1 JD Edwards EnterpriseOne: Governance, Risk, and Compliance Solutions for Sarbanes-Oxley and Other Compliance Requirements ORACLE WHITE PAPER MAY 2015
2 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.
3 Contents Disclaimer 1 Executive Overview 3 Introduction 4 Governance, Risk, and Compliance 4 Building an Effective Control System 5 Requirement #1: Systems-Based Internal Controls 5 Requirement #2: Automated Processes 7 Requirement #3: Consistent Documentation 8 Requirement #4: Ongoing Control and Monitoring 9 JD Edwards EnterpriseOne Feature Descriptions 11 Oracle Governance, Risk and Compliance Management Feature Descriptions 16 Oracle Validated Integrations 18 Conclusion 19
4 Executive Overview In the aftermath of well-publicized failures of corporate control, governments and independent standards bodies are imposing stringent governance, risk, and compliance (GRC) requirements that cover financial reporting, data security, records retention, risk management, and more. No one expects that this is the end of new industry and legislative requirements; therefore, business executives continue to struggle with questions, such as.» How can we stay on top of regulatory demands while controlling costs?» Can we better manage risk to prevent business and compliance failures?» How do we achieve better performance while ensuring accountability and integrity? Business executives look to their ERP software to help answer these questions. This white paper shows how Oracle and JD Edwards EnterpriseOne can help.
5 Introduction There are many factors that have increased the need for organizations worldwide to ensure that they are able to comply with and demonstrate that they are adhering to ethical business practices. There are many pressures from shareholders, corporate boards, and other stakeholders. Regulations such as the Sarbanes- Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPA), the Food and Drug Administration 21 CFR Part 11, the European Data Privacy Directive, and the European Commission s Model Requirements for the Management of Electronic Records now require organizations to understand, document, and comply with strong corporate governance practices and a business code of ethics. Gaining compliance with any type of regulation can be a difficult process. Oracle and JD Edwards EnterpriseOne provides the tools and technology that help organizations meet these requirements and allows them to put in place solid business practices to help ensure compliance. Having strong corporate governance not only helps organizations meet regulatory requirements, it also improves the effectiveness of the organization which leads to less risk, greater stability, and high profits. Governance, Risk, and Compliance The goal of implementing a system for governance, risk, and compliance is to ensure long-term best operational practices and consistent corporate performance management. Even though companies are not required to use any one particular type of control system, a majority of auditing and accounting firms are advising companies to adopt the broader definition of internal controls outlined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The committee expanded the definition of internal controls to include financial, operational, and regulatory controls. Called the COSO Framework, the system is an example of an ideal internal control system, one that can be tailored to meet companies specific business requirements and assist in the evaluation of their control systems. The COSO Framework is based on five components, all linked together in an integrated system:» Risk assessment. The evaluation of factors that affect an organization s risk, including operating, financial, regulatory, and compliance.» Control environment. An environment that supports an internal control system by providing discipline and structure.» Control activities. Policies and procedures that ensure that actions identified to manage risk are executed in a timely manner.» Information and communications. The processes that ensure that relevant information is identified and communicated in a timely manner.» Monitoring. The oversight of internal controls by management and parties outside the process.
6 The five components of the COSO Framework. Building an Effective Control System Companies are well aware of the challenges they face in developing effective programs that will ensure compliance. So what does it take to build an effective compliance program, one that leverages the COSO Framework? An effective system should consist of four major requirements:» Systems-based internal controls» Automated processes» Consistent documentation» Ongoing control and monitoring Requirement #1: Systems-Based Internal Controls The COSO Framework suggests that companies put into place both an environment that supports internal controls as well as a system of automated controls. Doing so helps companies manage their risk and minimize their level of exposure.
7 The JD Edwards EnterpriseOne Solution JD Edwards EnterpriseOne is a fully integrated system that captures all information related to a transaction and allows the transaction to effectively flow through the system. An example of this is a Sales Order; when entered, it triggers the shipment of the product; when the product ships, it triggers the processes to update Inventory, Accounts Receivable, and the General Ledger. Each step in the process provides the ability to apply controls to ensure the process completes successfully without the risk of deviation from the standard process. Some of these built-in controls include integrated postings to the general ledger, system constants, processing options, order activity rules, applications security, integrity reports, and on-demand audits. Other examples of Systems Based internal controls within JD Edwards EnterpriseOne are listed below: Application Level Integrated Postings to G/L Automatic Accounting Instructions Valid Account Edit Data Relationships Batch Approvals Hierarchical Approval Routing Built-in Balancing Controls Batch Controls Payee Control Order Activity Rules Budget Expenditure Approval Expense Policies Positive Pay Credit Limits Integrity Reports On-Demand Audit Trails System Constants Desktop Access to Financial and Compliance Data JD Edwards EnterpriseOne Features for Systems-Based Internal Controls System Level Application Security Action Code Security Row and Column Security Business Unit Security Attachment Security Processing Options Version Control One View Reporting Security Data Privacy Data Change Tracker One View Watchlists Foundation Calendar Security Reporting Workflow Workflow Delegation Web Service Security Available Features GRC Controls - Configuration Controls Governor Application Configuration GRC Controls - Application Access Controls Governor SOD & Access GRC Controls - Transaction Controls Governor Transaction Monitoring Oracle Governance, Risk, and Compliance Management Features for Systems-Based Internal Controls
8 Requirement #2: Automated Processes Processes dictate how work is performed in an organization and how data flows through it. Companies have many processes. Some may be well documented and others may be in people s heads. Some processes should exist but simply don t. Compliance has created both a challenge and an opportunity by requiring that all processes related to financial reporting and organizational performance be documented and followed. How do companies meet this challenge? They use automated processes. By automating processes, companies are better able to ensure that work is performed consistently. Even more importantly, these processes standardize the flow of information in the organization, minimizing the risk of improprieties or fraud. Process automation also helps companies adhere to many of the suggestions made in the COSO Framework. It allows companies to create an environment that supports discipline and structure, minimize risk by limiting unauthorized access to data, and enable the documentation and communication of all enterprise processes. The JD Edwards EnterpriseOne Solution The first step in automating processes is to understand them. JD Edwards EnterpriseOne offers workflow management functionality for the paper-based tasks that typically beleaguer attempts to automate processes. Workflow enables an organization to implement any type of audit control it deems necessary by using user-defined rules, routes, and roles. Companies can use workflow to automate business processes by establishing how tasks are passed from one employee to another for action. For example, companies can automate a high volume, formerly paper-based process such as credit approval into an -based process. Workflow management can be used anywhere in the organization in and between any JD Edwards EnterpriseOne application. The result is an automated and efficient process with minimal user involvement, allowing companies to automate and streamline their business processes, increase efficiencies, and reduce processing time.
