You are on page 1of 13

<Insert Picture Here>

GRC Applications Suite

GRC Controls
Automated Application Controls Monitoring

GRC Intelligence GRC Manager GRC Controls


SOD & Access Application Configuration Preventive Controls Transaction Monitoring

Monitor Control Effectiveness

What users have done

Whats changed in the process

What are the execution patterns

SOD & Access

Application Configuration Preventive

Transaction Monitoring

What users can do

How is the process set up

How users execute processes

Enforce Policies in Context

Configuration Controls Governor


Ensure Integrity of Critical Application Setups

GRC Intelligence GRC Manager GRC Controls


SOD & Access Application Configuration Preventive Controls Transaction Monitoring

Achieve consistent setup and


operating standards across releases, multiple instances

Tightly control change management to


accelerate development, testing

Track complete audit trails for changes


to key configurations (before & after upgrade)

Detection

Prevention

Define Configuration Controls

Document or Compare Configurations

Monitor Configuration Changes

Enforce Change Control

Manage Data Integrity

GRC Intelligence

Configuration Controls
SOD & Access

GRC Manager

GRC Controls
Application Configuration Preventive Controls Transaction Monitoring

Reduce Upgrade Time and Cost

Automate the creation of BR-100s Ensure instances are synchronized (ex: Test vs. Prod)

Reduce Testing Time and Cost

Reduce testing/debug time- identify changes Reduce need for Oracle support and SR creation

Lower Go-Live Risks/Costs

Reduce and eliminate costs due to

undocumented/unknown configuration settings

Application Access Controls Governor


Enforce Proper Segregation of Duties in Applications

GRC Intelligence GRC Manager GRC Controls


SOD & Access Application Configuration Preventive Controls Transaction Monitoring

Mitigate risk of inappropriate user


access with approval workflow and audit trails

Simplify segregation of duties


enforcement with simulation and remediation

Accelerate deployment and time to


value with ready-made controls library

Detection

Prevention

Define Access Controls

Access Analysis

Remediation (Clean-up)

Preventive Provisioning

Compensating Policies

GRC Intelligence

Access Controls
SOD & Access

GRC Manager

GRC Controls
Application Configuration Preventive Controls Transaction Monitoring

Reduce Upgrade Time and Cost

Best practice SOD policy library for EBS R12 Design compliant roles Quickly detect and remediate access control

violations Comply with access policies from day one

Enforce Access Policies

Automate compliant user access provisioning Integrate with Identity Management solutions

Cross Platform Support

Allow customer to define and manage complex

multi-platform, multi instance global access policies

Transaction Controls Governor


Identify Inaccurate or Fraudulent Transactions

GRC Intelligence GRC Manager GRC Controls


SOD & Access Application Configuration Preventive Controls Transaction Monitoring

Continuously monitor
transaction accuracy, mitigate fraud exposure
Business Elements from Designated Nationals list Business Elements Suppliers from various business applications Business Rules, written in Plain English, by Business People No Coding/Scripting

Test against thresholds Search for anomalies Perform transaction sampling

Detection

Prevention

Define Transaction Controls

Perform Transaction Analysis

Review and Address Suspects

Preventive Transaction Controls

GRC Intelligence

Transaction Controls
SOD & Access

GRC Manager

GRC Controls
Application Configuration Preventive Controls Transaction Monitoring

Reduce Upgrade Time and Cost

Test upgraded business flows and have insight into

transactions before they hit the General Ledger Be aware of erroneous transactions stuck in subledgers or interface tables

Reduce Operational Risk

Identify transaction processing errors due to

changed procedures resulting in expense leakage and an increase in post audit recovery losses

Reduce Compliance Cost

Reduce internal and external costs where key

control changes are necessary due to changed functionality

Preventive Controls Governor


Embed Controls Natively in Enterprise Apps

GRC Intelligence GRC Manager GRC Controls


SOD & Access Application Configuration Preventive Controls Transaction Monitoring

Enforce preventive controls for


specific users and events

Mitigate risk of application changes


with approval workflow and audit trails

Protect sensitive application data Reduce audit costs,


reduce maintenance costs, increase IT productivity

Prevention

Define Preventive Controls

Prevent Read or Write Access

Initiate Approval Workflow

Enforce Field Validation

Review Audit Reports

GRC Intelligence

Preventive Controls
SOD & Access

GRC Manager GRC Controls


Application Configuration Preventive Controls Transaction Monitoring

Reduce Upgrade Time and Cost

Avoid customizations with configurations and the

creation of controls

Reduce Operational Risk

Reduce risk, time and cost of identifying, and

correcting errant or fraudulent transactions that violate control policies within the Oracle EBS system

Lower Go- Live Risks/Costs

Reduce risk, time and cost of identifying, and

correcting errant or fraudulent transactions that violate control policies within the Oracle EBS system

Preventive Controls
Customizations avoided

Business Process

Common Customizations

Satisfy with PCG

Procure to Pay

Require authorization to change invoice details


Prevent discount level breach on sales order agreements Order type controls Sales order approvals and credit checks Item management (creation, change control, attributes, cost) Send notifications of salary increases over certain percentage or outside of pay grade Change control on Costing/Billing settings Require approvals prior to reopening a closed period Prevent and audit changes to roles and responsibilities Conditional inquiry only

Order to Cash

Hire to Retire Project Accounting Reconcile to Report (including Fin. Close) Application Setup

Copyright 2010, Oracle. All rights reserved. Oracle Confidential