HIDDEN BENEFITS OF ORACLE GRC

AGENDA

High Level Product Overview – Control Suite

Access Controls Governor
Configuration Controls Governor
Transaction Controls Governor

Preventive Controls Governor

Form Rules
Flow Rules
Development Life Cycle
Practical Examples

Navillus Differentiators

Questions & Answer

GRC PRODUCT OVERVIEW
ORACLE GOVERNANCE RISK AND COMPLIANCE

GRC Intelligence
Executive KRIs and KPIs Ad-Hoc
Dashboards Analysis

Enterprise GRC Manager

Enterprise Risk Compliance Remediation 3 GRC PRODUCT ENTITIES
Management Management Management

GRC Controls
Application SOD & Access Transaction
Configuration Monitoring

Preventive Controls

Oracle Other
Applications Applications
ORACLE GOVERNANCE RISK AND COMPLIANCE

GRC Intelligence 360º Visibility

• Single source of GRC Information
Executive KRIs and KPIs Ad-Hoc
• Pre-built dashboards
Dashboards Analysis • Respond to KRI and issues

Enterprise GRC Manager

Enterprise Risk Compliance Remediation
Management Management Management

GRC Controls
Application SOD & Access Transaction
Configuration Monitoring

Preventive Controls

Oracle Other
Applications Applications
ORACLE GOVERNANCE RISK AND COMPLIANCE

GRC Intelligence
Executive KRIs and KPIs Ad-Hoc
Dashboards Analysis

Centralized GRC Oversight

Enterprise GRC Manager • Common Repository for GRC
• Audit and Assessment of Controls
Enterprise Risk Compliance Remediation
• Integrated remediation management
Management Management Management

GRC Controls
Application SOD & Access Transaction
Configuration Monitoring

Preventive Controls

Oracle Other
Applications Applications
ORACLE GOVERNANCE RISK AND COMPLIANCE

GRC Intelligence
Executive KRIs and KPIs Ad-Hoc
Dashboards Analysis

Enterprise GRC Manager

Enterprise Risk Compliance Remediation
Management Management Management

GRC Controls
Embedded Controls
• Detective, Preventive, Contextual
Application SOD & Access Transaction
Configuration • Automated controls testing
Monitoring
• Pre-built controls library
Preventive Controls

Oracle Other
Applications Applications
 GRC CONTROLS
ACCESS CONTROLS GOVERNOR (ACG)
APPLICATION ACCESS CONTROLS GOVERNOR:

• Simplify segregation of duties

enforcement with simulation and
remediation

• Mitigate risk of privileged user access to

enterprise applications with approval
workflow and audit trails

• Accelerate deployment and time to value

with pre-delivered controls library

Detection Prevention

Define Access Access Remediation Preventive Compensating

Controls Analysis (Clean-up) Provisioning Policies
FINE GRAINED ACCESS CONTROL AND SEGREGATION
OF DUTIES

Process: Procure to Pay

Define
Risk: Financial Fraud

Entitlements: Create Invoices

Element Description
Access Points Open Interface Invoices AP_APXIIFIX
Open Interface Invoices Invoice Batches AP_APXINWKB_BAT
Invoice Batches Invoices AP_APXINWKB
Invoices POLICY
Vendors Create Invoice & Create Suppliers
Enter Suppliers
Suppliers Entitlements: Create Suppliers
Merge Suppliers Element Description
Vendors APXVDMVD
Enter Suppliers PN_APXVDMVD
Suppliers AP_APXVDMVD
Merge Suppliers AP_APXVDDUP
 SOD ANALYSIS – ADDRESS FALSE POSITIVES

Responsibility: Purchasing User

User: John Doe
Null
Menu: PO_USER_GUI Prompts

Menu Grants
Query-only Exclusions Responsibility: Payables User Flags
Functions
AZN
(Process) Menu: AP_Navigate_GUI12
Function: Purchase Orders Menus

