• Madhu Babu Vitta
    Risk Mgt | AAC | Reports45.0
    Topic posted November 6, 2019 by Madhu Babu VittaSilver Medal: 2,000+ Points, tagged Advanced Controls, ERP, GRC, Risk Management, Security, SOX in Human Capital Management > Risk Management public
    Risk Mgt | AAC | Reports
    Risk Mgt | AAC | Reports

    Hello All,

    Any one using BIP or OTBI reports on AAC(Advanced Access Control) side. I see few out of the box Dashboard and analysis available but they are more on Administration side but not on Results side.

    I don't see any AAC reports in Common Reports Sharing center and no posts related to AAC Reports.

    Appreciate if anyone can share reports they are using. 

  • Anil Jami
    RMC Access certification25.0
    Topic posted November 28, 2019 by Anil Jami, tagged Advanced Controls, Financial Reporting Compliance, Risk Management, Separation of Duties in Human Capital Management > Risk Management public
    RMC Access certification
    Is there any impact if I do access certification after Go Live
  • Anil Jami
    RMC Project plan2
    Topic posted November 28, 2019 by Anil Jami, tagged Advanced Controls, Compliance, Financial Reporting Compliance, GRC, Risk Management in Human Capital Management > Risk Management public
    RMC Project plan
    Can I get sample project plan for RMC implementation project
  • Fiona Purves
    Seeking Thought Leaders – Modern Finance Experience 20201
    Announcement posted October 23, 2019 by Fiona PurvesGreen Ribbon: 100+ Points, tagged Announcements, Financials, Procurement, Project Portfolio Management, Risk Management in ERP Members > ERP Announcements public
    Seeking Thought Leaders – Modern Finance Experience 2020

    We’re looking for change agents and industry thought leaders wanting to share their experience in deploying Oracle’s Cloud solutions. If you have helped transform your finance organization, used the cloud to reduce operating costs and shorten close cycles, or enabled faster decision-making with better insight and control, or just made your organization run more efficiently, Oracle would love to help you share the story.

    This is your opportunity to be showcased and honored as one of the brightest minds in finance and to let your peers know.

    Submit your content ideas for an opportunity to be a presenter at Modern Finance Experience at MBX in Chicago March 23-26, 2020.

    Submit Your Idea Today:

    Hurry! Call for Ideas Closes Oct. 25.

    See you in Chicago!

  • Christine Doxey
    Seven Best Practices to Reduce Risk in Your Supplier...4.8
    Topic posted August 13, 2019 by Christine DoxeyRed Ribbon: 250+ Points, tagged Advanced Controls, Compliance, Financial Reporting Compliance, Financial Transactions, Fraud, GRC, Risk Management, Tip in Human Capital Management > Risk Management public
    Seven Best Practices to Reduce Risk in Your Supplier Onboarding Process
    In my last post, we discussed the development of a roadmap for your internal controls program. Now we’ll drill down to the Supplier Onboarding Process within the Procure-to-Pay (P2P) process.

    Leading organizations recognize the importance of comprehensive supplier qualification processes but struggle to communicate qualification requirements to potential suppliers, and have difficulties creating a baseline for evaluating supplier risk levels.  Ardent Partners reports that 51% of the respondents in “The CPO’s Top Goals for Investing in Technology” survey report improving compliance as a goal.  The Hackett Group includes customizing supplier onboarding, identifying fraud and addressing internal policy non-compliance as the best practice tactics for a world class P2P organization.

    It’s a well-known global enterprises manage thousands of invoices, purchase requisitions, and purchase orders within the Procure-to-Pay (P2P) process.  Organizations may have disconnected purchasing and accounts payable processes and may depend upon third-party software and cumbersome spreadsheets. This results in countless hours of reconciliation resulting in payment errors, compliance and control issues.

    To support tax and regulatory compliance requirements, there are several best practices to consider when onboarding your suppliers. Here are seven best practices to consider which include the following details: Summary of Action, Benefits, and Suggested Audit Trail.

    1. TIN Matching

    Summary of Action:TIN Matching utilizes the functionality provided by the IRS.  You can convert your supplier master file into the proper format required by the IRS to get actionable results.

    • Ensures 1099 accuracy.
    • Eliminates B-Notices
    • Provides fraud prevention since the matching process ensures suppliers are “legitimate.”
    • The TIN Matching process can identify duplicate suppliers and can be a catalyst for cleaning up your supplier master file.

