Oracle Fusion Cloud Risk Management Configuration change - Fraud

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Oracle Risk Management Cloud
Implementation Workshop
Advanced Financial Controls
May 2019

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is
intended for information purposes only, and may not be incorporated into
any contract. It is not a commitment to deliver any material, code, or
functionality, and should not be relied upon in making purchasing
decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole discretion
of Oracle.

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 4
Agenda
Introduction to Advanced Financial Controls
Configuring Advanced Financial Controls
Demonstrate value and functionality of AFC with Hands-on
labs
Validate key setups and configurations
Audit Transactions
Discussion and Q&A
1
2
3
4

Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 5
Secure Role Design (SoD)
Secure Assignment of Roles to Users (SoD)
Certify User Access
Validate Key Setups
Audit Transactions
Streamline Control Management
Before Go-Live
After Go-Live

Standard + Advanced Controls
Cluster
Analysis
Split
Purchase
Orders
Anomaly
Detection
Unusual
Manual JEs
Audit 100% of
transactions
Setup
Changes
Fine-grained
User Access
Audit Trail
Analysis
Benford
Analysis
Fuzzy Logic,
‘similar
values’
Advanced
Controls
Role based
access
Audit Sample
transactions
Approval
Hierarchies
Standard
Controls
Expense
Receipt
Required
3-Way Match

Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Pay Suppliers
Source
Purchases
Maintain
Suppliers
Process
Invoices
Control spend and simplify supplier payments
Streamline Source-to-Pay
Create
Requisitions
Process Purchase
Orders
Receive
Goods
5
Audit & Pay Expense
Reports
Review payment term changes
before payment.
Investigate when person making
payment created/modified the Supplier
Check for discrepancies
in freight charges
Review unauthorized changes
to Supplier information
Monitor for duplicate
Suppliers
Check for inappropriate
associations between a
vendor and an employee
Investigate POs created on
the day goods arrived
Monitor for purchases with
non-preferred Suppliers
Check for
duplicate POs
Check for split POs

Role of AFC during Business Process design
Oracle Confidential –
8
• When designing your business process such as Payables, think
about the configurations that you will need to implement
• Customers often decide not to have configurations in their
business process that are too restrictive
– For eg. While associating Purchase Orders with Payables Invoices should there be a
business rule that restricts this association if the PO has been back-dated.
• AFC can continuously monitor your transactions for anomalies
and fraud and help determine if more restrictive configuration is
required
– Eg. Monitor Payables Invoices that have backdated POs

Graphical
Authoring
Workbench
Library
of
User
Defined
Controls
Incidents
Workbench
Confidential – Oracle Internal/Restricted/Highly Restricted 9
9
Security &
Transaction Data
Enterprise
Data Graph
SELF-LEARNING
FEEDBACK LOOP
Pareto Analysis
Clustering
Fuzzy Matching
Anomaly detection
Ontology
Based
Policy
Engine
Semantic
Reasoning
Pattern
Reasoning
Data Analysis
Engine
Benford Analysis
Algorithms
Acquire Data
Enrich &
Manipulate
Label Data Refine Models
Deploy
Algorithms
Act on Results
Embedded Data Science for Automated Controls within Oracle SaaS

Advanced Financial Controls Basics
10

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 11
Transaction Model
• A Transaction Model defines the logic for detecting unwanted transactions
and/or risky configurations within your organization’s payable or expense
business processes
• A Transaction Model is used to test and validate a control design to ensure
the control is designed effectively before deployment
• Results displayed by the transaction model are temporary because they are
replaced each time the model is run.

Components of a Transaction Model
Business Objects
- Logical definition of
a business entity
- Comprises of data
contained in
transactions and
master data/setups
Model Logic
Conditions that
identify risky
transactions
Result Attributes
Required business
object attributes
to specify incident
details

Transaction Model
Business Objects
Model Logic
Result attributes

Transaction Control
• A Control is created by deploying a transaction model.
• A Control adopts the model’s risk logic and result attributes and has additional
attributes to specify result type and incident assignees
• Results generated by the control analysis are called incidents, which are
dispositioned by incident assignees.
• Unlike Model results, a control’s results (a.k.a incidents) are permanent records in
the system (records of control violations)

Transaction Control
Perspectives
Result Type
Model Logic

Differences between Models and Controls
Oracle Confidential – Internal/Restricted/Highly Restricted 16
Model Control
Defines logic to identify risky transactions /
setups
Adopts logic from Model
Logic can be fine-tuned Logic is locked down and cannot be changed
Running model analysis replaces prior
analysis results
Running control analysis updates prior result
status (a.k.a incidents) and creates new
incidents, if any.

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 17
Best Practice Process: Advanced Financial Controls
Identify
Unwanted
Transactions
Deploy
Controls
Address
Issues
Report
Results
17
Create Models and
assess results
Remediate unwanted
transactions where feasible
Ensure models generate
actionable volume of results
Convert Models to
Controls
Run Control Analysis
periodically
Manage incidents - options:
Remediate transactions
Adjust ERP configuration
Add compensating access
controls
Report incident
management results to
managers, auditors
All subscribers start by automating this process

Best Practice Solution: Advanced Financial Controls
18
Admin
Internal
Auditor
Business
Analyst
Process
Owner
1. Gather
configuration
data
2. Setup Adv
Financial Controls
(general, roles,
users)
3. Import
Pre-built
Models
4. Test &
Refine
Models
5. Review
Results &
Remediate
6. Deploy
Controls
7. Schedule Sync &
Control
Analysis
8. Review
Incidents &
Remediate
9. Review
Incident
Reports
Implementer should guide and train the users to perform their activities in Adv Controls

