www.pwc.com Advisory Services Oracle Alliance Case Study



Similar documents
Leveraging advanced controls with E-Business suite implementation and upgrade projects

Continuous Monitoring: Match Your Business Needs with the Right Technique

Application Control Effectiveness for SAP. December 2007

Functional and technical specifications. Background

Minimize Access Risk and Prevent Fraud With SAP Access Control

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

Customizing Identity Management to fit complex ecosystems

The Power of Risk, Compliance & Security Management in SAP S/4HANA

Capabilities Overview

Automating Sarbanes-Oxley Compliance Testing for SAP Applications. A Guide to Cost and Time Efficiencies for Annual SOX Compliance Initiatives

Fortune 500 Medical Devices Company Addresses Unique Device Identification

Understanding ERP Architectures, Security and Risk Brandon Sprankle PwC Partner March 2015

SAP Training Are your people adequately trained to maximize your

Top 10 System Implementation Audit Considerations

Equinix Increases IT and Employee Productivity with ServiceNow Cloud-Based IT Service Automation Solution

Governance, Risk & Compliance for Public Sector

An Introduction to Continuous Controls Monitoring

The intersection of ERP systems and transfer pricing

Access Governance. Delivering value. What you gain. Putting a project back on track for success

Driving business performance Using data analytics

Simplifying the audit through innovation

Getting the benefits that PLM has promised for years

USING SPREADSHEETS TO MANAGE GOVERNANCE, RISK AND COMPLIANCE:

How to achieve more timely, accurate and transparent reporting through a smarter close*

Optimize procure-to-pay processes for profitability, efficiency, and compliance

Continuous Controls Monitoring ISACA, Houston Chapter. August 17, 2006

Rethinking Your Finance Functions

How To Create An Intelligent Enterprise With Oracle Business Intelligence Applications

Getting to One: Consolidating Multiple Charts of Accounts During an Oracle E-Business Suite Upgrade

Moving your enterprise systems to the cloud? What do you need to know to manage the risks? Jamie Levitt, Director

Lessons from McKesson s Approach to Maintaining a Mature, Cost-Effective Sarbanes-Oxley Program

Teradata Marketing Operations. Reduce Costs and Increase Marketing Efficiency

Why Professional Services Firms Need an Integrated ERP Solution

Best Practices Report

Building an Audit Trail in an Oracle EBS Environment. Presented by: Jeffrey T. Hare, CPA CISA CIA

Sarbanes-Oxley Control Transformation Through Automation

Quality Data in Record Time with SAP Information Steward Accelerator

SALES AND OPERATIONS PLANNING BLUEPRINT BUSINESS VALUE GUIDE

Corporate Performance Management:

Digital Marketplace - G-Cloud

Big Data Industry Approaches to Operational Excellence

CA Service Desk Manager

InforCloudSuite. Business. Overview INFOR CLOUDSUITE BUSINESS 1

CONTINUOUS CONTROLS MONITORING

Asentinel Telecom Expense Management (TEM)

CA Service Desk On-Demand

Implementing a Data Governance Initiative

Business Process Services: A Value-Based Approach to Process Improvement and Delivery

Optimizing government and insurance claims management with IBM Case Manager

White Paper Governance, Risk Management and Compliance: Sustainability and Integration supported by Technology

Auditing Standard 5- Effective and Efficient SOX Compliance

Harnessing Oracle Governance, Risk, and Compliance Applications to Improve Your PeopleSoft 9 Upgrade

How To Monitor Your Entire It Environment

I N D U S T R Y D E V E L O P M E N T S A N D M O D E L S. I D C M a t u r i t y M o d e l : P r i n t a n d D o c u m e n t M a n a g e m e n t

fs viewpoint

Third Party Risk Management 12 April 2012

Unlocking value from your ERP service organization*

Analytics Strategy Information Architecture Data Management Analytics Value and Governance Realization

Technology Consulting Services

Accenture: Digitizing Internal Audit

How To Manage It Asset Management On Peoplesoft.Com

Masterminding Data Governance

Enterprise Data Governance

Make information work to your advantage. Help reduce operating costs, respond to competitive pressures, and improve collaboration.

Addressing common challenges in the record-to-report process. kpmg.com

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

THE NEXT GENERATION OF HR SHARED SERVICES SUBHEADLINE RUNS HERE AND HERE AND HERE AND HERE

ORACLE HYPERION DATA RELATIONSHIP MANAGEMENT

Webinar: Chart of Accounts Alignment through Information Governance

4th Annual ISACA Kettle Moraine Spring Symposium

Field Service in the Cloud: Solving the 5 Biggest Challenges of Field Service Delivery

Don t simply manage work in your Professional Services business. Manage dollars and profits.

