Learn to improve Period-End Close Process with effective controls in Oracle E-Business Suite

A Leader in Risk Based Enterprise Controls Management Solutions

Risk and Compliance Financial Reporting Internal Audit Controls Catalog Application Security Advanced Analytics

Educational Webinar
January 28 , 2016
Adil Khan
Managing Director

Leverage Technology:
Turn Risk into Opportunity
Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright . Fulcrum Information Technology, Inc.
 Learn to improve Period-End Close Process
Agenda with effective controls
Statements

Introduction
Oracle General Ledger Controls Overview
Configurations that impact financial close
Oracle EBS Controls Assessment Approach
Oracle EBS Period-End Close Process - A Case Study
Q&A

Copyright FulcrumWay Page 2 www.fulcrumway.com

 Proven Expertise FulcrumWay Insight
Thought Leadership
Co-Authored GRC Book: First book on GRC for
Oracle Applications
FLOAUG Innovate 16 - February 12th Orlando:
Oracle Role Based Security and Oracle Cloud
Educational Webinar February 23rd Self Service
User Provision
Educational Webinar March 22nd Procure to Pay
Process Optimization with Controls Monitoring
Collaborate 16 April 11th, 2015 Las Vegas GRC
Client Appreciation Dinner
Educational Webinar May 24th Hire to Retire
Controls in Oracle Fusion HCM
Oracle Open World Annual GRC Dinner on
September 19th, 2016 - San Francisco, CA
LinkedIn FulcrumWay Risk, Compliance and Audit
Software Group
International GRC Round Tables Sydney, London,
Johannesburg, Dubai See events page for details

Copyright FulcrumWay Page 3 www.fulcrumway.com

 Successful FulcrumWay Client Studies
Track Record
Government Oil and Gas Financial Services Retail

Communications Manufacturing Transportation Natural Resources

Media/Entertainment Healthcare High Tech Life Sciences

Copyright FulcrumWay Page 4 www.fulcrumway.com

 Oracle EBS R12 General Ledger
Agenda Configurations to Ensure Reliable Financial
Statements

Introductions
Oracle General Ledger Controls Overview
Configurations that impact financial close
Assessment Approach for Oracle EBS Controls
Oracle EBS Period-End Close Process - A Case Study
Q&A

Copyright FulcrumWay Page 5 www.fulcrumway.com

 GL Controls Oracle EBS R12 Period-End Close
Overview Controls
Close Oracle Payables before you
close Oracle Inventory and Oracle
Assets.
Close Oracle Payables before you
close Oracle Purchasing to account
for purchasing accruals at period
end.
Close Oracle Cash Management
before you close Oracle
Receivables, as bank reconciliation
in cash management will create
miscellaneous receipts in Oracle
receivables.
Finally, close all the subledgers
before we close the General
Ledger.
Copyright FulcrumWay Page 6 www.fulcrumway.com
 EBS GL Controls Oracle EBS R12 Import Journals

Copyright FulcrumWay Page 7 www.fulcrumway.com

 Oracle EBS R12 Concurrent Request:
EBS GL Controls
Period-End AP Trial Balance

Copyright FulcrumWay Page 8 www.fulcrumway.com

 EBS GL Controls Period End Reports

Copyright FulcrumWay Page 9 www.fulcrumway.com

 Oracle EBS R12 Concurrent Request:
EBS GL Controls
Create Accounting
Check the Subledger Accounting rules that
will be invoked by the process.
Options Are:
a) Create Final Accounting Post to GL
b) Create Final Accounting
c) Create Draft Accounting.

Copyright FulcrumWay Page 10 www.fulcrumway.com

 Oracle EBS R12
EBS GL Controls
Account Reconciliation

Copyright FulcrumWay Page 11 www.fulcrumway.com

 Oracle EBS R12 General Ledger
Agenda Configurations to Ensure Reliable Financial
Statements

Introductions
Oracle General Ledger Controls Overview
Configurations that impact financial close
Assessment Approach for Oracle EBS Controls
Oracle Advanced Controls A Case Study
Q&A

