ERP Security as a Service 2017
- 1. Suffering from ERP Incident Management Fatigue? Segregation of Duty violations, Misconfigured setups, Unauthorized Master Data Changes, Suspicious Transactions, and Sensitive Data Vulnerabilities are common risks that can lead to Fraud, Waste and Regulatory Penalties. Invigorate your business with SPA Treatment Assess risk with access to leading Risk Advisors and ERP Experts. Mitigate risk with rapid deployment ERP Controls from our Smart Controls Cloud. Rapidly Remediate control violations with ERP Security and Control cloud services available to SPA members. SPA is available to clients running: Oracle EBS, PeopleSoft, JD Edward, Oracle GRC Manager 7.8, Oracle GRC Controls Suite (AACG, CCG, PCG, TCG), Enterprise GRC Manager, Oracle Internal Controls Manager (ICM), LogicalApps, Applimation Inegra. Additional applications and services may be added with Diamond SPA membership for extra fees. 1.866.5.Fulcrum www.fulcrumway.com Risk Treatment SPA Silver Gold Platinum Diamond Management Controls Concierge Service hours Per Request 40 hrs./qtr. 80 hrs./qtr. 160 hrs./qtr. Insight – Whitepapers, Educational Webinars Yes Yes Yes Yes Training Sessions 4 hr. session/year 8 hr. sessions/yr. 16 hr. sessions/yr. 32 hr. sessions/yr. Management Risk Assessment Option Annually Annually Semi-Annually Controls Software Management Per Request Quarterly-QA +Critical Patch +Upgrade Monitor User Access Option Quarterly Monthly Continuous Monitor User Roles Option Quarterly Monthly Continuous Monitor Master Data Option Option Continuous Continuous Monitor Configurations Option Annually Quarterly Continuous Monitor Transactions Option Annually Quarterly Continuous Monitor Database Access Option Option Quarterly Continuous Smart Controls Workbench™ DataProbe - Risk Discovery and Control Design Single User Five User Ten User Fifty User Access Controls 50 100 100 100 Transaction Controls Option 5 10 20 Configuration Controls Option 5 50 50 Master Data Controls Option Option 3 5 Worklfow Controls Option Option Option 5 Service Levels Response Time 5 business days 8 Hrs. 4 Hrs. 2 Hrs. Service Window 8AM – 5PM 8AM – 5PM 6AM – 6PM 24x5 Supplemental Work Market Rate 10% discount 15% discount 20% discount ERP Security and Controls Management Service Preference Agreement (SPA) for Risk Treatment
- 2. Mangement Controls Conceirge Leading experts with Audit and Compliance experience at public companies. Accreted Professionals with CPA, CIA and CISA Credentials. GRC experts with a combined experience at more than 200 enterprise clients in the past 10 years. Authored the first book on Oracle GRC. Experts also include certified IT analysts, system administrators and DBAs. Service Hours Total hours available per period to perform Control Concierge services excluding training sessions. SPA Client Service Manager is responsible for all work actions and effectively“owns”all aspects of SPA service delivery. The CSM works with the client to schedule work based on requirements. To ensure that all issues are addressed, issues are tracked and monitored in the Customer Portal – FulcrumACTS. Any member of the team can log an issue in FulcrumACTS. The SPA CSM will track and report on all issues. Issues will be classified by priority, criticality, and resolution period. The SPA CSM and Client SPA Contact review status of all issues on a periodic basis. Insight – Whitepapers, Peer Round tables Learn from our real world experience with assisting clients across all major industries, company sizes and geographic regions. Training FulcrumWay experts deliver live two hour Web-based training courses on a wide variety of Governance, Risk and Compliance management topics and systems. These essential training resources can help Internal Auditors, IT Managers, Financial Managers, Business Control Owners and other professionals get up to speed on the latest knowledge and GRC best practices. Management Risk Assessment Risk assessment includes Enterprise and IT assessment of risk based on FulcrumWay Risk Advisory Controls Catalog. Enterprise assessment includes a survey of selected employees, a weighted risk rating and a control certification such as SOX 302. The IT assessment includes segregation of duty, master data and change controls testing based on data provide by the client through scripts and data extraction tools such as DataProbeTM . Controls Software Management Perform technical maintenance and system administration tasks based on the SPA service level to ensure that the controls monitoring software and reports generate accurate and timely incidents for management actions. Monitor Users, Roles, Master Data, Configurations, Transactions, DB Monitor segregation of duty (SOD) and access policy violations by user and application roles. Monitor changes to sensitive attributes in master data objects such as supplier bank accounts, customer credit limits, etc. Monitor application configuration settings that impact financial reporting and operations. Monitor suspicious transactions such as split PO, duplicate payments to suppliers. Monitor users with access to database Smart Controls Workbench Discover weak controls and unmitigated risks using Dataprobe, a Windows based application risk analytics tool. Add new “smart”controls where the standard application controls are ineffective. For example, monitor all changes to the 3-way match setting in Payables, or Journal Entries reversed over a threshold amount. Download control templates from FulcrumWay Smart Cloud and enable business control managers to easily adjust them in controls workbench to fit their risk tolerance levels Response Time SPA clients use the FulcrumACTS (FACTs) system for issue management and tracking that immediately notifies the assigned support analyst of the issue, with follow-ups scheduled according to the designated service level outlined in the agreement. Service Window Service window is the time duration when the analysts are available to review and respond to client issues and tasks. Supplemental Work Supplemental work will be performed upon request for our SPA clients. A FulcrumWay Application Analyst will submit a work order for the supplemental work that will outline the tasks and estimated time effort. Upon approval of the work order by the client’s Application Manager, FulcrumWay will initiate the work effort in accordance with the business requirements. Supplemental work will be billed at the following hourly rates subject to SPA level discounts. Advanced Controls Lab Access FulcrumWay hosts and maintains ERP Applications, GRC Software, Controls Catalog and Risk Management Tools for our clients to test drive each solution. Access to these services and software enable SPA clients to confirm the business case and the most optimal approach for meeting the business needs before investing internal resources to implement the selected solution(s). Industry Events Discount Receive discounts on travel costs and registration fees to GRC, Audit, and IT events including: OAUG Client Dinner, Open World GRC Round Table, IIA, ISACA, Gartner, Compliance Week, and others. Annual Fees Annual Fee is due upon signed agreement. Client has the option to change the services during the contract period. Client can upgrade the SPA level by paying the difference. However, the fee is non-refundable if client downgrades the SPA. FulcrumWay reserves the right to change its pricing from time to time, provided that no such change will be effective until at least thirty (30) days after FulcrumWay has given the Customer written notice of such change. One Time Setup Fee The setup fee includes onsite review of client processes, controls, systems and audit issues to determine the scope of Service Level Agreement (SLA). Clients that sign-up for the SPA services within 60 days of the initial deployment/engagement can avoid the Setup Fee. Description of Service Options