Inspiration for what is possible Inspiring new possibilities for your business with PwC and Oracle

INFORMATION CONNECTED

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

Outperform Financial Objectives and Enable Regulatory Compliance

G-Cloud IV Services Service Definition Accenture Netsuite Cloud Services

Automating the Audit July 2010

Our Service Offering to SASOL

Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.

RSA ARCHER OPERATIONAL RISK MANAGEMENT

ACL CONSULTING SERVICES

Sarbanes-Oxley (SOX) The Migration from Project to Process. Practical Actions for Getting Started. Jim DeLoach, Managing Director.

Transcription:

www.pwc.com Advisory Services Oracle Alliance Case Study

A global software company turns a Sarbanes-Oxley challenge into an opportunity for cost reduction and performance improvement Client s challenge A global software company, preparing for divestiture, was concerned about an accumulation of Sarbanes-Oxley compliance issues that could impact the business transaction. Many of the issues stemmed from an absence of visibility into the company s ERP and back-office systems leaving management unable to tell which employees or suppliers had access to critical data and applications. Executives were also concerned about the impact to its internal controls structure as ERP and back office systems endure changes brought on by divestitures of business units. But rather than manually address the deficiency, the company decided to invest in process and technology improvements that would change the way it handled compliance going forward. The company s IT leaders turned to PricewaterhouseCoopers to help with their GRC transformation effort. PwC solution Under PwC s guidance and Project Management Office operation, the company selected the Oracle GRC software solution and launched a high-profile remediation and implementation effort. The project was broken down into manageable phases beginning with a focus on identification and remediation of access control issues across its base of over ten thousand employees, contractors, and suppliers. PwC helped the IT staff implement Oracle s Governance, Risk and Compliance Controls software to automate access rules in order to detect and resolve potential control issues. PwC leveraged the company s existing controls and PwC s leading practice risk and controls repository, customized for Oracle s Enterprise Business Suite (EBS), to provide a baseline starting point to expedite the project. A key output of phase one of the project was the translation of existing control rules into the Oracle software and the creation of a roadmap to address and remediate all SOD and access exceptions enterprise wide. Impact on client s business Immediate benefits for the software company included remediation and resolution of conflicts before the company had to report on its financial controls. The company also positioned itself to lower GRC costs by leveraging automated functionality within Oracle s GRC suite to eliminate manual testing procedures and establish a more cost effective and flexible GRC infrastructure to support their continuously changing business environment. Empowered by having its own technology solution, its own reports, and the training to manage the process going forward, the company can look ahead to the next phase: preventative controls that embed compliance into each process in a more cost-efficient manner. PwC Page 2 of 3

PricewaterhouseCoopers contacts: Sohail Siddiqi Principal, Advisory Services sohail.siddiqi@us.pwc.com +1 415 498 7899 Donna Chu Director, Oracle Alliance donna.f.chu@us.pwc.com +1 408 817 4316 The issues facing the client discussed herein, the advice given to it and the results achieved are unique to that client. This document should not be used as a substitute for consultation with professional accounting, tax, legal or other competent advisers About PricewaterhouseCoopers PricewaterhouseCoopers (www.pwc.com) provides industry-focused assurance, tax and advisory services to build public trust and enhance value for its clients and their stakeholders. More than 154,000 people in 153 countries across our network share their thinking, experience and solutions to develop fresh perspectives and practical advice. 2011 PricewaterhouseCoopers LLP. All rights reserved. In this document, PwC refers to PricewaterhouseCoopers LLP, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.

