Add to collection(s) Add to saved
  1. Business
  2. Accounting
  3. Managerial Accounting

LogicalApps Sales Playbook

advertisement 
GRC Sales Playbook
Soumya Das
Senior Director, GRC Product Marketing
Disclaimer
The following is intended to outline our general product direction. It is
intended for information purposes only, and may not be incorporated
into any contract. It is not a commitment to deliver any material, code,
or functionality, and should not be relied upon in making purchasing
decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole
discretion of Oracle. The development, release, and timing of any
features or functionality described for LogicalApps' products remains
at the sole discretion of LogicalApps.
2
Agenda
• GRC Market Drivers
• Value Propositions
• Stakeholders
• GRC Solution Overview
• Competitive Overview
• Summary and Q&A
3
GRC Market Opportunity Today
The combination of
• GRC Controls (LogicalApps)
Total GRC Spend
Headcount
$12.6B
Technology
$9.8B
• GRC Manager
• GRC Intelligence
Services
$7.3B
Source:
AMR 2007
rounds out Oracle’s
ability to attack the
$10B GRC technology
market
By 2008, > 75% of large and midsize companies will purchase new compliance
management, monitoring & automation solutions (0.8 probability).
- Gartner, 2006
4
GRC Applications Market Drivers
Continuing Rise in Complexity & Number of Regulations
•By 2012, the number of regulations that directly affect IT operations will double
•By 2012, 90% of public companies will face mandatory, audited public reporting
requirements for financial controls, and 50% will face mandatory non-financial reporting
Source: Gartner, 2006
Continuing Failure in Financial Reporting and Business Process
•1,876 earnings restatements were filed with the SEC in 2006, compared with 1,296 in
2005, and 650 in 2004.
•4 out of 5 companies have been the victim of corporate fraud in the past 3 years.
Average loss of $20M at companies with revenues of $5B and above.
Source: AuditAnalytics 2006, Kroll Global Fraud Report, 2007
Continuing Need for GRC Visibility by C-Suite and Board
•Boards of directors cite compliance and risk management as areas where better
information is most needed from the audit committee
•A global survey of 741 CFOs blames increasing job turnover partially on the tedium of
meeting regulatory demands.
Source: Mckinsey, 2006; Duke University, 2007
5
Heavy Burden of Compliance
Increasing Number & Complexity
of Regulations
Sarbanes-Oxley Act
Fair Credit Reporting Act
Family Education Rights
Privacy Protection Act
Health Insurance Portability &
Accountability Act
36%
Children’s Online Privacy
Protection Act
28%
Gramm-Leach Bliley Act
Federal Rules of Civil
Procedure
Patriot Act
Title 21 CFR Part 11
Domestic Security
Enhancement Act
Computer Fraud & Abuse Act
… and many more
High Stakes for
Brand and Reputation
Brand Value
Erosion of Public Trust,
Call for Greater Transparency
=
$12B
Source: BusinessWeek, 2007
Public trust in 2002,
Peak of corporate scandal
Public trust in 2006
Source: Mckinsey, 2007
Unabated Spending on
Compliance
Services
$7.3B
Headcount
$12.6B
Technology
$9.8B
Source: AMR Research, Feb 2007
6
Compounded by Risk and Uncertainty
Risk
Level
Acceptable
Threshold
Risk
Type
Credit
Risk
Market
Risk
Litigation
Risk
Compliance
Risk
Information
Risk
Strategic
Risk
FACT: Between 2004-2007, 62% of global companies experienced risk events*
• 87% of those risks were non-financial
• Almost half were not prepared
• Only half manage risk formally
*Source: IBM Global CFO Study, 2008
7
Greater Visibility into GRC is a Must Have
Top 6 Problems with a Siloed
Compliance Approach
Leaders
lack an
enterprise
view of
risks
Compliance &
risk aren’t
considered in
core processes
and decisionmaking
Governance
processes
aren’t
consistently
defined and
communicated
IT assets
aren’t aligned
with risk or
compliance
management
Lack
needs
of
high
Businesses
Organizations
do not have
lack a
the high
common
quality
language
information
around
risk
they need
Source: Lee Dittmar, Demystifying GRC, Q4 2007
Consequences at a Board
and C-Suite Level
Communication
Breakdown
Jeopardizes the Board
Management regularly fails to
communicate risks to directors on a
timely basis, imperiling the value of a
company’s securities and ensuring
embarrassment (or worse) when
inevitable crises occur for which the
company is unprepared.