Planning for Implementation
• Review the
Get Started Note for Oracle Risk Manage
ment Cloud
• Review the Discovery Questionnaire for
detailed set of questions to gather
configuration information for Advanced
Controls Implementation
Discovery
Questionnaire

Copyright © 2016 Oracle and/or its affiliates. All rights reserved.
Pre-built Financial Controls
Business Area Model Name Description
Payables 30001 : Duplicate Payables Invoices Identify payables invoices in the last six months where the supplier, invoice date, and
invoice amount are the same
Payables 30002 : Duplicate Suppliers and Sites Identify potential duplicate suppliers and sites with the same country, bank name, bank
account number, and with similar supplier name and address
Payables 30003 : Backdated Purchase Orders Identify purchase orders created in the last three months and created after the payables
invoice date
Payables 30004 : Payables Invoice Amount Exceeds
Average Variance for Supplier
Identify large invoice amounts in the last two months that represent a higher percentage
variance than the average for a supplier
Payables 30005 : Payables Invoices for One-Time
Suppliers with Similar Names
Identify payables invoices issued in the past year to suppliers with similar names who are
flagged for one-time use
Payables 30006 : Unpaid Payables Invoices for New
Suppliers
Identify unpaid payables invoices in the last two months from new suppliers or little-
used suppliers
Payables 30007 : Unpaid Payables Invoices for Debarred
Suppliers
Identify payables invoices in the last two months for debarred suppliers with similar
names
20

Pre-built Expense Controls
Expense 31001 : Expenses over Meal Limits Identify submitted meal expenses in the last three months that are over the policy limit
Expense 31002 : Expenses with Both Meal and Per
Diem on the Same Day
Identify employees who submitted expense reports in the last three months with both
meals and per diem on the same day
Expense 31003 : Employees Missing Expense Receipts Identify employees who submitted expense reports in the last three months where
missing receipts were higher than average
Expense 31004 : Duplicate Expenses Submitted by
Employee for Reimbursement
Identify employees who submitted expense reports in the last three months where the
expense type, amount, date, and currency are the same
Expense 31005 : Personal Credit Card Transactions
Submitted for Expense Reimbursement
Identify personal credit card purchases submitted as cash expenses in the last three
months
Expense 31006 : Duplicate Expenses Submitted by
Different Employees
Identify expenses submitted in the last three months by different employees, for which
the amount, date, and currency are the same, and which cover similar attendees of an
event
Expense 31007 : Expense Charges Split for an Event Identify expenses submitted in the last three months where more than one expense has
the same date with similar merchant name and amount
Expense 31008 : Expenses for Watchlist Merchants Identify expenses submitted in the last three months for merchants on the watchlist
21

Pre-built GL Controls
22
General
Ledger
32001 : Dormant GL account activity GL Accounts with no activity in a given period
General
Ledger
32002: Manual Journals Posted After Period Close
Date
GL account activity after Period Close

Pre-built Procure-to-Pay & SCM Controls
23
Payables 40001 : Supplier and Payables Invoices Created by the
Same User
Identify payables invoices created in the last six months by the user who
created the corresponding supplier or supplier site
Assets 40002 : Same user created Asset Workbench entries and
took Physical Inventory
Same user created Asset Workbench entries and took Physical Inventory
SCM 40003 : Same user created Items and Inventory
Transactions
Same user created Items and Inventory Transactions
Payables 40004: Payment Process Request Created by Same User
Managing Suppliers
Identify Payment Process Request created by the same user who manages
suppliers.

Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 24
Pre-built Audit Controls
Business Area Model Name
Payables 60001 : New Bank Account added for any Supplier
Payables 60002 : Frequent Changes to Supplier Bank Account Details
Payables 60003 : Frequent Changes to Supplier
Payables 60004 : Frequent Changes to Supplier Sites
Payables 60005 : Frequent Changes to Supplier Payment Methods
HCM 60006: New Payment Method Added to Employee
Payables 60007 : Supplier Bank Accounts touched Over the Weekend
Common 60008: Additions and Deletions to Data Roles
Common 60009: Updates to Data Roles
Common 60010: Additions and Deletions to Profile Options
Common 60011: Updates to Profile Options

Copyright © 2016 Oracle and/or its affiliates. All rights reserved. 25
Pre-built Audit Controls
Business Area Model Name
SCM 60012: Additions and Deletions to Item Master
SCM 60013: Updates to Item Master
Common 60014: Additions and Deletions to Key Flex-field Cross Validation Rules
Common 60015: Additions and Deletions to Security Profiles
Common 60016: Updates to Security Profiles
HCM 60017: Frequent Changes to Salary

Accessing Pre-built Content from MOS
• Navigate to MOS
Note Doc:
2350138.1
• Click on the
relevant Patch
• Download the
patch zipfile
• Extract content
of the zipfile in a
local folder

Setup Transaction and Audit Data Synchronization Limits
• Transaction Performance Configuration is used to limit the amount of Financials Cloud
transactions retrieved by AFC for control analysis
• Audit Performance Configuration is used to limit the amount of Financials Cloud audit
data retrieved by AFC for control analysis
• Transactions Created As of Date and Audit Events Created As Of Date influences:
• Datasource Synchronization durations
• Run durations of AFC transaction and audit models/controls

Setup Transaction and Audit Data Synchronization Date Limits
• Navigate to Risk Management
Tools -> Setup and
Administration
• From right hand Panel Drawer -
> Manage Application
Configurations
• Enter a Transactions Created
As of date as 1/1/2018
• Enter a Audit Events Created
As Of date as 1/1/2019

