How To Manage Risk

Similar documents
Governance, Risk & Compliance for Public Sector

How To Ensure Financial Compliance

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

Governance, Risk and Compliance Management SAP Solutions for GRC. Holly Roland GRC Solutions Marketing SAP

XBRL & GRC Future opportunities?

Oracle Cloud: Enterprise Resource Planning

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma

Application Control Effectiveness for SAP. December 2007

14 October 2015 ISACA Curaçao Conference By: Paul Helmich

An Oracle White Paper January Access Certification: Addressing & Building on a Critical Security Control

Sarbanes-Oxley: Beyond. Using compliance requirements to boost business performance. An RIS White Paper Sponsored by:

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

How To Improve Your Business

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved.

10 Best-Selling Modules For Home Information Technology Professionals

Procurement General Session: Empowering Modern Procurement

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

SAP Business ByDesign Improving operations and resource utilization for professional services providers

Quest InTrust. Change auditing and policy compliance for the secure enterprise. May Copyright 2006 Quest Software

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

Complete Financial Crime and Compliance Management

Becoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013

Outperform Financial Objectives and Enable Regulatory Compliance

Governance, Risk, and Compliance (GRC) White Paper

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Anti-Fraud Management Example In Accounts Payable. Michael Heckner October 12, 2012

ORACLE SUPPLY CHAIN AND ORDER MANAGEMENT ANALYTICS

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Making Compliance Work for You

Integrating GRC with Performance Management Demands Enterprise Solutions

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

Enterprise Risk Management

What Should IS Majors Know About Regulatory Compliance?

Oracle Fusion Project Portfolio Management CLOUD SERVICE. The New Standard for Project Portfolio Management

Enterprise Performance Management Event for Financial Service Industries

Informatics For Business Administration

A7 / SAP Financial Services Forum 2014 / September 9-10, 2014 / London / UK Cloud Strategy for Banking Run Simple with SAP

RSA ARCHER OPERATIONAL RISK MANAGEMENT

Simplify And Innovate The Way You Consume Cloud

<Insert Picture Here> PeopleSoft Financial Management Solutions 9.1 and Roadmap into Release 9.2

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

Minimize Access Risk and Prevent Fraud With SAP Access Control

Turn Your Business Vision into Reality with Microsoft Dynamics NAV

<Insert Picture Here> The role of BI in your ERP and Performance Management Initiatives

Moving Forward with IT Governance and COBIT

Leveraging Sarbanes-Oxley (SOX) to Build Better Practices

Driving business performance with enterprise risk management

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

Italy. EY s Global Information Security Survey 2013

Safe Harbor Statement

Oracle Business Intelligence Mobile

A BearingPoint Accelerator

Management Accountants and IT Professionals providing Better Information = BI = Business Intelligence. Peter Simons peter.simons@cimaglobal.

Masterminding Data Governance

Oracle s Primavera P6 Enterprise Project Portfolio Management

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization

Business Process Management for Insurance

BPM IN F&A THE DIGITAL CFO PARTNERING THE BUSINESS IN GROWTH. xchanging.com BUSINESS PROCESS MANAGEMENT 1

Why is Master Data Management getting both Business and IT Attention in Today s Challenging Economic Environment?

Module 6 Essentials of Enterprise Architecture Tools

SAP Predictive Analysis: Strategy, Value Proposition

Principled Performance & GRC

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

An Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success. September, 2009

Continuous Controls Monitoring. Virginia ISACA January Meeting 19 January 2010

IT Governance: framework and case study. 22 September 2010

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

How To Use The Sap Process Control Application

IBM Analytical Decision Management

Introducing SAP Fraud Management. Jérôme Pugnet

Dynamic Enterprise Performance Management

PRIMAVERA TRANSFORMING THE OIL AND GAS INDUSTRIES

THOMSON REUTERS ACCELUS. Know Your Customer (KYC), Kontrol Your Costs (KYC) and Keep Your Customers (KYC) happy

Oracle Role Manager. An Oracle White Paper Updated June 2009

igrc: Intelligent Governance, Risk, and Compliance White Paper

How to Ensure IT Compliance Without Compromising Innovation. Nik Teshima, IBM Phil Odence, Black Duck

COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS

Leveraging a Maturity Model to Achieve Proactive Compliance

Enhance Performance Management Reporting

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

End User Computing Solving the problem

Performance Management Applications. Gain Insight Throughout the Enterprise

Transcription:

