Posts

Posts

  • Christine Doxey
    Your Roadmap for Implementing an Internal Controls Program5.0
    Topic posted July 16, 2019 by Christine DoxeyRed Ribbon: 250+ Points, tagged Advanced Controls, Compliance, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Risk Management, Sarbanes Oxley in Human Capital Management > Risk Management public
    Title:
    Your Roadmap for Implementing an Internal Controls Program
    Summary:
    In my previous posts, I wrote about segregation of duties (SoD), risk based and compensating controls. This post provides the suggested steps for an internal controls roadmap.
    Content:

    We’ve defined internal controls as a critical component throughout business strategies, operations, and processes.  Operationally effective controls are the linchpin to assure that an organization can reliably achieve objectives while addressing uncertainty and acting with integrity. Where do we start the internal controls journey and how do we implement a strong internal controls program?

    Many organizations take an approach to internal control management that has defined intersections with risk, compliance, and audit processes and use a set of standards.  But typically, all organizations face the following challenges with building and maintaining an internal controls program.

    • Providing an integrated strategy and view of financial and operational controls across the organization.
    • Defining a common language for risk and control.
    • Increasing confidence in ongoing risk coverage throughout all business processes.
    • Establishing Overall Responsibility for a company’s internal controls program to ensure consistency and to avoid duplication of effort.
    • Capturing business changes with updated and changing controls.
    • Combining finance and operational control teams and revamping processes to address a controls weakness.
    • Prioritizing the key controls for a business process that can truly mitigate risk.
    • Managing the human element in controls management.
    • Expanding and reacting to the ongoing regulatory requirements for internal control management.
    • Addressing a lack of resources while being tasked with more internal control responsibilities across controls.
    • Keeping controls aligned with business processes and a changing environment.
    • Implementing a system and technology to manage all controls across the organization.
    • Developing Transparency, reporting, and monitoring
    • Integrating controls into daily workflow particularly when staff transitions occur.

    So how does a company establish a roadmap to build an internal controls program to address these challenges?  Here are some steps to consider when establishing or enhancing your internal controls program.

    1. Define the Organization and Process Context: For most organizations, inefficiencies from an internal controls program fragmentation are so great that huge savings are possible by taking the simple step of eliminating silos and operating on a common context and structure with well-defined responsibilities. Which business process is your focus? Which process has a known control weakness, an identified audit finding or a detected fraudulent activity? The outcome of these efforts will enable an organization to:
    • Establish priorities and focus of coverage. 
    • Coordinate planning across all business units.
    • Eliminate gaps and duplication in coverage.
    • Decrease time spent by business process owners.
    • Increase ability to spot control issues and trends as they develop.
    • Utilize a single strategy and methodology for risk mitigation.
    1. Establish a Common Language for Risks and Controls: Without a standard naming convention or common methodology for determining or classifying risks and controls, business process owners are unable to share information. The benefits of utilizing a common language for risks and controls include:
    • Improved reporting throughout the organization.
    • Audit and control issues are embedded in your program and are promptly assigned and corrected. 
    • Consistent coverage—all risks are considered but there is a focus on the risk of material misstatement.
    • Improved business performance—risks explain performance gaps.
    • Better decision making—decisions are risk based.
    • Less external oversight and audits—controls are standardized using a common methodology.
    1. Implement a Consistent Reliable Methodology: Without a consistent methodology for your internal controls program, the cost of controls can be expenses with incomplete coverage and inaccurate results. Examples of a consistent methodology include:
    • The top-down risk criteria is established with consistent risk identification.
    • The risks are properly accessed by appropriate internal controls.
    • The risks that require a response are identified.
    • The risk responses that require remediation are prioritized.
    1. Focus on Transparency, Reporting and Monitoring: All information on the status of risks and controls should be available for continuous reporting. If implemented effectively, communication between management and the board of directors is in place with a focus on risk mitigation and the achievement of business objectives.  The benefits of a consistent and disciplined reporting structure include:
    • Availability of accurate and consistent reports.
    • Positive knowledge and reporting of risks and controls across the company.
    • Information sharing across business processes.
    • Confidence of the reliability of all risk and control information.
    1. Leverage Technology: By eliminating information silos and redundant data entry, and taking a unique holistic approach to regulatory challenges, technology provides greater efficiency, improves collaboration, and reduces the time and resource costs.  Additional benefits that can be gained by utilizing a defined technology solution for internal controls include:
    • A single universe of all risk and controls data called "The Internal Controls Universe."
    • Elimination of duplicate documentation. 
    • The implementation of a controls self-assessment process.
    • More processes, risks, controls can be assessed and properly prioritized.
    • Increase in management accountability.
    • Consolidated and reliable reporting.
    • The ability to produce metrics and analytics for your internal controls program.

    In conclusion, the success of an internal controls strategy is dependent upon communication, well-defined roles and responsibilities, standards of internal control, technology and reporting. To address the challenges of a viable and ongoing internal controls program, standards of internal control are available.

     If you have questions about these standards or the implementation of an internal controls program, please post a comment below.

