Posts

Posts

  • Barry Greenhut
    Risk Management @ OpenWorld 2019 - Recap and presentations5.0
    Topic last edited October 9, 2019 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Advanced Controls, Compliance, ERP, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Public Sector, Risk Management, Sarbanes Oxley, Security, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Title:
    Risk Management @ OpenWorld 2019 - Recap and presentations
  • Anand Naik
    Re-opening of closed access incidents2
    Topic posted September 2, 2019 by Anand NaikGreen Ribbon: 100+ Points, tagged Risk Management in Human Capital Management > Risk Management public
    Title:
    Re-opening of closed access incidents
    Summary:
    Re-opening of closed access incidents
    Content:

    Please answer the following practical question.

    An Access Control incident was remediated (access removed) which closed the incident. After some days, the access was granted again. Now when the access control evaluation will be run, will the old closed incident be reopened or a new incident (similar to old incident) will be created.

     

    Thanks in advance!!

  • Barry Greenhut
    OpenWorld 2019 Preview: Risk Management Cloud4.9
    Topic last edited September 3, 2019 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Financials, Risk Management in Human Capital Management > Risk Management public
    Title:
    OpenWorld 2019 Preview: Risk Management Cloud
    Content:

    Find out how to learn from fellow users, get hands-on with the newest features, meet one-on-one with product managers, and more ... including CPE credit!

    Watch the video

    Download the slides

     

  • Barry Greenhut
    Hands-on with Risk Management4.8
    Topic last edited August 20, 2019 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Advanced Controls, Compliance, ERP, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Public Sector, Risk Management, Sarbanes Oxley, Security, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Title:
    Hands-on with Risk Management
    Summary:
    Watch a baseline deployment of Risk Management.
    Content:

    Updated August 2019 - all new videos and slides!

    To learn the most from these videos, we recommend proceeding in the sequence shown here:

    Prerequisite Skills

    Introduction

    Get Hands-On

    Introduction to Risk Management Cloud.

    Design secure roles. Design secure role assignments. Certify users' access.

    Detect ERP configuration changes. Find and manage fraud.

    Streamline control and compliance.

    Configure Risk Management security. Configure flexfields. Build dashboards and agents.

     

  • Christine Doxey
    Seven Best Practices to Reduce Risk in Your Supplier...4.7
    Topic posted August 13, 2019 by Christine DoxeyRed Ribbon: 250+ Points, tagged Advanced Controls, Compliance, Financial Reporting Compliance, Financial Transactions, Fraud, GRC, Risk Management, Tip in Human Capital Management > Risk Management public
    Title:
    Seven Best Practices to Reduce Risk in Your Supplier Onboarding Process
    Summary:
    In my last post, we discussed the development of a roadmap for your internal controls program. Now we’ll drill down to the Supplier Onboarding Process within the Procure-to-Pay (P2P) process.
    Content:

    Leading organizations recognize the importance of comprehensive supplier qualification processes but struggle to communicate qualification requirements to potential suppliers, and have difficulties creating a baseline for evaluating supplier risk levels.  Ardent Partners reports that 51% of the respondents in “The CPO’s Top Goals for Investing in Technology” survey report improving compliance as a goal.  The Hackett Group includes customizing supplier onboarding, identifying fraud and addressing internal policy non-compliance as the best practice tactics for a world class P2P organization.

    It’s a well-known global enterprises manage thousands of invoices, purchase requisitions, and purchase orders within the Procure-to-Pay (P2P) process.  Organizations may have disconnected purchasing and accounts payable processes and may depend upon third-party software and cumbersome spreadsheets. This results in countless hours of reconciliation resulting in payment errors, compliance and control issues.

    To support tax and regulatory compliance requirements, there are several best practices to consider when onboarding your suppliers. Here are seven best practices to consider which include the following details: Summary of Action, Benefits, and Suggested Audit Trail.

    1. TIN Matching

    Summary of Action:TIN Matching utilizes the functionality provided by the IRS.  You can convert your supplier master file into the proper format required by the IRS to get actionable results.

    • Ensures 1099 accuracy.
    • Eliminates B-Notices
    • Provides fraud prevention since the matching process ensures suppliers are “legitimate.”
    • The TIN Matching process can identify duplicate suppliers and can be a catalyst for cleaning up your supplier master file.

