SlideShare a Scribd company logo
Customers talk about controlling access for multiple erp systems with oracle advanced controls
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 
Safe Harbor Statement 
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 
2
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 
Controlling for Multiple ERP Systems with Oracle Advanced Controls 
CON8154 
Eugene Hugh - InterContinental Exchange 
Dane Roberts – Oracle GRC Strategy 
Stephen D’Arcy - PWC 
October 2, 2014 
Presented with 
@OracleAdvCntrls 
Oracle GRC Advanced Controls
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 
Agenda 
What are Oracle GRC Advanced Controls? 
Case Study: 
•Background 
•ICE Requirements 
•Challenges 
•Solutions 
•Project Summary 
•What’s Next?
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 
5 
Reality: Document/Email Approaches Challenge GRC 
OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org HOW ORGANIZATIONS APPROACH AND ADAPT THEIR TECHNOLOGY STRATEGY FOR GRC 
70% 
SPREADSHEETS, DOCUMENTS, EMAIL & IN-HOUSE SOLUTIONS 
30% 
1 OR MORE COMMERCIAL GRC SOLUTIONS 
The lack in modern technology makes achieving goals challenging 
The impact on FTE’s is particularly significant 
One financial services organization stated that 80% of their GRC staff resources were nothing more than document reconciles for reporting. […] A mess they are aggressively trying to correct. 
of GRC professionals reported that they use Spreadsheets, Emails, Custom Reports Apps. 
70%
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 
6 
When looking for new GRC technology, organizations indicate that the primary goals they aim to achieve are: 
Drivers: for Adopting New GRC Technology 
OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org HOW ORGANIZATIONS APPROACH AND ADAPT THEIR TECHNOLOGY STRATEGY FOR GRC 
INCREASE ANALYTICS & RAPID VISIBILITY OF RISK 
Complex risk and regulatory environments demand advanced capabilities of risk data integration and analytics to provide full situational awareness of risk” 
#1 
IMPROVE CONSISTENCY OF INFORMATION Organizations are realizing that good GRC requires good information, there is increasing focus on the integrity and consistency of GRC information” 
#2 
MEET NEW REGULATORY REQUIREMENTS 
Regulatory change has more than doubled in several industries over the past five years (e.g., banking, insurance, healthcare) and drives the organization to GRC technologies that enable regulatory intelligence and agility” 
#3 
REDUCE COSTS & IMPROVE PERFORMANCE When deploying new GRC technologies the organization is driven to reduce costs while increasing the performance of business operations” 
#4
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 
Comprehensive Risk & Controls Management 
Detect and Fix Issues 
Continuous Improvement and Monitoring 
Assess Risk & Compliance 
Close the 
LOOP 
Identification 
Analysis 
Evaluate 
1. BUSINESS RISKS 
Document 
Assessments 
Reviews 
2. CONTROL OBJECTIVES 
Author Execute Investigate 
3. CONTINUOUS MONITORS
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 
Custom or Legacy Applications 
Enterprise Risk and Controls Foundation 
One Unified Platform 
Flexible 
•Graphical Authoring 
•Detect and Prevent 
•Access, Transactions, Setups 
Data Driven 
•100% of Transactions 
•Manage by Exception 
•Pattern Analysis 
Comprehensive 
•Multiple GRC Projects 
•From Documentation to Test 
•Closed Loop Approach 
Enterprise Risk & Controls Foundation 
Dashboards, Reports and Alerts 
Notifications 
Worklists 
Email 
Perspectives 
Search 
Risk, Controls & Compliance Management 
Reviews 
Documentation 
Assessments Remediation 
Surveys Continuous Controls & Risk Monitoring 
Setups Access Master Data 
Audit Tests 
Transactions 
User Authored Controls 
Data Connectors 
Fraud & Error Patterns 
Role Based Access Security 
Web Services & APIs
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 
Specialized Partners 
Increase your Return On Investment 
•Get more from Advanced Controls Specialists address more of your needs with Advanced Controls’ many capabilities 
•Increase your organization’s effectiveness Specialists help you embed Advanced Controls in your business processes 
•Accelerate your implementation Specialists guide and support you during planning, implementation and go-live 
Oracle Confidential – Internal/Restricted/Highly Restricted 
10
Intercontinental Exchange, Inc. (ICE) 
Oracle Advanced Controls Implementation 
“One AC instance connected to two different ERP’s” 
www.pwc.com 
“Any trademarks included are trademarks of their respective owners and are not affiliated with, nor endorsed by, PricewaterhouseCoopers LLP.”
About ICE
Background 
13 
Client Background 
•ICE (runs PeopleSoft) located in Atlanta 
•PeopleSoft is hosted off-premise by a Hosting Provider 
•ICE recently acquired NYSE, (run Oracle EBS) 
•EBS is hosted on premise in New York 
Oracle Advanced Controls 
•Needed a solution to address operational and compliance needs 
•Goal to implement by summer 2014 
•Needed a partner to navigate their complex IT environment and implement a right-sized, sustainable, scalable solution 
•Decided to implement an on premise Advanced Controls Environment
Requirements 
14 
EBS Visibility 