Submenu: AZN_AP_Invoices_Entry
Function: Invoice Batches

Inherent
SOD Conflict
False
Positive
ONLINE CONFLICT ANALYSIS

Use Entitlements to group access points

that correspond to a common privilege
(e.g. several different functions allow you
to create an invoice…)
EXAMPLE REPORTING
EXAMPLE REPORTING
EXAMPLE REPORTING
PREVENTIVE PROVISIONING

SOD conflict rule between

Suppliers & Payments will be
published to EBS r12 environment
to monitor access changes and
Require Approval for any conflicts
PREVENTIVE PROVISIONING

GRC Controls governs any

changes to user access
rights, such as this example
of adding an Payments role
for this Supplier Clerk.
PREVENTIVE PROVISIONING

Automated SOD conflict

analysis is initiated anytime
users’ are added or modified,
thus saving time of reviewing
spreadsheet matrices or risk
missing a material access event.
PREVENTIVE PROVISIONING

Control owner is alerted and can

login into GRC and review SOD
details and approve or reject the
access for requested user.
PREVENTIVE PROVISIONING

Once approved, GRC will

automatically update EBS and
provision approved roles to the
users’ profile.
PREVENTIVE PROVISIONING

•User now has access to the

roles to do their job.
•SOD control was enforced.
•The business flow was
optimized.
PREVENTIVE PROVISIONING

• Reporting & Audit evidence is

readily available.
MULTI PLATFORM & CROSS-PLATFORM CONTROLS

Multi-Platform / Instance Cross-Platform

Instance A Instance B Instance C User1 User2

Custom,
Legacy, Etc.

• User access within different, multiple • User access across different instances,
platforms or instances platforms, applications, etc.
ORACLE ACG BUSINESS VALUE

Access Controls

Reduce time associated with application security design

Design-in proper segregation of duty controls during responsibility
definition
Enforce SOD Controls in real time and prevent violations before they
occur
Reduce audit and remediation costs
Enable rapid deployment with pre-built SOD Control Library
Simplify SOD maintenance through simulations and automated
remediation
 GRC CONTROLS
CONFIGURATION CONTROLS GOVERNOR (CCG)
CONFIGURATION CONTROLS GOVERNOR

• Achieve consistent application setup and

operating standards across multiple
instances

• Track complete audit trails for changes to

key configurations

• Tightly control change management to

accelerate configuration and test time

Detection Prevention

Define Document or Monitor Enforce

Manage Data
Configuration Compare Configuratio Change
Integrity
Controls Configurations n Changes Control
CONFIGURATION MANAGEMENT – OVERVIEW

Configuration Controls

Snapshots
Document key controls across the entire
organization.

Comparisons
Ensure consistency of controls across:
- Instances - Versions
- Points in Time - Operating Units
- Sets of Books
Change Tracking
Real-time monitoring of key controls in
Oracle. Ensure visibility and integrity of
controls over a period of time.
Fine-grained
Require approvals and reasons for change
Change Control
prior to system acceptance on key fields.
EXAMPLE OF SETUPS AND KEY CONTROLS

Key Controls
Setup Data
Application Security 3-way matching of PO, Invoice and
Document Approvals Receipt
Chart of Accounts Document spending limits
Profile Options Setups = (authorization of PO)
Users Key Security rules – access to sensitive
Application Setups Controls transactions
MRP rules • Employee salaries
• Chart of account values
• Financial statement reports
Operational Data (FSGs)
Customers • Price lists
Suppliers • Inventory attributes
Employees Action for late delivery of goods
Buyers Inventory stocking rules
Items Rules to create tax on sales orders
Chart of Account Values Depreciation methods
Category Codes
FLEXIBLE CONFIGURATION REPORTING

Configuration
Reports
with field
descriptions
for business users
Capture change for
both operational
& audit purposes
Detect and receive
alerts for key fields
 Users and
administrators
are alerted via
email that a
setup or control
changed.
ORACLE CCG BUSINESS VALUE