Steve Mitchell, OCEG, Compliance Week, Dec 2007
Continuing Need for
GRC Information
Boards of directors cite
compliance and risk management as
areas where better information is most
needed from the audit committee.
Mckinsey & Company
8
Burden Stems from Core Challenges
Challenge:
Regulation
A
Multiple Requirements,
Fragmented Response
R1
R2
R3
Risk
B
R1
R2
Standard
C
R3
R1
R2
R3
C1a
C2a
C3a
C1b
C2b
C3b
C1c
C2c
C3c
C5a
C6a
C7a
C5b
C6b
C7b
C5c
C6c
C7c
C9a
C10a C11a
C9b
C10b C11b
C9c
C10c C11c
Challenge:
Insufficient Resources,
Manual Efforts
Challenge:
GRC as an Afterthought,
Holding Up the Business
Sources: Adapted from Deloitte Consulting, Open Compliance and Ethics Group, and IDC
GRC
Business Processes
9
How Oracle GRC Solutions Help
Solution:
Regulation
A
Risk
B
Consolidate
R1
Solution:
R2
R3
C1
C2
C3
C5
C6
C7
C9
C10
C11
Policy
Risk
Process
Automate
Standard
C
Assessment
Reporting &
Diagnostics
Detective
Control
Preventive
Control
Remediation
Issues
Solution:
GRC
Embed
Business Process
Sources: Adapted from Deloitte Consulting, Open Compliance and Ethics Group, and IDC
10
The Oracle Difference
1
2
Best in Class, Engineered
to Work Together
3
Policy Tied to Active
Enforcement
Open Platform,
Industry Depth
Financial
Services
Public
Sector
Life
Sciences
High
Tech
Retail
Utilities
11
Agenda
• GRC Market Drivers
• Value Propositions
• Stakeholders
• GRC Solution Overview
• Competitive Overview
• Summary and Q&A
12
Oracle GRC Applications Value Proposition
Only Oracle lets you…
Simplify GRC and Reduce Costs
• Reduce cost and complexity by managing global mandates with one system
• Align policy documentation with best-practice frameworks and automated controls
• Rely on tamper-proof chain of evidence for all compliance activities
!
Safeguard Brand and Reputation
• Control user access & enforce segregation of duties with business-driven rules
• Reduce risk of fraud with continuous monitoring of master data, setup, and transactions
• Enforce effective preventive and detective controls across heterogeneous applications
Run Your Business Better and Prove It
• Leverage a single source of GRC information across departments and locations
• Tailor role-based GRC dashboards to the needs of specific organizations and functions
• Analyze risk and control status with rapid report creation using pre-delivered metrics
13
Who We Sell to
CONSOLIDATION INNOVATION
COMPLIANCE ASSURANCE
IT
Internal Audit
CFO
CIO
Chief Audit Executive
Controller
IT Director
VP Audit
Accounting Director
Apps Manager
Audit Manager
Accounting Manager
DBA/Bus. Analyst
Internal Auditors
CONTROL PERFORMANCE
Finance
14
Challenges/Capabilities/Value:
CFO, Controller…
CONTROL PERFORMANCE
CHALLENGES
CAPABILITIES
VALUE
• We need to lower spending and
• Comprehensive GRC platform for
• Reduced audit time and costs;
resources devoted to compliance
• The organization needs to move
from manual to automated
controls
• Policy and process
documentation is a challenge
• We need visibility into our high
risk areas
recording, enforcing and reporting
internal controls
• Automation of control testing and
audit trails; simplified report
generation with more accurate
results
• Controls embedded seamlessly
into daily business operations
• Role-based dashboards for risk
faster, easier validation of
compliance
• Reduced risk and increased
confidence in financial integrity
• Better decision-making armed
with real-time diagnostics
• Enhanced morale of finance staff
and free resources for valueadded activities
and control intelligence
• Where are your greatest costs associated with Sarbanes-Oxley or other regulatory compliance issues?