    Suggested Audit Trail:

    • TIN Matching Summary Report (Source: IRS)
    • TIN Matches (Source: IRS)
    • Non-Matching TIN Numbers (Source: IRS)
    • TIN Numbers Not Submitted
    1. W-8 and W-9 Document Acquisition

    Summary of Action:   The W-8 form is required for all foreign suppliers. There are many variations of the W-8 forms that include the W-8 BEN, W-8 BEN-E, W-8 ECI, W-8 EXP, and W-8 IMY.  The W-8 is an IRS form that grants a foreigner an exemption from certain U.S. information return reporting and backup withholding regulations.

    • Provides an audit trail for your supplier’s TIN information.
    • Provides proof of exemption from backup withholding.
    • Back-up documentation for an erroneous B-Notice.

    Suggested Audit Trail:

    • A file containing scanned copies of all W-8 and W-9 documents acquired.
    • All scanned copies will be linked to your supplier name and number.
    1. Compliance Screening and Reporting:

    Summary of Action:   Compliance screening is a key component of supplier validation. It’s also important to complete the due diligence process to ensure that an issue is acted upon. The due diligence process includes researching Better Business Bureau, State of Incorporation data, and other research based on specific supplier information.

    • Office of Foreign Asset Control (OFAC)
    • Bureau of Industry and Security (BIS)
    • Office of Inspector General (OIG) - For Healthcare Suppliers
    • Specially Designated Nationals (SDNs)

    Benefits:

    • Ensures compliance to OFAC and other regulatory requirements.
    • Avoids penalties due to non-compliance.

    Suggested Audit Trail:

    • Compliance Screening Reports
    • Supplier Master Screening Results Summary Report
    • Detail Per Record Match Screening Results
    • Due Diligence Process Results
    1. Supplier Master Data Review 

    Summary of Action:  To keep your supplier master in control, I recommend that your supplier master is scrubbed at least every year to alleviate duplicate suppliers, suppliers that haven’t been used in 18 months, suppliers with missing information, and suppliers that have duplicate records. 

    Benefits:

    • Provides enhanced internal controls for your vendor master.
    • Identifies duplicate and potentially fraudulent vendors.
    • Helps to prevent duplicate payments.

    Suggested Audit Trail:

    • Duplicate Supplier Names
    • Suppliers with Duplicate Street Addresses
    • Suppliers with Duplicate PO Boxes
    • Suppliers With Duplicate Phone or FAX Numbers
    • Suppliers With Duplicate TINs                      
    1. Supplier Master Reporting and Analytics

    Summary of Action: This best practice includes the analysis of accounts payable transactions by dollar distribution, and the stratification of spending levels. It’s a great way to look into your accounts payable data to determine if there opportunities to consolidate suppliers, change invoicing methods, identify spending anomalies, or implement a P-Card program for low spend purchases.

    Benefits:

    • Identifies transaction volumes and values of payments.
    • Highlights opportunities for invoice automation, summary billing, and the implementation of P-Cards.

    Recommended Audit Trail:

    • Top 30 Suppliers with Invoice Amounts of $0 - $150
      • Top 30 Suppliers with Invoice Amounts of $0 - $50
      • Top 30 Suppliers with Invoice Amounts of $50 - $100
      • Top 30 Suppliers with Invoice Amounts of $100 - $150
      • Invoice Payment Dollar Distribution
      • Accounts Payable Year to Year Analysis
      • Accounts Payable Transactions by Month
      • Top 50 Suppliers by Transaction
      • Top 50 Suppliers by Dollars

    6. ACH Account Validation

    Summary of Action:  The ACH account validation process is the most efficient if ACH account information is validated and maintained in the supplier master file. As a best practice, many companies contact either the supplier or the supplier's bank to validate the banking information. 

    Benefits:

    • Prevents payment fraud and ensures that funds are disbursed to the correct supplier bank account.
    • Provides an enhancement to current disbursement controls.