Having recently acquired NYSE, ICE wanted to gain visibility into the risks, controls and transactions within their EBS environment. 
PeopleSoft Visibility 
Access, configurations and transactions were difficult to manage with standard PeopleSoft functionality alone. 
Operational Efficiency 
The business needed to analyze certain risky transactions on a periodic basis, and was stuck with ad- hoc queries written by IT and manual investigation in the ERP systems. 
Controls Automation 
ICE was looking to drive automated control over access and configurations to improve the efficiency of their internal and external audits. 
Scalability 
Given the extent of integration and expansion that is and will be going on at ICE over the next several years, the solution had to be scalable to accommodate future change. 
Audit Support 
Build a sustainable automated solution that could evaluate security, segregation of duties, automated controls and transactional activity to support Internal and External Audits.
Solutions 
15 
The right Collaboration 
PwC worked with ICE to help create a tailored, right-sized solution to their operational and compliance needs. 
Business, internal audit, and IT stakeholder involvement was a key success factor from requirements gathering through implementation. 
Transactions 
Led by the business, the stakeholders identified 22 ways they could use TCG to improve exception-based transaction reporting. 
This was narrowed down to 18 key requirements for Phase I across 5 business and IT processes. 
Security & Segregation of Duties 
The stakeholders identified 98 ways they could use AACG to address existing operational and compliance concerns. 
This was narrowed down to 61 key requirements for Phase I across 8 business and IT processes. 
Configuration Mgmt. 
In a discussion driven by IT, the stakeholders identified 141 opportunities for continuous configuration monitoring using CCG. 
This was narrowed down to 130 key requirements for Phase I across 7 business and IT processes.
Systems Diagram 
AACG & TCG 
CCG
Project Scope/Summary/Benefits 
17 
Delivered Scope 
Approximately 90-120 Security and SOD controls in AACG 
Approximately 90-120 Configuration Change Trackers in CCG 
Approximately 15-25 Transaction Analytic controls in TCG 
PCG considered for NYSE but not included 
Timeline 
Phase I: February – August 2014 
Initial go-live for NYSE AACG and CCG given audit requirements (June 2014) 
Final go-live for NYSE TCG and ICE AACG, CCG and TCG (Aug 2014) 
ICE business process control owners for key processes 
ICE and NYSE system administrators 
ICE internal audit team 
Increased automation in the quarterly access review process 
Increased visibility into risks in the EBS and PeopleSoft environments 
Resulting changes made to improve security, configurations & processes. Automation of various audit activities 
Stakeholder Groups 
Benefits
Advanced Controls Examples 
•GL Entries not posted at month end 
•AR Entries without GL entries 
•Duplicate Employees 
•Duplicate Invoice Payments 
•Refunds over specific threshold 
•Unusual Journals – Debit Rev, Credit Expenses 
•Inactive users 
Business Solutions beyond Compliance and Internal Audit
Advanced Controls Examples (cont’d) 
•Custom Content/Objects for PeopleSoft 
•Change trackers to monitor changes to automated controls 
•Impact assessment during patch application 
•Ability to compare setup changes during integration of NYSE (EBS) on to ICE PeopleSoft environment
Main Project Challenges 
20 
Stakeholder Availability 
01 
Stakeholder Availability 
02 
Standardizing processes during acquisition 
03 
Educating Stakeholders 
04 
Technology Delays
What’s Next? 
21 
Controls Operation 
RMB Integration 
EBS Migration 
Future Expansion 
Business process control owners have already began operating their monthly and quarterly access and transaction controls, and system administrators are continuing to investigate configuration changes as they occur. 
PwC is implementing Oracle Revenue Management and billing as ICE’s optimized billing solution, and will build custom connectors to allow RMB to interface with billing rules that will be implemented into Advanced Controls. 
In 2015, ICE will begin to migrate NYSE from EBS into ICE’s PeopleSoft environment. This will require consideration of the impact to Advanced Controls and may require changes to existing rules. 
As ICE becomes more comfortable with Advanced Controls capabilities and their existing solution, there will be opportunities to expand their use of the applications and increase the value they derive from it.
Questions? 
Copyright: 
© 2014 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. 
Definition: 
PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.
Contact Information: Stephen D'Arcy - Director (PwC) stephen.j.darcy@us.pwc.com Ph: 856.577.0022 
Copyright: 
© 2014 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. 
Definition: 
PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.
Follow Us & join the conversation . 
Oracle GRC Advanced Controls Group 
@OracleAdvCntrls
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 
25
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 
Safe Harbor Statement 
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 
26
Customers talk about controlling access for multiple erp systems with oracle advanced controls