SAMPLE
QUESTIONS
Would it help if you could automate the entire process, from documentation to controls testing &
reporting?
• What percentage of your key controls are manual? Are you interested in automating more of your
controls?
• Can you measure the effectiveness of your compliance programs? Do you have a single view for this?
Oracle Differentiator
15
Challenges/Capabilities/Value:
CIO, IT Director…
CONSOLIDATION INNOVATION
CHALLENGES
CAPABILITIES
VALUE
• High percentage of IT budget
• Automated controls monitoring
• Manage by exception; reduce
devoted to compliance, and away
from innovation
• Disparate silos of information;
difficult to create reports to satisfy
the business
• Unsatisfied with current state of
application data access and
security
• Unable to enforce best-practices
and segregation of duties
enforcement
• Unified GRC reporting, alerts and
tracker for business user
• Preventive and mitigating controls
to ensure data quality and
process integrity
• Form and workflow configuration
through GUI based system
for configuration and change
management
time and cost spent on
compliance
• Improved support of Internal Audit
and LOB compliance needs with
less effort
• Accelerate response to user
provisioning requests; ensure
data security
• Consistent environments, full
audit trail of changes, easier
migration/upgrade
• Are you looking for opportunities to reduce the time and money you spend on compliance, so you can
SAMPLE
QUESTIONS
focus on projects that grow the business?
• Would it help if Finance and Audit had self-service dashboards and could create their own reports?
• How often do you receive application customization requests and much effort does it take to make the
change every time?
Oracle Differentiator
16
Challenges/Capabilities/Value:
Chief Compliance Officer, VP Audit…
COMPLIANCE ASSURANCE
CHALLENGES
CAPABILITIES
VALUE
• Audit data and reports difficult to
• Automated control testing,
• Faster information flow and better
generate – require significant IT
and LOB support
• We need efficient reporting and
comprehensive audit trail
• We need a consistent and cost-
effective way to manage business
processes, risk, controls visibility
• We need to document corporate
policies and collaborate with line
of business owners
assessments, and evidence
through self-service interface
• Centralized risk/control library;
Links to automated controls and
control tests.
• Pre-built, web-based reports (SoD
conflicts, config changes, data
changes, etc.)
• Integrated audit operations and
compliance management
solutions
visibility for quicker identification
of potential issues
• Reduced audit time and efforts
through self-service reporting and
online, centralized evidence
• Better utilization of audit
resources and coordinated efforts
• Timely and accurate information
• Closed-loop remediation and
better risk management
• Would it help if you didn’t have to rely on IT to see the data to support your test scripts?
• Would it reduce your audit fees if you could show increasing levels of controls automation to your
SAMPLE
QUESTIONS
external auditors?
• Are you interested in promoting accountability for compliance to the LOB experts, so that you could
focus on overall business assurance?
Oracle Differentiator
17
Oracle Governance, Risk, and Compliance
Simplify GRC and Reduce Costs
Safeguard Brand and Reputation
Run Your Business Better and Prove It
18
Agenda
• GRC Market Update
• Customer Pitch
• Top Opportunities
• GRC Solution Overview
• Competitive Overview
• Summary and Q&A
19
Who’s Buying GRC?