Configuration Controls

Replace manual setup documentation (i.e. BR100s) with automated

snapshot documentation
Document and track changes to key configurations during the
implementation/upgrade process.
Determine change and impact to setups
Ensure Instance are in Sync – i.e.; Test vs. Prod
Reduce Test and Debug Time – What Changed?
Track changes or restrict change to setups
Reduce Need for Technical Asst. Requests (SR’s)
Manage change to those over time.
 GRC CONTROLS
TRANSACTION CONTROLS GOVERNOR (TCG)
TRANSACTION CONTROLS GOVERNOR

Continuously monitor accuracy

of transactions and mitigate
exposure to errors or fraud
• Test against thresholds
• Search for anomalies
Business Elements from • Perform transaction sampling
Designated Nationals list

Business Elements Business Rules, written in “Plain English”,

• Monitor for fraud
Suppliers from various
business applications
by Business People – No Coding/Scripting
• Generate KRI’s/KPI’s
• Stop cash leakage

Detection Prevention

Define Perform Review and Preventive

Transaction Transaction Address Transaction
Controls Analysis Suspects Controls
 TRANSACTIONAL CONTROLS MONITORS
Reduce Errors
and Leakage
 Prevent overpayments/duplicate
payments in procure-to-pay
process
 Improve use of cash and supplier
satisfaction through optimized
payment timing and discounts
 Indentify missed billings errors to
reduce days sales outstanding
Minimize Fraud
and Abuse
 Detect and respond to
procurement, payroll, and
expense violations in real time
 Deter fraudsters by increasing
the likelihood of getting caught
 Identify fictitious and overstated
bookings to reduce revenue
recognition risk
Improve Audit
Efficiency
 Expand audit coverage,
confidence, and reporting
 Maximize ROI of transaction
monitoring and
audit/investigative resources
 Prevent incidents to reduce post
audit recovery and collections
costs
TCG PROCESS AND BENEFITS

Automated control
monitors to schedule
or run as needed
TCG PROCESS AND BENEFITS

Automated control
monitors written with
business related
objects
TCG PROCESS AND BENEFITS

Easily apply AND/OR

filters to business
objects to create
complex and simple
transaction monitors.
TCG PROCESS AND BENEFITS

View Results Online or Report to

formats like Excel
TCG PATTERN ANALYSIS

Benford Analysis

Mean Analysis
Business Elements from
Designated Nationals list

Business Elements Business Rules, written in “Plain English”, by

Suppliers from various Business People – No Coding/Scripting
business applications
 These potential “suspects” were identified on
the last scheduled run of the “Suspicious
Supplier” Rule (OFAC Listing). Now we have an
action item to remediate this elevated risk
concern.
EXAMPLE BUSINESS USAGE

We have built out dozens of rules focused on Fraud and Cash

Leakage, Test of Control Sampling, Performance Analysis and
Continuous Control Monitoring
ORACLE TCG BUSINESS VALUE

Continuous Transaction Controls

Pre-built content / Easy to build your own

Easy to use business interface
Test 100% population
Detect and deter fraud
Reduce risk of inaccurate or fraudulent transactions
Save money – capture cost and spending leakage
Reduce reliance on IT to perform testing
Continuously monitor business process controls
 GRC CONTROLS
PREVENTIVE CONTROLS GOVERNOR (PCG)
DATA AND PROCESS CONTROLS

• Enforce controls for specific users and

events natively within EBS
• Eliminate manual tasks
• Automate repetitive tasks & processes
• Mitigate risk of transactional errors with
approval workflow and audit trails
• Protect sensitive application data
• Reduce audit costs, reduce maintenance
costs, increase IT productivity

Prevention

Define Initiate Enforce

Prevent Read Review Audit
Preventive Approval Field
or Write Access Reports
Controls Workflow Validation
PCG – KEY COMPONENTS