    Suggested Audit Trail:

    • TIN Matching Summary Report (Source: IRS)
    • TIN Matches (Source: IRS)
    • Non-Matching TIN Numbers (Source: IRS)
    • TIN Numbers Not Submitted
    1. W-8 and W-9 Document Acquisition

    Summary of Action:   The W-8 form is required for all foreign suppliers. There are many variations of the W-8 forms that include the W-8 BEN, W-8 BEN-E, W-8 ECI, W-8 EXP, and W-8 IMY.  The W-8 is an IRS form that grants a foreigner an exemption from certain U.S. information return reporting and backup withholding regulations.

    • Provides an audit trail for your supplier’s TIN information.
    • Provides proof of exemption from backup withholding.
    • Back-up documentation for an erroneous B-Notice.

    Suggested Audit Trail:

    • A file containing scanned copies of all W-8 and W-9 documents acquired.
    • All scanned copies will be linked to your supplier name and number.
    1. Compliance Screening and Reporting:

    Summary of Action:   Compliance screening is a key component of supplier validation. It’s also important to complete the due diligence process to ensure that an issue is acted upon. The due diligence process includes researching Better Business Bureau, State of Incorporation data, and other research based on specific supplier information.

    • Office of Foreign Asset Control (OFAC)
    • Bureau of Industry and Security (BIS)
    • Office of Inspector General (OIG) - For Healthcare Suppliers
    • Specially Designated Nationals (SDNs)


    • Ensures compliance to OFAC and other regulatory requirements.
    • Avoids penalties due to non-compliance.

    Suggested Audit Trail:

    • Compliance Screening Reports
    • Supplier Master Screening Results Summary Report
    • Detail Per Record Match Screening Results
    • Due Diligence Process Results
    1. Supplier Master Data Review 

    Summary of Action:  To keep your supplier master in control, I recommend that your supplier master is scrubbed at least every year to alleviate duplicate suppliers, suppliers that haven’t been used in 18 months, suppliers with missing information, and suppliers that have duplicate records. 


    • Provides enhanced internal controls for your vendor master.
    • Identifies duplicate and potentially fraudulent vendors.
    • Helps to prevent duplicate payments.

    Suggested Audit Trail:

    • Duplicate Supplier Names
    • Suppliers with Duplicate Street Addresses
    • Suppliers with Duplicate PO Boxes
    • Suppliers With Duplicate Phone or FAX Numbers
    • Suppliers With Duplicate TINs                      
    1. Supplier Master Reporting and Analytics

    Summary of Action: This best practice includes the analysis of accounts payable transactions by dollar distribution, and the stratification of spending levels. It’s a great way to look into your accounts payable data to determine if there opportunities to consolidate suppliers, change invoicing methods, identify spending anomalies, or implement a P-Card program for low spend purchases.


    • Identifies transaction volumes and values of payments.
    • Highlights opportunities for invoice automation, summary billing, and the implementation of P-Cards.

    Recommended Audit Trail:

    • Top 30 Suppliers with Invoice Amounts of $0 - $150
      • Top 30 Suppliers with Invoice Amounts of $0 - $50
      • Top 30 Suppliers with Invoice Amounts of $50 - $100
      • Top 30 Suppliers with Invoice Amounts of $100 - $150
      • Invoice Payment Dollar Distribution
      • Accounts Payable Year to Year Analysis
      • Accounts Payable Transactions by Month
      • Top 50 Suppliers by Transaction
      • Top 50 Suppliers by Dollars

    6. ACH Account Validation

    Summary of Action:  The ACH account validation process is the most efficient if ACH account information is validated and maintained in the supplier master file. As a best practice, many companies contact either the supplier or the supplier's bank to validate the banking information. 


    • Prevents payment fraud and ensures that funds are disbursed to the correct supplier bank account.
    • Provides an enhancement to current disbursement controls.

    Recommended Audit Trail:

    • A report that reflect the positive confirmation of ACH numbers.
    • All non-confirmed or accounts with issues should also be reported.
    1. Insurance Certificate Acquisition

    Overview of Action:  Validation of the insurance certificate provided by the supplier. 


    • Validating the insurance certificate when you set up a supplier should be a key step in the onboarding process.

    Recommended Audit Trail:

    • A file containing scanned copies of all insurance certificates should be available for review. 

    In conclusion, these seven best practices support your supplier onboarding process and can help to ensure that the data is accurate in your supplier master. With correct supplier master data, invoicing and payment processes are accurate. This means that financial statements and cash management processes will be correct and there is confidence in your supplier data.

    If you have questions about these best practices or the supplier onboarding process, please post a comment below.