PUBLIC
PRIVATE
GOVERMENT
• $250M & higher
• $1B & higher
• Federal, State & Local
• Cross Industry
• Cross Industry
• Education
• Agencies
•
Financial Services
•
Financial Services
•
Telecomm
•
Media
•
Civil
•
Pharmaceuticals
•
Retail
•
Dept. of Defence
•
Manufacturing
•
Distribution
•
Aerospace & Defence
•
High-tech
•
Manufacturing
•
Intelligence
• 64% of LogicalApps
customer base
• Drivers:
• 31% of LogicalApps
customer base
• Drivers:
• 5% of LogicalApps
customer base
• Drivers:
•
Sarbanes-Oxley (SOX)
•
Segregation of Duties
•
OMB A-123
•
Segregation of Duties
•
Change Management
•
Improper payments
•
Change Management
•
Internal Audit
•
Privacy act
•
FISMA
20
What to Look For
1
Pain
•Reported material weaknesses, financial restatements
•SEC investigations, CFO or Controller turnover
•Changed auditors, increases in audit fees
2
Maturity Level
•Heavily regulated industries,
•Heavy investment in internal audit teams, separate audit officer
•Have already bought a documentation point solution
3
ERP Upgrades
•Look for companies implementing upgrades to their Oracle or
PeopleSoft ERP systems, including instance consolidation &
standardization
21
GRC Customers
Over 300 Customers Across Multiple Industries
High Tech / Communications
Consumer / Retail
Financial Services
Manufacturing
Public Sector
Life Sciences/Pharmaceuticals
22
COMPANY OVERVIEW
• Technology leader in communications,
electronics, life sciences and chemical
analysis
• Revenue > $5 Billion
• 20,000 employees
CHALLENGES / OPPORTUNITIES
• Identify and eliminate Segregation of
Duties (SOD) conflicts for 90 operating
units
• World’s largest single Oracle EBS instance
• 20,000 Active users
• 50,000 Oracle responsibilities
CUSTOMER PERSPECTIVE
“It would have taken more than 6 months of
application customization and easily cost a
couple of million dollars to create the 200
controls we implemented in only 8 weeks.”
Ravi Mahajani, ERP Solution Expert, Agilent
RESULTS
• Implemented 200 controls in 8 weeks
• Eliminated SOD conflicts to meet SOX
compliance requirements on time
• Avoided 6-month customization effort,
millions of dollars
SOLUTIONS
• Oracle GRC Manager
• GRC Control Suite
23
COMPANY OVERVIEW
• Established in 1817
• Total assets of $312 Billion
• 35,000 employees
• Retail banking, wealth management,
CUSTOMER PERSPECTIVE
“We’ve reduced the time it takes to complete
routine audits from two months to two days.”
Darlene Mac Cormac, VP of Procurement &
Strategic Sourcing, Harris Bank
and investment banking
CHALLENGES / OPPORTUNITIES
• User access was too broad; corporate
assets not protected effectively
• No way to track changes to ERP
application data, including who, what, when
and why changes were made
• Segregation of Duties (SOD) analysis
process was expensive and distracting
from the core business.
RESULTS
• Cut SOD review time from 2 months to 2
days
• Eliminated all known SOD conflicts
• Created detailed access rules protecting
corporate assets
• Created comprehensive audit trails
SOLUTIONS
• GRC Control Suite
24
Federal Aviation Administration
COMPANY OVERVIEW
• Revenues > $250B
• 52,160 employees
• 1 of 4 Federal Centers of Excellence
(COE)
CHALLENGES / OPPORTUNITIES
• Mask sensitive data to comply with Privacy
Act
• Lack of tools to identify & remediate control
violations and establish effective monitoring
process
• Difficulty satisfying management and audit
requirements
CUSTOMER PERSPECTIVE
“After searching for two years for a solution that
would allow us to hide social security numbers
from unauthorized users, LogicalApps showed
us that they could selectively hide critical fields
within minutes.”