Data Synchronization
• Models evaluate transactions completed in Financials Cloud.
• Data Synchronization ingests data from Financials Cloud instance into
AFC.
• The first synchronization job is always a Full Sync and may take
considerable amount of time depending on the volume of transactions
in Financials Cloud for the business objects in your models
– To limit of volume of data to be analyzed by AFC, specify a
Transactions Created As of Date of not more than 1 year before
current date
Note: If the Transaction Created As of Date is changed after implementation,
a Rebuild Graph may be necessary that deletes existing transaction data
from AFC and copies transaction data as of the new As of Date . This may
take considerable amount of time.
• A Datasource synchronization job pulls only the changes made in
Financials Cloud since the last data synchronization.
– Example: If the Data Synchronization job was run on 05/01/2019
2:00 PM, then the next Synchronization job will sync all the changes
to the data between 05/01/2019 2:00 PM and current run date.

Model vs Datasource Synchronization
Model Synchronization Datasource Synchronization
Ingests data from Financials Cloud instance
into AFC
Ingests data from Financials Cloud instance
into AFC
Synchronizes business object data of a
single AFC model
Synchronizes business object data of all
AFC models and deployed AFC controls
currently in the application
Cannot be used to perform incremental
synchronization of data
Should be used on an ongoing basis to
periodically synchronization incremental
changes in Financials Cloud data

Certify User Access
Validate Key Setups
Audit Transactions
Before Go-Live
After Go-Live

Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 32
Configuration Controls for Oracle Financials Cloud
• The behavior of Oracle Financials Cloud is determined in large part by its
configuration settings
– The wealth of available settings gives your business the flexibility it needs to compete
and thrive
• Broadly, configurations include:
– Setup values influence overall application behavior - everything from when your fiscal
year starts to how payments are approved, and so much in between, including your
accounting structure and what users can do
– Master data describe discrete entities like suppliers and contracts - both their
characteristics and how Financials Cloud handles them

• The lifecycle of each configuration setting…
– Starts with its initial entry in Financials Cloud
– Later, Financials Cloud users and administrators change many settings as
circumstances dictate - for example because of a change to business policies, or to an
entity described by a master data record
– Those ongoing changes represent the bulk of the risk associated with configurations -
were changes planned, reviewed and approved before they were made?
– A draconian solution would employ elaborate preventive control over those steps; in
contrast, a streamlined approach is to let change flow, and to watch for possible
issues; Oracle's automation supports the latter

• Financials Cloud’s control automation for configurations has two primary
components:
• Audit Policies track configuration change
– Available for a wide range of Financials Cloud configurations.
– Can be enabled and disabled at will; while enabled, they build a permanent record of
new configuration settings and changes to existing ones
• Advanced Financial Controls identify changes that need attention
– Analyzes the permanent record to identify troublesome changes

Top Ten Configuration Controls for Oracle Financials Cloud
• Has a period's ledger been altered?
– The changes could necessitate an
accounting audit, and if significant
changes occurred after you reported
financial results, restatement of
results.
• How about journal entries or
accounting rules?
– The former are the foot soldiers of
accounting, and the latter the generals
- corruption at either level spells
trouble.
• Have suppliers' information
changed unexpectedly - e.g., bank
accounts, payment methods, sites,
or contacts?
– Any could be the result of a scam
intended to route payment to a
fraudster.
• Has a supplier's information
changed frequently, or outside
business hours?
– Neither should be necessary in
healthy business activity; they could
indicate fraud, or simply inefficiency -
e.g., a frequent alternation between
two values to work around the need
for better process.
• Have Supply Chain item masters
changed unexpectedly - e.g.,
– Were unnecessary items added to bills
of materials, or manufacturing/supply
lead times and safety stock levels
manipulated, to trigger unnecessary
orders?
– Have changes to cost of goods been
made to engineer a better budget or
forecast (tainting your accounting in
the process)?
• Were contract lines altered?
– Items, amounts and terms could be
changed in collusion with
counterparties to bilk your business.
• Did site or user Profile Options
change unexpectedly?
– This trove of preferences, installation
settings, configuration choices, and
processing options affects nearly
every aspect of Financials - are
changes innocuous or hacks? Find
patterns of the latter.
• How about Data Roles and Security
Profiles?
– Two more deep and pervasive types
of configuration - do changes indicate
illicit broadening/heightening of
privileges?
• Did Flexfield Cross Validation Rules
change?
– These are often an uncharted - or at
least untamed - territory in the world
of configuration, since there are no
common standards or rules - they are
all invented by your business. They
might change only rarely, but when
they do, heads up - their effects can
spread across entire business
processes, with unintended
consequences.
• Have Receiving parameters
changed unexpectedly - e.g.,
– do you suddenly allow the receiving
location to differ from the ship-to
location (with tax, inventory, and
restricted territory impacts)?
– Did your late receiving tolerance
increase?
– How about tolerance for receiving
more than approved?
– How often was receipt routing
overidden?