Form Rules
Flow Rules
Audit and Change Control
 PROCESS AND CONTROL AUTOMATION

Control / Automate Form

Transactions

Internal Controls , Regulatory

Business Rules

Business Process & Procedure Workflow enable process,

approvals and alerts

Intellectual property
 FILLING THE ORACLE APPLICATION GAPS

Process and application gaps can result any number of the following
• Increased risk or fraud or loss
• Inefficiency
• Lost revenue opportunities
• Transaction integrity issues.
 FILLING THE ORACLE APPLICATION GAPS

Preventive Controls Governor (PCG)

• Bridges the gap through configuration – NOT CUSTOMIZATION
• Common repository for GRC business rules
• Significantly reduces the time/effort required to fill the gaps
• Reduces the need for specialized resources
• Increases upgrade and implementation efficiency and success
DEVELOPMENT METHODOLOGIES

CEMLI
• Custom.pll or Form Personalization or Oracle
Workflow
• Less flexible
• Partial to fully technical
• Error prone process
• Requires strict SDLC process

Business Rules
• Configurable
• Less technical dependency
• More flexible
• Self Documenting
• Migration ready
• 30-50% less time to implement and manage
• Can combine with CEMLI for ‘simplification’
PCG VS. FORMS PERSONALIZATION / WORKFLOW
BUILDER

Preventive Controls Governor Forms Personalization / Workflow/ AME

More robust, ease of use Cumbersome
Fine grained control automation Limited availability
Audit ability of control rules Not available
Condition based control Not available
automation Not available
Integrated with workflow Not centralized
Rules are centralized Not available
Reporting available Not available
Record changes to database Requires client side tools and
values using change control PLSQL
MIGRATION

Built in system to system direct migration, current system

copy, xml file export import…..effortless migration.

No downtime
Users are unaffected
No custom library to recompile
SELF DOCUMENTING

Simple Online review

Both Summary and Detailed Reports
SELF DOCUMENTING

Simple Online review

Both Summary and Detailed Reports
FORM RULES
CONDITIONAL: SUBSCRIBERS

Subscribers enable the business rules to fire under the right conditions.

Subscribers conditions
include:
• User name
• Responsibility
• User profile Values
• Operating Unit
• Organization
• Data values in the form
• Subscriber lists
• Advanced wizard
created queries and
database functions.
FORM RULE- SECURITY RULES

Wizard creation of security rules to limit what users can

see or do inside of a given form based on subscriber
conditions.
1) Click an option

Form Tab Block Field DFF

2) Wizard Creates a
rule Restrict Upper
Case or
Lower

Require X

No Update X X X X

No Insert X X X X

No Delete X X

Hide X X X
Default X
Where

Order by X
FORM RULE- NAVIGATION RULES

Navigation rules provide the ability to ZOOM or shortcut to

forms or programs.

• Improve transaction flow by

providing form to form navigation
zooms

• Disable Oracle actions or tools

• Create ‘quick report’ entries from

the menu
FORM RULE- MESSAGE RULES

Message rules may be informational or errors that stop

users from committing transactions

• Messages may guide or warn

users

• Messages can have form data

embedded as ‘tokens’

• Messages may prevent the

commit of bad or incorrect data if
conditions are met
FORM RULE- DEFAULT RULES

Default values into fields to make entry more efficient

and/or improve datar quallity.

Block Field Type Value

VNDR VENDOR_NAME_ALT Static HELLO WORLD

VNDR VENDOR_NAME_ALT Form VNDR.VENDOR_NAME

GLOBAL XX_VDR Form VNDR.VENDOR_NAME

GLOBAL XX_XX SQL Select null from dual

FORM RULE- LIST OF VALUES RULES

List of Value rules may be used to filter or modify existing

lists or create lists on fields such as comment or free form
fields.
New List of
Values

Exclude values
from existing List of
Values
FORM RULE- FIELD ATTRIBUTES RULES

Field Attributes alter the properties of fields and records

within a form.