9 Other examples of Automated Process controls within JD Edwards EnterpriseOne are listed below. Application Level Integrated Postings to G/L Automatic Accounting Instructions Data Relationships Order Activity Rules System Level Processing Options Workflow Workflow Delegation JD Edwards EnterpriseOne Features for Automated Processes Available Features GRC Intelligence GRC Reporting & Analysis GRC Controls - Application Access Controls Governor SOD & Access Oracle Governance, Risk, and Compliance Management Features for Automated Processes Requirement #3: Consistent Documentation Documentation is a key component of any type of compliance program. In particular, Section 404 of Sarbanes-Oxley requires companies to have external auditors issue an opinion on internal controls. This requires clear documentation that describes the company s internal controls that auditors can review regularly. In addition, information generated about internal controls can be used for ongoing and regular risk assessments, an important part of the COSO Framework. With accurate documentation, companies are able to more easily evaluate the factors that may affect their level of risk and analyze the potential impact of this risk keeping them from meeting their objectives. They can also determine acceptable levels of risk for their organization and create the basis for how these risks should be managed. Documentation can also be redeployed as training materials to raise employees consciousness of internal controls, create awareness of ethical concerns, and validate their understanding of processes, policies, and procedures. This sharing of information helps companies to continuously develop an environment that supports internal controls. With all these documentation needs, it is vital that companies have a way of ensuring that all information they publish is consistent and comprehensive.
10 The JD Edwards EnterpriseOne Solution JD Edwards EnterpriseOne standard implementation guides come pre-populated with more than 630 business processes based on industry best practices. These processes can be modified to fit a company s unique way of doing business. Utilizing the User Productivity Kit pre-built content along with the implementation guides will give your organization all it needs to ensure proper and consistent documentation of processes. The software breaks down content into units of information, which can then be used in any number of documents throughout the organization, such as reports, training manuals, or presentations. With JD Edwards EnterpriseOne s Composite Application Framework, documentation such as UPK and Implementation Guide content can be presented to the user while they are performing their task. The content can be context sensitive based upon the application they are using. This pushes the content to the user, rather than the user having to locate it elsewhere. Available Documentation JD Edwards Implementation Guides User Productivity Kit Pre-built content Composite Application Framework deliver context sensitive documentation JD Edwards EnterpriseOne Features for Consistent Documentation Available Features Enterprise GRC Manager: Risk and Compliance Process GRC Controls - Application Access Controls Governor SOD & Access GRC Controls - Configuration Controls Governor Application Configuration Oracle Governance, Risk, and Compliance Management Features for Consistent Documentation Requirement #4: Ongoing Control and Monitoring
11 Compliance requires a long-term commitment. This means that companies must have the processes and tools in place to continually meet compliance and regulatory requirements that may impact their business. It is important to be able to engage in real-time monitoring of internal operations. With real-time monitoring, companies are better able to respond to changing business and market conditions and take corrective action at the appropriate time. The COSO Framework makes monitoring a key component of a company s internal control system. The COSO Framework suggests that companies engage in continuous, regular monitoring of their operations. Good monitoring programs should include protocols and processes for capturing, reporting, and following up on deficiencies. The JD Edwards EnterpriseOne Solution The JD Edwards EnterpriseOne One View Reporting and One View Watchlists can be very useful in monitoring transactions. Each organization can create queries to drive reports and One View Watchlists over operational data based upon their specific needs. With One View Reporting, reports can be displayed in your user s home page that drive them to the information they need to review, rather than having to specifically go look for issues. Similarly, One View Watchlists provide a simple yet powerful pro-active awareness of transactions that meet user defined conditions. These counts can have thresholds to provide a quick color indication when something needs to be looked at immediately. Other useful tools to provide a means to monitor data within the system are Health and Safety Incident Management, built in integrity reports, and the Data Change Tracker (21 CFR 11). Available Features One View Watchlists Integrity Reports One View Reporting Data Change Tracker Health & Safety Incident Management JD Edwards EnterpriseOne Features for Ongoing Control and Monitoring Available Features GRC Controls - Configuration Controls Governor Application Configuration GRC Controls - Transaction Controls Governor Transaction Monitoring GRC Intelligence GRC Reporting & Analysis Oracle Governance, Risk, and Compliance Management Features for Ongoing Control and Monitoring
12 JD Edwards EnterpriseOne Feature Descriptions This section provides additional information on each of the features identified as an available feature to assist with your compliance process and goals. Action Code Security Action code security works hand in hand with Application Security. It can allow a user to query on a transaction but not change it or add a new one. Application Security Arguably one of the most important areas of internal controls, application security plays a key role in enforcing segregation of duties and therefore preventing fraud. For example, it ensures that the person who creates a purchase order requisition will not be allowed to also approve the requisition. Attachment Security When adding attachments (aka media object) to a transaction, the attachments are often a supporting document that should never be changed, even by the person who originally attached it. This enhancement allows an attachment to be permanently attached, preventing modification or deletion after the transaction is committed. Automatic Accounting Instructions Automatic Accounting Instructions work with the integrated postings to G/L by providing a way to default the account to be used when the system automatically creates journal entries for a transaction. This ensures that the proper accounts are used when transactions such as inventory or sales orders are processed. Batch Approvals Requiring batches to be approved prior to posting ensures that fraudulent transactions cannot be pushed through the system. Batch Controls Batch controls ensure that batches are entered in-balance and are accurate based upon the source documents. Budget Expenditure Approval This feature ensures that transactions that will exceed a budget are properly approved prior to being processed further in the system. Built-in Balancing Controls This feature gives the control to determine whether batches can be posted out of balance. Business Unit Security Business Unit Security ensures that users only have access to data within their business units. This prevents unauthorized access to data.