    Recommended Audit Trail:

    • A report that reflect the positive confirmation of ACH numbers.
    • All non-confirmed or accounts with issues should also be reported.
    1. Insurance Certificate Acquisition

    Overview of Action:  Validation of the insurance certificate provided by the supplier. 

    Benefits:

    • Validating the insurance certificate when you set up a supplier should be a key step in the onboarding process.

    Recommended Audit Trail:

    • A file containing scanned copies of all insurance certificates should be available for review. 

    In conclusion, these seven best practices support your supplier onboarding process and can help to ensure that the data is accurate in your supplier master. With correct supplier master data, invoicing and payment processes are accurate. This means that financial statements and cash management processes will be correct and there is confidence in your supplier data.

    If you have questions about these best practices or the supplier onboarding process, please post a comment below.

  • Christine Doxey
    Your Roadmap for Implementing an Internal Controls Program5.0
    Topic posted July 16, 2019 by Christine DoxeyRed Ribbon: 250+ Points, tagged Advanced Controls, Compliance, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Risk Management, Sarbanes Oxley in Human Capital Management > Risk Management public
    Title:
    Your Roadmap for Implementing an Internal Controls Program
    Summary:
    In my previous posts, I wrote about segregation of duties (SoD), risk based and compensating controls. This post provides the suggested steps for an internal controls roadmap.
    Content:

    We’ve defined internal controls as a critical component throughout business strategies, operations, and processes.  Operationally effective controls are the linchpin to assure that an organization can reliably achieve objectives while addressing uncertainty and acting with integrity. Where do we start the internal controls journey and how do we implement a strong internal controls program?

    Many organizations take an approach to internal control management that has defined intersections with risk, compliance, and audit processes and use a set of standards.  But typically, all organizations face the following challenges with building and maintaining an internal controls program.

    • Providing an integrated strategy and view of financial and operational controls across the organization.
    • Defining a common language for risk and control.
    • Increasing confidence in ongoing risk coverage throughout all business processes.
    • Establishing Overall Responsibility for a company’s internal controls program to ensure consistency and to avoid duplication of effort.
    • Capturing business changes with updated and changing controls.
    • Combining finance and operational control teams and revamping processes to address a controls weakness.
    • Prioritizing the key controls for a business process that can truly mitigate risk.
    • Managing the human element in controls management.
    • Expanding and reacting to the ongoing regulatory requirements for internal control management.
    • Addressing a lack of resources while being tasked with more internal control responsibilities across controls.
    • Keeping controls aligned with business processes and a changing environment.
    • Implementing a system and technology to manage all controls across the organization.
    • Developing Transparency, reporting, and monitoring
    • Integrating controls into daily workflow particularly when staff transitions occur.

    So how does a company establish a roadmap to build an internal controls program to address these challenges?  Here are some steps to consider when establishing or enhancing your internal controls program.

    1. Define the Organization and Process Context: For most organizations, inefficiencies from an internal controls program fragmentation are so great that huge savings are possible by taking the simple step of eliminating silos and operating on a common context and structure with well-defined responsibilities. Which business process is your focus? Which process has a known control weakness, an identified audit finding or a detected fraudulent activity? The outcome of these efforts will enable an organization to:
    • Establish priorities and focus of coverage. 
    • Coordinate planning across all business units.
    • Eliminate gaps and duplication in coverage.
    • Decrease time spent by business process owners.
    • Increase ability to spot control issues and trends as they develop.
    • Utilize a single strategy and methodology for risk mitigation.
    1. Establish a Common Language for Risks and Controls: Without a standard naming convention or common methodology for determining or classifying risks and controls, business process owners are unable to share information. The benefits of utilizing a common language for risks and controls include:
    • Improved reporting throughout the organization.
    • Audit and control issues are embedded in your program and are promptly assigned and corrected. 
    • Consistent coverage—all risks are considered but there is a focus on the risk of material misstatement.
    • Improved business performance—risks explain performance gaps.
    • Better decision making—decisions are risk based.
    • Less external oversight and audits—controls are standardized using a common methodology.
    1. Implement a Consistent Reliable Methodology: Without a consistent methodology for your internal controls program, the cost of controls can be expenses with incomplete coverage and inaccurate results. Examples of a consistent methodology include:
    • The top-down risk criteria is established with consistent risk identification.
    • The risks are properly accessed by appropriate internal controls.
    • The risks that require a response are identified.
    • The risk responses that require remediation are prioritized.
    1. Focus on Transparency, Reporting and Monitoring: All information on the status of risks and controls should be available for continuous reporting. If implemented effectively, communication between management and the board of directors is in place with a focus on risk mitigation and the achievement of business objectives.  The benefits of a consistent and disciplined reporting structure include:
    • Availability of accurate and consistent reports.
    • Positive knowledge and reporting of risks and controls across the company.
    • Information sharing across business processes.
    • Confidence of the reliability of all risk and control information.
    1. Leverage Technology: By eliminating information silos and redundant data entry, and taking a unique holistic approach to regulatory challenges, technology provides greater efficiency, improves collaboration, and reduces the time and resource costs.  Additional benefits that can be gained by utilizing a defined technology solution for internal controls include:
    • A single universe of all risk and controls data called "The Internal Controls Universe."
    • Elimination of duplicate documentation. 
    • The implementation of a controls self-assessment process.
    • More processes, risks, controls can be assessed and properly prioritized.
    • Increase in management accountability.
    • Consolidated and reliable reporting.
    • The ability to produce metrics and analytics for your internal controls program.