Examples include

• Alter Prompts

• Set Text, field or row color

Block Field Field Instance

• Conceal data (*****)

• Disable Query ability

• Change x-y field position

• Disable field navigation

FORM RULE- SQL RULES

SQL rules provide the means to perform other validation or

automation utilizing existing standard APIs or custom code
without the overhead .
Examples include

• Perform simple queries and pop

messages (Show customer
aging prior to issuing a credit)

• Call Oracle API to automate

manual processes (Disable
application user on Employee
termination)
• Run a report based on data in a
form (Use and Navigation and
SQL rule to add report shortcuts)
Simple query checks
is current vendor has
open POs
FORM RULE- ORACLE FLOW RULES

Oracle Flow rule enable form events such as saving a

record or changing a field value to initiate GRC Flow rules

Examples include

• Perform simple queries and pop

messages (Show customer
aging prior to issuing a credit)

• Call Oracle API to automate

manual processes (Disable
application user on Employee
termination)
• Run a report based on data in a
form (Use and Navigation and
This event is a button
that will initiate this SQL rule to add report shortcuts)
flow
PRACTICAL EXAMPLES
MANAGE LIST OF VALUES (LOV)
FILTER EXISTING LIST OF VALUES

Before

Transact to /from any subinventory

• Filter LOVs to make them more context related

• Make global lists more localized
• How about adding language translation in Oracle Projects
MANAGE LIST OF VALUES (LOV)
FILTER EXISTING LIST OF VALUES

Before After

Transact to /from any subinventory Dropship subinventories removed

• Filter LOVs to make them more context related

• Make global lists more localized
• How about adding language translation in Oracle Projects
EMBEDDED SECURITY
APPLY SECURITY CONTROLS AND ENFORCE BUSINESS
POLICY
Before

• Granular user interface restrictions (block, field, tab)

• Restrict access to data or actions
• Embedded controls that enforce security and business process
• Contextual control (by responsibility, profiles, data field, etc.)
EMBEDDED SECURITY
APPLY SECURITY CONTROLS AND ENFORCE BUSINESS
POLICY
After

Start date is
disabled

Indirect Password Message

Responsibility tab expiration policy enforcement, and
removed defaulted and focus shifts to
locked PERSON field

• Granular user interface restrictions (block, field, tab)

• Restrict access to data or actions
• Embedded controls that enforce security and business process
• Contextual control (by responsibility, profiles, data field, etc.)
TRANSACTION INTEGRITY
ENFORCE BUSINESS POLICY

Before

Company Policy states rates must be

good for 6 months.
Rate can be implemented over any
time period breaking policy

• Granular user interface restrictions (block, field, tab)

• Restrict access to data or actions
• Embedded controls that enforce security and business process
• Contextual control (by responsibility, profiles, data field, etc.)
TRANSACTION INTEGRITY
ENFORCE BUSINESS POLICY

After

Interest rate is
disabled due to
validation
Message enforcement,
lets users know what
they need to do

• Granular user interface restrictions (block, field, tab)

• Restrict access to data or actions
• Embedded controls that enforce security and business process
• Contextual control (by responsibility, profiles, data field, etc.)
DATA PRIVACY AND DATA SECURITY
MASK SENSITIVE DATA, DISABLE BUTTONS, VALIDATE
DATA INPUT

Conceal for Data

Privacy

Mask for data

protection

• Granular user interface restrictions Remove Data of

Birth
• Restrict access to data or actions
• Embedded controls to enforce security and business process
• Contextual control (by responsibility, profiles, data field, etc.)
APPLICATION LEVEL CHANGE CONTROLS

Prevent fraud or costly unapproved changes to data

• Apply change controls to enforce

• Audit- field level auditing
• Reason Control- requires a
reason for the change
• Approval- Implement the
change only after approval
• Better than standard oracle audit and
‘ROW WHO’
• Oracle supplied content of hundred of
fields out of the box for you to
configure
CONTROLS TO BREAK WITHIN ERP

• Book revenue into previous accounting period by keeping the

period open
• Alter an employee signing limit with no approvals or tolerances
in place
• Change the tolerance levels for PO receipts to over-receive
goods
• Change a customers credit limit with no oversight

Pricing & Interest

Discounts Addresses rates

Bank
Account accounts
Rate
codes Setups Dates
CHANGE CONTROL- EXAMPLE

Ensure changes on application user form are per Policy and

approved.