Oracle Applications Day Zürich, 1. Juli 2009 Risk und Performance Management in Stürmischen Zeiten mit Oracle GRC Steven Hagner EMEA GRC Sales Organization 1

Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. 2

Agenda Business Challenges Solution Overview Customer Success 3

Fraud on the Rise Societe Generale lost 6.3B as Jerome Kerviel went rogue B. Ramalinga Raju reveals falsifying $1B Corp. account Siemens agrees to pay $1.3B in bribery settlement Fannie Mae IT contractor indicted for planting malware 4

Call for Increased Regulatory Scrutiny Obama Gordon Sarkozy Jintao AMERICAS HIPAA FDA CFR 21 Part 11 OMB Circular A-123 SEC and DoD Records Retention USA PATRIOT Act Gramm-Leach-Bliley Act Federal Sentencing Guidelines Foreign Corrupt Practices Act Market Instruments 52 (Canada) EMEA EU Privacy Directives UK Companies Law Restriction of Hazardous Substances (ROHS/WEE) GLOBAL International Accounting Standards Basel II (Global Banking) OECD Guidelines on Corporate Governance APAC J-SOX, C-SOX, K-S0X, C49 CLERP 9: Audit Reform and Corporate Disclosure Act (Australia) Stock Exchange of Thailand Code on Corporate Governance 5

The Big Picture What is Governance, Risk, and Compliance Voluntary Boundary Boundary defined by management including public commitments, organizational values, contractual obligations, and other voluntary policies Business Model Strategy, people, process, technology and infrastructure in place to drive toward objectives Obstacles impede progress toward achieving objectives Obstacles Objectives Strategic, operational, customer, compliance and reporting objectives cascaded throughout the organization Mandated Boundary Boundary established by external forces including laws, government regulation and other mandates. OCEG 6

Governance, Risk & Compliance Governance is the process of deciding and documenting how the organization operates. Risk Management is the process of ensuring that the right levels of risk are taken. Compliance is the process of ensuring and proving that policies (internal and external) are being followed. 7

While Cost of Compliance Continues to Rise $29Billion $32Billion Governance, risk management, and compliance (GRC) spending will exceed $32B for 2008, up 7.4% from 2007, as companies shift toward identifying, assessing, and managing risk across numerous business and IT areas. The Governance, Risk Management, and Compliance Spending Report, 2008 2009, -- AMR Research 8

Burden Stems from Core Challenges Challenge: Multiple Requirements, Fragmented Response Finance SOX, JSOX Groups IT Security / Risk Mgmt Groups C1b C2b C3b Business Assessment / Audit Groups R1 R2 R3 R1 R2 R3 R1 R2 R3 C1a C2a C3a C1c C2c C3c C5a C6a C7a C9a C10a C11a C5b C6b C7b C9b C10b C11b C5c C6c C7c C9c C10c C11c Challenge: No Proactive Risk Management Risk React Challenge: Ad-hoc Approach with Manual Controls GRC Business Processes 9

How Oracle GRC Applications Help Solution: Consolidate multiple standards and regulations onto a single platform GRC Intelligence GRC Manager Regulation A Risk B R1 R2 R3 C1 C2 C3 C5 C6 C7 C9 C10 C11 Standard C Solution: Manage risk in a disciplined & consistent fashion GRC Intelligence GRC Manager Solution: Embed automated controls into standard business processes GRC Controls GRC Business Process 10

Agenda Business Challenges Solution Overview Customer Success 11

A Proactive and Integrated Approach Rationalizes Common Processes and Components Finance SOX, JSOX Groups R1 R2 R3 C1a C2a C3a C5a C9a C6a C7a C10a C11a IT Security / Risk Mgmt Groups R1 R2 R3 C1b C2b C3b C5b C6b C7b Business Assessment / Audit Groups R1 R2 R3 C1c C2c C3c C5c C6c C7c C9c C10c C11c Enterprise GRC Platform Common Processes: Identify Requirements Establish Objectives Assess Risk Evaluate Controls Remediate Issues Report and Respond Common Components: Regulations Mandates Frameworks Process Risks Controls Systems C9b C10b C11b 12