13 Credit Limits Credit Limits can be set up for all customers. These limits will be checked during the entry of new sales orders. If the limit has been exceeded, new sales orders will be placed on hold pending review of the credit limit and the orders on hold. These limits are controlled within the Customer Master and have automated workflow to manage any modifications to them. Data Change Tracker Data Change Tracker functionality was created to address 21 CFR Part 11 within the life sciences industry. This regulation outlines its criteria for acceptance of electronic records, electronic signatures, and handwritten signatures. It allows electronic records to be considered equivalent to paper records and handwritten signatures. The Data Change Tracker can create a date, time, and user stamp of any change to the database with the customer selecting which fields they want to track. The tracker includes the ability to record changes made to key database fields which control overall system functionality such as system constants, automatic accounting instructions, and security settings. These recorded data changes can then be accessed by custom reports to support a variety of compliance requirements including 21 CFR Part 11 and Sarbanes-Oxley. Data Privacy Data Privacy ensures that personal data is not visible to unauthorized users. Data Relationships Customers often establish hierarchies or other relationships within their business unit or contract master columns to support business processes. With the Data Relationships functionality, these relationships can be more easily maintained with tighter controls and increased efficiency of data entry. This results in better data integrity and more accurate reporting. Desktop Access to Financial and Compliance Data Operational dashboards are the new front door to analytics for rapid and timely access to financial and compliance information across your business. Many businesses want to put analytics capability into the hands of operational users so they can better communicate operational goals at the line of business level and users can immediately identify offending problems across their operation. Without analytics to view organizational health, companies can be unaware of an out-of-tolerance condition that may be impacting operations. A supplier delivering poor quality parts may be driving returns higher throughout a particular month. Without proper vigilance through an analytics application, the knowledge of this condition may not exist until the end of the month or quarter when analysts look into the high number or returns. This knowledge gap results in increased costs and lost value to the organization. With Oracle s JD Edwards EnterpriseOne One View Reporting, users can create their own reports to monitor their operational tasks and identify possible issues easily and quickly. Users can tailor each report to their own needs. Organizations can create dashboards, pages, and reports that can be shared ensuring the organization has consistent real time visibility into their operations. Expense Policies Expense policies allow the organization to setup specific rules for expense reporting by its employees. These policies govern everything from amount limits to preferred suppliers. These policies ensure that expenses that are reported meet the organizations requirements.
14 Foundation Calendar The Foundation Calendar provides core calendaring functionality, which is directly integrated to JD Edwards EnterpriseOne products. The calendar is designed to track activities, tasks, and events across a variety of entities including people, companies, and branch plants. Each calendar created can have a defined work day and work week. Activities can be assigned to the calendar directly using calendaring application or automatically by linking calendar entries to specific activities within the system workflow. In addition to scheduling meetings, events, and tasks, the calendar can also be used to schedule resources by assigning users to an activity. The JD Edwards EnterpriseOne Calendar can be synched directly to Lotus Notes and Microsoft Outlook, giving you a connection between the JD Edwards EnterpriseOne system and time management systems people are comfortable using. The calendar can also be configured to send out alarms to users for activity notification purposes. The calendaring functionality provides for monitoring of internal controls defined within the workflow functionality. Based upon the configuration of workflow, an notification can be sent and a calendar entry can be created when a specific event occurs. In addition, calendar entries can be created directly using the tool to track activities as defined by the compliance team within an organization. Health and Safety Incident Management JD Edwards EnterpriseOne Health and Safety Incident Management provides you with a comprehensive solution to track and manage incidents of all types. One View Reporting for Health and Safety Incident Management provides the tools to analyze incidents on a myriad of dimensions to gain valuable insight into who, what, where, when, and why for your incidents, as well as calculate the important incident safety statistics. Hierarchical Approval Routing Hierarchical Approval Routing ensures approvers for transactions to be selected based upon the amount of the transaction. Integrated Postings to G/L JD Edwards EnterpriseOne Financial Management software is a set of applications built together from the ground up instead of a series of separate applications that are integrated together. JD Edwards EnterpriseOne transactions generated from applications such as, Accounts Payable, Accounts Receivable, Payroll, Fixed Assets systems, Manufacturing, and Distribution automatically create entries to the JD Edwards EnterpriseOne General Ledger in real time, providing enterprise-wide data integrity. Integrity Reports Integrity reports supplement internal procedures by helping companies locate any data inconsistencies. These reports can be run between multiple applications as well as within the general ledger itself, helping to ensure data integrity throughout the enterprise. JDE Standard Documentation JD Edwards EnterpriseOne documentation comes pre-populated with more than 630 business processes based on industry best practices. With JD Edwards EnterpriseOne documentation, companies are able to quickly and easily describe and validate internal control systems for auditors. They can also use the same information to feed other documents, ensuring consistent communications throughout the organization.