Top Ten Configuration Controls for Oracle Financials Cloud
• How to Take Control
1. Log into Financials Cloud as an administrator and visit "Manage Audit Policies." Choose
the configuration attributes to track.
2. Log into Financials Cloud as an Advanced Financial Controls user and visit "Models."
Choose the models that will identify changes of greatest interest, and run analyses to
see those changes. Then convert the models to controls, and relax - Advanced Financial
Controls will let you know when new changes of interest occur.
• To learn more:
– Audit Policies: https://docs.oracle.com/en/cloud/saas/financials/19a/fafcf/maintain-
common-reference-objects.html#FAFCF2611713
– Advanced Financial Controls:
https://cloud.oracle.com/en_US/risk-management-cloud/features

After go-live:
Track Key Setups (AP, AR, GL, etc.)
Confidential – Oracle Internal/Restricted/Highly Restricted

Analyzing Setups in ERP & HCM Cloud
Fusion SaaS Foundation
Setup Manager
Specify setup values
Export/import/compare snapshots
Audit Policy
Track changes
ERP & HCM Cloud
Risk Management
Analyze setup values Analyze setup changes

Advanced Configuration Controls
39
• Continuously monitor ERP configurations
• Track ERP master data changes
• Automate risk-based change-tracking
– Multiple changes to a Bank Account in 24 hours
– Multiple changes to a sensitive role in a single day
– Changes to GL intercompany rules
• Filter based thresholds like frequency and
amount
• Configure 200+ setups across AP, AR, GL
etc.
• Manage exceptions using simple
workflows

Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 40
How AFC Analyzes Setup Changes
Before go-live customer
enables audit policies
on ERP Cloud objects
After go-live, audit data is
generated recording
changes to setups,
configurations
Advanced Financial
Controls ingests this audit
data
AFC analyzes audit data
using pre-built audit
models
AFC finds issues that
needs to be remediated

Lab 1
Your customer is concerned about potential fraudulent activities related to
new supplier bank accounts, and wants to track this using the pre-built
audit tracking model 60001: New Bank Account Added to Supplier
Fine tune the model logic to analyze new bank accounts added on
weekends.

Your customer is concerned about potential fraudulent activities related to new supplier bank accounts,
and wants to track this using the pre-built audit tracking model 60001: New Bank Account Added to
Supplier.
Fine tune the model logic to analyze new bank accounts added on weekends.
Tasks
• Login as philip.kent
• Download provided model xml file to your desktop, edit the file ‘Your_Name_New Bank
Account Added to Supplier.xml‘, rename to ‘<Your Name>: New Bank Account Added to
Supplier.xml‘, then save the file
• Navigation –> Advanced Controls Management icon -> Advanced Controls icon -> Models tab
• Import model ‘<Your Name>: New Bank Account Added to Supplier‘
• Run Model analysis and view Model Results
• Modify the logic to analyze new supplier bank accounts added on weekends
• Run model and view results

Step 1: Download and Edit Provided Model File
• Download the provided pre-
built model file ‘Your Name_
New Bank Account Added to
Supplier.xml’ within Lab 1
folder to your desktop.
• Copy and rename file to <Your
Name>_New Bank Account
Added to Supplier.xml
• Open this file is an editor as
shown
• Change the value of the tag
<name> to <Your Name>: New
Bank Account Added to
Supplier
• Save the file

Step 2: Import model from downloaded xml file
• Login as Philip.kent
• From Models Page,
launch Import wizard
• Select Actions -> Import

Step 2: Import model…contd
• In the ‘Import File’ train
stop:
– Browse and select the edited
‘<Your Name>_New Bank
Account Added to
Supplier.xml’ file
• Click Next

• In the ‘Select Items’ train stop search and select model <Your Name>: New Bank Account Added to Supplier
• Navigate to the ‘Review’ train stop by accepting defaults
• Finish Import by clicking ‘Submit’
• After the Import job completes, you should see the model in your Models page

Step 3: Review Model Logic
• On the Models
page:
– Search and click the
model ‘<Your Name>:
New Bank Account
Added to Supplier’

Step 3: Run Model Analysis
On the Model
Definition page:
• Review the model
logic
• Click ‘Run’ to run
model analysis

Review Types of Standard Filter Usage
A standard filter testing a literal value
–condition involves a constant value.
A standard filter testing another BO attribute value
–condition involves a value supplied by another BO attribute)

Step 3: Monitor Model Analysis Job
• Check Model Analysis
job status by navigating
to Monitor Jobs page
using the ‘Related Links’
icon
• When job completes,
navigate back to the
model definition page
• Click Done to return to
Models page
• On Models page, search
for your Model and click
on the Results count
link

Step 4: View Model Results

Step 5: Sort the results and recent bank account additions
On the results
page, sort
descending on
column ‘Audit –
Supplier Bank
Accounts.Date’
to view the
recent bank
account
changes

Fine-tuning a Transaction Model
• Results do not satisfy model goals
– Eg. for a model identifying invoices and suppliers created by the same user, results
are returning all invoices, while I’m interested only in high value invoices that are
unpaid and not cancelled
• Focus the model logic to get tighter results
• False positives in the results
• Excess result attributes
– More attributes in results than necessary for remediation actions
When should I fine-tune a model?

