Presentation is loading. Please wait.

Presentation is loading. Please wait.

Colorado University October 3, 2007

Published byMonika Beutel Modified over 6 years ago

Similar presentations

Presentation on theme: "Colorado University October 3, 2007"— Presentation transcript:

1 Colorado University October 3, 2007
06/12/2018 Colorado University October 3, 2007

2 ERP Enterprise Risk Management Overview
06/12/2018 Topics Introduction A bit about me PwC Overview ERP Enterprise Risk Management Overview Risk & Controls Team Approach

3 06/12/2018 PwC Overview 06 December 2018

4 06/12/2018 PwC Overview The PwC network of firms is composed of more than 140,000 partners and staff in 149 countries and territories around the world In the US, PwC LLP employs 30,000 partners and staff We provide industry-focused Assurance, Tax and Advisory services for 424 of the companies in the Fortune Global We also serve smaller companies, private entities, not-for-profit organizations and the public sector. Priority sectors include: financial services, technology, consumer products, pharmaceuticals, entertainment and media Globally, PwC holds the leading position as auditor to the Fortune 500, auditing 31% of the Fortune 500 06 December 2018

5 Large Scale Technology Implementations
Our Service Lines PwC Operations Corporate Strategy Large Scale Technology Implementations PwC’s Lines of Service Helping Clients Manage the Enterprise Performance Improvement: Identify, measure & close gaps that affect the ability to create and sustain value Risk Management: companies develop, align, assess and implement security solutions and controls that seek to mitigate risk and vulnerabilities Transactions: Evaluate & assist in the implementation of acquisitions, divestitures and strategic alliances as well as gain access to global capital markets Assurance Traditional Audit & Attest Services Advisory Tax 06 December 2018

6 ERP Enterprise Risk Management Overview
06/12/2018 ERP Enterprise Risk Management Overview Risk & Controls Team Approach 06 December 2018

7 What are the key areas of risk for an Enterprise Project?
Broadly, the risks that must be addressed can be grouped into four areas. Project controls help manage risk during the solution development and delivery process. Controls to mitigate the other areas of risk must be implemented within the delivered solution. Business Process Risk The risk that the business experiences real losses attributable to the implemented system Application (Configurable) Controls Information Security - Access Controls (Application Level) Manual/Reporting Controls Project Risk The risk of project failure (e.g. project cancelled or delayed) or the project delivers an unusable system. Financial/ Budgetary controls Stage gating controls Governance controls (PMO, project leadership, steering committees etc.) Quality – Project deliverables Quality – Process Design & Def Project Business Process Technology Infrastructure Data Integrity Risk The risk that converted, interfaced, and/or input data does not support processing requirements/business needs. Data Conversion / Transformation Cleansing & Remediation Data Integrity Controls Information Security – Access Controls (System Level) Technology Infrastructure Risk The risk that the supporting infrastructure does not meet established confidentiality, integrity, and availability requirements Information Security – Threat & Vulnerability management Configuration management Systems Remediation & change control Data Compliance Risk 06 December 2018

8 How Are Enterprise Project Risks Typically Addressed?
06/12/2018 How Are Enterprise Project Risks Typically Addressed? Steering Committee Primary Objective: Make key decisions, provide leadership, and provide resources needed to resolve significant issues. Project Leadership & PMO Primary Objective: Deliver complete system solution on time, on budget, on scope, on quality with fully realized benefits. Optimize Process Functionality, Technology, & Organization Project Constituencies Typical Functional Teams Primary Objective: Deliver complete and functioning business process solutions. Change & Education Teams Primary Objective: Ensure acceptance and adoption of system solution and that benefits are sustained. Technology Teams Primary Objective: Deliver a robust and reliable supporting technology infrastructure Data Transformation Teams Primary Objective: Ensure the accuracy and integrity of converted, interfaced, input and processed data. Typical projects are structured around the fundamental areas of process/functional, technology, data, change, and overall project management. Within this structure each team’s primary objective is to optimize its area given the business requirements. Risk and controls, however, is ancillary to these objectives and is often overlooked or at best, not given the attention it requires. For projects that are lower in risk, complexity, and impact this issue may be addressed through periodic audit and review and re-work/re-design where risk and control issues have been identified. For projects that are higher risk, this typical approach is inefficient and effective and can result in significant re-work or even project failure Therefore, the question of “Who owns risk and controls?” must be addressed. Optimize Risk & Controls Team Primary Objective: Ensure business process, technology, and data related risks are managed, controls are designed and documented, and business process, system, and data integrity are preserved Controls, Security, & Compliance High Risk Projects Enterprise 06 December 2018

9 Why use a Risk & Controls Team?
Without a Risk & Controls Team With a Risk & Controls Team Weak Controls Tight Inefficient & Expensive Ineffective & Misleading Finance Team GTM Supply Chain Technology Teams Balanced & Cost Effective Controls Weak Controls Tight Inefficient & Expensive Ineffective & Misleading Finance Team GTM Supply Chain Technology Teams Balanced & Cost Effective Controls Inconsistent approach/knowledge of risk and internal controls lead to the design and implementation of inefficient and ineffective control measures Dedicated and centralized risk and controls approach leads to balanced and cost effective control solutions across teams. 06 December 2018