15 On-Demand Audit Trails Audit logs can be set for many different types of activities, including purging, invoice creation, approvals, and payroll. Because activity is tracked by accounting and transaction entry date, a clear audit trail can be captured at any time. One View Reporting With Oracle s JD Edwards EnterpriseOne One View Reporting, users can create their own reports to monitor their operational tasks and identify possible issues easily and quickly. Users can tailor each report to their own needs. Reports can also be shared with other users as needed to ensure the organization has a consistent view of their information. One View Reporting Security One View Reporting security ensures that only authorized users and roles are allowed access to create, run, or publish One View Reports. This ensures that users are not viewing reports and data that are not appropriate for their role. Order Activity Rules Order activity rules define the path a sales order or purchase order can take through the system. These rules are defined based upon the type of order being processed. These activity rules prevent orders from skipping processes that have been defined as required by the organization. Payee Control Payee control is an audit feature that helps to ensure that one person cannot commit and conceal an error or act of fraud of selected, critical payee information. When monitored changes are made, this feature holds payments to the payee pending review and approval of changed information. You use payee control to control changes that are made to selected, critical payee and bank account information. One person enters the change and another approves it. Thus, the involvement of two people is required to make changes that affect payments. Until a change is approved, the system prevents automatic payments to a payee for whom controlled information has been changed. Positive Pay Technology has increasingly facilitated the ability of criminals to create counterfeit checks and false identification that can be used to engage in fraudulent check activities. As a result, companies must adopt practices to protect against check fraud. Positive pay can provide this protection for companies by enabling them to create a file of check information that their banking institutions can use when determining whether to issue payment for checks. When you use positive pay, you create a file for your bank that includes information for each check that you printed during the day, such as check number, date, amount, and account number. The bank compares the information on the checks that they receive with the information in this file, and if the information for any of the checks does not match the file, the system does not pay the checks. Processing Options Processing options control the flow of business processes within the system. For example, a processing option can be set within the sales order entry application to prevent changes in an order after a particular predefined status has been reached, such as after inventory has shipped. Processing options can vary based on individual user roles, allowing for flexibility and tight control of the system.
16 Row and Column Security Row security secures users from accessing a particular range or list of records in any table. For example, if you secure a user from accessing data about business units 1 through 10, the user cannot view the records that pertain to those business units. Column security secures users from viewing a particular field or changing a value for a particular field in an application or application version. This item can be a database or non-database field that is defined in the data dictionary, such as the work/calculated fields. For example, if you secure a user from viewing the Salary field on the Employee Master application, the Salary field does not appear on the form when the user accesses that application. Security Reporting This feature provides customers the ability to report which users have access to JD Edwards EnterpriseOne applications, UBEs, and tables, and what level of access the user ID or role is granted. The report can be filtered by an object, system code, or object type for any user or role combination. System Constants System constants provide system-wide control of the way an application works, regardless of individual user roles. For example, a system constant can be used if a company wants to control posting of journal entries into a prior closed period, no matter who in the organization initiates the transaction. The system constant can be set to either allow the posting and show a warning or disallow the posting. User Productivity Kit JD Edwards EnterpriseOne delivers pre-built content for UPK that covers much of the EnterpriseOne system. This content can be modified by each organization to reflect their particular implementation of each process. Utilizing UPK will provide the ability for organizations to document their business process, how to use the software to follow this process, and train their staff in a consistent manner. Valid Account Edit Account validations occur throughout the EnterpriseOne processes ensuring that only valid and active accounts are used for transactions. Version Control Version control is used to ensure only specific users or roles have access to processing option setup and data selection for applications and batch processes. This maintains the integrity of the processing option setup and data selection used to control how transactions flow through the system. One View Watchlists This feature allows users to define and keep watch over key metrics that can be queried from any JD Edwards EnterpriseOne application. The One View Watchlists refresh based on configuration and are displayed for easy access in a Watchlist drop down menu. With this capability, a user can monitor for things such as batches that need to be approved, general ledger batches in error, and payee control approval requests. Workflow Workflow functionality is used for the paper-based tasks that typically beleaguer attempts to automate processes. Workflow enables an organization to implement any type of audit control it deems necessary by using user-defined rules, routes, and roles. Companies can use workflow to automate business processes