Process of Fine-tuning Transaction Model Results
Are False
Positives/
Excess results
acceptable?
YES
Revise Model
Logic
Ready to
remediate results
NO
Run Model
Analysis and
review Model
Results

Fine Tuning Model Results - Example
Supplier Name Invoice Date Invoice Amount Invoice Number Payment Status
Advanced Corp 11/15/2017 1939.50 ERS-602065-241613 Y
Dell Inc. 12/15/2017 5204.25 ERS-602105-241653 N
EIP Inc 10/15/2017 3510.80 ERS-602053-241539 N
• You are interested in Invoices that are unpaid
• You are interested in invoices > 5000

Step 6: Refine the Model Logic
• From the Models page, search and edit your model ‘<Your Name>: New Bank Account Added to Supplier’
• Change the first filter by clicking the blue arrow on the bottom left corner of the 1st
filter

Step 7: Save Model and Re-run analysis
• Click Save as shown
to save the model
• Run Model analysis
by clicking on ‘Run’
• Check Analysis job
status by navigating
using the ‘Related
Links’ icon

• Click Cancel to return to the
Models page
• On Models page, search for your
Model and click on the Results
count link
• On Results page, check ‘Display
Timestamp’

Lab 2 (Practice Lab)
Your customer is concerned about changes made to supplier payment
methods, and wants to implement the pre-built audit tracking model
60005: Frequent Changes to Supplier Payment Methods
Fine tune the model to show suppliers where changes where made to
payment methods more than 3 times in the last year

Your customer is concerned about changes made to supplier payment methods, and wants to implement
the pre-built audit tracking model 60005: Frequent Changes to Supplier Payment Methods
Fine tune the model to show suppliers where changes where made to payment methods more than 3
times in the last year
Tasks
• Download provided model xml file to your desktop, edit the file ‘Your_Name_Frequent Changes
to Supplier Payment Methods.xml‘, rename to ‘<Your Name>: Frequent Changes to Supplier
Payment Methods.xml‘, then save the file
• Import model ‘<Your Name>: Frequent Changes to Supplier Payment Methods ‘
• Modify the logic to show suppliers where changes were made more than thrice in the last year
• Run model and view results

Step 1: Download and Edit Provided Model File
• Download the provided pre-built
model file ‘Your_Name_Frequent
Changes to Supplier Payment
Methods.xml’ within Lab 1 folder
to your desktop.
Name>_Frequent Changes to
Supplier Payment Methods.xml
• Open this file is an editor as
shown
<name> to <Your Name>:
Frequent Changes to Supplier
Payment Methods
• Save the file

Step 2: Import model from downloaded xml file
• Login as Philip.kent
launch Import wizard
• Select Actions -> Import

• In the ‘Import File’ train
stop:
– Browse and select the edited
‘<Your Name>_Frequent
Changes to Supplier Payment
Methods.xml’ file
• Click Next

• In the ‘Select Items’ train stop search and select model <Your Name>: Frequent Changes to Supplier Payment Methods
• Navigate to the ‘Review’ train stop by accepting defaults
• Finish Import by clicking ‘Submit’
• After the Model Import job completes, you should see the model in your Models page

On the Models page:
• Search and click the
model ‘<Your Name>:
Frequent Changes to
Supplier Payment
Methods’

On the Model
Definition page:
• Review the model
logic
• Click ‘Run’ to run
model analysis
Standard Filters
connected by AND
Standard Filters
connected by OR

Step 4: Monitor Model Analysis Job
• Check Model Analysis
job status by navigating
using the ‘Related Links’
icon
• Click Done to return to
Models page
• On Models page, search
for your Model and click
on the Results count
link

Step 6: Sort the results and identify Supplier with most changes
On the results
page, sort
descending on
column ‘Count of
supplier payment
methods…’ to view
the supplier with
most changes to its
payment methods

Or search for a suspicious payment method
On the results page, search for ‘Outsourced’ in column ‘Payment Method New’ to view the
Supplier whose default payment method was changed to ‘Outsourced Check’

Step 7: Refine the Model logic
• From the Models page, search and edit your model ‘<Your Name>: Frequent Changes to Supplier Payment Methods’
• Edit filter by clicking the blue arrow on the bottom left corner of the filter ‘Count of supplier payment method…’
• Change the filter name to ‘Count of supplier payment methods additions or updates more than thrice’
• Change the Condition to ‘Greater Than’ and Value to 3

Step 8: Save Model and Re-run analysis
• Click Save as shown to
save the model
• Run Model analysis by
clicking on ‘Run’
• Check Analysis job status
by navigating to Monitor
Jobs page using the
‘Related Links’ icon
using the < icon to the
left of ‘Monitor Jobs’
title

• Click Cancel to return to the
Models page
• On Models page, search for your
Model and click on the Results
count link
• On Results page, sort
descending on column ‘Count of
supplier payment methods…’

Advanced Transaction Controls
74
• Continuously monitor ERP transactions
• Audit 100% of transactions
– POs, Invoices, Expense Line Items,
Compensation, Payroll etc.
• Detect high-risk scenarios like Duplicate
Invoices, ghost employees etc.
• Compose new algorithms using a visual
workbench
• Use statistical techniques like clustering,
anomaly, Benford uncover risk
• Manage exceptions using simple
workflows

Certify User Access
Validate Key Setups
Audit Transactions
Before Go-Live
After Go-Live

After go-live - Step 5:
Audit Fraudulent/Erroneous Transactions (AP, GL, Exp, etc.)
Confidential – Oracle Internal/Restricted/Highly Restricted

Lab 3
Your customer wants to implement the pre-built model 40001: Supplier
and Invoices created by the same user, but requires the following change to
the filter logic:
- Only consider Invoices that have NOT been paid
- Only consider Invoices that are not cancelled
Learn to import a simple
pre-built model and tweak
the model logic to suit
your customer
requirements. Deploy the
model as a control and
review incidents.