Michelle Overstreet, Program Manager, FAA
RESULTS
• Eliminated programming time for
application customization
• Reduced detection and remediation time
for control violations
• Developed a sustainable model to
manage regulatory compliance
SOLUTIONS
• GRC Control Suite – Access &
Configuration Controls
25
Department of Health & Human Services
ORGANIZATION OVERVIEW
• Established in 1817
• Total assets of $658 Billion
• 35,000 employees
• World’s largest implementation of
Oracle E-Business Financials
CHALLENGES / OPPORTUNITIES
• User access was too broad
RESULTS
• Resolved 85% of SOD conflicts across
ERP system; implemented mitigating
controls for remainder
• Privacy Act violations
• Resolved privacy issues with access to
SSN information
• No way to track changes to data, including
who, what, when and why changes were
made
• Created detailed access rules and
comprehensive audit trails to ensure A123 compliance
• SOD analysis process was expensive and
ineffective
SOLUTIONS
• GRC Control Suite
26
Agenda
• GRC Market Update
• Customer Pitch
• Top Opportunities
• GRC Solution Overview
• Competitive Overview
• Summary and Q&A
27
Oracle Solutions for GRC
GRC Reporting & Analytics
Dashboards
Reporting
KRI & Alerts

Purpose-built business
solutions for key
industries and GRC
initiatives

Best-in-class GRC core
solutions to support all
mandates and regulations

Pre-integrated with
Oracle applications and
technology, supports
heterogeneous
environments
GRC Process Management
Management
Assessment
Audit
Issue &
Remediation
Event &
Loss Mgmt
GRC Application Controls
SOD &
Access
Application
Configuration
Transaction
Monitoring
GRC Infrastructure Controls
Identity
Mgmt
Data
Security
Change
Mgmt
Records
Mgmt
Digital
Rights
Custom or Legacy Applications
28
Oracle GRC Reporting & Analytics
 Pre-built dashboards aggregate
information from all sources
GRC Reporting & Analytics
Dashboards
Reporting
KRI & Alerts
 Respond to KRI and issues
GRC Process Management
Management
Assessment
Audit
Issue &
Remediation
 Combine performance & GRC
information
Event &
Loss Mgmt
 Produce attestations and
disclosures
 Configure to meet your specific
needs
GRC Application Controls
SOD &
Access
Application
Configuration
Transaction
Monitoring
GRC Infrastructure Controls
Identity
Mgmt
Data
Security
Change
Mgmt
Records
Mgmt
Digital
Rights
Custom or Legacy Applications
29
Oracle GRC Intelligence
Better decisions, more timely access to information, balanced
performance
• Pre-built dashboards
aggregate information
from all sources
• Combine performance
& GRC information
• Respond to KRI and
issues
• Produce attestations
and disclosures
• Configure to meet
your specific needs
30
Oracle GRC Process Management
GRC Reporting & Analytics
Dashboards
Reporting
KRI & Alerts
 GRC system of record
GRC Process Management
Management
Assessment
Audit
Issue &
Remediation
Event &
Loss Mgmt
Application
Configuration
 Platform independent
 Integrated control management
GRC Application Controls
SOD &
Access
 End-to-end GRC process
management
Transaction
Monitoring
 Closed-loop issue remediation
GRC Infrastructure Controls
Identity
Mgmt
Data
Security
Change
Mgmt
Records
Mgmt
Digital
Rights
Custom or Legacy Applications
31
Oracle GRC Manager
Unify risk and compliance documentation and orchestrate processes
Sign-off and Publish
Certify
• GRC System of Record
Remediate
Retest
Optimize
Respond
• End-to-End GRC
Process Management
Receive Alerts
Review Reports
Analyze
Investigate
Exceptions
• Platform Independent
• Integrated Control
Assess
Perform
Self
Assessment
Scope
Audits
Test
Manual
Controls
Monitor
Automated
Controls
Management
• Closed-loop Issue
Remediation
Document
-
Risk-Control Matrix
COSO/COBIT Frameworks
Policies and Procedures
Evidence & Records Retention
32
Oracle GRC Application Controls
GRC Intelligence
Dashboards
Reporting
KRI & Alerts
GRC Manager
Management
Assessment
Audit
Issue &
Remediation
Event &
Loss Mgmt
 Continuous controls monitoring
and enforcement
GRC Application Controls
SOD &
Access
Application
Configuration
Transaction
Monitoring
 Preventive and detective
controls
 Automated controls testing
GRC Infrastructure Controls
Identity
Mgmt
Data
Security
Systems
Mgmt
Records
Mgmt
Digital
Rights
 Best practice controls across
key process flows