17 by establishing how tasks are passed from one employee to another for action. For example, companies can automate a high volume, formerly paper-based process such as credit approval into an -based process. Workflow management can be used anywhere in the organization in and between any JD Edwards EnterpriseOne application. The result is an automated and efficient process with minimal user involvement. Besides allowing companies to automate processes, this will help them to streamline their processes, increase efficiencies, and reduce processing time. Workflow Delegation Workflow delegation gives users that will be away from the office the ability to assign a delegate to their workflow processes. This ensures that processes are not halted due to an individual s absence. Web Service Security Web Service Security controls access to utilize published web services (business services). For published business services, JD Edwards EnterpriseOne uses a "secure by default" security model which means that users cannot access published business service unless a security record exists that authorizes access. This prevents other systems from accessing JD Edwards EnterpriseOne data and functionality unless specifically authorized to do so. Oracle Governance, Risk and Compliance Management Feature Descriptions This section provides additional information on each of the features identified as an available feature to assist with your compliance process and goals. GRC Controls - Transaction Controls Governor Transaction Monitoring» Continuously monitor accuracy of transactions and mitigate exposure to fraud» Test against thresholds» Search for anomalies» Perform transaction sampling Transaction Controls Governor delivers a unique combination of advanced pattern and policy based analysis along with the ability to automate the continuous monitoring of all your controls and all your transactions in a unified reporting tool. This comprehensive approach detects fraud and errors that circumvents standard auditing techniques. Risk managers and internal audit can also monitor 100% of transactions across heterogeneous systems and complex business processes like procure-to-pay and order to cash. Advanced analysis tools are available to provide capabilities such as running a trended Benford Pattern Analysis to identify patterns that indicate non-normal or outlier transaction. User friendly drag and drop functionality across controls and systems enable end-to-end business process controls and reporting capabilities that can be easily created and updated by the business users and management that are actually using the data, and responsible for business process performance and risk mitigation. It also reduces the burden on IT resources from having to respond to numerous request form audit and management for risk and controls reports. GRC Controls - Application Access Controls Governor SOD and Access» Simplify segregation of duties enforcement with simulation and remediation.» Mitigate risk of privileged user access to enterprise applications with approval workflow and audit trails.» Accelerate deployment and time to value with pre-delivered controls library.
18 SOD refers to the separation of business activities that a single person may initiate and/or validate, in order to limit or prevent erroneous or fraudulent activities. Business activities are enabled through the respective access points within an application (ex. Create Invoices, Post Journal Entries, Make Payments ) An access point is any level node in the access model hierarchy for a particular application. With the Application Access Controls Governor you can view conflict details online with interactive screens to sort, search and filter user, role and other conflict information. Use a visualization feature to view conflict paths in a graphical format and easily identify inter- and intra-role conflicts. Also use work queue management to delegate and assign remediation and review tasks to process owners, auditors, and/or security administrator. You can also track the status of remediation activities by user. Remediation can be done using simulations. Several simulations can be created which visually represent a selected access point s hierarchy in the security model. It will show the impact of the simulation for Users, Policies and Roles. Remediation plans can be viewed, saved, printed, or ed. These plans are used by an administrator to clean up a business system. SOD conflict workflow is sent to the control owner with details. An approver can then comments and approve as they see fit. All of the controls activity is tied back to reporting and documentation in the Enterprise GRC Manager (EGRCM) for audit reliance. GRC Controls - Configuration Controls Governor Application Configuration» Achieve consistent application setup and operating standards across multiple instances.» Track complete audit trails for changes to key configurations.» Tightly control change management to accelerate development and test time. Change Tracking Alert users whenever changes occur Dashboard summarizes changes in all environments Drill down to see details of all changes Export change details to CSV (Excel) and PDF Snapshots & Comparisons Comprehensive Data Security Document all setup values seen in the original applications Compare two environments values (e.g., Production vs. a best-practice baseline), or snapshots from two points in time Export all details to CSV (Excel) and PDF Control the business data seen by each CCG user Control the actions each CCG user can take Install Configuration Controls Governor in firewalled tier Flexible Reconfigure Change Tracking on demand Schedule Snapshot schedules, and take Snapshots on demand Generate Comparisons on demand Add new business environments on demand Configuration Controls Governor Application Configuration
19 GRC Intelligence GRC Reporting and Analysis» 100+ pre-built KPIs for Risk, Certification, Controls, and Issues enable personalized reporting.» Self-service analysis and reporting with interactive dashboards and automated alerts.» Risk-based scoping with integrated account balance and GRC information. Overall Business Process Heatmap Controls Heatmap Regulatory Compliance Status Controls Controls Summary Controls Test Summary Control Failures by Risk Type Issues Issues Summary Issues by Owner Issues by Materiality Risks High Risk Processes Risk by Process Owners Risk by Process Issues Aging Testing Testing Coverage, Current vs. Prior Year Audit and Process Test Issues Testing Cycle Times by Owner Certification Certification Summary Design & Operating Effectiveness Assessments Completion Status GRC Intelligence GRC Reporting and Analysis Enterprise GRC Manager: Risk and Compliance Process» Central repository for policy, risk and compliance documentation» Automate certifications, audits, and management assessments» Capture issues and manage remediation Common Processes Common Components Identify Requirements Establish Objectives Assess Risk Evaluate Controls Remediate Issues Report and Respond Regulations Mandates Frameworks Process Risks Controls Systems GRC Manager Risk and Compliance Process Oracle Validated Integrations There are Oracle Validated integrations available for the Oracle Governance, Risk, and Compliance Management and JD Edwards EnterpriseOne products. These can be found at the following link:
20 Conclusion Today, companies are under the intense scrutiny of government organizations, regulators, auditors, financial institutions, and individual shareholders. This scrutiny requires companies to transform the finance function, eliminate complexity and uncertainty, and enable greater financial transparency and corporate disclosure. With Oracle and JD Edwards EnterpriseOne, companies are able to create the foundation for the necessary best practices and process-based approach to regulatory compliance, ensuring that financial reporting and corporate disclosure requirements are met consistently and managed effectively.