• Forms indicate which fields are

under change control with
obnoxious yellow
• Changes are cached until
reasons or approvals are placed

Change request to
remove the end
date
CHANGE CONTROL- EXAMPLE

• Approvals use Oracle workflow

• Approval will allow new values to
implement

• Optional Online change history

form

• Built in audit and change control

reports

• Data is translated into user values

instead of internal id (i.e. user_id =
user_name)

• Find out

End Date is
• Who, What, When, Why
removed after
workflow approval • With apps or db
CHANGE CONTROL - SUMMARY

• Implement audit on fields impacting productivity and integrity

• Implement reason control on fields requiring integrity yet

could cause issues in reporting or financials

• Implement approval controls on critical data that could effect

financial reporting, service levels or fraud

• Key areas of focus-

• Vendors file
• Customer file
• Item master file
• Profile options
• Security forms ( user, menus, responsibilities, SQL initiating forms)
FLOW RULES
WHY HAVE ORACLE USERS NOT EMBRACED
WORKFLOW?

Workflow Builder Appears simple, but

requires code under each function

Difficult API’s
PL/SQL Required
Specialized Resources
“Hard Coded” solution
WHY HAVE ORACLE USERS NOT EMBRACED
WORKFLOW?

Workflow Builder Appears simple, but

requires code under each function

Difficult API’s
PL/SQL Required
Specialized Resources
“Hard Coded” solution
FLOW RULES FEATURES

• Define flows and flow steps without required plsql programming,

specialized workflow resources and workflow builder.

• Integrate flows steps to modify seeded Oracle flows.

• Automated entire business using business rule flows for Constraints

and Conditions, Concurrent program submission, Data Validation, SQL
updates, exception reporting, workflow, notifications and approvals.

• Define approval groups and hierarchies.

• Initiate a Flow most anything such as other workflows, form events and
periodic scheduling

• Self documentation and simple migration.

BUSINESS PROCESS AND CONTROL AUTOMATION

Automate business processes, Fraud analysis, Reporting, Transaction

Monitoring

Replace this process

with

• Manual, error prone, offline…..

BUSINESS PROCESS AND CONTROL AUTOMATION

Automate business processes, Fraud analysis, Reporting, Transaction

Monitoring

With THIS!

• System initiated, automated and flexible

• Self documenting
• Complete data validation, fraud analysis, online, approval, automatic vendor activation
and reporting
BUSINESS PROCESS AND CONTROL AUTOMATION

Define any number of steps, type of flow steps and the sequence ( or
parallel).

Check for valid Report Potential Get Payables Notify Run Vendor
Enable Vendor
setups (tax id) fraud Approval Purchasing Report(s)

• Design any type of flow process

• Set conditions, synchronous and asynchronous flows
FLOW PROCESSES - SUMMARY
Data Constraints / Conditions – Check Database conditions before allowing the
process to continue or decide if a flow step should be skipped.

Exceptions – Notify appropriate business groups of error conditions and records

requiring intervention such as fraud analysis or managing interface records.

Approvals / Notifications – Send Notifications and Approvals to appropriate business

groups and users to control process flow to increase system process communication
or create transaction approval steps

SQL– Automate update of data that would otherwise require individual attention such as
automatically disabling terminated employees and cancelling any schedule
concurrent jobs.

Concurrent Programs – Automate program submission with static and dynamic

parameters. Such processes can automate the Period Close.

