Beruflich Dokumente
Kultur Dokumente
AGENDA
Navillus Differentiators
GRC Intelligence
Executive KRIs and KPIs Ad-Hoc
Dashboards Analysis
GRC Controls
Application SOD & Access Transaction
Configuration Monitoring
Preventive Controls
Oracle Other
Applications Applications
ORACLE GOVERNANCE RISK AND COMPLIANCE
GRC Controls
Application SOD & Access Transaction
Configuration Monitoring
Preventive Controls
Oracle Other
Applications Applications
ORACLE GOVERNANCE RISK AND COMPLIANCE
GRC Intelligence
Executive KRIs and KPIs Ad-Hoc
Dashboards Analysis
GRC Controls
Application SOD & Access Transaction
Configuration Monitoring
Preventive Controls
Oracle Other
Applications Applications
ORACLE GOVERNANCE RISK AND COMPLIANCE
GRC Intelligence
Executive KRIs and KPIs Ad-Hoc
Dashboards Analysis
GRC Controls
Embedded Controls
• Detective, Preventive, Contextual
Application SOD & Access Transaction
Configuration • Automated controls testing
Monitoring
• Pre-built controls library
Preventive Controls
Oracle Other
Applications Applications
GRC CONTROLS
ACCESS CONTROLS GOVERNOR (ACG)
APPLICATION ACCESS CONTROLS GOVERNOR:
Detection Prevention
Menu Grants
Query-only Exclusions Responsibility: Payables User Flags
Functions
AZN
(Process) Menu: AP_Navigate_GUI12
Function: Purchase Orders Menus
Submenu: AZN_AP_Invoices_Entry
Function: Invoice Batches
Inherent
SOD Conflict
False
Positive
ONLINE CONFLICT ANALYSIS
Custom,
Legacy, Etc.
• User access within different, multiple • User access across different instances,
platforms or instances platforms, applications, etc.
ORACLE ACG BUSINESS VALUE
Access Controls
Detection Prevention
Configuration Controls
Snapshots
Document key controls across the entire
organization.
Comparisons
Ensure consistency of controls across:
- Instances - Versions
- Points in Time - Operating Units
- Sets of Books
Change Tracking
Real-time monitoring of key controls in
Oracle. Ensure visibility and integrity of
controls over a period of time.
Fine-grained
Require approvals and reasons for change
Change Control
prior to system acceptance on key fields.
EXAMPLE OF SETUPS AND KEY CONTROLS
Key Controls
Setup Data
Application Security 3-way matching of PO, Invoice and
Document Approvals Receipt
Chart of Accounts Document spending limits
Profile Options Setups = (authorization of PO)
Users Key Security rules – access to sensitive
Application Setups Controls transactions
MRP rules • Employee salaries
• Chart of account values
• Financial statement reports
Operational Data (FSGs)
Customers • Price lists
Suppliers • Inventory attributes
Employees Action for late delivery of goods
Buyers Inventory stocking rules
Items Rules to create tax on sales orders
Chart of Account Values Depreciation methods
Category Codes
FLEXIBLE CONFIGURATION REPORTING
Configuration
Reports
with field
descriptions
for business users
Capture change for
both operational
& audit purposes
Detect and receive
alerts for key fields
Users and
administrators
are alerted via
email that a
setup or control
changed.
ORACLE CCG BUSINESS VALUE
Configuration Controls
Detection Prevention
Automated control
monitors to schedule
or run as needed
TCG PROCESS AND BENEFITS
Automated control
monitors written with
business related
objects
TCG PROCESS AND BENEFITS
Benford Analysis
Mean Analysis
Business Elements from
Designated Nationals list
Prevention
Form Rules
Flow Rules
Audit and Change Control
PROCESS AND CONTROL AUTOMATION
Business Rules
Intellectual property
FILLING THE ORACLE APPLICATION GAPS
Process and application gaps can result any number of the following
• Increased risk or fraud or loss
• Inefficiency
• Lost revenue opportunities
• Transaction integrity issues.
FILLING THE ORACLE APPLICATION GAPS
CEMLI
• Custom.pll or Form Personalization or Oracle
Workflow
• Less flexible
• Partial to fully technical
• Error prone process
• Requires strict SDLC process
Business Rules
• Configurable
• Less technical dependency
• More flexible
• Self Documenting
• Migration ready
• 30-50% less time to implement and manage
• Can combine with CEMLI for ‘simplification’
PCG VS. FORMS PERSONALIZATION / WORKFLOW
BUILDER
No downtime
Users are unaffected
No custom library to recompile
SELF DOCUMENTING
Subscribers enable the business rules to fire under the right conditions.
