�ݺ�ߣ

Copyright © 2014,Oracle and/or its affiliates. All rights reserved. | 1
Follow Us & join the conversation .
Oracle GRC Advanced Controls Group
_______________________________________________________________
OracleAdvControls
@OracleAdvCntrls

Con8208 achieve a quicker and compliant financial close

Copyright © 2014,Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
3

GRC Applications
Achieve a Quicker and Compliant Financial Close with Oracle Governance, Risk and Compliance
CON8208 Thursday Oct 2nd10.15-11am
Panellist:
Dan Chaffer, Qualcomm
Matt Ruetz, Oracle Managed Cloud Services
Brad Straw, KPMG
Moderator: Glen Walton, Oracle GRC Product Strategy

Brad is a Director at KPMG with over 18 years of management and consulting experience.
A majority of his consulting experience has been associated with Oracle solutions including EBS and PeopleSoft. His experience spans business process and controls development, internal auditing, and compliance and security software implementation.
He’s been implementing Oracle Advanced Controls for over 6 years for clients for clients in the Federal Civilian, Industrial Manufacturing, Retail, Energy, and Insurance industries.
In addition to his industry and technical skills, Brad is also a Level 4 Oracle project manager and has managed multi-national teams for both internal and client-facing, multi-million dollar projects.
Brad Straw

6
Dan Chaffer is a Senior Manager at Qualcomm and has led the team that expanded Oracle from one country and 19 Operating Units to over 45 countries and over 80 Operating Units
Board member Multi-National SIG Group
Specialist in Global Oracle rollout strategy, Intercompany, SOX (GRC) solutions and a passionate advocate for continuous process improvement
dchaffer@qualcomm.comdanchaffer@gmail.com
Dan Chaffer

Matt RuetzSenior Principal Program Manager
•20+ Years Audit and Compliance Experience including:
–Public Accounting
–Internal Audit
–SOX Compliance
–SOC1, SOC2, and SOC3 Compliance
•Companies
–Oracle
–Sun Microsystems
–Coopers & Lybrand
•Licenses and Certifications
–Certified Public Accountant (CPA)
–Certified Information Systems Auditor (CISA)

Custom or Legacy Applications
Enterprise Risk and Controls Foundation
One Unified Platform
Flexible
•Graphical Authoring
•Detect and Prevent
•Access, Transactions, Setups
Data Driven
•100% of Transactions
•Manage by Exception
•Pattern Analysis
Comprehensive
•Multiple GRC Projects
•From Documentation to Test
•Closed Loop Approach
Enterprise Risk & Controls FoundationDashboards, Reports and AlertsNotificationsWorklistsEmailPerspectivesSearchRisk, Controls & Compliance ManagementReviewsDocumentationAssessmentsRemediationSurveysContinuous Controls & Risk MonitoringSetupsAccessMaster DataAudit TestsTransactionsUser Authored ControlsData ConnectorsFraud & Error Patterns Role Based Access SecurityWeb Services & APIs

WE HELPyou realize its potential
THEY SAY the futureis here
Oracle Open WorldAchieve a Quicker and Compliant Financial Close with Oracle Governance, Risk, and Compliance

© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 292510
10
Agenda
1
Executive Summary
2
KPMG’s Research
3
Overview of Common Closing Issues
4
Common ERP Features and Challenges
5
Examples of Advanced Controls Solutions
6
Self Assessment
Not permissible for KPMG audit clients and their affiliates.

11
Executive Summary
•Financial reporting and other related regulations are ever expanding.
•Since 2002: Sarbanes-Oxley, Basel II, Dodd- Frank, Basel III, Clean Air Act, etc.
•Increasing regulations on reporting is placing added pressure to report complex information timely.
•Organizations are looking for the most benefit from their enterprise accounting systems.
1998
2002
2006
2010
2014
Data Protection Act
SarbanesOxley
Regulation Fair Disclosure
Gramm–Leach–Bliley
BaselII
Dodd-Frank
Clean Air Act
Basel III

12
Executive Summary
•Standard, out-of-the-box enterprise resource planning (ERP) systems have robust functionality.
•ERPs are very good at the common business processes and the associated process controls.
•ERP features do not natively address all of the fine-grained controls required by organizations.
•Custom development is quite often the only way to fill these gaps.
•The cost of maintaining customizations equates to a repurchase of those customizations every 5 years.
Customizationsare RepurchasedEvery 5 Years!
Business Requirements
Customizations: Analytics
Customizations:Operational Reporting,Extensions, and Interfaces
Standard ERP Functionality

13
KPMG’s Research
•On an annual basis, KPMG LLP (KPMG) conducts a formal, online survey of over 200 companies.
•Survey includes close and reporting processes.
•43 percent of survey respondents indicated that they require at least 11 days completing the monthly financial close.
•Almost 20% of the respondents require 15 days or more to close.
•Close to 50% of the respondents are striving to focus on shortening the close time to less than seven days.
Source: KPMG Record-to-Report e-Survey
43% > 11 days
Over 50% < 7 days

14
KPMG’s Research
•Most Difficult Close Activities
•Several barriers inhibit organizations from achieving that objective:
•Identifying and correcting root causes of issues (53%)
•Providing adequate time for analysis (52 %)
•Correcting data integrity issues from source systems (37%)

The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.