Copyright FulcrumWay Page 12 www.fulcrumway.com

 GL Configurations Configuration Checklist
Item Configuration Control Risk
1 GLDI: Force Journals to Balance" Set to Yes Inaccurate journal entries are posted to the GL, resulting in misstatements in
profile option account balances.
2 Freeze Flexfield Definition Set to Yes Changes in key flexfield definitions could cause inconsistent transaction
accounting and data corruption issues, resulting in misstatements in account
balances.
3 Enable Journal Approval Enable Invalid or incorrect journal entries could result in misstatements in account
balances.
4 Require Journal Approval Enable Invalid or incorrect journal entries could result in misstatements in account
balances.
5 Journal Authorization limits Valid Limits Invalid or incorrect journal entries could result in misstatements in account
balances.
6 Freeze Journals Set to Yes Unreconciled journals between subledger and General Ledger may occur.
7 The "Method (Sequence A (Automatic) Journal entries might not be entered completely resulting in incomplete
Assignment) for Ledgers financial statement.
8 Allow Dynamic Inserts Set to Yes Invalid account code combinations could result in journals being posted to
Cross Validate Segments incorrect general ledger accounts resulting in misstatements in account
Set to Yes balances.
9 Security Rule and Security Rule Define Security Rule Transactions may be processed by users against account segments they are not
Elements Elements authorized to process in resulting in account misstatements.

Copyright FulcrumWay Page 13 www.fulcrumway.com

 GL Configurations Configuration Checklist
Item Configuration Control Risk
10 MRC: Maximum days to roll forward conversion. Define Currency conversion rates may become outdated and incorrect, resulting in
misstatements in account balances.
11 Freeze Rollup Groups Yes Changes to Rollup Groups would affect how individual chart of account
values, used within journal entries, are consolidated for financial statement
reporting.
12 GL: Income Statement Accounts Revaluation Rule Define Income statement accounts may not be appropriately revalued each period,
profile causing gain or loss amounts to be inaccurate.
13 Budgetary Control Enabled Yes Ledgers may not be included in the budget process causing budget
monitoring to be non-existent.
14 GLDI: Converted Entry Threshold Define An Excessive Threshold amounts might lead to inaccurate postings to GL.
15 Flexfields:Validate On Server profile option Yes Inaccurate journal entries are posted to the GL, impacting the accuracy of
financial reporting.
16 SLA: Enable Data Access Set Security in Subledger Yes Transactions could be processed resulting in potential misstatement of
profile option. accounts.
17 GL: Number of formulas to validate for each Define Mass Allocations and Recurring Journals may not be processed accurately
MassAllocation batch" profile option and inappropriate formulas may be used.
"GL: Number of formulas to validate for each
Recurring Journal batch" profile option
Copyright FulcrumWay Page 14 www.fulcrumway.com
 GL Configurations Configuration Checklist
Item Configuration Control Risk

18 SLA: Enable Subledger Transaction Security in GL" profile Set to Yes Subledger transactions can be accessed by unauthorized
option was set to "No" at the site and organization levels. users through General Ledger responsibilities.
19 "Access Set Type" Full Inappropriate configuration and assignment of definition
access sets may result to invalid journals being posted.
20 Default Average Rate Type and Default End Rate Type Define Adjustments from currency translation or revaluations may
were not defined. not be appropriately accounted for, resulting in inaccurate
financial reports.
21 GL Rollup Groups Define Inappropriately defined rollup groups may provide
management with inaccurate summary information.
22 Super User Definition Access Set Define If definition access sets are not appropriately designed,
inappropriate users may gain access to sensitive
functionality. This could result in financial misstatement.
23 Segment Value Qualifiers Define If posting is not restricted, users can post journals direct to
General Ledger accounts. This can lead to unreconciled
differences between the subledger and the general ledger.
24 Period Status Open current All prior and future accounting periods (except the current
period) should have a status of Closed.
period
25 Enable Security configuration for all accounting Set to Yes If definition access sets are not appropriately designed,
calendars, autopost criteria sets, COA mappings, and inappropriate users may gain access to sensitive
journal reversal criteria sets. functionality. This could result in financial misstatement.
26 The Reversal Period for different journal reversal Define Journal entries may be reversed in an inappropriate period
categories. affecting cut off in the financial statements.
Copyright FulcrumWay Page 15 www.fulcrumway.com
 Oracle EBS R12 General Ledger
Agenda Configurations to Ensure Reliable Financial
Statements