More Related Content

PDF
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
PDF
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
PDF
Software Asset Management
PDF
Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...
PDF
Software Asset Management (SAM) Best Practice in Action
PDF
Financial Close Mgmt - OOW 2014 - Customer Success Stories
PDF
11 1 2 3 Financial Close New Features and Functionalities
PDF
Business Application Support and Automation for a Government Organization
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Software Asset Management
Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...
Software Asset Management (SAM) Best Practice in Action
Financial Close Mgmt - OOW 2014 - Customer Success Stories
11 1 2 3 Financial Close New Features and Functionalities
Business Application Support and Automation for a Government Organization

What's hot (20)

PDF
7 flavours of devops implementation
PDF
Oracle Advance Controls
PDF
Lexplosion Solutions
PPTX
Webinar: How to get started on a Software Asset Management program
PPT
Oracle I Stories
PDF
Technology ahia 2012 jmk
PDF
End to End IT infrastructure management and support for a canada based leadin...
PPTX
The Business Case for Hosting JD Edwards in the Cloud
PPTX
Insurers Can Now Update ISO Rating Content Digitally - A webinar presentation...
PDF
SaaS System Validation, practical tips on getting validated for go-live and t...
PPTX
Implementing IT Service Management: A Guide to Success
PDF
integrating-cognitive-services-into-your-devops-strategy
PPTX
Modernizing Quality Management
PDF
Robotic Process Automation (RPA) Webinar - By Matrix-IFS
PPTX
IT Application Decommissioning - Application Retirement Services
PDF
JD Edwards in the Cloud - Flipbook: What are your peers doing?
PPTX
eCIO PPT Sunsetting strategy v 3 general distribution
PDF
Real life with Oracle's JD Edwards Applications in the Cloud
PPTX
Pw08 Ibc Final Pie Ppt 090508
PDF
Rapid Portfolio Analysis powered by CAST Highlight
7 flavours of devops implementation
Oracle Advance Controls
Lexplosion Solutions
Webinar: How to get started on a Software Asset Management program
Oracle I Stories
Technology ahia 2012 jmk
End to End IT infrastructure management and support for a canada based leadin...
The Business Case for Hosting JD Edwards in the Cloud
Insurers Can Now Update ISO Rating Content Digitally - A webinar presentation...
SaaS System Validation, practical tips on getting validated for go-live and t...
Implementing IT Service Management: A Guide to Success
integrating-cognitive-services-into-your-devops-strategy
Modernizing Quality Management
Robotic Process Automation (RPA) Webinar - By Matrix-IFS
IT Application Decommissioning - Application Retirement Services
JD Edwards in the Cloud - Flipbook: What are your peers doing?
eCIO PPT Sunsetting strategy v 3 general distribution
Real life with Oracle's JD Edwards Applications in the Cloud
Pw08 Ibc Final Pie Ppt 090508
Rapid Portfolio Analysis powered by CAST Highlight
Ad

Similar to Customers talk about controlling access for multiple erp systems with oracle advanced controls (20)