Oracle Managed Cloud ServicesAudit and Compliance GRC Implementation
Matt Ruetz
Senior Manager -Oracle Managed Cloud Services -Audit & Compliance

About Oracle Managed Cloud Services
_________________________
Subscription-based, enterprise- grade Cloud Services
•550+ global customers
•5.34 billion database transaction per hour
•41+ petabytes of managed storage
_______________________
Oracle personnel manage the environment including execution of key IT controls in collaboration with the customer

Oracle Managed Cloud Services and GRC
•Went live in April 2014
•Using Oracle GRC Financial Governance module
•Key Elements Used
–Control Object (with User Defined Attributes) with Review Roles
–Assessments (with User Defined Attributes) with Review Roles
–Issues
© 2014 Oracle Corporation – Proprietary and Confidential

ORACLE Managed Cloud Services -IT Risk Priorities
STANDARDIZE the managementinternal assessments of Oracle’s Managed Cloud Services using a centralized system to facilitate consistent process and work flow.
REPOSITORY for all controls, risks and frameworks to facilitate reporting and identification of commoncontrols and leverage points.
MAINTAINa historyof information and changes throughout the life of the assessments
Provide control owners with a consistent interface and list of open items that need action
Provide business users a streamlined approach for managing issues and their remediation through completion.
REDUCE overall auditing COST

____________________
Key Perspectives:
-Compliance Framework
-Owner
________________________
Control Relationships Established in a Hierarchy
* It is important that they are assigned correctly as it is the main driver for security
PERSPECTIVES

Control Management Flow
Audit Field Work
Record Audit Results
Audit Test Assessment
Manage Control
Owner Verifies Control Certify Assessment
Request EvidenceOperational Assessment
Resolve Issues
Initiate Audit Cycle

23
Intelligent Controls, Better Data and a Faster Close
Dan Chaffer, Sr. Manager, Corp Accounting, Global Processes, QUALCOMM Incorporated
2-Oct-14

24
Making wireless more personal, affordable and accessible to people everywhere
World’s largest fabless semiconductor company, #1 in wireless
S&P 100/ S&P 500/ Fortune 500
….at a glance
Celebrating more than 25 years of driving the evolution of wireless communications

25
Three Oracle instances, HFM for consolidations
Global implementation
− CORP Oracle – 37 Primary Ledgers, 80+ Operating Units
Qualcomm closes consolidated GL on Day 2 of following
fiscal period
Close Process
Two days to GL close
Manufacturing
(12.1)
Manufacturing
(11.5)
Hyperion
(HFM)
Consolidations
& Eliminations
Ledger Ledger
CORP Oracle
(12.1)
Consol
Ledger Ledger Ledger
Advanced Controls are critical to our two-day close!

26
Critical SOX Controls
− AACG
− Separation of Duties (SOD) analysis
− CCG
− Configuration Controls
− TCG
− Transaction monitoring
PCG – originally implemented as
Logical Apps
− In Use at Qualcomm since 2007
Advanced Controls at
Broad spectrum of control
Identify the opportunity
Detect the event
Prevent the potential

27
Item Creation process automation
Form controls
−Field Restrictions
−Limited pick lists
−Security
Next Steps –more “prevention”
−SOD prevention
−Journal Entry Approval (after post)
Module closing scripts (e.g. Project Accounting)
Preventative Controls Governor -PCG
More than just “preventative” controls….

28
For more information on Qualcomm, visit us at: www.qualcomm.com & www.qualcomm.com/blog
©2013-2014 Qualcomm Technologies, Inc. and/or its affiliated companies. All Rights Reserved.
Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries, used with permission. Other product and brand names may be trademarks or registered trademarks of their respective owners.
References in this presentation to “Qualcomm” may mean Qualcomm Incorporated, Qualcomm Technologies, Inc., and/or other subsidiaries or business units within the Qualcomm corporate structure, as applicable.
Qualcomm Incorporated includes Qualcomm’s licensing business, QTL, and the vast majority of its patent portfolio. Qualcomm Technologies, Inc., a wholly-owned subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries, substantially all of Qualcomm’s engineering, research and development functions, and substantially all of its product and services businesses, including its semiconductor business, QCT.
Thank you
Follow us on:

Follow Us & join the conversation .
Oracle GRC Advanced Controls Group
_______________________________________________________________
OracleAdvControls
@OracleAdvCntrls

Safe Harbor Statement
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
41

�ݺ�ߣ

Con8208 achieve a quicker and compliant financial close

More Related Content

Con8208 achieve a quicker and compliant financial close