     

  • Barry Greenhut
    Keeping up with Risk Management5.0
    Topic posted April 8, 2019 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Advanced Controls, Compliance, ERP, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Public Sector, Risk Management, Sarbanes Oxley, Security, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Title:
    Keeping up with Risk Management
    Content:

    Each quarter we update your environments with new and improved functionality. To prepare, check out What's New - it describes significant changes and tells you how to get ready:

    For Advanced Controls, pre-built content is now available within a content library inside the product, Advanced Access control analyses automatically exclude results based on procurement agent configuration, transaction data synchronization performance is enhanced by eliminating redundant language related data, assessment completion page in Financial Reporting Compliance is enhanced, and a lot more...

    To keep up with us, make this page a Favorite (the button's above on the right) - we'll update it each time we publish a new edition of What's New, and you'll get a notification.

  • Barry Greenhut
    Get support for Risk Management4.7
    Topic posted April 8, 2019 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Advanced Controls, Compliance, ERP, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Public Sector, Risk Management, Sarbanes Oxley, Security, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Title:
    Get support for Risk Management
    Content:

    My Oracle Support offers quick references to accelerate your work:

  • Barry Greenhut
    Design and export your own Risk Management reports24.8
    Topic posted March 6, 2019 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Advanced Controls, Compliance, ERP, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Public Sector, Risk Management, Sarbanes Oxley, Security, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Title:
    Design and export your own Risk Management reports
    Content:

    When you subscribe to Risk Management, you get complimentary access to tools that let you design reports, pivot, analyze and export data, and much more.

    We're thrilled to share two new videos by Stephanie Golly, our product manager in charge of this topic. She'll show you how to create and export your own analyses of user access and transactions - an Access Incident Details Extract report (AIDE) and Transaction Incident Details Extract report (TIDE).

    And don't miss Lakshmi Rajamohan's master class in Financial Reporting Compliance reports and dashboards - part of our Hands-On series!

  • Venkatesh Chella
    After 18C Upgrade, Several of the Advanced Access Control...2
    Topic posted January 25, 2019 by Venkatesh ChellaRed Ribbon: 250+ Points, tagged Advanced Controls, Governance, GRC, Risk Management, Tip in Human Capital Management > Risk Management public
    Title:
    After 18C Upgrade, Several of the Advanced Access Control features are not working.
    Summary:
    Several Advanced Access Control Features stopped working after 18C Upgrade
    Content:

    FYI for Risk Management Cloud - Advanced Access Control - 18C users.

    We are getting the error 'java.lang.NullPointerException' when you try to open any Control that have already been deployed. This started happening only after 18C upgrade. This does not happen to controls that are deployed new.

    Also we are not able to deploy already existing Models into Controls after 18C. But we are able to deploy both new Models and Controls.

    New Models and New Controls = OK to Deploy, Execute and View results.
    Old Models and Deploy them now as Controls = Not working
    View Old Controls = Not able to view and getting errors " Java.lang.NullPointerException "
    Execute Old Controls - The Job fails after starting. Getting error " oracle.apps.odin.domain.job.JobExecutionException: Error occurred during analysis "

    Error Codes
    ---------------------------------------------------
    java.lang.NullPointerException, oracle.apps.odin.domain.job.JobExecutionException: Error occuring during analysis

    Version:
    Oracle Cloud application 13.18.10 (11.13.18.10.0)
  • Sujay Bandyopadhyay
    Granular Security for Assessments in Financial Reporting...24.8
    Topic posted December 20, 2018 by Sujay BandyopadhyayRed Ribbon: 250+ Points, tagged Compliance, Financial Reporting Compliance, Financials, Governance, GRC, Risk Management, Sarbanes Oxley, Security, SOX in Human Capital Management > Risk Management public
    Title:
    Granular Security for Assessments in Financial Reporting Compliance
    Content:

    Starting with quarterly update 18C, you can configure Financial Reporting Compliance data security for batch assessments independent of the data security of the objects that are being assessed. This granular security enables you to generate multiple assessments for each included object using the perspective values configured in the assessment. These improvements should dramatically increase the ease of maintaining Financial Reporting Compliance object data and the batch assessment process. The attached whitepaper provides the details.

  • Pathikp
    Oracle Cloud Risk Management integration with On-Prem Oracle45.0
    Topic posted November 29, 2018 by PathikpRed Ribbon: 250+ Points, tagged Compliance, Financial Reporting Compliance, Governance, GRC, Risk Management, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Title:
    Oracle Cloud Risk Management integration with On-Prem Oracle
    Summary:
    Does Oracle Cloud Risk Management integration with On-Prem Oracle?
    Content:

    We actively use GRC AACG and CCG on prem looking at two separate Oracle instances (12.1.3 & 12.2.3) .  In addition, we also have Oracle ERP Cloud application. 