Consolidate Compliance Activities Oracle GRC Manager Why? Mandates PCI What? Risk Impact Likelihood How? Process Review & Improve SOX 404 Business Process Report & Respond Identify Requirements FFIEC CASB 1386 EU Privacy Directive Framework ISO COSO COBIT ITIL Remediate Issues Establish Objectives HIPAA FDA System Evaluate Controls Assess Risk 13

Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms Committing investment to an aggressive development road map with plans for many vertical-specific versions of GRC Manager A suite of controls products, such as Oracle Application Access Controls Governor and Oracle Transaction Controls Governor, that is integrated into the GRC Manager platform 14

Enterprise Risk Management Audit Projects Financial Compliance IT Risk & Compliance Environment, Health & Safety Green Compliance & Sustainability Legal & Regulatory Compliance Product Quality & Safety Supply Chain Risk Service Provider Risk Management Multiple GRC Solutions from a Single Platform Real-Time Insight 15

The Oracle Difference Enterprise GRC Platform Leader* 1 One Platform Satisfies Multiple Regulations 2 GRC Controls Integration Enforces Policy 3 Role-Based Dashboards Provide Real Time Insight Financial Reporting Data Privacy Green Compliance Policy R1 R2 R3 C1c C2c C3c Controls C5c C6c C7c C9c C10c C11c *Source: Gartner Magic Quadrant for Enterprise GRC Platforms, 2008 16

How Oracle GRC Applications Help Solution: Consolidate multiple standards and regulations onto a single platform GRC Intelligence GRC Manager Regulation A Risk B R1 R2 R3 C1 C2 C3 C5 C6 C7 C9 C10 C11 Standard C Solution: Manage risk in a disciplined & consistent fashion GRC Intelligence GRC Manager Solution: Embed automated controls into standard business processes GRC Controls GRC Business Process 17

18

The Convergence of EPM and GRC 19

Management Excellence: Risk Management Competitive Advantage MANAGEMENT EXCELLENCE Risk Risk Management- Enabling Risk-Based Decisions OPERATIONAL EXCELLENCE Time Copyright 2008, Oracle and / or its affiliates. All rights reserved. 20

Risk Management is proactive Performance Management One unique EPM and GRC solution for Good Governance= No Surprise Better Risk Management = No Surprise Transactions Reporting CFO Dashboard Enterprise Risk Management CFO Automated Risk Control Enforcement ERP: Oracle, SAP, Legacy, Other Hyperion Financial Management And Data Quality Management Strategic Planning Financial Planning Cost & Profitability Management Financial Reporting and Compliance Infrastructure Services CIO 21

Establish Risk Lifecycle Processes Oracle GRC Manager Establish a single unified approach to managing risk across the enterprise Support an iterative top down or bottom up approach to managing risk Define and analyze risks in terms that match your business model 22

Apply at Every Level of Enterprise Oracle GRC Manager Levels Executive Departments Regions Projects Stakeholders Board of Directors C-Level Executives Senior Management Legal, HR Finance Production Americas Europe Asia Africa Cross-functional Global 23

Gain 360 Visibility into Enterprise Risk Oracle GRC Intelligence and GRC Manager Financial Reporting Integrity Health & Safety Supply Chain RISK EXPOSURE RISK MODELLING RISK TREATMENT Information Security Environmental Sustainability 24

Risk Analysis Visualization Guided Risk Management Steps 25

Oracle Risk Management Solutions Oracle GRC Manager Web-based, Enterprise Risk Management solution. Establish a systematic process for Risk Management Assess multiple risk classes and monitor overall risk health Oracle Crystal Ball Predictive modeling, forecasting, simulation and optimization. Enable accurate Risk Probabilities and Monte Carlo Simulation Financial Services Deep Industry-specific solutions covering Financial Services Compliance and Risk 26

Oracle Analytic Applications for Financial Services Performance Management Profitability Funds Transfer Pricing Consolidation Accounting Hub Activity-Based Costing Balance Sheet Planning Budgeting and Forecasting Credit Risk Analytical CRM Retail Credit Risk Portfolio Analytics Corporate Credit Risk Marketing Analytics Treasury Risk Service Analytics Market Risk Asset Liability Management Regulatory Capital Basel II: Credit Risk Channel Insight Channel Usage Basel II: Market Risk Channel Performance Basel II: Operational Risk Capital Adequacy/ICAAP Economic Capital EC: Credit Risk EC: Market Risk Customer Profitability Customer Profitability Product Profitability EC: Operational Risk Regulatory Compliance (Financial Crime) Anti-Money Laundering Fraud Detection Governance and Compliance Governance Compliance Risk Broker Compliance Trading Compliance Operational Risk 27

