Posts

Posts

  • Barry Greenhut
    Get training for Risk Management24.8
    Topic posted September 28, 2018 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Advanced Controls, Compliance, ERP, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Public Sector, Risk Management, Sarbanes Oxley, Security, Separation of Duties, SOX, Waste in Human Capital Management > Risk Management public
    Title:
    Get training for Risk Management
    Content:

    TOP CHOICE: Oracle University provides five days of intensive hands-on training - this is the best way to bootstrap your knowledge, and is recommended for all Risk Management users and implementers.

    If you'd like to study beforehand, we suggest these resources:

     

  • Lisa Ozkan
    Release 12 upgrade dates are now available on My Services!44.8
    Topic posted March 1, 2017 by Lisa OzkanSilver Medal: 2,000+ Points, tagged Financials, Procurement, Project Portfolio Management, Risk Management in ERP Members > ERP Announcements public
    Title:
    Release 12 upgrade dates are now available on My Services!
    Content:

    As of today, Oracle Applications Cloud (Fusion) customers can now view available Release 12 upgrade dates on My Services, and start scheduling their upgrades!

    Your Service Administrator will have four weeks to pick upgrade dates according to Oracle Applications Cloud - Release Upgrade Planning document. If you do not schedule your upgrade by this deadline, Oracle will schedule your upgrade dates.  Customers can still view/confirm/reschedule these dates through My Services up to one week before their upgrade date.

    Reminders:

    • No Service Requests (SR) are required and customers who log SRs will be redirected to My Services.
    • If your Service Administrator is no longer with the company, and you do not have a backup Service Administrator, or if the existing Service Administrator cannot login to My Services, submit an SR to regain access. Instructions can be found in Service Administrator Action List.
    • You may use the attached slide deck to help you during upgrade scheduling.

     

    Read These Important Upgrade Documents Available in MOS

  • Lakshmi Rajamohan
    Financial Reporting Compliance hands-on training now...5.0
    Topic posted October 17, 2016 by Lakshmi RajamohanRed Ribbon: 250+ Points, tagged Compliance, ERP, Financial Reporting Compliance, Governance, GRC, Risk Management, Sarbanes Oxley, Security, SOX in Human Capital Management > Risk Management public
    Title:
    Financial Reporting Compliance hands-on training now available on Oracle University!
    Summary:
    Get hands-on classroom or live virtual training for Financial Reporting Compliance
    Content:

    Click here to learn how to implement the Financial Reporting Compliance Best Practice Solution that offers fastest go-live and maximum return on investment with minimum effort and project risk.

    This hands-on course will help you understand how to:

    To view schedule or to register for a class, click here

  • Barry Greenhut
    Learn about Financial Reporting Compliance5.0
    Topic posted September 1, 2016 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Compliance, Financial Reporting Compliance, Financials, Governance, GRC, Risk Management, Sarbanes Oxley, SOX in Human Capital Management > Risk Management public
    Title:
    Learn about Financial Reporting Compliance
    Summary:
    Learning resources
    Content:

    Ready to learn about Financial Reporting Compliance? Here are the best ways to start:

  • Barry Greenhut
    Checklists for Financial Reporting Compliance5.0
    Topic posted September 1, 2016 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Compliance, Financial Reporting Compliance, Financials, Governance, GRC, Risk Management, Sarbanes Oxley, SOX in Human Capital Management > Risk Management public
    Title:
    Checklists for Financial Reporting Compliance
    Summary:
    For beginners and advanced planners
    Content:

    Our Get Started with Risk Cloud page offers two checklists that provide foundations for planning and go-live:

    Here's a third checklist that more advanced planners can leverage - the prerequisite is past experience with financial reporting compliance processes:

  • Barry Greenhut
    Get support for Risk Management4.7
    Topic posted April 8, 2019 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Advanced Controls, Compliance, ERP, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Public Sector, Risk Management, Sarbanes Oxley, Security, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Title:
    Get support for Risk Management
    Content:

    My Oracle Support offers quick references to accelerate your work:

  • Barry Greenhut
    Risk Management @ OpenWorld 2019 - Recap and presentations5.0
    Topic posted September 27, 2019 by Barry GreenhutBronze Medal: 1,250+ Points, tagged Advanced Controls, Compliance, ERP, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Public Sector, Risk Management, Sarbanes Oxley, Security, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Title:
    Risk Management @ OpenWorld 2019 - Recap and presentations
  • Christine Doxey
    Your Roadmap for Implementing an Internal Controls Program5.0
    Topic posted July 16, 2019 by Christine DoxeyRed Ribbon: 250+ Points, tagged Advanced Controls, Compliance, Financial Reporting Compliance, Financial Transactions, Financials, Fraud, Governance, GRC, Risk Management, Sarbanes Oxley in Human Capital Management > Risk Management public
    Title:
    Your Roadmap for Implementing an Internal Controls Program
    Summary:
    In my previous posts, I wrote about segregation of duties (SoD), risk based and compensating controls. This post provides the suggested steps for an internal controls roadmap.
    Content:

    We’ve defined internal controls as a critical component throughout business strategies, operations, and processes.  Operationally effective controls are the linchpin to assure that an organization can reliably achieve objectives while addressing uncertainty and acting with integrity. Where do we start the internal controls journey and how do we implement a strong internal controls program?

