Download presentation
Presentation is loading. Please wait.
Published byAmia Dolan Modified over 11 years ago
1
NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010
2
Agenda Oracle: Did you know? What is G-R-C? GRC Offering Benefits Key Take-Aways
3
Oracle
4
Did you know? #1 in North America #1 in HR #1 in Public Sector Globally Project Oracle, 1977 Longest running relationship with government of any software vendor Scale $22.4 in revenue for FY 08 320,000 customers in 145 countries 92,000 employees (1 in 3 joined from acquisitions) Innovation and Investment Over 3,000 products with over 2,000 patents $3b R&D 20,000+ developers, running over 300,000 test scripts nightly 6,500 customer-driven enhancements yearly 1 million students supported 7,500 customer support specialists speaking 27 languages 20,000+ implementation consultants
5
What is G-R-C?
6
Creating Public Trust GRC in the Public Sector Integrity Governance Risk Compliance Governance + Risk Management + Compliance = Integrity equates to Structures + Threat Mitigation + Proofing = Public Trust
7
Motivation RationalizationOpportunity Fraud Triangle Reducing Fraud in Government As much as 7% of annual budget* That is $70m per billion of budget Pednault, S. (2009). Fraud 101: Techniques and Strategies for Understanding Fraud, 3 rd ed. Hoboken, NJ: John Wiley & Sons, p. xi. Need to break one leg of the triangle Motivation and Opportunity easiest to address Rationalization may be impossible to manage FRAUD Human Performance Improvement Kohlberg Moral Stages GRC
8
Risk-Controls Relationships Correct Outcome Risk Controls No Yes NoYes Possible Loss Possible Waste
9
Oracles GRC Offering
10
10 GRC Controls Management Access Controls Configuration Controls Transaction Controls GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Intelligence Reports Dashboards Alerts Key Risk & Control Indicators Applications Infrastructure Financial Compliance IT Governance Regulatory Policy MgmtInformation Privacy Environmental Product Quality & SafetyGlobal Trade Mgmt Financial Services GRC Intelligence If only we had a dash board that could highlight real time application access and / or transactional risk… Pre-built role-based Dashboards & KPI's Tailored diagnostics for all GRC initiatives Processes / Controls Documents Certification Assessments & Test Results Single source of GRC information across orgs and locations Oracle GRC Applications Suite Benefits GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation Preventive Controls
13
13 GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Intelligence Reports Dashboards Alerts Key Risk & Control Indicators Financial Compliance IT Governance Regulatory Policy MgmtInformation Privacy Environmental Product Quality & SafetyGlobal Trade Mgmt Financial Services Oracle GRC Applications Suite Benefits GRC Manager Ris Risks AssessmentsIssues Processes Policies Procedures Remediation GRC Manager We cant manage nor have the visibility of all the GRC initiatives across the enterprise…. End-to-End GRC business process Reduce cost and complexity by managing multiple global mandates with one system Rely on tamper proof chain of evidence for all financial compliance processes Align policies and processes with best practice risk and control frameworks GRC Controls Management Access Controls Configuration Controls Transaction Controls Applications Infrastructure Preventive Controls
14
Multiple hierarchies exist to represent frameworks, business models and financial structures.
15
Relationships are managed from the hierarchy down to the objectives, risks and controls in a many to many structure.
16
Oracle GRC workflow automatically generates emails to compliance staff of action items. These emails link the user directly back to Oracle GRC Manager with a single mouse click.
17
Easy to Use testing screens allow conclusions and supporting comments.
18
Track Issues until they are closed with immediate access to who is currently tasked and how long they have been working on it.
