
standard business processes
R1 R2 R3C1 C2 C3
C5 C6 C7
C9 C10 C11
Business Process
Governance Risk & Compliance
Regulation A
Standard C
Risk B
Budgeting
Oracle Integrated Governance, Risk & Compliance
Custom, Legacy, …
O2CP2P
Logistics
Across Functional BoundariesThroughout the Processes
In the Technology
Financial Close
GRC IntelligenceGRC IntelligenceExecutive Executive DashboardsDashboards KRIs and KPIsKRIs and KPIs Ad-Hoc AnalysisAd-Hoc Analysis
GRC ManagerGRC ManagerEnterprise Risk Enterprise Risk ManagementManagement
Compliance Compliance ManagementManagement
Remediation Remediation ManagementManagement
GRC ControlsGRC Controls
SOD & AccessSOD & Access Application Application ConfigurationConfiguration
Transaction Transaction MonitoringMonitoring
Oracle Governance, Risk and Compliance Suite
Custom or Legacy Applications
Embedded Controls• Detective, Preventive, Contextual• Automated controls testing• Pre-built controls library
Centralized GRC Oversight • Common Repository for GRC• Audit and Assessment of Controls• Integrated remediation management
360º Visibility• Single source of GRC Information• Pre-built dashboards• Respond to KRI and issues
Preventive ControlsPreventive Controls
Monitor AllMonitor AllOpen IssuesOpen Issues
Investigate Investigate Troubling KPIsTroubling KPIs
Configure Risk & Configure Risk & Control KPIsControl KPIs
Governance Risk & Compliance Intelligence
• Risk-based scoping with integrated account balance and GRC information
• Self-service analysis and reporting with interactive dashboards and automated alerts
• 100+ pre-built KPIs for Risk, Certification, Controls, and Issues enable personalized reporting
Review GRC Review GRC DashboardsDashboards
GRC REPORTING & ANALYSISGRC REPORTING & ANALYSIS
GRC ManagerGRC ManagerGRC IntelligenceGRC Intelligence
GRC ControlsGRC Controls
Timely Access to Information / Better Decisions
Certify and Certify and PublishPublish
Remediate and Remediate and OptimizeOptimize
Test Controls Test Controls and Analyze and Analyze
ExceptionsExceptions
Assess Scope Assess Scope Based on RiskBased on Risk
Enterprise Governance Risk & Compliance Manager
• Capture issues and manage remediation
• Automate certifications, audits, and management assessments
• Central repository for policy, risk and compliance documentation
Document Risk Document Risk and Control and Control
MatrixMatrix
Risk and Compliance ProcessRisk and Compliance Process
GRC ManagerGRC ManagerGRC IntelligenceGRC Intelligence
GRC ControlsGRC Controls
Standards & Mandates
Controls
RisksRisks
Manage Risk and Compliance Across the Enterprise
GRC ManagerGRC ManagerSOD &SOD &AccessAccess
Application Application ConfigurationConfiguration
Transaction Transaction MonitoringMonitoring
GRC IntelligenceGRC Intelligence
GRC ControlsGRC Controls
Compensating Compensating PoliciesPolicies
Preventive Preventive ProvisioningProvisioning
Remediation Remediation (Clean-up)(Clean-up)
Access Access AnalysisAnalysis
Application Access Controls GovernorEnforce Proper Segregation of Duties in Applications
• Accelerate deployment and time to value with pre-delivered controls library
• Mitigate risk of privileged user access to enterprise applications with approval workflow and audit trails
• Simplify segregation of duties enforcement with simulation and remediation
Define Access Define Access ControlsControls
DetectionDetection PreventionPrevention
GRC ManagerGRC ManagerSOD &SOD &AccessAccess
Application Application ConfigurationConfiguration
Transaction Transaction MonitoringMonitoring
GRC IntelligenceGRC Intelligence
GRC ControlsGRC Controls
Preventive ControlsPreventive Controls
GRC ManagerGRC ManagerSOD &SOD &AccessAccess
Application Application ConfigurationConfiguration
Transaction Transaction MonitoringMonitoring
GRC IntelligenceGRC Intelligence
GRC ControlsGRC Controls
Manage Data Manage Data IntegrityIntegrity
Enforce Change Enforce Change ControlControl
Monitor Monitor Configuration Configuration
ChangesChanges
Document or Document or Compare Compare
ConfigurationsConfigurations
Configuration Controls GovernorEnsure Integrity of Critical Application Setups
• Tightly control change management to accelerate development and test time
• Track complete audit trails for changes to key configurations