Your customer wants to implement the pre-built model 40001: Supplier and Invoices created by the
same user, but requires the following change to the filter logic:
- Only consider Invoices that have NOT been paid
- Only consider Invoices that are not cancelled
Tasks
• Download pre-built model xml file to your desktop, edit the file and rename model name from ‘Your Name: Supplier
and Invoices created by the same user‘, to ‘<Your Name>: Supplier and Invoices created by the same user‘, then save the
file
• Import model ‘<Your Name>: Supplier and Invoices created by the same user‘
• Next, edit the model and add a filter Payables Invoice.Invoice Payment Status Indicator= ‘N’ and Payables
Invoice.Cancellation Date is blank
• Move the newly added filters before the OR filters
• Add “Invoice Payment Status Indicator” as result attribute
• Once the job has completed, click ‘View Existing Results’ to view model results

Step 1: Download and Edit Pre-built Model File
• Download the provided pre-built
model file ‘Your
Name_Supplier_and_Payables_Inv
oices_Created_by_the_Same_User.
xml’ within Lab 1 folder to your
desktop.
Name>_Supplier_and_Payables_In
voices_Created_by_the_Same_Use
r.xml
• Open this file is an editor as shown
<name> to <Your Name>: Supplier
and Payables Invoices Created by
the Same User
• Save the file

Step 2: Import Pre-built Model
launch Import
wizard
• Select Actions ->
Import

Step 2: Import Pre-built Model…contd
• Browse and select ‘<Your
Name>_Supplier and
Payables Invoices Created
by the Same User’ xml file
• Select identified model in
the ‘Select Items’ train
stop
• Navigate to the ‘Review’
train stop by accepting
defaults
• Finish Import by clicking
‘Submit’

From the Models
overview page:
• Click model ‘<Your
name>: Supplier and
Payables Invoices
Created by the Same
User’
• Review Model logic
and Result attributes

Step 3: Review Model Logic…contd
<Your Name>: Supplier and Payables Invoices Created by the Same User

Step 4: Refine Model Logic
• Navigate to model definition
page for ‘<Your Name>: Supplier
and Payables Invoices Created by
the Same User’ in edit mode
• Click the ‘Add Filter’ button
• Enter filter for Unpaid Invoices
and click OK
• Follow the above steps to add a
filter for Invoices that are not
Cancelled
• In the Result Display section, add
‘Payables Invoice.Invoice
Payment Status Indicator’ and
‘Payables Invoice.Cancellation
Date’ attributes to ‘Selected’ list
using the shuttle
• Click Save.

Step 4: Refine Model Logic: Move order of added filters
• From the model definition
page for ‘<Your Name>:
Supplier and Payables
Invoices Created by the
Same User’
– Drag and drop filter “Unpaid
Invoices” on the 1st filter on
the model logic diagram.
– Select ‘AND’ when prompted
for the Operator
– Drag and drop filter “Invoices
not cancelled” on the
“Unpaid Invoices” filter on
the model logic diagram.
– Select ‘AND’ when prompted
for the Operator

Step 5: Edit Result Attributes
• Navigate to the model definition page for ‘<Your Name>: Supplier and
Payables Invoices Created by the Same User’
• In the Result Display section, add ‘Payables Invoice.Invoice Payment
Status Indicator’ attributes to the ‘Selected’ list using the shuttle
• Click Save.

Selecting Result Attributes
• Filters along with Result Attributes constitute when a new incident is
created.
• Adding frequently changing attributes such as Last Updated Date, Last
Updated By will cause existing incidents to be closed and new incidents to
be opened each time the value of these attributes change and control
analysis is run.
Recommended Practice

Step 6: Run, View and Sort Model Results
From the model definition
page for ‘<Your Name>:
Supplier and Payables
Invoices Created by the
Same User’
• Click ‘Run’
• Click ‘Monitor Jobs’ from RHS
panel drawer
• Monitor Job status.
• Once completed, close the
Monitor Jobs page to return to
Model definition page
• Click on ‘View Existing Results’
• Review Model Results
• Click the sort button for
‘Payables Invoice.Amount’ to
sort from highest to lowest
amount

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 89
When there are many results
• Focus on transactions over a higher threshold
– E.g., transactions with amounts over a higher value than the original threshold
• Focus on transactions with a particular status
– E.g., unpaid or paid
• Focus on a party to the transaction
– E.g., ERP/HCM user, Supplier, Customer, etc.
– Select a sample party based on the volume of results returned for each party
– Set filter to show that party’s results
• Focus on a business segment
– Set filter to show results of a single Country, Business Unit, Department, Legal Employer,
Location, etc.

Remediate model results as much as possible
–Resolve issues in Financial Cloud by modifying ERP configuration or fixing
transactions
• Eg. in a duplicate invoice model, if many duplicate invoices are found, check business
rules in ERP Cloud allowing duplicate invoices to be created;
• if business rules have been correctly configured in ERP Cloud, fix duplicate invoices by
cancelling them or putting them on hold
Review Results and Remediate
Recommended Practice

Have you fine-tuned the model logic to get a tight result set?
Have you ONLY added the result attributes relevant for remediation
activities?
Can the remaining results no longer be remediated?
Are you comfortable showing the remaining results as control incidents and
can act on them?
If not, will you be able to accept the incidents you cannot act on?
Have you done everything possible to reach this result set?
Am I done fine-tuning the Model?
Review Checklist

Step 7: Deploy Transaction Control
• Select “Controls” tab
• Click on Actions -> Deploy Transaction
Controls
• Select <Your Name>: Supplier and
Payables Invoices Created by the
Same User
• Click Next

• On “Details” train stop , enter:
– Priority = <a number value used for reporting purposes to help prioritize the controls and results that are
generated from this control>
– Status = “Active”
– Result Type = “Incident”
– Enforcement Type = “Monitor”
• Navigate to the final step ‘Review’
Step 7: Deploy Transaction Control…contd

