Configuration GRC

& Oracle Configuration Controls Governor

May 2009
Oracle GRC Strategy Barry Greenhut

Application GRC tells you

Whos using our apps?

ACCESS CONTROLS

What can they do?

CONFIGURATION CONTROLS

What have they done?

TRANSACTION CONTROLS

Application GRC controls reduce

Financial Loss

Compliance Cost
Audit Effort

Configuration examples
Financial Loss
Tax mis-configuration causes under-collection of taxes, goes
undetected for months.
Consequences: Pay taxes on behalf of customers, plus
penalties.
Clerk changes bank account info without cross-check,
millions transferred before fraud discovered.
Consequences: Money lost, or frozen pending litigation;
public confidence shaken due to notoriety.
Sales reps raise customers credit limits so they can buy
more.
Consequences: Customers default on payments, receivables
aging forces write-downs.

Configuration examples
! Compliance Cost
Ledger Set mis-configuration allocates revenues amongst
divisions incorrectly.
Consequences: Restate and refile quarterly results; public
confidence shaken due to notoriety.

Audit Effort
Production patch resets vendor tolerances, goes unnoticed
for months.
Consequences: Internal audit team spends months proving
there were no abuses; external auditors perform substantial
transaction examination.

How do I control costs/risks?

Control setup changes that can have significant
financial or regulatory impact
Identify setup changes that violate financial or
regulatory policy
Accelerate documentation and analysis of setup
values

Use CCG to control costs/risks

Use CCG to:
Reduce Financial Loss

Control setup changes that can have

significant financial or regulatory impact

Reduce Compliance Costs

Identify setup changes that violate

financial or regulatory policy

Reduce Audit Effort

Accelerate documentation and analysis

of setup values

Change
Tracking

Snapshots &
Comparisons

Alert users
when key
setups
change

Find
differences
between
production &
baseline

Audit trail of
changes

Document all
setup values,
as seen in the
original
application

CCG has delivered GRC savings since 1998

No substantial competitors
Just the configuration GRC you absolutely need:
Full audit trails and alerts (Change Tracking)
Comprehensive record keeping (Snapshots)
Find discrepancies (Snapshot Comparisons)

CCG has delivered GRC savings since 1998

Quick to implement can be done in one day, thanks
to shrink-wrap support for:
EBS R12 12 modules, 550+ setups
EBS 11i 66 modules, 3,000+ setups
PSFT HCM 8.8/8.3 9 modules, 400+ setups

Protects data from prying eyes you control all

access
Centralizes all controls and data in a single source of
truth

CCG Features
Change Tracking

Alert users whenever changes occur

Dashboard summarizes changes in all environments
Drill down to see details of all changes
Export change details to CSV (Excel) and PDF

10

Change Tracking captures every change

made to designated setups
Configuration Governor - Change Tracker

Envir
1

Envir
2

Envir
3

App A

29

App B

519

App C

39

Audit Trail

Page/Form

Insert
Update
Delete

Automatically alerts
designated parties
when changes occur

Generates authoritative
audit trail reports (Who, What, When, How)
11

CCG Features
Snapshots & Comparisons
Document all setup values seen in the original applications
Compare two environments values (e.g., Production vs. a
best-practice baseline), or snapshots from two points in time
Export all details to CSV (Excel) and PDF

12

Snapshots record setup values

to identify deviations from policy, and for compliance
documentation

Page/Form

Snapshot

13

Values found in child pages/forms are

captured too
Page/Form

Child

Snapshot

14

Compare setup values from different:

Environments Dates SOBs/Ledgers
Operating Units Application Releases
Snapshot 1

Snapshot 2

15

CCG Features
Comprehensive Data Security
Control the business data seen by each CCG user
Control the actions each CCG user can take
Install CCG in firewalled tier

Flexible
Reconfigure Change Tracking on demand
Schedule Snapshot schedules, and take Snapshots on
demand
Generate Comparisons on demand
Add new business environments on demand

16

CCG Features
Mature Product
Introduced in 1998
Over 300 EBS customers
Over 60,000 developer-hours invested in creating metadata
for EBS and PeopleSoft

Metadata = Ready to Use

Shrink-wrap support for 12 R12 modules (550+ setups) and
66 EBS 11i modules (3,000+ setups)
Shrink-wrap support for 9 PeopleSoft HCM 8.8/8.3 modules
(400+ setups)
Add support for additional setups with MetaBuilder, a
developers tool included in CCG

17

Shrink-Wrap Support
EBS R12

EBS 11i

PSFT HCM 8.8

550+ setups

3,000+ setups

400+ setups

BASE ENGINE
Alerts
Application Object Library
Common Modules
System Administration

BASE ENGINE

BASE ENGINE

CONTRACTS

HCM
Benefits
Compensation
HR
Payroll
Pension
Recruiting
Stock Administration
Workflow

FINANCIALS
General Ledger
Subledger Accounting
Payables
eBusiness Tax
Legal Entity Configurator
Receivables / iReceivables
PROCUREMENT
iProcurement
Purchasing

CRM
DISTRIBUTION
FINANCIALS
HR/PAYROLL
MANUFACTURING
PLANNING
PROCUREMENT
PROJECTS
PUBLIC SECTOR

18

Use MetaBuilder to Create More

Metadata

19

Summary
Configuration Controls Governor offers GRC value:
Reduce Financial Loss and Risk
Reduce Regulatory Compliance Cost and Risk
Reduce Audit Effort

CCG is a mature product that provides a single place

to manage all application configuration GRC
CCG comes ready-to-use, with support for:
EBS R12 (12 modules, 550+ setups)
EBS 11i (66 modules, 3,000+ setups)
PSFT HCM 8.8/8.3 (9 modules, 400+ setups)
Add more support using MetaBuilder

20