21 Oracle Corporation, World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065, USA Worldwide Inquiries Phone: Fax: CONNECT WITH US blogs.oracle.com/oracle facebook.com/oracle twitter.com/oracle oracle.com Copyright 2015, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.0115 White Paper Title January 2015 Author: [OPTIONAL] Contributing Authors: [OPTIONAL]
Information Security and Governance in ERP Implementation (JD Edwards) Table of Contents Information Security... 2 Information Security in ERP Environment... 3 J D Edwards Security and Governance Features...
An Oracle White Paper November 2011 Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime Disclaimer The following is intended to outline our general product direction.
Oracle Hyperion Financial Close Management Oracle Hyperion Financial Close Management is built for centralized, webbased management of period-end close activities across the extended financial close cycle.
An Oracle White Paper April 2013 Reporting Tools in Oracle Fusion Financials Executive Overview We are living in an Information Age, where the success of an organization depends largely on how effectively
PEOPLESOFT IT ASSET MANAGEMENT K E Y B E N E F I T S Streamline the IT Asset Lifecycle Ensure IT and Corporate Compliance Enterprise-Wide Integration P E O P L E S O F T F I N A N C I A L M A N A G E M
Oracle Fusion Financials Cloud Service Oracle Fusion Financials Cloud Service is a complete and integrated financial management solution with automated financial processing, effective management control,
Oracle Time and Labor Oracle Time & Labor is an enterprise-wide time management application that efficiently automates time and attendance record keeping for an everchanging work force. Oracle Time & Labor
An Oracle White Paper July 2013 Introducing the Oracle Home User Introduction Starting with Oracle Database 12c Release 1 (12.1), Oracle Database on Microsoft Windows supports the use of an Oracle Home
Contract Lifecycle Management for Public Sector A Procure to Pay Management System The Integration of Finance, Supply and Acquisition ORACLE WHITE PAPER OCTOBER 2014 Disclaimer The following is intended
PEOPLESOFT HELPDESK FOR HUMAN RESOURCES Today s Human Resource organizations are faced with the challenge of providing rapid and high quality customer service to their workforce while containing or reducing
An Oracle White Paper August 2010 JD Edwards EnterpriseOne Workflow Processes Oracle White Paper JD Edwards EnterpriseOne Workflow Processes Oracle White Paper JD Edwards EnterpriseOne Workflow Processes
Complete Financial Crime and Management With Oracle Financial Services Financial Crime and Management applications, financial institutions can manage compliance risk and investigate appropriate information
March 2014 Oracle Business Intelligence Discoverer Statement of Direction Oracle Statement of Direction Oracle Business Intelligence Discoverer Disclaimer This document in any form, software or printed
ORACLE FINANCIAL ANALYTICS KEY FEATURES & BENEFITS FOR BUSINESS USERS Receive intra-period information on income statement, cash flow, and balance sheet condition without having to perform consolidations
APPLICATION MANAGEMENT SUITE FOR SIEBEL APPLICATIONS USER EXPERIENCE MANAGEMENT SERVICE LEVEL OBJECTIVE REAL USER MONITORING SYNTHETIC USER MONITORING SERVICE TEST KEY PERFORMANCE INDICATOR PERFORMANCE
PeopleSoft Enterprise Learning Management Organizations continue to use effective talent management practices to address a variety of business challenges and gain a competitive advantage. These challenges
ORACLE BUSINESS INTELLIGENCE APPLICATIONS FOR JD EDWARDS ENTERPRISEONE Organizations with the ability to transform information into action enjoy a strategic advantage over their competitors. Reduced costs,
August 2013 Reaching New Heights: Providing Consistent and Sustainable High Performance at the State Level A Study Conducted by Oracle and the National Association of State Auditors, Comptrollers and Treasurers
Oracle Role Manager An Oracle White Paper Updated June 2009 Oracle Role Manager Introduction... 3 Key Benefits... 3 Features... 5 Enterprise Role Lifecycle Management... 5 Organization and Relationship
An Oracle White Paper May 2013 The Role of Project and Portfolio Management Systems in Driving Business and IT Strategy Execution Introduction The need to link strategy and project execution is not new.