    Many organizations take an approach to internal control management that has defined intersections with risk, compliance, and audit processes and use a set of standards.  But typically, all organizations face the following challenges with building and maintaining an internal controls program.

    • Providing an integrated strategy and view of financial and operational controls across the organization.
    • Defining a common language for risk and control.
    • Increasing confidence in ongoing risk coverage throughout all business processes.
    • Establishing Overall Responsibility for a company’s internal controls program to ensure consistency and to avoid duplication of effort.
    • Capturing business changes with updated and changing controls.
    • Combining finance and operational control teams and revamping processes to address a controls weakness.
    • Prioritizing the key controls for a business process that can truly mitigate risk.
    • Managing the human element in controls management.
    • Expanding and reacting to the ongoing regulatory requirements for internal control management.
    • Addressing a lack of resources while being tasked with more internal control responsibilities across controls.
    • Keeping controls aligned with business processes and a changing environment.
    • Implementing a system and technology to manage all controls across the organization.
    • Developing Transparency, reporting, and monitoring
    • Integrating controls into daily workflow particularly when staff transitions occur.

    So how does a company establish a roadmap to build an internal controls program to address these challenges?  Here are some steps to consider when establishing or enhancing your internal controls program.

    1. Define the Organization and Process Context: For most organizations, inefficiencies from an internal controls program fragmentation are so great that huge savings are possible by taking the simple step of eliminating silos and operating on a common context and structure with well-defined responsibilities. Which business process is your focus? Which process has a known control weakness, an identified audit finding or a detected fraudulent activity? The outcome of these efforts will enable an organization to:
    • Establish priorities and focus of coverage. 
    • Coordinate planning across all business units.
    • Eliminate gaps and duplication in coverage.
    • Decrease time spent by business process owners.
    • Increase ability to spot control issues and trends as they develop.
    • Utilize a single strategy and methodology for risk mitigation.
    1. Establish a Common Language for Risks and Controls: Without a standard naming convention or common methodology for determining or classifying risks and controls, business process owners are unable to share information. The benefits of utilizing a common language for risks and controls include:
    • Improved reporting throughout the organization.
    • Audit and control issues are embedded in your program and are promptly assigned and corrected. 
    • Consistent coverage—all risks are considered but there is a focus on the risk of material misstatement.
    • Improved business performance—risks explain performance gaps.
    • Better decision making—decisions are risk based.
    • Less external oversight and audits—controls are standardized using a common methodology.
    1. Implement a Consistent Reliable Methodology: Without a consistent methodology for your internal controls program, the cost of controls can be expenses with incomplete coverage and inaccurate results. Examples of a consistent methodology include:
    • The top-down risk criteria is established with consistent risk identification.
    • The risks are properly accessed by appropriate internal controls.
    • The risks that require a response are identified.
    • The risk responses that require remediation are prioritized.
    1. Focus on Transparency, Reporting and Monitoring: All information on the status of risks and controls should be available for continuous reporting. If implemented effectively, communication between management and the board of directors is in place with a focus on risk mitigation and the achievement of business objectives.  The benefits of a consistent and disciplined reporting structure include:
    • Availability of accurate and consistent reports.
    • Positive knowledge and reporting of risks and controls across the company.
    • Information sharing across business processes.
    • Confidence of the reliability of all risk and control information.
    1. Leverage Technology: By eliminating information silos and redundant data entry, and taking a unique holistic approach to regulatory challenges, technology provides greater efficiency, improves collaboration, and reduces the time and resource costs.  Additional benefits that can be gained by utilizing a defined technology solution for internal controls include:
    • A single universe of all risk and controls data called "The Internal Controls Universe."
    • Elimination of duplicate documentation. 
    • The implementation of a controls self-assessment process.
    • More processes, risks, controls can be assessed and properly prioritized.
    • Increase in management accountability.
    • Consolidated and reliable reporting.
    • The ability to produce metrics and analytics for your internal controls program.

    In conclusion, the success of an internal controls strategy is dependent upon communication, well-defined roles and responsibilities, standards of internal control, technology and reporting. To address the challenges of a viable and ongoing internal controls program, standards of internal control are available.

     If you have questions about these standards or the implementation of an internal controls program, please post a comment below.

     

  • Christine Doxey
    Compensating Controls to Mitigate Risk5.0
    Topic posted February 20, 2019 by Christine DoxeyRed Ribbon: 250+ Points, tagged Advanced Controls, Compliance, Financial Transactions, Fraud, GRC, Risk Management, Sarbanes Oxley, Separation of Duties, SOX in Human Capital Management > Risk Management public
    Title:
    Compensating Controls to Mitigate Risk
    Summary:
    Learn about compensating controls as an additional risk management tool.
    Content:

    Introduction

    Segregation of duties promotes the use of sound business practices and supports the achievement of a business process objective.  When designing segregation of duties controls for a business or financial process, most business process owners start with identifying incompatible functions and then define the segregation of duties and systems access controls. However, the segregation of duties control cannot always be achieved in certain situations due to staffing limitations.