Step 7: Deploy Transaction Control…contd
• On “Review” train stop:
– Review all inputs
• Click Submit

Step 8: Run control analysis
• Search for the
deployed control
• Click on it to view
the control details
and logic
• Click done
• Select the control ->
Actions -> Run
• Note the job ID

Step 8: Run control analysis…contd
• Click ‘Monitor Jobs’
from RHS Panel
Drawer
• Review Job status

Step 9: View Control Incidents

Step 10: Manage Result Columns
• On the ‘Results’ page click on
View -> Columns -> Manage
Columns
• Select all Result Attributes as
your Visible columns

Review Incident
in Worklist*
Risk is
acceptable?
NO
YES
Fix transactions
in Financial
Cloud
Process for Reviewing and Remediating Control Incidents
Update incident
status to “Accepted”
Update incident
status to
“Resolved”
*Incidents are assigned to an investigator based on perspective assignment
Update incident
status to
“Remediate”

• Resolve issues in Financial Cloud by reviewing/modifying ERP configuration or
fixing transactions
• Eg. in a duplicate invoice model, if many duplicate invoices are found, check business
rules in ERP Cloud allowing duplicate invoices to be created;
• if business rules have been correctly configured in ERP Cloud, fix duplicate invoices by
cancelling them or putting them on hold
• Remediation of payables control incidents may also require analyzing access
of users involved in these unexpected transactions
• Remediation of expense control incidents may require reviewing ERP
configurations such as policy thresholds
Remediation of Incidents

When do Incidents Close?
AFC incidents can close under these circumstances:
–Issue is resolved in ERP Cloud
• Eg. for a duplicate invoices control, cancel the duplicate invoices identified by control analysis
–Control is inactivated

Incident Closing Lifecycle
CONTROLS LOGIC
ERP CLOUD USER
FIXES ISSUE
Example:
Cancels Invoice
AFC ENGINE AUTOMATICALLY
CLOSES INCIDENT(S)*
AFC DATA SYNC
CONTROL
ANALYSIS
* If the AFC engine no longer determines an existing incident to be an issue
Example:
1. The “Back Dated PO” control logic includes a filter “Invoices not Cancelled”
2. Control analysis has detected Invoice Id: XYZ as an incident
3. As part of remediation, user cancels Invoice XYZ in Financial Cloud
4. During a subsequent control analysis run, the system will close the incident for the Invoice Id XYZ.
Control is
inactivated

Lab 4
Your customer wants to identify if there are duplicate invoices for any
Supplier. This exercise will show how one can identify such records by
looking for Similar Invoice Numbers, for invoices with identical Supplier Id,
Invoice Date, and Invoice Amount.
Learn to build a model that
employs fuzzy logic to
identify potential duplicate
invoices in your customer’s
payables

Your customer wants to identify if there are duplicate invoices for any Supplier. This exercise will show
how one can identify such records by looking for Similar Invoice Numbers, for invoices with identical
Supplier Id, Invoice Date, and Invoice Amount.
Tasks
• Click Actions -> Create Transaction Model
• Enter Model Name – “<Your Name> Duplicate Payables Invoices”, Click on icon for Add Model Object
• Search and add Supplier and Payables Invoice BOs by clicking + icon, Click Done
• Click Add Filter, Enter Filter Name
• Create the following filters
– Payables Invoice is within last 12 months (use Relative_Date)
– Supplier Id is not Blank (Payables Invoice.Supplier Id is not blank)
– Payables invoice is not cancelled (Payables Invoice.Cancellation Date is blank)
– Supplier Id is same
– Invoice Date is same
– Invoice Amount is same
– Invoice Number is 70% similar.

Tasks (contd)
• Select Attributes for display in Results – Supplier Name, Invoice Number, Invoice Date,
Invoice Amount, Invoice Currency, Payment Status, Supplier Type
• Run model analysis and note the job number that is created
• Click Monitor Jobs from Right-hand side panel drawer.
• Once the job has completed, click ‘View Existing Results’ to view model results
• Edit Model logic to increase Similar % from 70% to 90%
• Run model analysis – did the results count go up or down?

Step 1: Navigate to Create Transaction Model
• Click on Advanced
Controls
Management icon
• Click on Advanced
Controls icon
• Click on Models
tab
• Click on Actions ->
Create Transaction
Model

Step 2: Add Model Object
• Enter Model Name
– “<Your Name>
Duplicate Payables
Invoices ”
• Click on + icon next
to Model Objects

Step 3: Search and add BO
• Search for
“Supplier” BO
• Select by clicking +
icon
• Click Done

Step 4: Search and add BO
• Search for
“Payables Invoice”
BO
• Select by clicking +
icon
• Click Done

Step 5: Build Model Logic
• Click Add Filter
• Enter Filter Name “Payables Invoices Within
Last 12 Months”
• Select
– Object : Payables Invoices
– Attribute : Date
– Condition : GT or Equal To
– Type Relative_Date
– Value : 12
– Unit : Months
• Click OK
• Enter Filter Name “Payables Invoices
not cancelled
• Select
– Object : Payables Invoice
– Attribute : Cancellation Date
– Condition : Is Blank
• Click OK

Step 5: Build Model Logic…contd
• Enter Filter Name “Supplier is the same”
• Select
– Attribute : Supplier Id
– Condition : Equals
– Type : Object
• Click OK
This is a grouping filter that creates record groups
• Enter Filter Name “Supplier Id is not blank”
• Select
– Object : Supplier
– Condition : Is Not Blank
• Click OK