www.pwc.com Advisory Services Oracle Alliance Case Study

A national rail transportation company begins its journey to transform Sarbanes-Oxley compliance Client s challenge A national rail-based transportation company continued to struggle with its Sarbanes-Oxley compliance program due to a fragmented and siloed approach to track and manage compliance needs. Maintaining manual processes and controls documentation on a network shared drive, manually tracking testing progress, and uncovering issues buried in spreadsheets stored in notebooks and electronic files passed between business owners via email proved frustrating and inefficient for all involved. The SOX compliance program also relied on external consulting resources to perform annual user access testing to identify issues pertaining to segregation of duties and access to sensitive data and system functions. The company s IT and Internal Audit leaders turned to PricewaterhouseCoopers to help with the transformation of their manual processes, and selection and implementation of an automated SOX compliance management solution. PwC solution PwC s Project Management Office assisted the company with the selection of a technology solution and launched a high-profile implementation effort of Oracle s GRC software. The project was broken down into manageable phases beginning with a focus on identification and remediation of access control issues across its base of over 3,000 employees, contractors, and suppliers. PwC implemented Oracle s Governance, Risk and Compliance Controls software to automate access rules to detect and resolve potential control issues. In order to expedite the implementation, the company s existing controls along with PwC s leading practice risk and controls repository were used as the baseline and then customized for Oracle s Enterprise Business Suite (EBS). A key output of phase one of the project was the translation of existing control rules into the Oracle software and the creation of a roadmap to address and remediate all SOD and access exceptions enterprise wide. The second phase of the Oracle GRC implementation is now underway encompassing all of the company s SOX processes and controls documentation. This phase will leverage Oracle GRC technology and will provide the company with an enterprise-wide view of its SOX controls in real time with continuous controls monitoring. Oracle GRC Manager provides a central repository of for all processes controls, risks, and testing instructions. Based on risk rankings including severity and likelihood of occurrence, the company will execute periodic audits and management assessments, leveraging workflow to communicate with process area owners and designated controls testers, and capture testing results. PwC Page 2 of 4

Impact on client s business The transportation company was able to effectively remediate and resolve Oracle user access conflicts prior to the deadline to report on its SOX controls. The company also positioned itself to lower GRC costs by leveraging automated functionality in the Oracle GRC suite to eliminate the need for access testing by external consultants, and resources were redirected from manual tracking of SOX testing and issues remediation to focus on value added efforts within the company. In addition, the company s IT department plans to leverage the Oracle GRC solution s configuration change control functionality in its Oracle EBS Release 12 upgrade initiative. Empowered by the new Oracle technology solution and trained staff to manage the process going forward, the company is looking ahead to the next project phase: dashboard reporting for process area owners, Internal Audit, and executives. This will allow for easy identification of obsolete controls, areas with control failures, and any new processes requiring controls. PwC Page 3 of 4

PricewaterhouseCoopers contacts: Sohail Siddiqi Principal, Advisory Services sohail.siddiqi@us.pwc.com +1 415 498 7899 Donna Chu Director, Oracle Alliance donna.f.chu@us.pwc.com +1 408 817 4316 About PricewaterhouseCoopers PricewaterhouseCoopers (www.pwc.com) provides industry-focused assurance, tax and advisory services to build public trust and enhance value for its clients and their stakeholders. More than 155,000 people in 153 countries across our network share their thinking, experience and solutions to develop fresh perspectives and practical advice. 2011 PricewaterhouseCoopers LLP. All rights reserved. In this document, PwC refers to PricewaterhouseCoopers LLP, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.

www.pwc.com Advisory Services Oracle Alliance Case Study

An oil and gas services company embeds GRC in their ERP upgrade to recognize savings sooner vs. later Client s challenge A global provider of equipment, systems, and services for oil and gas industries determined that their existing ERP platform could no longer support their expanding business needs and acquisition strategy. As the company began an upgrade initiative to Oracle Enterprise Business Suite (EBS) R12, savvy executives recognized an opportunity to reduce costs and improve overall efficiency by addressing governance, risk, and compliance requirements as an integrated component of the ERP implementation. Historically, many companies have waited until after an upgrade to consider GRC, which typically results in retrofitting business processes and functionality at a significantly higher cost. The executive team agreed that regardless of market drivers and conditions, greater process discipline, consistency, and rigor will translate into a more secure and efficient implementation, better cost management, and an improved competitive position. The company asked PricewaterhouseCoopers to assist with the task of the enterprise wide role design for Oracle users while leveraging the Oracle GRC solution as part of the Oracle R12 implementation. PwC solution PwC engaged the management team in a discussion on cost effective approaches to implementing Oracle s GRC Application Access Controls Governor solution. Together, they determined that the company should implement an enterprise role design model for their Oracle R12 environment that would address their user management needs. This would enable the company to streamline its control and testing environment by improving processes and leveraging new functionality in Oracle R12 for user management and access controls. The implementation strategy included a series of business module roll-out s that would enable user management and access rights to be fully tested before being applied to their production environment. Phase one of the roll-out included the company s general ledger and payroll business modules with the sub-ledger modules to follow in phase two. PwC focused on access control management including standardization of user roles across the enterprise that incorporates segregation of duties (SoD) control objectives. In addition, PwC was able to enhance their business process controls and establish policies and procedures for ongoing monitoring of controls. The Oracle R12 release and the Oracle GRC Suite includes support for automated security and testing rules and controls that PwC leveraged to improve compliance and reduce costs of ongoing testing and monitoring of their control environment. PwC Page 2 of 4