Custom or Legacy Applications
33
Oracle GRC Controls Suite
Monitor Control Effectiveness
Detective Controls
What users
have done
What’s
changed in the
environment
What are the
execution
patterns
ACCESS
Controls
CONFIGURATION
TRANSACTION
Controls
Controls
What users
can do
How
the environment
is setup
How users
execute
processes
Preventive Controls
Enforce Policies in Context
34
Services, Support & Partnerships
• Comprehensive results-based offerings:
•
•
•
•
•
•
•
•
Rapid Deployment
Full Lifecycle Project Management
Subject Matter Experts
Risk Assessment
Prompt Remediation
Best-Practice Controls
Business Processes Optimization
Partnership with Accounting & Risk Advisory Firms
35
Agenda
• GRC Market Update
• Customer Pitch
• Top Opportunities
• GRC Solution Overview
• Competitive Overview
• Summary and Q&A
36
GRC Applications Suite Comparison
Heterogeneous Platform support for SOD
Contextual SOD Conflict Analysis
Embedded SOD Prevention
Cross-Platform Policy Definition
Emergency Provisioning
Access Simulation on Cross-Platform
Field-Level Access & Change Control
Pre-built Controls – Oracle & PeopleSoft
Continuous Monitoring
Risk Management Framework
Full
Somewhat
Minimal
None
37
Gartner’s Magic Quadrant for Enterprise
GRC Platforms
Source: Gartner (June 2008)
38
Approva
Background
• Based out of Reston, Virginia
• Privately held, 100+ employees
• $10M approx. Revenue in 2006
What they will say
• No cross-platform capability - only
operable on Oracle EBS
• They are the only true agnostic, as
they have no ERP offering
Strength
How we respond
• Cross-platform controls monitoring
• Supports SAP, Oracle, PeopleSoft,
JDE and custom legacy apps
Weakness
• Majority customers are on SAP
platform
• Only handful of customers on Oracle
EBS
• No embedded preventive controls
• GRC Manager and GRC Intelligence
support ALL application platforms today
• GRC Controls Suite is the #1 solution for
the Oracle E-Business Suite and
PeopleSoft Enterprise.
• Our new release 8.0 extends crossplatform capabilities for PeopleSoft, JDE,
SAP, Hyperion, and our clients’ other
business applications
39
SAP
Background
• Dedicated GRC business unit
• Growing overlay sales org
• Recognized market visionary
What they will say:
• Follower in the GRC space
• Not a true GRC application provider
• Limited cross-platform capability
How we respond:
Strength
• Segregation of Duties controls
• Cross-platform support
• Global Trade Management
Weakness
• No play in GRC infrastructure (content
& records mgmt, identity mgmt, and
database security)
• No preventive control capabilities for
any customer, SAP or Oracle
• In the last Finance GRC MQ, Gartner rated
Oracle superior to SAP in ability to execute
• To truly address GRC needs such as financial
compliance, IT governance, and information
security, customers need core infrastructure in
addition to purpose-built applications
• GRC Manager and GRC Intelligence support
ALL application platforms today. GRC Controls
Suite is the #1 solution for the Oracle EBusiness Suite and PeopleSoft Enterprise. Our
next release will extend cross-platform
capabilities for JDE, SAP, Hyperion, and legacy
applications
40
Recommended Next Steps
• Assess your current organizational needs
• Immediate requirements of high priority projects
• Mid and long term objectives
• Cost benefit consideration
• Evaluate Oracle’s combined solution
offering
• Functional product demonstration
• Combination of new solution with existing
infrastructure
• Enabling services and support
41
42
Related documents
Articulate Engage Word Output
Articulate Engage Word Output
Specimen Processing sample submission form
Specimen Processing sample submission form
1. Pick any natural number n = 1, 2, 3, … , 100, … , 100000000000000
1. Pick any natural number n = 1, 2, 3, … , 100, … , 100000000000000
System Center Client Management - Financial Executives International
System Center Client Management - Financial Executives International
Earth Day presentation
Earth Day presentation
united bankshares increases the quality and quantity of internal audits
united bankshares increases the quality and quantity of internal audits
Rule count by risk level and process.
Rule count by risk level and process.
Document
Document
Download
advertisement