SELF SERVICE PROCUREMENT Oracle Fusion Self Service Procurement streamlines the purchase requisitioning process using a consumer centric approach and helps control the employee spending by enforcing the
ORACLE FUSION PROJECT MANAGEMENT CLOUD SERVICE Oracle Fusion Project Management Cloud extends planning and scheduling to the occasional project manager; to those who manage projects infrequently and not
ORACLE PROJECT MANAGEMENT KEY FEATURES Oracle Project Management provides project managers the WORK MANAGEMENT Define the workplan and associated resources; publish and maintain versions View your schedule,
Oracle Fusion Incentive Compensation Oracle Fusion Incentive Compensation empowers organizations with a rich set of plan design capabilities to streamline the rollout of new plan initiatives, productivity
APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS Oracle Application Management Suite for Oracle E-Business Suite delivers capabilities that helps to achieve high levels of application
ORACLE HEALTH SCIENCES INTERACTIVE RESPONSE TECHNOLOGY (IRT) KEY BENEFITS FOR CLINICAL OPERATIONS Increase efficiency and safety in clinical supply chains with sophisticated algorithms and an easyto-use
An Oracle Communications White Paper December 2014 Serialized Asset Lifecycle Management and Property Accountability Disclaimer The following is intended to outline our general product direction. It is
PEOPLESOFT IT ASSET MANAGEMENT KEY BENEFITS Streamline the IT Asset Lifecycle Ensure IT and Corporate Compliance Enterprise-Wide Integration Oracle s PeopleSoft IT Asset Management streamlines and automates
An Oracle White Paper May 2011 BETTER INSIGHTS AND ALIGNMENT WITH BUSINESS INTELLIGENCE AND SCORECARDS 1 Introduction Business Intelligence systems have been helping organizations improve performance by
ORACLE FUSION HUMAN CAPITAL MANAGEMENT STRATEGIC GLOBAL HUMAN CAPITAL MANAGEMENT KEY FEATURES Support for multiple work relationships that employees or contingent workers may have with multiple legal employers,
PEOPLESOFT GENERAL LEDGER Oracle s PeopleSoft General Ledger is a comprehensive financial management solution that offers a fully-automated close and consolidation solution for legal KEY FEATURES Compliance
Oracle Order Management Oracle Order Management is an order-to-cash solution that provides capabilities for customers, partners and employees to select the right products and services, negotiate the best
Oracle Planning and Budgeting Cloud Service Oracle Planning and Budgeting Cloud Service enables organizations of all sizes to quickly adopt world-class planning and budgeting applications with no CAPEX
Oracle Hyperion Planning Oracle Hyperion Planning is an agile planning solution that supports enterprise wide planning, budgeting, and forecasting using desktop, mobile and Microsoft Office interfaces.
ORACLE S PRIMAVERA CONTRACT MANAGEMENT, BUSINESS INTELLIGENCE PUBLISHER EDITION KEY FEATURES NEW: Oracle BI Publisher NEW: UPK Support NEW: Technology Enhancements NEW: Web Services Powerful dashboards
An Oracle White Paper November 2010 Oracle Business Intelligence Standard Edition One 11g Introduction Oracle Business Intelligence Standard Edition One is a complete, integrated BI system designed for
An Oracle White Paper January 2011 Oracle Database Firewall Introduction... 1 Oracle Database Firewall Overview... 2 Oracle Database Firewall... 2 White List for Positive Security Enforcement... 3 Black
An Oracle White Paper March 2012 Managing Metadata with Oracle Data Integrator Introduction Metadata information that describes data is the foundation of all information management initiatives aimed at
PeopleSoft HelpDesk An organization s corporate help desk is the lifeline of the company, ensuring the systems and facilities that employees need to do their jobs are running smoothly at all times. The
ORACLE SUPPLY CHAIN AND ORDER MANAGEMENT ANALYTICS KEY FEATURES & BENEFITS FOR BUSINESS USERS Provide actionable information to conduct intelligent analysis of orders related to regions, products, periods
Oracle Manufacturing Operations Center Today's leading manufacturers demand insight into real-time shop floor performance. Rapid analysis of equipment performance and the impact on production is critical
An Oracle White Paper January 2010 Access Certification: Addressing & Building on a Critical Security Control Disclaimer The following is intended to outline our general product direction. It is intended
Oracle Sales For Handhelds Oracle Sales for Handhelds is the application that keeps sales reps easily informed and effective on the road. The application is a key component of the Oracle Customer Relationship
ORACLE GRANTS ACCOUNTING KEY FEATURES AWARD MANAGEMENT Maintain award funding details and terms and conditions Track award personnel, sponsor contact details, and reporting requirements BUDGETING Maintain
An Oracle White Paper April, 2010 Effective Account Origination with Siebel Financial Services Customer Order Management for Banking Executive Overview In the absence of an enterprise account origination
PROACTIVE ASSET MANAGEMENT A pathway to optimized reliability and world-class business performance Oracle Utilities Work and Asset Management 2 Effective work and asset management ensures mission-critical
ORACLE PROJECT PORTFOLIO MANAGEMENT CLOUD THE NEW STANDARD FOR PROJECT PORTFOLIO MANAGEMENT KEY FEATURES End-to-end enterprise PPM for a single source of project truth Embedded social collaboration tools
ORACLE FUSION PERFORMANCE MANAGEMENT STRATEGIC PERFORMANCE MANAGEMENT KEY FEATURES Intuitive task list and navigation easily directs users to the next step to take Informational region within performance
Oracle Fusion Accounting Hub Reporting Cloud Service Oracle Fusion Accounting Hub (FAH) Reporting Cloud Service is available in the cloud as a reporting platform that offers extended reporting and analysis