10 What Does a Risk & Controls Team Do
What Does a Risk & Controls Team Do? Tasks & Responsibilities Integrate with SDLC Solution Delivery Phases (SDLC) Project Preparation Business Blueprint Realization Final Preparation Go Live and Support Project Feasibility Project Closure Risk & Controls Team (High-level summary) Develop controls strategy and approach Develop risk and controls team structure and roles & responsibilities Collaborate on controls and security standards Select audit and controls tools Define control objectives, requirements and related risks Design balanced control solutions (inherent, configurable, manual, access, reporting, interface) across business process areas Design/implement application and infrastructure access controls in alignment with control objectives (role-based/policy-based/user-based access control measures Complete Sarbanes Oxley documentation Collaborate on Backup and Recovery Plan and Business Continuity Plan Define and design infrastructure security and controls configuration Define and design data integrity and control measures Develop control and security test cases, strategies and plans and execute Finalize Sarbanes Oxley documentation Develop controls and security cutover plan & execution Finalize controls and security acceptance testing Facilitate Sarbanes Oxley testing Validate production implementation of controls Collaborate on project closure and lessons learned analysis 06 December 2018

11 Example Risk and Controls – General Ledger
Incorrect or inappropriate journal postings may result in erroneous financial reporting. Journal entry postings from sub-ledgers are automatically posted to designated GL accounts based on system parameters. (Automated) The system is set up to identify different types of journal postings (e.g. automated vs manual) and assign different sequential numbering. (Automated) Financial transactions may not be posted in the appropriate accounting period. The Accounting calendar is properly set up in the system to ensure accurate period closing. (Automated) Access to open and close posting periods is restricted to appropriate personnel. (Security) Unauthorized or inappropriate manual journal postings may result in erroneous financial reporting Access to post or reverse manual journal entries is restricted to appropriate Accounting personnel. (Security) A formal Journal Entry Request is reviewed and approved prior to entry into the system. Manual journal postings and reversals is reviewed by management. (Manual) 06 December 2018

Download ppt "Colorado University October 3, 2007"

Similar presentations

Addressing Internal Controls in State ERP Systems: Being Proactive Aaron Erickson, Chief Operating Officer State of Ohio, Office of Budget and Management.

Addressing Internal Controls in State ERP Systems: Being Proactive Aaron Erickson, Chief Operating Officer State of Ohio, Office of Budget and Management.
Leverage MarkITS for agile solutions delivery that balances strategic thinking with tactical execution for “Business & Technology Convergence” MarkITS.

Leverage MarkITS for agile solutions delivery that balances strategic thinking with tactical execution for “Business & Technology Convergence” MarkITS.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Enterprise Resource Planning

Enterprise Resource Planning
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
By Saurabh Sardesai www.starvaluemodel.com October 2014.

By Saurabh Sardesai October 2014.
1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.

1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.
000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
BPM Governance Identifying methods for prioritizing, standardizing, measuring and controlling BPM efforts.

BPM Governance Identifying methods for prioritizing, standardizing, measuring and controlling BPM efforts.
Information Technology Audit

Information Technology Audit
Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.

Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.
May 2015. Agenda  PeopleSoft History at Emory  Program Governance  Why Upgrade Now?  Program Guiding Principles  High-Level Roadmap  What Does This.

May Agenda  PeopleSoft History at Emory  Program Governance  Why Upgrade Now?  Program Guiding Principles  High-Level Roadmap  What Does This.
Industrial Engineering Primary Responsibilities within the Service Industry Institute of Industrial Engineering Industry Advisory Board Business Planning.

Industrial Engineering Primary Responsibilities within the Service Industry Institute of Industrial Engineering Industry Advisory Board Business Planning.
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.

CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
Roles and Responsibilities

Roles and Responsibilities
IIA_Tampa_2-3-2004Beth Breier, City of Tallahassee1 IT Auditing in the Small Audit Shop Beth Breier, CPA, CISA City of Tallahassee

IIA_Tampa_ Beth Breier, City of Tallahassee1 IT Auditing in the Small Audit Shop Beth Breier, CPA, CISA City of Tallahassee
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the Preface to the Standards on Internal.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
普 华 永 道 Phase 1: Project Preparation Phase 1: Project Preparation Phase Overview Phase Overview.

普 华 永 道 Phase 1: Project Preparation Phase 1: Project Preparation Phase Overview Phase Overview.
Business Analysis. Business Analysis Concepts Enterprise Analysis ► Identify business opportunities ► Understand the business strategy ► Identify Business.

Business Analysis. Business Analysis Concepts Enterprise Analysis ► Identify business opportunities ► Understand the business strategy ► Identify Business.

Similar presentations

Ads by Google