Subscribers conditions
include:
• User name
• Responsibility
• User profile Values
• Operating Unit
• Organization
• Data values in the form
• Subscriber lists
• Advanced wizard
created queries and
database functions.
FORM RULE- SECURITY RULES
Require X
No Update X X X X
No Insert X X X X
No Delete X X
Hide X X X
Default X
Where
Order by X
FORM RULE- NAVIGATION RULES
Exclude values
from existing List of
Values
FORM RULE- FIELD ATTRIBUTES RULES
Examples include
• Alter Prompts
Examples include
Before
Before After
Start date is
disabled
Before
After
Interest rate is
disabled due to
validation Message enforcement,
lets users know what
they need to do
Bank
Account accounts
Rate
codes Setups Dates
CHANGE CONTROL- EXAMPLE
Change request to
remove the end
date
CHANGE CONTROL- EXAMPLE
• Find out
End Date is
• Who, What, When, Why
removed after
workflow approval • With apps or db
CHANGE CONTROL - SUMMARY
Difficult API’s
PL/SQL Required
Specialized Resources
“Hard Coded” solution
WHY HAVE ORACLE USERS NOT EMBRACED
WORKFLOW?
Difficult API’s
PL/SQL Required
Specialized Resources
“Hard Coded” solution
FLOW RULES FEATURES
• Initiate a Flow most anything such as other workflows, form events and
periodic scheduling
With THIS!
Define any number of steps, type of flow steps and the sequence ( or
parallel).
Check for valid Report Potential Get Payables Notify Run Vendor
Enable Vendor
setups (tax id) fraud Approval Purchasing Report(s)
SQL– Automate update of data that would otherwise require individual attention such as
automatically disabling terminated employees and cancelling any schedule
concurrent jobs.
CEMLI WOW
GRC SDLC
Satisfy
Business Process Common Customizations with
PCG
Require authorization to change invoice details
Procure to Pay Distribution Coding Requirements for certain
Purchase types
Prevent discount level breach on sales order
agreements
Order type controls
Order to Cash
Sales order approvals and credit checks
Item management (creation, change control,
attributes, cost)
Default data, Alter navigation and automate entry in Customer, Vendor and
Items, Orders
Reduced entry errors.
Reduces order entry time more than 30%
Package Optimization /
Assessment Package Information Managed
Business
Services Implementation Upgrade Management Services
Alignment
GRC Application Process, Security, & ICM Migration Business Process Process & Risk Remote Database /
Strategy Roadmap Control Design Integrity & based Analytic System Administration
GRC Upgrade Optimization Design
Process & Controls GRC POC Services Functional/Technical
Evaluation “Design-in” EBS Enterprise Helpdesk Support
GRC Upgrade Customization Performance/Risk
Security & Implementation Business Process
Elimination Services Management
Configuration Project/Program Outsourcing
Assessment Role Design & Management UPK GRC Training Business Intelligence
Remediation
SOD Benchmarking
“Design-in” EBS
Comprehensive
Implementation
Security Strategy
Diagnostic
Project/Program
Management
NAVIGATE ADVANTAGE
Extensive
Proprietary
Controls Library
Business Process
GRC Training Accelerator
Materials & Solution Sets
Certificate
GRC Specific
Proprietary GRC
Processes &
Tools / Techniques
Deliverable Templates
METHODOLOGY
Deeply skilled advisors with years of process and controls design and
implementation experience of Oracle’s Governance, Risk and Compliance
solution and e-Business Suite advisory and implementation services
Comprehensive Content Library surrounding the GRC Controls Product Suite,
including: Solution set process optimization and control accelerators;
comprehensive Segregation of Duty and Restrictive Access Control listing;
additional configuration control objects not available within seeded Oracle
content; and, best practice GRC & Business Process Controls Library
Number of successful solution design, implementations and/or re-
implementations of competitor’s deployment for Oracle’s GRC Product Suite and
Oracle’s Enterprise Business Suite
Ability to assemble the right mix of talent and capabilities in a single team
signifying the quality and depth of our resources
Subject matter expertise and proven ability to apply critical thought for audit and
compliance strategy and execution, control rationalization and business flow and
control automation
Innovative and progressive project approach focused on achieving organizational
sustaining capability. We take pride in our ability to transfer knowledge
effectively and provide a qualitative think tank
NAVILLUS GRC ACCELERATORS