  • Christine Doxey
    The Benefits of Segregation of Duties Controls5.0
    Topic posted November 9, 2018 by Christine DoxeyRed Ribbon: 250+ Points, tagged Advanced Controls, Compliance, Financial Transactions, Fraud, GRC, Risk Management, Sarbanes Oxley, Separation of Duties, SOX in Human Capital Management > Risk Management public
    The Benefits of Segregation of Duties Controls
    In my last post, we discussed the concept of implementing internal controls to mitigate risk. Segregation of duties is a fundamental control to consider when managing risk.

    What is Segregation of Duties (SoD)?

    The key principle of segregation of duties is that an individual or small group of individuals should not be in a position to control all components of a transaction or business process. The general duties to be segregated are: planning/initiation, authorization, custody of assets, and recording or reporting of transactions. In addition, control tasks such as review, audit, and reconcile should not be performed by the same individual responsible for recording or reporting the transaction. Adequate segregation of duties controls reduces the likelihood that errors (intentional or unintentional) will remain undetected by implementing separate processing by different individuals at various stages of a transaction and for independent reviews of the work performed. 

    Segregation of duties controls provides four primary benefits: 1) the risk of a deliberate fraud is mitigated as the collusion of two or more persons would be required in order to circumvent controls;  2) the risk of legitimate errors is mitigated as the likelihood of detection is increased;  3) the cost of corrective actions is mitigated as errors are generally detected earlier in their lifecycle; and 4) the organization’s reputation for integrity and quality is strengthened through a system of checks and balances.

    Applying SoD Controls to Systems Access

    The principle of segregation of duties is critical as it ensures the separation of different functions such as transaction entry, on-line approval of the transactions, master file initiation, master file maintenance, user access rights, and the review of transactions.  This means that one individual should not have access rights which permit them to enter, approve and review transactions. Assigning different security profiles or roles to various individuals supports the principle of segregation of duties. As an example, this principle can be reinforced by systems access policy and the ongoing review of system access controls as part of your internal controls program.

    Eight Categories of SoD Controls to Consider

    The following categories of duties or responsibilities should be considered when implementing segregation of duties controls and can  be validated by system access roles by asking the question, “Who can do what?” These controls can be used to develop your internal controls self-assessment process and when considering compensating controls to mitigate risk for a specific business process.

    1. Policy, Plans and Goals
      • Formulating policy, plans and goals
      • Approving policy, plans and goals
    2. Developing/analyzing business case justification
      • Transaction SoD Controls
      • Initiating a transaction
      • Authorizing the transaction
      • Recording the transaction
    3. Monitoring or having custody of physical assets
    4. Monitoring and/or reporting on performance results
    5. Reconciling accounts and transactions
    6. Master File Transactions
      • Authorizing master file transactions
      • Processing master file transactions
    7. Providing information systems development, security administration, and other related support
    8. Following-up and resolving issues or discrepancies
  • Sridhar Yogeswaran
    Unable to view AAC dataAnswered25.0
    Topic posted May 21, 2018 by Sridhar YogeswaranRed Ribbon: 250+ Points, tagged Risk Management in Human Capital Management > Risk Management public
    Unable to view AAC data
    New User cannot view existing models or create new models

    In the demo instance instead of using Philip.Kent login,  I had defined a new user and assigned the seeded Application Access Auditor Job role and additionally Accounts Payable Specialist role. However when i login as the new user I can see the AAC cards but when i click on Models I can't view any of the existing models (that I can see with Philip Kent's login). Please let me know if I am missing any other step. I am able to view relevant AP data as expected. Appreciate your help


  • Barry Greenhut
    Your Path to Success with Risk Management5.0
    Topic posted September 1, 2016 by Barry GreenhutSilver Medal: 2,000+ Points, tagged Advanced Controls, Compliance, ERP, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Public Sector, Risk Management, Sarbanes Oxley, Security, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Your Path to Success with Risk Management
    Take the shortest and most cost-effective path to success

    1. Get Started
    Learn how to plan and adopt Risk Management, then sustain it through growth and change: Explore the details | Get training

    2. Team With a Cloud Excellence Implementer
    Working with one of our CEIs is a must-have for success – only these experts offer the functional and technical experience needed to succeed. To get connected, contact your Oracle representative.

    3. Implement Our Baseline Processes
    These business processes and automation are the foundation of each implementation. Once you have an implementation plan, request a plan review from your Oracle representative (available for a limited time):

  • Christine Doxey
    Your Roadmap for Implementing an Internal Controls Program5.0
    Topic posted July 16, 2019 by Christine DoxeyRed Ribbon: 250+ Points, tagged Advanced Controls, Compliance, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Risk Management, Sarbanes Oxley in Human Capital Management > Risk Management public
    Your Roadmap for Implementing an Internal Controls Program
    In my previous posts, I wrote about segregation of duties (SoD), risk based and compensating controls. This post provides the suggested steps for an internal controls roadmap.