Process – Link or embedded flow processes within themselves such as to create a

process for each module ( i.e. payable reports & purchasing reports) and embedded
the processes as children in a parent period close flow.
PCG DEVELOPMENT
PCG DEVELOPMENT

Empower your business Analyst

Eliminate rework & the technical “black box”
House & report on “customizations” centrally
Modify conditions, parameters, & behavior within minutes
Eliminate the nuisance hard coding dilemma and the inflexibility
Eclipse customizations with manageable configuration

CEMLI WOW
GRC SDLC

C The “development” life cycle utilizing GRC to create business rules or

controls is typically 30 to 50% the effort of traditional customization
development
PROCESS OPTIMIZATION AND CONTROL AUTOMATION

Benefits of Optimization and Automation

Fill processing gaps to improve efficiency and the user experience -

eliminate the Oracle WOW factor
Avoid customizations with PCG configurations
Transform business processes and embed controls where necessary
Reduce the cost of maintaining customizations
Offer flexibility for changing business conditions
Identify transaction processing errors due to changed procedures resulting
in expense leakage and an increase in post audit recovery losses
Reduce risk, time and cost of identifying, and correcting errant or
fraudulent transactions that violate control policies within the Oracle EBS
system
Enable Audit Team with business based query tool for testing and
monitoring
Reduce internal and external costs where key control changes are
necessary due to changed functionality
PRACTICAL EXAMPLES – NAVILLUS FAST CLOSE
PRACTICAL EXAMPLES – NAVILLUS PROVISIONING
PRACTICAL EXAMPLES – NAVILLUS QUICK ITEM
ENTRY
OTHER EXAMPLES - BUSINESS RULES

Satisfy
Business Process Common Customizations with
PCG
Require authorization to change invoice details
Procure to Pay Distribution Coding Requirements for certain
Purchase types
Prevent discount level breach on sales order
agreements
Order type controls
Order to Cash
Sales order approvals and credit checks
Item management (creation, change control,
attributes, cost)

Hire to Retire Send notifications of salary increases over certain

percentage or outside of pay grade

Project Accounting Change control on Costing/Billing settings

Reconcile to Report Require approvals prior to reopening a closed

period
BUSINESS EXAMPLES

Alter Promise / Schedule dates with ATP plus shipping availability

Increased customer satisfaction and delivery performance

Add approval workflows on AP, GL, Inventory transactions

Reduced loss and errant transactions
Provided mitigating controls in conjunction with access controls

Default data, Alter navigation and automate entry in Customer, Vendor and
Items, Orders
Reduced entry errors.
Reduces order entry time more than 30%

Automate GL account maintenance to Disable accounts when they contain a

segment that has been disabled
Eliminated more than 4 hours per month from accounting maintenance

Sensitive Data management

Notify security upon review of sensitive data (Sensitive Data Audit)
Filter sensitive data from form queries or lists of values
Enabled PII, SSI and security compliance without customization
NAVILLUS OVERVIEW
NAVILLUS OVERVIEW

A National boutique consulting firm headquartered in Boston, MA.

An Oracle Gold Level Partner specializing in Oracle Governance, Risk &

Compliance & E-Business Suite professional services

accelerated delivery methodology,

Integrated with Oracle Unified Methodology (i.e. AIM, OUM)
Process Driven approach tailored specifically for Governance, Risk, and
Compliance engagements
‘Design In’ Approach for Oracle e-Business Suite implementations and
upgrades

Comprehensive Content Library for GRC Product Suite

Solution set process optimization and controls accelerators
GRC & Business Process Controls Library
Enhanced and additional ACG/TCG and CCG models, modules and
associated object
NAVILLUS GRC SERVICE OFFERINGS

Advisory Implementation Optimization

Package Optimization /
Assessment Package Information Managed
Business
Services Implementation Upgrade Management Services
Alignment