• Enter Filter Name “Invoice Amount is
the same”
• Select
– Attribute : Amount
– Type : Object
– Attribute : Amount
• Click OK
• Enter Filter Name “Invoice Date is
the same”
• Select
– Type : Object
• Click OK
These are also grouping filters that create record groups

• Enter Filter Name “ Invoice
Number is 70% similar
• Select
– Object : Invoice Amount is the
same
– Attribute : Number
– Condition : Similar
– Similar: 70%
• Click OK
The similar is applied on the record group generated by prior grouping
filters

Step 6: Select Attributes for Display in Results
Select Attributes for Display
in Results
• Supplier.Supplier Name
• Payables Invoice.Supplier
ID
• Payables Invoice.Date
• Payables Invoice.Number
• Payables Invoice.Invoice
Currency
• Payables Invoice. Amount
• Payables Invoice.Invoice
Payment Status Indicator
• Supplier.Supplier Type

• Click Run
• Note Job No.
• Click OK
• Click Save and Close to
exit model definition

Step 8: Monitor Job
From Models page:
• Click on right hand Related
Links icon
• Click Monitor Jobs
• Once the job has completed,
navigate back to Models page
• Click on the Results Count
value link as shown

Step 9: View Results
• Click on the
Results Count
• Sort ascending on
Similar[..] column
• Filter results by
Supplier Name
‘Lee Supplies’

Step 10: Edit Similar %
• Edit Model logic to increase Similar % from 70% to 90%
• Run model analysis – did the number of results go up or down?

Oracle Confidential – Internal/Restricted/Highly Restricted
Recommended Practices for Implementing
Advanced Financial Controls

AFC Model methodology:
Getting Started with Models
• Use our pre-built models as starting points
– Add conditions and filters to focus results – see “How to get started when a model
has many results”
– To avoid being overwhelmed with results, do this as soon as possible
• Use our pre-built business objects
– If you need more objects, more attributes in existing objects, or more data
relationships between objects or attributes, please let us know
• In the meantime, use Imported Business Objects
• One model at a time
– Manage effort required for all the following activities by
focusing on one model at a time

Designing AFC Models
• Start with a narrow date range when testing design of models
• When model design is finalized, consider impact of changing to dates you
require before deploying as control:
• More transactions for investigators to disposition (consider sustained use)
• Longer run durations

Optimize design of models to ensure:
– Acceptable analysis duration for the volume of Financial Cloud transactions being
analyzed
– Volume of Incidents is optimal for the resources who will disposition them.

Configuring Transaction and Audit Events Date Ranges for AFC
Date ranges influence several kinds of duration:
– Transaction and Audit Events Synchronization Date Limits on the Manage Application
Configuration page, influence:
• Graph Sync durations
• Run durations of AFC models/controls
– Date filters within a model/control influences its run duration
• E.g. analyzing the last 2 months of data instead of last 2 years of data

Selecting Business Objects in AFC Models
Number of transaction BOs used influences :
–Graph Sync durations
–Models/controls’ run durations
• The more BOs in a model/control, the more inter-BO relationships to analyze
• Tip: When possible, start by creating a model with fewer BOs, then add more as you
need

Designing Model Filters
– Apply simple filters first
• Simple filters use fixed values (such as date ranges or thresholds)
– Some filters take longer to compute – e.g.:
• The Similar filter analyzes all possible transaction clusters:
– As transaction volume increases, duration increases substantially
– Analyzing character strings takes longer than dates or numbers
– Tip: Use this filter last
• Functions consume relatively less time than Similar
– Only use result attributes in your model that help with remediation
• Performance is impacted by increasing the number of result attributes

Managing AFC Results

When there are many results
• Focus on transactions over a higher threshold
– E.g., transactions with amounts over a higher value than the original threshold
• Focus on transactions with a particular status
– E.g., unpaid or paid
• Focus on a party to the transaction
– E.g., ERP/HCM user, Supplier, Customer, etc.
– Select a sample party based on the volume of results returned for each party
– Set filter to show that party’s results
• Focus on a business segment
– Set filter to show results of a single Country, Business Unit, Department, Legal Employer,
Location, etc.

Eliminate false positives
• When broad model criteria are necessary to capture all true positives
– Add Model Filters to ignore transactions that aren’t risky

Remediation of Model Results
Remediate model results as much as possible before deploying
as control
–Resolve issues in Financial Cloud by modifying ERP configuration or
fixing transactions
• Eg. in a duplicate invoice model, if many duplicate invoices are found, check
business rules in ERP Cloud allowing duplicate invoices to be created;
• if business rules have been correctly configured in ERP Cloud, fix duplicate
invoices by cancelling them or putting them on hold

AFC Control methodology:
Focus on highest-risk incidents first
• Incident priority can be determined by:
– Context in risk assessment results (FRC)
– Inheritance from their controls (FRC or AFC)
• For highest-priority controls, examine largest portion of incidents
• For low-priority controls, examine individual incidents that suggest highest risk
– Ad hoc: High-probability x High-impact

AFC Control methodology:
Remediate incidents
1. Mark incidents that have compensating controls as Accepted
2. Mark incidents that are false positives as Resolved
3. Remediate as many incidents as possible
– E.g., halt transactions that have not been completed
4. Identify compensating controls for accepted incidents
– E.g., changes to application configuration, manual controls managed in FRC

Questions?

Oracle Fusion Cloud Risk Management Configuration change - Fraud

More Related Content

Similar to Oracle Fusion Cloud Risk Management Configuration change - Fraud (20)

Recently uploaded (20)

Oracle Fusion Cloud Risk Management Configuration change - Fraud

Editor's Notes