PPTX
Collaborate_VPASession_CSC_GRC_FINAL v2
PDF
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
PDF
GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, ...
PDF
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
PPT
In sync10 grc_suite
PDF
Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...
PPS
FulcrumWay GRC Solutions
PDF
GRC in Australia slides
PDF
Accelerating Regulatory Compliance for IBM i Systems
PPTX
Using oracle grc software to automate and proactively monitor your e business...
PDF
Introducing Oracle Advanced Financial Controls Cloud Service
PDF
Compliance at Velocity with Chef (2)
PDF
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
PPT
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
PDF
Advanced Controls access and user security for superusers con8824
PDF
IBM Banking: Automated Systems help meet new Compliance Requirements
PDF
Building an Effective GRC Process with TrustedAgent GRC
PDF
Enterprise GRC for PEoplesoft
PPTX
GRC– The Way Forward
PPSX
Nasrhuma Inc Grc Solutions 011010
Collaborate_VPASession_CSC_GRC_FINAL v2
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
GRC Advanced Controls OOW2014 Stop Financial Leakage - Cisco, Noble Energy, ...
Chief Risk Officer, American Fidelity, strengthens secuirty with Advanced Con...
In sync10 grc_suite
Stop the fraudster! Pennsylvania Treasury, Industry Expert Chris Doxey and Fu...
FulcrumWay GRC Solutions
GRC in Australia slides
Accelerating Regulatory Compliance for IBM i Systems
Using oracle grc software to automate and proactively monitor your e business...
Introducing Oracle Advanced Financial Controls Cloud Service
Compliance at Velocity with Chef (2)
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
Advanced Controls access and user security for superusers con8824
IBM Banking: Automated Systems help meet new Compliance Requirements
Building an Effective GRC Process with TrustedAgent GRC
Enterprise GRC for PEoplesoft
GRC– The Way Forward
Nasrhuma Inc Grc Solutions 011010
Ad

More from Oracle (7)

PDF
Con8154 controlling for multiple erp systems with oracle advanced controls
PDF
How your vendor master file is critical to governance, risk management and co...
PDF
Con8208 achieve a quicker and compliant financial close
PDF
Oracle OpenWorld 2014 GRC events and sessions
PDF
Integrate Oracle Identity Management and Advanced Controls for maximum effici...
PDF
Top 10 P2P Advanced Controls to improve your bottom line!
PDF
CFO.Com and Oracle - Improving Bottom Line with Advanced Controls
Con8154 controlling for multiple erp systems with oracle advanced controls
How your vendor master file is critical to governance, risk management and co...
Con8208 achieve a quicker and compliant financial close
Oracle OpenWorld 2014 GRC events and sessions
Integrate Oracle Identity Management and Advanced Controls for maximum effici...
Top 10 P2P Advanced Controls to improve your bottom line!
CFO.Com and Oracle - Improving Bottom Line with Advanced Controls

Recently uploaded (20)

PDF
pdfcoffee.com-opt-b1plus-sb-answers.pdfvi
PDF
Roadmap Map-digital Banking feature MB,IB,AB
PPTX
Starting the business from scratch using well proven technique
PPTX
Lecture (1)-Introduction.pptx business communication
PPTX
job Avenue by vinith.pptxvnbvnvnvbnvbnbmnbmbh
PDF
Business model innovation report 2022.pdf
PPTX
Amazon (Business Studies) management studies
PPT
Chapter four Project-Preparation material
PDF
Reconciliation AND MEMORANDUM RECONCILATION
PDF
Chapter 5_Foreign Exchange Market in .pdf
PDF
Traveri Digital Marketing Seminar 2025 by Corey and Jessica Perlman
PPTX
DMT - Profile Brief About Business .pptx
PDF
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
PPTX
ICG2025_ICG 6th steering committee 30-8-24.pptx
PDF
Ôn tập tiếng anh trong kinh doanh nâng cao
PPTX
The Marketing Journey - Tracey Phillips - Marketing Matters 7-2025.pptx
PDF
COST SHEET- Tender and Quotation unit 2.pdf
PDF
Hindu Circuler Economy - Model (Concept)
PDF
MSPs in 10 Words - Created by US MSP Network
PPTX
Probability Distribution, binomial distribution, poisson distribution
pdfcoffee.com-opt-b1plus-sb-answers.pdfvi
Roadmap Map-digital Banking feature MB,IB,AB
Starting the business from scratch using well proven technique
Lecture (1)-Introduction.pptx business communication
job Avenue by vinith.pptxvnbvnvnvbnvbnbmnbmbh
Business model innovation report 2022.pdf
Amazon (Business Studies) management studies
Chapter four Project-Preparation material
Reconciliation AND MEMORANDUM RECONCILATION
Chapter 5_Foreign Exchange Market in .pdf
Traveri Digital Marketing Seminar 2025 by Corey and Jessica Perlman
DMT - Profile Brief About Business .pptx
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
ICG2025_ICG 6th steering committee 30-8-24.pptx
Ôn tập tiếng anh trong kinh doanh nâng cao
The Marketing Journey - Tracey Phillips - Marketing Matters 7-2025.pptx
COST SHEET- Tender and Quotation unit 2.pdf
Hindu Circuler Economy - Model (Concept)
MSPs in 10 Words - Created by US MSP Network
Probability Distribution, binomial distribution, poisson distribution

