Recently, I had the pleasure
of representing Oracle at the American Society
of Military Comptrollers National Professional Development Institute (PDI). The PDI is the premier training event for resource managers in the Department
of Defense and US Coast Guard. Each year they assemble top presenters and key
note speakers to convey their experiences and share the upcoming goals and vision for the Defense Department's financial and resource management community.
This year, the common themes were centered around 'auditability' and 'efficiency'.
What is auditability? There were many definitions/themes tossed around, but to summarize my notes, it boiled down to:- the proper tracking
of funds- audit readiness- proper controls- proper documentation
There were sessions regarding entire programs focused on the need for auditability. For example, FIAR: Financial Improvement and Audit Readiness (http://comptroller.defense.gov/fiar/index.html) The FIAR stresses the "...improve(ment of) the Department's financial processes, controls and information."
The entire conference, one set
of solutions kept popping into my head around, "how can Oracle's solutions assist the Department
of Defense", or any other Federal Agency, improve their financial processes and controls? One answer came to mind: Oracle Governance, Risk, and Compliance Management. Commonly referred to as "GRC".
Let me summarize the main components around Oracle's GRC solution:
GRC Manager: This solution is the central repository for documenting business processes, policies, and established controls. All identified risks and issues are documented within the repository as well as action plans necessary for mitigation.
GRC Controls: This solution consists
of a set
of tools which are embedded with your ERP (financial, human resource, supply chain, etc.) applications to detect, prevent, and/or enforce the policies and procedures established by your Agency. Components
of the solution include:- Application Access Control Governor: a robust tool for managing application roles and responsibilities; simplify segregation
of duty maintenance- Configuration Controls Governor: complete audit trail for changes made to configurations- Transactions Control Governor: track violations
of internal controls; alert management to suspicious activities; be warned when high dollar transactions are occurring on an irregular basis; - Preventative Controls Governor: prevent sensitive information from being viewed by unauthorized parties; enforce field, block, and form change control
If you are in the financial or resource management community and are concerned about auditability within your organization I suggest you follow up this post by reading about Oracle's GRC solutions. www.oracle.com/grc
Please feel free to follow up with thought and questions in the comments section below. Also, if you have a topic you would like addressed in this blog, just drop me a
note at
[email protected] or leave the suggestion in the comment section as well.
Thank you for reading.
