Recently, I had
the pleasure of representing Oracle at
the American Society of Military Comptrollers National Professional Development Institute (PDI).
The PDI is
the premier training event for resource managers in
the Department of Defense and US Coast Guard. Each year they assemble top presenters and key note speakers to convey their experiences and share
the upcoming goals and vision for
the Defense Department's financial and resource management community.
This year,
the common themes were centered around 'auditability' and 'efficiency'.
What is auditability? There were many definitions/themes tossed around, but to summarize my notes, it boiled down to:-
the proper tracking of funds- audit readiness- proper controls- proper documentation
There were sessions regarding entire programs focused on
the need for auditability. For example, FIAR: Financial Improvement and Audit Readiness (http://comptroller.defense.gov/fiar/index.html)
The FIAR stresses
the "...improve(ment of)
the Department's financial processes, controls and information."
The entire conference, one set of solutions kept popping into my head around, "how can Oracle's solutions assist
the Department of Defense", or
any other Federal Agency, improve their financial processes and controls? One answer came to mind: Oracle Governance, Risk, and Compliance Management. Commonly referred to as "GRC".
Let me summarize
the main components around Oracle's GRC solution:
GRC Manager: This solution is
the central repository for documenting business processes, policies, and established controls. All identified risks and issues are documented within
the repository as well as action plans necessary for mitigation.
GRC Controls: This solution consists of a set of tools which are embedded with your ERP (financial, human resource, supply chain, etc.) applications to detect, prevent, and/or enforce
the policies and procedures established by your Agency. Components of
the solution include:- Application Access
Control Governor: a robust tool for managing application roles and responsibilities; simplify segregation of duty maintenance- Configuration Controls Governor: complete audit trail for changes made to configurations- Transactions
Control Governor: track violations of internal controls; alert management to suspicious activities; be warned when high dollar transactions are occurring on an irregular basis; - Preventative Controls Governor: prevent sensitive information from being viewed by unauthorized parties; enforce field, block, and form change
control
If you are in
the financial or resource management community and are concerned about auditability within your organization I suggest you follow up this post by reading about Oracle's GRC solutions. www.oracle.com/grc
Please feel free to follow up with thought and questions in
the comments section below. Also, if you have a topic you would like addressed in this blog, just drop me a note at
[email protected] or leave
the suggestion in
the comment section as well.
Thank you for reading.