Customers talk about controlling access for multiple erp systems with oracle advanced controls

  • 2. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
  • 3. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Controlling for Multiple ERP Systems with Oracle Advanced Controls CON8154 Eugene Hugh - InterContinental Exchange Dane Roberts – Oracle GRC Strategy Stephen D’Arcy - PWC October 2, 2014 Presented with @OracleAdvCntrls Oracle GRC Advanced Controls
  • 4. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Agenda What are Oracle GRC Advanced Controls? Case Study: •Background •ICE Requirements •Challenges •Solutions •Project Summary •What’s Next?
  • 5. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 5 Reality: Document/Email Approaches Challenge GRC OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org HOW ORGANIZATIONS APPROACH AND ADAPT THEIR TECHNOLOGY STRATEGY FOR GRC 70% SPREADSHEETS, DOCUMENTS, EMAIL & IN-HOUSE SOLUTIONS 30% 1 OR MORE COMMERCIAL GRC SOLUTIONS The lack in modern technology makes achieving goals challenging The impact on FTE’s is particularly significant One financial services organization stated that 80% of their GRC staff resources were nothing more than document reconciles for reporting. […] A mess they are aggressively trying to correct. of GRC professionals reported that they use Spreadsheets, Emails, Custom Reports Apps. 70%
  • 6. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 6 When looking for new GRC technology, organizations indicate that the primary goals they aim to achieve are: Drivers: for Adopting New GRC Technology OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org HOW ORGANIZATIONS APPROACH AND ADAPT THEIR TECHNOLOGY STRATEGY FOR GRC INCREASE ANALYTICS & RAPID VISIBILITY OF RISK Complex risk and regulatory environments demand advanced capabilities of risk data integration and analytics to provide full situational awareness of risk” #1 IMPROVE CONSISTENCY OF INFORMATION Organizations are realizing that good GRC requires good information, there is increasing focus on the integrity and consistency of GRC information” #2 MEET NEW REGULATORY REQUIREMENTS Regulatory change has more than doubled in several industries over the past five years (e.g., banking, insurance, healthcare) and drives the organization to GRC technologies that enable regulatory intelligence and agility” #3 REDUCE COSTS & IMPROVE PERFORMANCE When deploying new GRC technologies the organization is driven to reduce costs while increasing the performance of business operations” #4
  • 7. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Comprehensive Risk & Controls Management Detect and Fix Issues Continuous Improvement and Monitoring Assess Risk & Compliance Close the LOOP Identification Analysis Evaluate 1. BUSINESS RISKS Document Assessments Reviews 2. CONTROL OBJECTIVES Author Execute Investigate 3. CONTINUOUS MONITORS
  • 8. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Custom or Legacy Applications Enterprise Risk and Controls Foundation One Unified Platform Flexible •Graphical Authoring •Detect and Prevent •Access, Transactions, Setups Data Driven •100% of Transactions •Manage by Exception •Pattern Analysis Comprehensive •Multiple GRC Projects •From Documentation to Test •Closed Loop Approach Enterprise Risk & Controls Foundation Dashboards, Reports and Alerts Notifications Worklists Email Perspectives Search Risk, Controls & Compliance Management Reviews Documentation Assessments Remediation Surveys Continuous Controls & Risk Monitoring Setups Access Master Data Audit Tests Transactions User Authored Controls Data Connectors Fraud & Error Patterns Role Based Access Security Web Services & APIs
  • 9. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Specialized Partners Increase your Return On Investment •Get more from Advanced Controls Specialists address more of your needs with Advanced Controls’ many capabilities •Increase your organization’s effectiveness Specialists help you embed Advanced Controls in your business processes •Accelerate your implementation Specialists guide and support you during planning, implementation and go-live Oracle Confidential – Internal/Restricted/Highly Restricted 10
  • 10. Intercontinental Exchange, Inc. (ICE) Oracle Advanced Controls Implementation “One AC instance connected to two different ERP’s” www.pwc.com “Any trademarks included are trademarks of their respective owners and are not affiliated with, nor endorsed by, PricewaterhouseCoopers LLP.”
  • 12. Background 13 Client Background •ICE (runs PeopleSoft) located in Atlanta •PeopleSoft is hosted off-premise by a Hosting Provider •ICE recently acquired NYSE, (run Oracle EBS) •EBS is hosted on premise in New York Oracle Advanced Controls •Needed a solution to address operational and compliance needs •Goal to implement by summer 2014 •Needed a partner to navigate their complex IT environment and implement a right-sized, sustainable, scalable solution •Decided to implement an on premise Advanced Controls Environment
