Slide 1

Download Report

Transcript Slide 1 

Configuration GRC
& Oracle Configuration Controls Governor
May 2009
Oracle GRC Strategy – Barry Greenhut
Application GRC tells you…
Who’s using our apps?
ACCESS CONTROLS
What can they do?
CONFIGURATION CONTROLS
What have they done?
TRANSACTION CONTROLS
2
Application GRC controls reduce…
Financial Loss
!
Compliance Cost
Audit Effort
3
Configuration examples
• Financial Loss
• Tax mis-configuration causes under-collection of taxes, goes
undetected for months.
Consequences: Pay taxes on behalf of customers, plus
penalties.
• Clerk changes bank account info without cross-check,
millions transferred before fraud discovered.
Consequences: Money lost, or frozen pending litigation;
public confidence shaken due to notoriety.
• Sales reps raise customers’ credit limits so they can buy
more.
Consequences: Customers default on payments, receivables
aging forces write-downs.
4
Configuration examples
! • Compliance Cost
• Ledger Set mis-configuration allocates revenues amongst
divisions incorrectly.
Consequences: Restate and refile quarterly results; public
confidence shaken due to notoriety.
• Audit Effort
• Production patch resets vendor tolerances, goes unnoticed
for months.
Consequences: Internal audit team spends months proving
there were no abuses; external auditors perform substantial
transaction examination.
5
How do I control costs/risks?
• Control setup changes that can have significant
financial or regulatory impact
• Identify setup changes that violate financial or
regulatory policy
• Accelerate documentation and analysis of setup
values
6
Use CCG to control costs/risks
Use CCG to:
Change
Tracking
Snapshots &
Comparisons
Alert users
when key
setups
change
Find
differences
between
production &
baseline
Audit trail of
changes
Document all
setup values,
as seen in the
original
application
Reduce Financial Loss
Control setup changes that can have
significant financial or regulatory impact
Reduce Compliance Costs
Identify setup changes that violate
financial or regulatory policy
Reduce Audit Effort
Accelerate documentation and analysis
of setup values
7
CCG has delivered GRC savings since 1998
• No substantial competitors
• Just the configuration GRC you absolutely need:
• Full audit trails and alerts (Change Tracking)
• Comprehensive record keeping (Snapshots)
• Find discrepancies (Snapshot Comparisons)
8
CCG has delivered GRC savings since 1998
• Quick to implement – can be done in one day, thanks
to shrink-wrap support for:
• EBS R12 – 12 modules, 550+ setups
EBS 11i – 66 modules, 3,000+ setups
• PSFT HCM 8.8/8.3 – 9 modules, 400+ setups
• Protects data from prying eyes – you control all
access
• Centralizes all controls and data in a single source of
truth
9
CCG Features
• Change Tracking
•
•
•
•
Alert users whenever changes occur
Dashboard summarizes changes in all environments
Drill down to see details of all changes
Export change details to CSV (Excel) and PDF
10
Change Tracking captures every change
made to designated setups
Configuration Governor - Change Tracker
Envir
1
Envir
2
Envir
3
App A
4
6
29
App B
519
4
0
App C
3
39
0
Page/Form
Insert
Update
Delete
Audit Trail
Automatically alerts
designated parties
when changes occur
Generates authoritative
audit trail reports (Who, What, When, How)
11
CCG Features
• Snapshots & Comparisons
• Document all setup values seen in the original applications
• Compare two environments’ values (e.g., Production vs. a
best-practice baseline), or snapshots from two points in time
• Export all details to CSV (Excel) and PDF
12
Snapshots record setup values
to identify deviations from policy, and for compliance
documentation
Page/Form
Snapshot
13
Values found in child pages/forms are
captured too
Page/Form
Child
Snapshot
14
Compare setup values from different:
Environments • Dates • SOBs/Ledgers •
Operating Units • Application Releases
Snapshot 1
Snapshot 2
15
CCG Features
• Comprehensive Data Security
• Control the business data seen by each CCG user
• Control the actions each CCG user can take
• Install CCG in firewalled tier
• Flexible
• Reconfigure Change Tracking on demand
• Schedule Snapshot schedules, and take Snapshots on
demand
• Generate Comparisons on demand
• Add new business environments on demand
16
CCG Features
• Mature Product
• Introduced in 1998
• Over 300 EBS customers
• Over 60,000 developer-hours invested in creating metadata
for EBS and PeopleSoft
• Metadata = Ready to Use
• Shrink-wrap support for 12 R12 modules (550+ setups) and
66 EBS 11i modules (3,000+ setups)
• Shrink-wrap support for 9 PeopleSoft HCM 8.8/8.3 modules
(400+ setups)
• Add support for additional setups with MetaBuilder, a
developer’s tool included in CCG
17
Shrink-Wrap Support
EBS R12
EBS 11i
PSFT HCM 8.8
550+ setups
3,000+ setups
400+ setups
BASE ENGINE
Alerts
Application Object Library
Common Modules
System Administration
BASE ENGINE
BASE ENGINE
CONTRACTS
HCM
Benefits
Compensation
HR
Payroll
Pension
Recruiting
Stock Administration
Workflow
FINANCIALS
General Ledger
Subledger Accounting
Payables
eBusiness Tax
Legal Entity Configurator
Receivables / iReceivables
CRM
DISTRIBUTION
FINANCIALS
HR/PAYROLL
MANUFACTURING
PLANNING
PROCUREMENT
PROCUREMENT
iProcurement
Purchasing
PROJECTS
PUBLIC SECTOR
18
Use MetaBuilder to Create More
Metadata
19
Summary
• Configuration Controls Governor offers GRC value:
• Reduce Financial Loss and Risk
• Reduce Regulatory Compliance Cost and Risk
• Reduce Audit Effort
• CCG is a mature product that provides a single place
to manage all application configuration GRC
• CCG comes ready-to-use, with support for:
• EBS R12 (12 modules, 550+ setups)
EBS 11i (66 modules, 3,000+ setups)
• PSFT HCM 8.8/8.3 (9 modules, 400+ setups)
• Add more support using MetaBuilder
20