19
19 GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Intelligence Reports Dashboards Alerts Key Risk & Control Indicators Financial Compliance IT Governance Regulatory Policy MgmtInformation Privacy Environmental Product Quality & SafetyGlobal Trade Mgmt Financial Services Access Controls The SOD process is very manually intensive and only covers a fraction of the application landscape Best practice SOD Library Cross Application SOD Enablement Real-time Simulation & Remediation Preventive User Provisioning Library of prepackaged reports Accelerates role design and implementation Oracle GRC Applications Suite Benefits GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Controls Management Access Controls Configuration Controls Transaction Controls Applications Infrastructure Preventive Controls
20
20 GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Intelligence Reports Dashboards Alerts Key Risk & Control Indicators Financial Compliance IT Governance Regulatory Policy MgmtInformation Privacy Environmental Product Quality & SafetyGlobal Trade Mgmt Financial Services Configuration Controls If only we had a dash board that could highlight real time application access and / or transactional risk… Ease of deploying change management controls Enable risk management controls by enforcing policy procedures within the application Increase confidence in the management of data integrity. Repository of audit trails in change management reports Increase business confidence in efficiency and data integrity of the system. Oracle GRC Applications Suite Benefits GRC Manager Risks IAssessments Issues ssues Processes Policies Procedures Remediation GRC Controls Management Access Controls Configuration Controls Transaction Controls Applications Infrastructure Preventive Controls
21
21 GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Intelligence Reports Dashboards Alerts Key Risk & Control Indicators Financial Compliance IT Governance Regulatory Policy MgmtInformation Privacy Environmental Product Quality & SafetyGlobal Trade Mgmt Financial Services Transaction Controls We currently manage this on an ad-hoc basis that is manual and often error prone Easy to use interface to manage threshold values and generate parameterized reports across multiple applications Readily available audit reports of suspicious activities Workflow enabled process to distribute suspicious activities to key personnel for action / remediation Oracle GRC Applications Suite Benefits GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Controls Management Access Controls Configuration Controls Transaction Controls Applications Infrastructure Preventive Controls
22
22 GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Intelligence Reports Dashboards Alerts Key Risk & Control Indicators Financial Compliance IT Governance Regulatory Policy MgmtInformation Privacy Environmental Product Quality & SafetyGlobal Trade Mgmt Financial Services Preventive Controls We need to move from manual controls to automated controls… Automate & Streamline manual controls to become part of the transactional process Enforce and report data security and valid change management Audit Audit & Workflow Notifications Audit & Workflow Approvals Oracle GRC Applications Suite Benefits GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Controls Management Configuration Controls Transaction Controls Applications Infrastructure Preventive Controls Access Controls
23
Oracle GRC Benefits
24
24 5 Key Areas Where GRC Can Reduce Risks and Costs ActivityBenefitsValue Impact SOD Analysis Automated Preventive Controls Configuration & Change Management Transaction Monitoring Governance & Compliance Visibility Industry proven, best practices policies Library of prepackaged reports Accelerates role design and implementation Run test cases and what-if analysis Enforce preventive controls for data integrity and access security Ease of creating workflow processes for Approval and notification Library of best practices prepackaged controls Ease of deploying change management controls Enforce policy procedures within the application Increase confidence of data integrity Manage & report suspect records across multiple applications Readily available audit reports Automated distribution of suspect records for review & remediation Capture internal and external perform- ance metrics quickly & accurately Fact-based continuous improvement 20-35% reduction in cost of on-going SOD auditing and monitoring 15-25% reduction in cost for IT to create and implement automated controls 20-30% reduction in audit and compliance testing cost related to configuration change management 20% reduction in audit and compliance costs related to investigation of transactions and fraud controls 10-40% reduction in costs of proving risk and compliance effectiveness across the enterprise SOD = Segregation of Duties
25
Cost Benefit Analysis Relative Impacts Audit cost savings Fraud Prevention Mission Enhancement
26
Key Take-aways
27
GRC Suite: Demonstrates accountability Increases public trust Lowers costs of audits Provides integrity Prevents waste, fraud, and abuse How? Library of prepackaged controls based on best practices Single source of truth for all documentation that will be audited Flexible reporting tool that can generate dashboards, alerts, and printed reports
28
Contact Information Cindy Schwimer Executive Director, Public Sector Solutions Cindy.schwimer@oracle.com Voice: 703-364-3104 Adam Schwartz GRC Specialist Adam.b.schwartz@oracle.com Voice: 860-817-9403
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.