Introductions
Oracle General Ledger Controls Overview
Configurations that impact financial close
Assessment Approach for Oracle EBS Controls
Oracle EBS Period-End Close Process - A Case Study
Q&A

Copyright FulcrumWay Page 16 www.fulcrumway.com

 Process A Risk Based Approach to ERP Controls

Scope Manage Setup

Application Exceptions Mitigating
Controls Controls

Assess Analyze Prepare Design Monitor

Correct
Control Control Remediation Application Application
Control
Risks Defects Plan Controls Controls
Defects
Controls Catalog DataProbe Analytics Rules Manager Controls Workbench Controls Monitor

Snapshot
Application
Data Source
Control
Control Experts/ ERP Controls Owners/
ERP Managers/ Experts/ ERP
Risk Advisors/
Control Owners ERP Managers Managers
Control Owners
Copyright FulcrumWay Page 17 www.fulcrumway.com
 People: Reconciliation requires clear
Risk Assessment
communication and effective collaboration

Administrators
Executives Auditors

Account Reconciliation

Preparers & Reviewers

Copyright FulcrumWay www.fulcrumway.com

 People: Reconciliation requires clear
Risk Assessment
communication and effective collaboration
Lack of insight Are
there any surprises
during account
reconciliation?
Lack of real time status. Administrators
Executives Auditors

Too much time for audit & review

Missing work papers on key account
No standard definition for reconciled. balances
Account Reconciliation Disconnected control testing
redundant efforts

Preparers & Reviewers

Account Reconciliation not based on Risks

such as potential for fraud or
misstatement, turnover, account history,
materiality, volume of transactions, Delinquent reconciliations No Action
significant judgment, need for regular plan for Account owner to remediate
manual posting or adjustments, etc delinquent reconciliations

Copyright FulcrumWay www.fulcrumway.com

 Risk Assessment
Close PO
Close Project Billing and Costing
Run post process for PO, Projects, etc
Close AR sub ledger
Close AP sub ledger
Close Inventory sub ledger
Close HCM sub ledger
Close Assets sub ledger
Run revaluation/re-measurement
Run GL post process for AP,AR, FA, etc.
Process: Financial Close is Complex
Gather non actuals data from Run period-end management Deliver XBRL/Edgar
reporting (lease, credit line, reports filings to the SEC
headcount, plan, etc) Review reports for business Deliver statutory
performance and realignment filings such Tax
Gather and validate complete
data sets to support all financial
reporting needs (i.e. Legal Entity,
Segments, Management, Tax,
Sustainability Metrics, Tax, etc

General Data Internal External

Sub Ledger Close Consolidation Filling
Ledger Close Assurance Reporting Reporting

Run summary allocations Generate external reports

Reconcile sub ledgers to GL Run consolidation to summary Compile Disclosure Items
Reconcile Bank Accounts ledgers Gather other financial information
Reconcile all accounts Make Topside Entries
Approve adjustments Run reports for FASB
Clear suspense accounts Run reports for KPIs
Post accruals Run reports for FX
Run allocations Run reports for Retained
Earnings

Monitor Financial Close Controls

Copyright FulcrumWay Page 20 www.fulcrumway.com
 Risk Assessment Process: Financial Close is Complex
Close PO Large volume of incomplete Difficult to see bottlenecks
Numerous ERP modules within critical Compressed reporting period
Close involved
Project Billing and Costing
(INV,OM, AP,AR,GL) Gathertransactions
non actuals in interface
data from tables Run period-end management Deliver XBRL/Edgar
Run post process for PO, Projects, etc reporting (lease, credit line,resolved
must be manually Lack of time for internal
reports Penalties for to
filings late
thereporting
SEC
Control
Close AR interdependencies
sub ledger headcount,
between applications and Lack ofplan,
issueetc)
identification and due diligence
Review reports for business Deliver statutory
Close AP sub ledger remediation performance and realignment filings such Tax
departments
Close Inventory sub ledger Gather and validate complete
Close HCM sub ledger data sets to support all financial
Close Assets sub ledger reporting needs (i.e. Legal Entity,
Run revaluation/re-measurement Segments, Management, Tax,
Run GL post process for AP,AR, FA, etc. Sustainability Metrics, Tax, etc