    We’ve defined internal controls as a critical component throughout business strategies, operations, and processes.  Operationally effective controls are the linchpin to assure that an organization can reliably achieve objectives while addressing uncertainty and acting with integrity. Where do we start the internal controls journey and how do we implement a strong internal controls program?

    Many organizations take an approach to internal control management that has defined intersections with risk, compliance, and audit processes and use a set of standards.  But typically, all organizations face the following challenges with building and maintaining an internal controls program.

    • Providing an integrated strategy and view of financial and operational controls across the organization.
    • Defining a common language for risk and control.
    • Increasing confidence in ongoing risk coverage throughout all business processes.
    • Establishing Overall Responsibility for a company’s internal controls program to ensure consistency and to avoid duplication of effort.
    • Capturing business changes with updated and changing controls.
    • Combining finance and operational control teams and revamping processes to address a controls weakness.
    • Prioritizing the key controls for a business process that can truly mitigate risk.
    • Managing the human element in controls management.
    • Expanding and reacting to the ongoing regulatory requirements for internal control management.
    • Addressing a lack of resources while being tasked with more internal control responsibilities across controls.
    • Keeping controls aligned with business processes and a changing environment.
    • Implementing a system and technology to manage all controls across the organization.
    • Developing Transparency, reporting, and monitoring
    • Integrating controls into daily workflow particularly when staff transitions occur.

    So how does a company establish a roadmap to build an internal controls program to address these challenges?  Here are some steps to consider when establishing or enhancing your internal controls program.

    1. Define the Organization and Process Context: For most organizations, inefficiencies from an internal controls program fragmentation are so great that huge savings are possible by taking the simple step of eliminating silos and operating on a common context and structure with well-defined responsibilities. Which business process is your focus? Which process has a known control weakness, an identified audit finding or a detected fraudulent activity? The outcome of these efforts will enable an organization to:
    • Establish priorities and focus of coverage. 
    • Coordinate planning across all business units.
    • Eliminate gaps and duplication in coverage.
    • Decrease time spent by business process owners.
    • Increase ability to spot control issues and trends as they develop.
    • Utilize a single strategy and methodology for risk mitigation.
    1. Establish a Common Language for Risks and Controls: Without a standard naming convention or common methodology for determining or classifying risks and controls, business process owners are unable to share information. The benefits of utilizing a common language for risks and controls include:
    • Improved reporting throughout the organization.
    • Audit and control issues are embedded in your program and are promptly assigned and corrected. 
    • Consistent coverage—all risks are considered but there is a focus on the risk of material misstatement.
    • Improved business performance—risks explain performance gaps.
    • Better decision making—decisions are risk based.
    • Less external oversight and audits—controls are standardized using a common methodology.
    1. Implement a Consistent Reliable Methodology: Without a consistent methodology for your internal controls program, the cost of controls can be expenses with incomplete coverage and inaccurate results. Examples of a consistent methodology include:
    • The top-down risk criteria is established with consistent risk identification.
    • The risks are properly accessed by appropriate internal controls.
    • The risks that require a response are identified.
    • The risk responses that require remediation are prioritized.
    1. Focus on Transparency, Reporting and Monitoring: All information on the status of risks and controls should be available for continuous reporting. If implemented effectively, communication between management and the board of directors is in place with a focus on risk mitigation and the achievement of business objectives.  The benefits of a consistent and disciplined reporting structure include:
    • Availability of accurate and consistent reports.
    • Positive knowledge and reporting of risks and controls across the company.
    • Information sharing across business processes.
    • Confidence of the reliability of all risk and control information.
    1. Leverage Technology: By eliminating information silos and redundant data entry, and taking a unique holistic approach to regulatory challenges, technology provides greater efficiency, improves collaboration, and reduces the time and resource costs.  Additional benefits that can be gained by utilizing a defined technology solution for internal controls include:
    • A single universe of all risk and controls data called "The Internal Controls Universe."
    • Elimination of duplicate documentation. 
    • The implementation of a controls self-assessment process.
    • More processes, risks, controls can be assessed and properly prioritized.
    • Increase in management accountability.
    • Consolidated and reliable reporting.
    • The ability to produce metrics and analytics for your internal controls program.

    In conclusion, the success of an internal controls strategy is dependent upon communication, well-defined roles and responsibilities, standards of internal control, technology and reporting. To address the challenges of a viable and ongoing internal controls program, standards of internal control are available.

     If you have questions about these standards or the implementation of an internal controls program, please post a comment below.