    In some cases, an employee will perform all activities within a process. In this scenario, segregation of duties does not exist and risk cannot be identified nor mitigated in a timely manner. As a result, the implementation of additional compensating controls should be considered.

    Definition of Compensating Controls

    A compensating control reduces the vulnerabilities in ineffectively segregated functions.  A compensating control can reduce the risk of errors, omissions, irregularities and deficiencies,  which can improve the overall business process.

    Compensating Controls, CSA and CCM

    However, it should be noted that many companies include compensating controls in their internal controls programs as additional measures to reduce risk. These controls can be embedded in continuous controls monitoring (CCM) and controls self-assessment (CSA) processes.

    Continuous controls monitoring (CCM) refers to the use of automated tools and various technologies to ensure the continuous monitoring of financial transactions and other types of transactional applications to reduce and mitigate risk. A CCM process includes the validation of authorizations, systems access, system configurations and business process settings.

    Examples of Compensating Controls

    1. Skim through detailed transactions report: A manager should consider performing a high level review of detailed report of transactions completed by an employee that performs incompatible duties.  As an example, a manager may simply skim through the report sections that contain high risk transactions or account and may review specific payment types or amounts before the payment is made.
    1. Review sample of transactions:  Using a CSA or CCM process, a manager may select a few sample of transactions, request for the supporting documents and review the documents to ensure that they are complete, appropriate, and accurately processed. In addition to detecting errors, the knowledge of a periodic review could create a disincentive (that is, reduce the opportunity) for the person performing the incompatible duties to process unauthorized or fraudulent transactions. This review identifies transactional anomalies which can be used as a flag to indicate collusion.  As an example, unchanged pricing and using the same suppliers for several years can indicate possible collusion between a buyers and suppliers.
    1. Review system reports: Applications that support business or office operations have embedded reporting capabilities that enable the generation of reports based on pre-determined or user defined criteria. A review of relevant system exception reports can provide good compensating controls for an environment that lacks adequate segregation of duties. As an example, I suggest a review of report of deleted or duplicated transactions, report of changes to data sets and report of transactions exceeding a specific dollar amount on a quarterly basis.
    1. Perform analytical reviews: Another example of compensating control is the comparison of different records with predictable relationships and the analysis of identified unusual trends. For example, a budget vs. actual expenditure comparison or current year vs. prior year subscription fees analysis or comparison of selected asset records to actual physical count of asset might indicate unusual variances or discrepancies that may need to be investigated.  In this review, an analytical review should occur on a monthly basis.  
    1. Reassign reconciliation: If there is an opportunity to reassign one activity from the person performing incompatible function to another employee, a manager may consider re-assigning the reconciliation activity. As an example, reassigning the bank account reconciliation function to someone other than the person receiving cash and depositing it to the bank could improve the quality of internal controls in the cash receipt process. Reconciliations should occur monthly as a standard of internal control.
    1. Increase supervisory oversight: Other forms of activities a manager may perform as compensating control are observation and inquiry. Where appropriate, increasing supervisory reviews through the observation of processes performed in certain functions and making inquiries of employees are good administrative controls that may help to identify and address areas of concerns before a transaction is finalized.
    1. Rotate jobs: Many companies rotate jobs in the finance and accounting department every 1-2 years. This creates an environment of control and can prevent collusion. As example, accounts payable processors should be rotated on a regular basis so that they don’t become too involved with specific suppliers. And as noted above a buyer’s responsibility should be rotated within the purchasing organization.

    Conclusion

    Effective compensating controls can reduce the risk for a process that has limited or inadequate segregation of duties and ultimately can provide reasonable assurance to management that the anticipated objective(s) of a process or a department will be achieved.  As a detective risk management technique, compensating controls tend to look at the accuracy of a transaction after it has occurred but can be used as preventive controls within CSA and CCM processes.

  • Lana Prout
    It's time to vote for your favorite Change Agents of...5.0
    Announcement posted February 12, 2019 by Lana ProutGreen Ribbon: 100+ Points, tagged Announcements, Financials, Procurement, Project Portfolio Management, Risk Management in ERP Members > ERP Announcements public
    Title:
    It's time to vote for your favorite Change Agents of Finance!
    Announcement:
     
    Oracle Cloud Customer Connect
    Announcement

    It's time to vote for your favorite Change Agents of Finance!

    The voting for the 2019 Oracle Change Agents of Finance Awards is now open.  Review the award finalists and vote for your favorite finance heroes by February 20th. Award winners will be notified in February and will receive a complimentary pass to attend Modern Business Experience, presented by Oracle, March 19-21, 2019 in Las Vegas where they will be recognized in a special award ceremony.

    Vote Now -> https://changeagents.oracle-awards.com/a

    COAVoteNow.png

    Integrated Cloud Applications & Platform Services