GRC Application Process, Security, & ICM Migration Business Process Process & Risk Remote Database /
Strategy Roadmap Control Design Integrity & based Analytic System Administration
GRC Upgrade Optimization Design
Process & Controls GRC POC Services Functional/Technical
Evaluation “Design-in” EBS Enterprise Helpdesk Support
GRC Upgrade Customization Performance/Risk
Security & Implementation Business Process
Elimination Services Management
Configuration Project/Program Outsourcing
Assessment Role Design & Management UPK GRC Training Business Intelligence
Remediation
SOD Benchmarking
“Design-in” EBS
Comprehensive
Implementation
Security Strategy
Diagnostic
Project/Program
Management
NAVIGATE ADVANTAGE

Extensive
Proprietary
Controls Library

Business Process
GRC Training Accelerator
Materials & Solution Sets
Certificate

GRC Specific
Proprietary GRC
Processes &
Tools / Techniques
Deliverable Templates
 METHODOLOGY

Guiding Principles Result

Enablement towards sustaining Training program designed to progress our

capability client’s maturity with Oracle GRC
Technology

Accelerated approach Leverage predefined plans, templates,

techniques, & content to accelerate delivery

Repeatable approach Follow a consistent, field tested approach

towards achieving success

Tailored approach Understand client’s objectives and offer the

right mix of offerings to achieve objectives

Value driven approach Offer services and content designed to drive

true business benefit
NAVILLUS DIFFERENTIATORS

Deeply skilled advisors with years of process and controls design and
implementation experience of Oracle’s Governance, Risk and Compliance
solution and e-Business Suite advisory and implementation services
Comprehensive Content Library surrounding the GRC Controls Product Suite,
including: Solution set process optimization and control accelerators;
comprehensive Segregation of Duty and Restrictive Access Control listing;
additional configuration control objects not available within seeded Oracle
content; and, best practice GRC & Business Process Controls Library
Number of successful solution design, implementations and/or re-
implementations of competitor’s deployment for Oracle’s GRC Product Suite and
Oracle’s Enterprise Business Suite
Ability to assemble the right mix of talent and capabilities in a single team
signifying the quality and depth of our resources
Subject matter expertise and proven ability to apply critical thought for audit and
compliance strategy and execution, control rationalization and business flow and
control automation
Innovative and progressive project approach focused on achieving organizational
sustaining capability. We take pride in our ability to transfer knowledge
effectively and provide a qualitative think tank
NAVILLUS GRC ACCELERATORS

In addition to implementing and supporting clients GRC Applications, we have a library

of EBS risk based solutions to help optimize and automate manually inefficient or timely
business processes, without customization. In addition to the Audit testing and
compliance reporting based benefits, we provide prebuilt solutions including

Period End Close (Navillus Fast Close)

Vendor Master Automation
Item Master Creation & Maintenance Automation
CCG R12 Risk Based Snapshot and Change Tracker Definitions
Comprehensive Oracle and PSFT Segregation of Duty and Restricted Access Library
User Administration Control Set
Oracle Application Access Certification
User Access Accelerator for Provisioning and De-provisioning
Denied Party Screening (including preventive Transactional and Master Data
Monitoring controls)
Fraud Monitors
Survey/Certification Processing and Analytics
Audit and Compliance Based Automated Solutions including (SOX, SAS99, NERC,
OFAC)
Process Based Oracle Risk and Control Documentation
NAVILLUS CONTENT BY MODULE

GRC Modules Navillus Content

PCG • 120 + prebuilt rules for Process and Control Optimization / Automation
covering the following business processes
• GLR (18 Rules)
• P2P (43 Rules)
• OTC (19 Rules
• H2R (13 Rules)
• MFG (3 Rules)
• PA (8 Rules)
• SYSADMIN (15 Rules)
CCG (R12) • R12: 107 Additional Objects across following 6 Modules not included by
Oracle:
• Projects
• Inventory
• Order Management
• Shipping
• Advanced Pricing
• Assets
• PCG (11i also)
ACG / TCG • 175 + Risk Based SOD and Restrictive Access Rules
• 150 Comprehensive Entitlements
• 30 + Transactional Risk / Fraud / Security Based Control Monitors
QUESTION & ANSWER SESSION