General Data Internal External

Sub Ledger Close Consolidation Filling
Ledger Close Assurance Reporting Reporting

Run summary allocations Generate external reports

Reconcile sub ledgers to GL Compile Disclosure Items
Run consolidation to summary
Reconcile Bank Accounts Gather other financial information
ledgers
Reconcile all accounts
MakeSteps must
Topside be completed in the
Entries
Approve
mustadjustments
Interdependent processes that Run reports for FASB order
right
Simultaneous audit of the close,
run in parallel Clear suspense accounts
Run reports for KPIs during the close
Post accruals
Large volume of incomplete Run reports for FX
Run allocations SOX certifications should precede
transactions in interface tables Coordination of key personnel
Run reports for Retained
must be manually resolved Earnings financial reporting

Monitor Financial Close Controls

Copyright FulcrumWay Page 21 www.fulcrumway.com
 Technology: Oracle EBS R12 Sub-ledger
Risk Assessment Transaction Controls

Invalid Accounting errors

exist; Fix Errors and re-run
Create Accounting program

Incomplete Transactions cant

be accounted yet; Run
Validation Program

Unprocessed Transaction
hasnt been accounted; Run
Create Accounting Program

Final Accounted in SLA but

not transferred to GL; Run
Transfer Journal Entries to GL

Copyright FulcrumWay www.fulcrumway.com

 Oracle EBS R12 General Ledger
Agenda Configurations to Ensure Reliable Financial
Statements

Introductions
Oracle General Ledger Controls Overview
Configurations that impact financial close
Assessment Approach for Oracle EBS Controls
Oracle EBS Period-End Close Process - A Case Study
Q&A

Copyright FulcrumWay www.fulcrumway.com

 Global Fortune 500 Industrial Leader Ensures Reliable
Case Study Financial Statement with Smart Controls
Solutions
Our Client
Oracle EBS R12, FulcrumWay Smart Controls
Founded in 1883, today a global supplier of paints,
coatings, optical products, specialty materials, glass and FulcrumWay Risk Advisory, Smart Controls and
fiber glass Dataprobe.
Employs more than 40,000 people worldwide
Successes
Reduced audit findings by 70% and remediation
Generated over $15B in revenue last year effort by 80% by configuring and testing ERP
External Auditor PWC. controls
Challenges Improved management visibility into financial close
Reduce costs and audit fatigue related to controls by providing real time reporting on GL
management controls Controls across the regions.
Reduce risk associated with the current state highly Reduced financial misstatement risk by replacing
manual, fragmented process manual, spreadsheet based error-prone process
Need Enterprise-wide visibility into the Financial Close with automated controls
Controls and Compliance processes Streamlined financial close steps be ensuring period
Leverage investments in technology to provide a end tasks are performed according to journal
foundation for global management controls dependencies checklist

Copyright FulcrumWay www.fulcrumway.com

 Case Study Record to Report Process Flow

Copyright FulcrumWay www.fulcrumway.com

 Product SafePaaS Application Controls Manager

Application Controls Manager

Access Manager Roles Manager
Segregation of Duty Monitor
Provision Users Design Roles &
SOD / Security Analytics
Manage User Access Self Responsibilities
Manage SoD Rules
Service Request Analyze Role Configuration
Manage App Environment
Certify User Access Simulate SOD Control Test
Manage SoD Test
Generate Role Configuration

Control Ontology Controls Workbench Control Monitor

Manage data objects Manage Access Rules Control Analytics
Manage configuration Manage Configuration Rules Monitor Setup Changes
objects Manage Transaction Rules Monitor Transaction Errors
Manage Transaction objects Manage Master Data Rules Monitor Master Data Change

Oracle E-Business Suite

Setups Master Tables Forms/Pages Profile Options User Security

Copyright FulcrumWay www.fulcrumway.com

 Smart Controls Standard + Smart Controls

Standard Generate Smart Risk Based

ERP Close Monitor Account
Controls Tasks Controls Analysis
Manual
Financial Journal Journal Transaction
Roles Import Entry Risks
Prevent Approvals
GL Configuration
Sub-Ledger access to
Transaction Snapshots &
Accounting sensitive
Threshold Audit Trial
setups Fine-
Approval Journal Notify
grained
Hierarchies Sources Account
User
Fluctuations
Fuzzy Access
Logic,
similar
values