    In conclusion, the success of an internal controls strategy is dependent upon communication, well-defined roles and responsibilities, standards of internal control, technology and reporting. To address the challenges of a viable and ongoing internal controls program, standards of internal control are available.

     If you have questions about these standards or the implementation of an internal controls program, please post a comment below.

     

  • Barry Greenhut
    Keeping up with Risk Management5.0
    Topic last edited July 12, 2019 by Sujay BandyopadhyayRed Ribbon: 250+ Points, tagged Advanced Controls, Compliance, ERP, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Public Sector, Risk Management, Sarbanes Oxley, Security, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Title:
    Keeping up with Risk Management
    Content:

    Each quarter we update your environments with new and improved functionality. To prepare, check out What's New - it describes significant changes and tells you how to get ready:

    For Advanced Controls, pre-built content is now available within a content library inside the product, Advanced Access control analyses automatically exclude results based on procurement agent configuration, transaction data synchronization performance is enhanced by eliminating redundant language related data, assessment completion page in Financial Reporting Compliance is enhanced, and a lot more...

    To keep up with us, make this page a Favorite (the button's above on the right) - we'll update it each time we publish a new edition of What's New, and you'll get a notification.

  • Kim Puls
    History Tab not viewable in Contracts Module13.0
    Topic posted June 10, 2019 by Kim PulsSilver Medal: 2,000+ Points, tagged Risk Management in Human Capital Management > Risk Management public
    Title:
    History Tab not viewable in Contracts Module
    Content:

    We have witnessed this behavior in PPM and are not seeing it in Contracts.

    Contract Management > Contracts > Search for an Active # and open the contract. You can click on all tabs and get a result until you click on History...you get a blank screen and can't navigate anywhere else.

    Is anyone else having this issue?

    Thanks - Kim

    University of Wyoming

    Version:
    R13-19B
  • Barry Greenhut
    Get support for Risk Management4.7
    Topic last edited April 10, 2019 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Advanced Controls, Compliance, ERP, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Public Sector, Risk Management, Sarbanes Oxley, Security, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Title:
    Get support for Risk Management
    Content:

    My Oracle Support offers quick references to accelerate your work:

  • Barry Greenhut
    Design and export your own Risk Management reports24.8
    Topic posted March 6, 2019 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Advanced Controls, Compliance, ERP, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Public Sector, Risk Management, Sarbanes Oxley, Security, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Title:
    Design and export your own Risk Management reports
    Content:

    When you subscribe to Risk Management, you get complimentary access to tools that let you design reports, pivot, analyze and export data, and much more.

    We're thrilled to share two new videos by Stephanie Golly, our product manager in charge of this topic. She'll show you how to create and export your own analyses of user access and transactions - an Access Incident Details Extract report (AIDE) and Transaction Incident Details Extract report (TIDE).

    And don't miss Lakshmi Rajamohan's master class in Financial Reporting Compliance reports and dashboards - part of our Hands-On series!