Impact on client s business By choosing to build the GRC requirements into the overall project plan for the Oracle ERP upgrade, the company was able to optimize and automate business processes to improve compliance, lower risks, and tighten security. The secure roll-out of roles, responsibilities and users helped to reduce business risks by providing users with access rights specific to their job function before going live in a production environment. The company was able to quickly resolve any conflicts or issues without impacting their production environment and employee productivity. The company also reduced the amount of time and resources spent on implementation by eliminating the duplication of effort that would be incurred if the GRC component was implemented after the upgrade was completed. By automating user management functions and implementing configurable controls, the company will also reduce their IT and administration costs moving forward. PwC Page 3 of 4

PricewaterhouseCoopers contacts: Sohail Siddiqi Principal, Advisory Services sohail.siddiqi@us.pwc.com +1 415 498 7899 Donna Chu Director, Oracle Alliance donna.f.chu@us.pwc.com +1 408 817 4316 About PricewaterhouseCoopers PricewaterhouseCoopers (www.pwc.com) provides industry-focused assurance, tax and advisory services to build public trust and enhance value for its clients and their stakeholders. More than 155,000 people in 153 countries across our network share their thinking, experience and solutions to develop fresh perspectives and practical advice. 2011 PricewaterhouseCoopers LLP. All rights reserved. In this document, PwC refers to PricewaterhouseCoopers LLP, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.

www.pwc.com Advisory Services Oracle Alliance Case Study

CSX Corporation streamlines compliance program with Oracle GRC solution and expertise from PricewaterhouseCoopers Challenge CSX Corporation is a national transportation company that provides rail, intermodal, and rail-truck transload services. Spanning 21,000 miles, CSX s network connects customers to more than 70 ocean, river, and lake ports as well as production and distribution centers and markets in 23 states and the District of Columbia. Facing increasingly complex government regulations and rising compliance costs, the company was looking for a solution that would: Optimize Sarbanes-Oxley (SOX) compliance with more cost-effective governance, risk, and compliance (GRC) controls Improve ability to identify, report, escalate, and remediate control weaknesses and to continuously monitor compliance across the organization Reduce reliance on external consulting resources to perform user access for controls testing Solution PricewaterhouseCoopers evaluated CSX s compliance needs and recommended a complete compliance solution based on Oracle s suite of GRC applications. Implemented in less than four months, the solution automated and streamlined CSX s compliance readiness program, and provided CSX with real-time reporting, documentation version control, and electronic management of its testing and remediation processes. Experts from PricewaterhouseCoopers helped CSX define business rules and end-user requirements, migrate data to the GRC application, and train of users and stakeholders. The firm s deep understanding of CSX s needs and industry regulations helped to make this the easiest implementation that we ve done, said Tom Price, Director of Internal Controls Auditing at CSX Results Eliminated between 700 and 900 hours a year in fees paid to external consulting resources savings that are expected to generate a complete return on investment within 18 months Enabled CSX to quickly identify and remediate system-user access conflicts in time to meet its year-end SOX deadline Eliminated manual tracking of compliance testing, saving more than 5,000 analyst hours and enabling the transportation provider to redirect audit resources to more strategic department initiatives Provided CSX executives with a real-time, enterprisewide foundation to support forward-looking strategic planning PwC Page 2 of 3

Headquarters: Jacksonville, FL Founded: 1828 Industry: Revenue: Travel & Transportation US$9 billion Employees: 30,000 Products and services Oracle Application Access Controls Governor Oracle Enterprise GRC Manager Oracle Fusion GRC Intelligence Benefit highlights: Automated key risk and compliance processes across company Saved up to 900 hours per year in fees to external compliance consultants Savings are expected to pay for investment in 18 months Enabled company to deploy existing staff to additional risk management projects Oracle provided us with a complete governance, risk, and compliance solution that we could extend across our entire compliance program. As a result, we have automated risk and compliance processes, gained significant cost savings to date, and expect a complete return on investment within approximately eighteen months. Tom price director of internal controls auditing CSX Corporation PwC Page 3 of 3

2011 PricewaterhouseCoopers LLP. All rights reserved. In this document, PwC refers to PricewaterhouseCoopers LLP, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information