Copyright FulcrumWay www.fulcrumway.com

 DataProbe RA Discover ERP Application Risks
1 MS Windows Install 2 Login with Licensed Credentials 3 Connect to EBS Database

Copyright FulcrumWay www.fulcrumway.com

 Application Risk Factors
Assess Risks

FA List of Primary Financial Custom Freq. of Audit Risk

INV Apps Process /Sensitive Code Changes Logs Rating
INV
HR Enabler Data
PR PO
OM
GL 8 9 5 9 8 34

AP GL AP 7 7 6 8 9 32
AR 7 7 9 9 7 39
FA 5 5 5 5 5 25
AR PO 5 5 4 6 4 24

AR Risk Scale: Highest 10

Risk Threshold AP GL
Risk Threshold: Over 30

Copyright FulcrumWay www.fulcrumway.com

 Treat Risk ERP Control Methods

High Medium Risk High Risk

I
M Mitigate Remediate & Prevent
P
A Low Risk Medium Risk
C
T
Accept Monitor Controls

Low PROBABILITY High

Copyright FulcrumWay www.fulcrumway.com
 Control Risk Access Controls

FulcrumWay Controls Catalog

FulcrumWay SOD Monitor
FulcrumWay DataProbe

Access Control Risk Description Process ERP Risk Risk

App Type Rating

Enter Journal and Post Can cause frauds or errors resulting in R2R GL Fin High
Journal over or under stated financial statements

Create Suppliers and Can lead to an overstatement of liabilities if P2P AP Fin High
Create Invoices - R12 fictitious suppliers are created and invoiced.
Create Customer and Can lead to an overstatement of revenues. O2C AR Fin High
Create Sales Order - R12

Copyright FulcrumWay www.fulcrumway.com

 Control Risk Configuration Controls

FulcrumWay Controls Catalog

FulcrumWay Data Monitor
FulcrumWay DataProbe

Configuration Control Risk Description Process ERP Risk Risk

App Type Rating

Journal Authorization Authorization limits for employees. R2R GL Fin High

Limits
Payment Adjustment Adjustments made to invoice distributions P2P AP Fin High
Controls after payment is issued can cause errors in
reconciliation
Define Credit Usage Rules In Credit Management, credit usage rule sets O2C AR Fin High
ensure that all transactions for the specified
currencies are converted to the credit ...

Copyright FulcrumWay www.fulcrumway.com

 Control Risk ERP Transaction Controls

FulcrumWay Controls Catalog

FulcrumWay Data Monitor
FulcrumWay DataProbe

Transaction Control Risk Description Process ERP Risk Risk

App Type Rating

Exchange Rates Identify transactions after the fact R2R GL Fin High
monitoring of manual inputs of system
exchange rates that are more than 10% +/-
AP Invoice Over PO Invoice payments in excess of PO / user P2P AP Fin High
Invoice approval limit
AR Invoices Over Control monitor returns a record of each O2C AR Fin High
Threshold customer invoice that is valued in excess of a
specified threshold.

Copyright FulcrumWay www.fulcrumway.com

 Smart Controls Monitor Key Configurations in ERP

Copyright FulcrumWay www.fulcrumway.com

 Transaction Controls Detect unusual
Smart Controls
Invoice Entries (duplicate invoices)

Copyright FulcrumWay www.fulcrumway.com

 Smart Controls Close Monitor Dashboard

Copyright FulcrumWay www.fulcrumway.com

 Case Study Results and Benefits

Copyright FulcrumWay www.fulcrumway.com

 Leverage Advanced Controls for Oracle EBS
Agenda R12 to streamline your Record to Report
process

Introductions
Top Financial Close Challenges
Overview of Financial Controls
Advanced Controls for Record to Report
Case Study
Q&A

Copyright FulcrumWay www.fulcrumway.com

 Download Dataprobe to assess your Period-End
Q&A Risks

Download Dataprobe
for 30 days Free
Evaluation

Copyright FulcrumWay www.fulcrumway.com