  • 13. Requirements 14 EBS Visibility Having recently acquired NYSE, ICE wanted to gain visibility into the risks, controls and transactions within their EBS environment. PeopleSoft Visibility Access, configurations and transactions were difficult to manage with standard PeopleSoft functionality alone. Operational Efficiency The business needed to analyze certain risky transactions on a periodic basis, and was stuck with ad- hoc queries written by IT and manual investigation in the ERP systems. Controls Automation ICE was looking to drive automated control over access and configurations to improve the efficiency of their internal and external audits. Scalability Given the extent of integration and expansion that is and will be going on at ICE over the next several years, the solution had to be scalable to accommodate future change. Audit Support Build a sustainable automated solution that could evaluate security, segregation of duties, automated controls and transactional activity to support Internal and External Audits.
  • 14. Solutions 15 The right Collaboration PwC worked with ICE to help create a tailored, right-sized solution to their operational and compliance needs. Business, internal audit, and IT stakeholder involvement was a key success factor from requirements gathering through implementation. Transactions Led by the business, the stakeholders identified 22 ways they could use TCG to improve exception-based transaction reporting. This was narrowed down to 18 key requirements for Phase I across 5 business and IT processes. Security & Segregation of Duties The stakeholders identified 98 ways they could use AACG to address existing operational and compliance concerns. This was narrowed down to 61 key requirements for Phase I across 8 business and IT processes. Configuration Mgmt. In a discussion driven by IT, the stakeholders identified 141 opportunities for continuous configuration monitoring using CCG. This was narrowed down to 130 key requirements for Phase I across 7 business and IT processes.
  • 15. Systems Diagram AACG & TCG CCG
  • 16. Project Scope/Summary/Benefits 17 Delivered Scope Approximately 90-120 Security and SOD controls in AACG Approximately 90-120 Configuration Change Trackers in CCG Approximately 15-25 Transaction Analytic controls in TCG PCG considered for NYSE but not included Timeline Phase I: February – August 2014 Initial go-live for NYSE AACG and CCG given audit requirements (June 2014) Final go-live for NYSE TCG and ICE AACG, CCG and TCG (Aug 2014) ICE business process control owners for key processes ICE and NYSE system administrators ICE internal audit team Increased automation in the quarterly access review process Increased visibility into risks in the EBS and PeopleSoft environments Resulting changes made to improve security, configurations & processes. Automation of various audit activities Stakeholder Groups Benefits
  • 17. Advanced Controls Examples •GL Entries not posted at month end •AR Entries without GL entries •Duplicate Employees •Duplicate Invoice Payments •Refunds over specific threshold •Unusual Journals – Debit Rev, Credit Expenses •Inactive users Business Solutions beyond Compliance and Internal Audit
  • 18. Advanced Controls Examples (cont’d) •Custom Content/Objects for PeopleSoft •Change trackers to monitor changes to automated controls •Impact assessment during patch application •Ability to compare setup changes during integration of NYSE (EBS) on to ICE PeopleSoft environment
  • 19. Main Project Challenges 20 Stakeholder Availability 01 Stakeholder Availability 02 Standardizing processes during acquisition 03 Educating Stakeholders 04 Technology Delays
  • 20. What’s Next? 21 Controls Operation RMB Integration EBS Migration Future Expansion Business process control owners have already began operating their monthly and quarterly access and transaction controls, and system administrators are continuing to investigate configuration changes as they occur. PwC is implementing Oracle Revenue Management and billing as ICE’s optimized billing solution, and will build custom connectors to allow RMB to interface with billing rules that will be implemented into Advanced Controls. In 2015, ICE will begin to migrate NYSE from EBS into ICE’s PeopleSoft environment. This will require consideration of the impact to Advanced Controls and may require changes to existing rules. As ICE becomes more comfortable with Advanced Controls capabilities and their existing solution, there will be opportunities to expand their use of the applications and increase the value they derive from it.
  • 21. Questions? Copyright: © 2014 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. Definition: PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.
  • 22. Contact Information: Stephen D'Arcy - Director (PwC) stephen.j.darcy@us.pwc.com Ph: 856.577.0022 Copyright: © 2014 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. Definition: PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.
  • 23. Follow Us & join the conversation . Oracle GRC Advanced Controls Group @OracleAdvCntrls
  • 24. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 25
  • 25. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 26