The Oracle Difference Transform Uncertainty into Opportunity 1 Manage All Categories of Risk Throughout the Enterprise 2 Foresee Unacceptable Levels of Risk 3 Embed Risk Management into Strategic and Operational Planning Strategic Risk Context Financial Risk Adjusted Performance Operational Risk Criteria Compliance Oracle GRC Oracle EPM 28

How Oracle GRC Applications Help Solution: Consolidate multiple standards and regulations onto a single platform GRC Intelligence GRC Manager Regulation A Risk B R1 R2 R3 C1 C2 C3 C5 C6 C7 C9 C10 C11 Standard C Solution: Manage risk in a disciplined & consistent fashion GRC Intelligence GRC Manager Solution: Embed automated controls into standard business processes GRC Controls GRC Business Process 29

85% of internal controls at an average firm are manual. - Financial Executives Research Foundation 30

Automate Internal Controls Oracle GRC Controls Monitor Control Effectiveness What users have done Detective Controls What s changed in the process What are the execution patterns ACCESS Controls CONFIGURATION Controls TRANSACTION Controls What users can do How is the process setup Preventive Controls How users execute processes Enforce Policies in Context 31

Focus on High Risk Areas High RISK RATING OF BUSINESS PROCESSES Importance to business strategy Sales Mgmt Order to Cash Procure to Pay Hire to Retire Produce to Deliver Close to Report Capitalize to DDepreciate Revenue Recognition Bad Debt Mgmt Accounting Security Mgmt Quote to Order IT Change Mgmt Expense to Pay Vendor Mgmt Low Likelihood of control issues High 32

Policy Library Conflict Paths Conflict Paths Policy Library Lawson-1275 Lawson 33

The Oracle Difference Controls for the Business by the Business 1 Embedded Preventative and Detective Controls are Transparent to Users 2 Pre-delivered Policy Library for Controls 3 Integrated Identity Management and GRC Controls GRC Business Process Policy Library Compliant User Provisioning Oracle GRC Oracle IDM 34

How Oracle GRC Applications Help Solution: Consolidate multiple standards and regulations onto a single platform GRC Intelligence GRC Manager Regulation A Risk B R1 R2 R3 C1 C2 C3 C5 C6 C7 C9 C10 C11 Standard C Solution: Manage risk in a disciplined & consistent fashion GRC Intelligence GRC Manager Solution: Embed automated controls into standard business processes GRC Controls GRC Business Process 35

Agenda Business Challenges Solution Overview Customer Success 36

Oracle Helps Reduce Compliance Costs and Control Risk Saves $1 million by avoiding customizations Access Controls pass rate improved by 27% Reduces controls testing by 65% Global deployment of centralized controls across 14 locations Reduces audit preparation time by 25% Reporting time reduced from 4 days to minutes Cuts Segregation of Duties audit from 2 months to 2 days User role violations reduced by 90% 37

38

39

GRC Value to Executive Management Integrating risk mgmt into strategic planning increases stakeholder value Managing business risk enhances operational planning & financial performance CEO & BOD Can prove risks are controlled Oversee the business with more certainty Obtain and safeguard confidence of investor and regulatory bodies CFO Has visibility into high risks and greater assurance in financial integrity Achieves better operational decision-making Lowers compliance spend and frees up resources Controlling the risk of fraud reduces disruption to information flow & systems Implementing controls addresses evolving compliance requirements & emerging risks Manages by exception and limits compliance cost Promptly identifies issues and violations for remediation CIO Accelerates response to provisioning requests and supports Audit and LOB Ensures environments stay consistent and data secure CAO Easily validates compliance and reduces audit cost Better utilizes audit resources and coordinates efforts 40

GRC Value to the Executive Office & Board Integrating risk mgmt into strategic planning increases stakeholder value Can prove risks are controlled Oversee the business with more certainty CEO & BOD Obtain and safeguard confidence of investor and regulatory bodies 41

GRC Value to the Finance Office Managing business risk enhances operational planning and financial performance CFO Has visibility into high risks and greater assurance in financial integrity Achieves better operational decisionmaking Lowers compliance spend and frees up resources 42

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information