• Achieve consistent application setup and operating standards across multiple instances
Define Define Configuration Configuration
ControlsControls
DetectionDetection PreventionPrevention
GRC ManagerGRC ManagerSOD &SOD &AccessAccess
Application Application ConfigurationConfiguration
Transaction Transaction MonitoringMonitoring
GRC IntelligenceGRC Intelligence
GRC ControlsGRC Controls
Preventive ControlsPreventive Controls
GRC ManagerGRC ManagerSOD &SOD &AccessAccess
Application Application ConfigurationConfiguration
Transaction Transaction MonitoringMonitoring
GRC IntelligenceGRC Intelligence
GRC ControlsGRC ControlsTransaction Controls GovernorIdentify Inaccurate or Fraudulent Transactions
• Continuously monitor accuracy of transactions and mitigate exposure to fraud
• Test against thresholds• Search for anomalies• Perform transaction sampling
DetectionDetection PreventionPrevention
Preventive Preventive Transaction Transaction
ControlsControls
Review and Review and Address Address
SuspectsSuspects
Perform Perform Transaction Transaction
AnalysisAnalysis
Define Transaction Define Transaction ControlsControls
Pre-delivered Transaction Controls
Suspect Transactions
Pre-delivered Transaction Controls
Suspect Transactions
Preventive ControlsPreventive Controls
GRC ManagerGRC ManagerSOD &SOD &AccessAccess
Application Application ConfigurationConfiguration
Transaction Transaction MonitoringMonitoring
GRC IntelligenceGRC Intelligence
GRC ControlsGRC Controls
Preventive ControlsPreventive Controls
GRC ManagerGRC ManagerSOD &SOD &AccessAccess
Application Application ConfigurationConfiguration
Transaction Transaction MonitoringMonitoring
GRC IntelligenceGRC Intelligence
GRC ControlsGRC ControlsPreventive Controls Governor Enforce granular controls conditionally
PreventionPreventionEnforce LOVs Enforce LOVs & & Field Field AttributesAttributes
Add Messages Add Messages & & Default ValuesDefault Values
Add Navigation Add Navigation & & Extend FormsExtend Forms
Secure & Secure & Audit FieldsAudit Fields
Add Approval Add Approval WorkflowsWorkflows
Preventive ControlsPreventive Controls
Implement field-, block- and/or form-level controls to hide, mask or validate information
Enforce business policy using contextual automated processes
Protect sensitive dataMitigate risk of application changes with
approval workflow and audit trailsReduce audit costs, reduce
maintenance costs, increase IT productivity
Preventive Controls Governor Enforce Controls & Proactive Change Management
PreventionPrevention
Enforce Field Enforce Field ValidationValidation
Proactive Proactive Change Change ManagementManagement
Prevent Prevent Read/Write Read/Write AccessAccess
Define Define Preventive Preventive ControlsControls
Review Review Audit ReportsAudit Reports
Enforce Controls to granular level to targeted users and events
Invoke approval workflow / notifications when key risk fields are modified and produce audit trails of key changes
Accelerate deployment and time to value with pre-delivered controls library
GRC ManagerGRC ManagerSOD &SOD &AccessAccess
Application Application ConfigurationConfiguration
Transaction Transaction MonitoringMonitoring
GRC IntelligenceGRC Intelligence
GRC ControlsGRC Controls
Preventive ControlsPreventive Controls
The Oracle Difference Enterprise Governance, Risk & Compliance Platform Leader*
33Role-Based Dashboards Provide Real
Time Insight
2211One Platform Satisfies Multiple Regulations
Policy
GRC Controls Integration Enforces Policy
Controls
*Source: 1Gartner Magic Quadrant for Enterprise Governance Risk Compliance Platform, 20092Gartner Magic Quadrant for Continuous Controls Monitoring, 20103Gartner Magic Quadrant for Business Inteligence Platform, 2010
Financial Reporting
GreenCompliance
DataPrivacy
R1 R2 R3
C1c C2c C3c
C5c C6c C7c
C9c C10c C11c
Oracle Helps Reduce Compliance Costs and Control Risk
Reduces controls testing by 65%
Cuts Segregation of Duties audit from 2 months to 2 days
Reduces audit preparation time by 25%
Saves $1 million by avoiding customizations
Access Controls pass rate improved by 27%
Reporting time reduced from 4 days to minutes
Testing costs reduced by 30%
User role violations reduced by 90%
Tell us what you think…
• http://feedback.insync10.com.au