    we would like to know more about the following

    Questions -  

    • Is there a solution/path to connect all three oracle instances (on prem two instance & Cloud instance) with Risk management Cloud?
    • Is it possible to path/interface from/to on-prem to risk management cloud?  (ie REST API)
    • if it's currently not available then do we know,will it be part of future roadmap?
  • Barry Greenhut
    Risk Management @ OpenWorld 2018 - Recap and presentations5.0
    Topic posted November 5, 2018 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Advanced Controls, Compliance, ERP, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Public Sector, Risk Management, Sarbanes Oxley, Security, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Title:
    Risk Management @ OpenWorld 2018 - Recap and presentations
    Content:

    What a great week! We shared:

    • Case studies from FEMSA (Coca-Cola MX), McDermott, Orange, Saks, Targa, and more ... along with Oracle's own Financial Governance and Source-to-Settle groups.
    • Live Q&A with users; industry experts Deloitte, KPMG, PwC and Doxey; Oracle’s product managers and consulting experts; and the GRC Special Interest Group.
    • 1-on-1 demonstrations
    • Accounting CPE Credits

    Presentations (so many, it takes three posts to share them all!):

    • First of three:
      • Use Data Science to Fight Fraud, Strengthen Security with ERP Advanced Controls
        Presenters: Didier Chabrerie, Reza B'Far, Sid Sinha
      • Audit 100 Percent of Expense/AP payments using Advanced Data analysis in ERP Cloud
        Presenters: Adil Khan, Alex Vaz, Stephen D'Arcy, Aman Desouza
      • Streamline SOX Compliance and Segregation of Duties Using Oracle ERP Cloud
        Presenters: Dider Chabrerie, John O'Connell, Rick Hargarten, Aman Desouza
      • Strengthen Security Using Advanced ERP and HCM Controls
        Presenters: Avinash BharathSingh, Dharma Shanmugam, Yong Sung (Patrick) Kwon, Aman Desouza
    • Second of three:
      • Protect Employee Private Data and Comply with GDPR Within Oracle HCM Cloud
        Presenters: Dane Roberts, Vikram Khare
      • Protect Personal Data and Comply with GDPR Using ERP Advanced Controls
        Presenters: Dane Roberts, Vikram Khare
      • Implement Segregation of Duties Automation Within Weeks Using Oracle ERP Cloud
        Presenters: Barry Greenhut, Muthuvel Arumugam, Sujay Bandyopadhyay
      • Implement SOX Certifications Within Weeks Using Oracle ERP Cloud
        Presenters: Barry Greenhut, Chris Doxey, Swarnali Bag
    • Third of three:
      • Design Secure and Compliant Roles for Oracle ERP and HCM Cloud
        Presenter: Lakshmi Rajamohan
      • Best Practices to Promote Employee Safety and OSHA Compliance Using Oracle HCM Cloud
        Presenters: Amy Aves, Glen Walton
      • GRC Special Interest Group
        Presenters: Chris Doxey, Donna Curtis, Lewis Hopkins
  • Barry Greenhut
    OpenWorld 2018 - Risk Management presentations - 1 of 35.0
    Topic posted November 5, 2018 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Advanced Controls, Compliance, ERP, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Public Sector, Risk Management, Sarbanes Oxley, Security, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Title:
    OpenWorld 2018 - Risk Management presentations - 1 of 3
    Content:

    For all presentations, visit this page.

    Links below:

    • Use Data Science to Fight Fraud, Strengthen Security with ERP Advanced Controls
      Presenters: Didier Chabrerie, Reza B'Far, Sid Sinha
       
    • Audit 100 Percent of Expense/AP payments using Advanced Data analysis in ERP Cloud
      Presenters: Adil Khan, Alex Vaz, Stephen D'Arcy, Aman Desouza
       
    • Streamline SOX Compliance and Segregation of Duties Using Oracle ERP Cloud
      Presenters: Dider Chabrerie, John O'Connell, Rick Hargarten, Aman Desouza
       
    • Strengthen Security Using Advanced ERP and HCM Controls
      Presenters: Avinash BharathSingh, Dharma Shanmugam, Yong Sung (Patrick) Kwon, Aman Desouza
  • Barry Greenhut
    OpenWorld 2018 - Risk Management presentations - 2 of 3
    Topic posted November 5, 2018 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Advanced Controls, Compliance, ERP, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Public Sector, Risk Management, Sarbanes Oxley, Security, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Title:
    OpenWorld 2018 - Risk Management presentations - 2 of 3
    Content:

    For all presentations, visit this page.

    Links below:

    • Protect Employee Private Data and Comply with GDPR Within Oracle HCM Cloud
      Presenters: Dane Roberts, Vikram Khare
       
    • Protect Personal Data and Comply with GDPR Using ERP Advanced Controls
      Presenters: Dane Roberts, Vikram Khare
       
    • Implement Segregation of Duties Automation Within Weeks Using Oracle ERP Cloud
      Presenters: Barry Greenhut, Muthuvel Arumugam, Sujay Bandyopadhyay
       
    • Implement SOX Certifications Within Weeks Using Oracle ERP Cloud
      Presenters: Barry Greenhut, Chris Doxey, Swarnali Bag