Reduce Trial Costs While Increasing Study Speed and Data Quality with Oracle Siebel CTMS Cloud Service Comprehensive Enterprise Trial Management in the Cloud Oracle Siebel CTMS Cloud Service lets you effectively
Siebel CRM Quote and Order Capture - Product and Catalog Management Siebel Product & Catalog Management provides the capabilities to enable businesses to develop, manage and deliver dynamic product catalogs
ORACLE QUALITY KEY FEATURES Enterprise wide Quality Data Repository In-process Quality Integrated with manufacturing, logistics, maintenance and service modules in the Oracle E-Business Suite. Analysis
Oracle Telesales Oracle Telesales is an inside sales application, optimally designed for contact center professionals, whether they are inbound or outbound telesales agents. Oracle Telesales provides a
PEOPLESOFT esettlements Relying on paper-based processes to pay for goods and services and to resolve disputes with suppliers can be costly, inefficient, and D KEY FEATURES Automated settlement process
Minutes on Modern Finance Midsize Edition Roadmap to a Successful Cloud Implementation 5 Steps to Consider for Ensuring a Successful Implementation If you are a growing midsize organization, chances are
Oracle Value Chain Planning Inventory Optimization Do you know what the most profitable balance is among customer service levels, budgets, and inventory cost? Do you know how much inventory to hold where
Attestation of Identity Information An Oracle White Paper May 2006 Attestation of Identity Information INTRODUCTION... 3 CHALLENGES AND THE NEED FOR AUTOMATED ATTESTATION... 3 KEY FACTORS, BENEFITS AND
Oracle Cloud for Midsize Service Companies An Oracle Industry Brief Competition is everywhere. Clients are demanding. Top talent is scarce. Globalization of services keeps changing your market. Face these
PeopleSoft Real Estate Management Oracle s PeopleSoft Real Estate Management streamlines and automates site selection and acquisition, lease administration and space management. Whether your organization
ORACLE FUSION ACCOUNTING HUB THE NEW STANDARD FOR FINANCIAL REPORTING AND INTEGRATION KEY FEATURES Reporting platform with embedded Essbase Centralized reporting center to deliver and access reports Proactive
ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION KEY FEATURES AND BENEFITS Manage multiple GRC initiatives on a single consolidated platform Support unique areas of operation with
An Oracle White Paper January 2012 Oracle Database Firewall Introduction... 2 Oracle Database Firewall Overview... 3 Oracle Database Firewall... 3 White List for Positive Security Enforcement... 4 Black
An Oracle Best Practice Guide April 2012 Best Practices for Implementing Contact Center Experiences Introduction... 1 Understanding the Challenges of Contact Center Processes... 2 Addressing the Challenges
August 2012 Shifting Gears: Manual to Automatic Statewide Financial Reporting and Performance Data Analysis Survey Conducted by Oracle and the National Association of State Auditors, Comptrollers and Treasurers
ORACLE HEALTHCARE ANALYTICS DATA INTEGRATION Simplifies complex, data-centric deployments that reduce risk K E Y B E N E F I T S : A key component of Oracle s Enterprise Healthcare Analytics suite A product-based
ORACLE INVENTORY MANAGEMENT CLOUD Inventory is a major asset for many organizations, and effectively managing inventory, including the related inventory movement transactions, can impact your bottom line.
PeopleSoft Strategic Sourcing Oracle s PeopleSoft Strategic Sourcing enables your organization to streamline its RFx processes, conduct real-time auctions, and strategically award contracts or purchase
An Oracle White Paper February 2013 Integration with Oracle Fusion Financials Cloud Service Executive Overview Cloud computing is a vision that is increasingly turning to reality for many companies. Enterprises,
Oracle Communications Extension Group: Enterprise Application Guide ORACLE WHITE PAPER AUGUST 2015 Disclaimer The following is intended to outline our general product direction. It is intended for information
An Oracle White Paper June 2011 Tackling Fraud and Error 1 Executive Overview Fraud and error has been estimated to cost the public finances approximately 17.6bn in 2010 alone 1. Getting to the root cause
ORACLE SYSTEMS OPTIMIZATION SUPPORT Organizations have unique business and IT challenges. With Oracle Systems Optimization Support, part of a flexible portfolio of services offered by Oracle Advanced Customer
Oracle s Primavera P6 Enterprise Project Portfolio Management Oracle s Primavera P6 Enterprise Project Portfolio Management is the most powerful, robust and easy-to-use solution for prioritizing, planning,
ORACLE DATA SHEET WINTER 15 Oracle Sales Cloud Analytics Sales teams need relevant and actionable insights so they can close more deals in less time. Oracle Sales Cloud Analytics provides real-time executive
Oracle s BigMachines Solutions Cloud-Based Configuration, Pricing, and Quoting Solutions for Enterprises and Fast-Growing Midsize Companies Oracle s BigMachines cloud-based solutions enable both enterprise
Migration Best Practices for OpenSSO 8 and SAM 7.1 deployments O R A C L E W H I T E P A P E R M A R C H 2015 Disclaimer The following is intended to outline our general product direction. It is intended
Oracle Primavera Gateway Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is
PEOPLESOFT BILLING Oracle s PeopleSoft Billing is a billing management application that streamlines the billing process and allows organizations to create individualized billing to optimize collections.
Oracle Database Backup Service Secure Backup in the Oracle Cloud Today s organizations are increasingly adopting cloud-based IT solutions and migrating on-premises workloads to public clouds. The motivation
Oracle Fusion Human Capital Management Overview and Frequently Asked Questions Oracle Fusion Human Capital Management (Oracle Fusion HCM) was built from the ground up to help your organization know its