Recently, I had the pleasure of representing
Oracle at the American Society of Military Comptrollers National Professional Development Institute (PDI). The PDI is the premier training event
for resource managers in the Department of Defense and US Coast Guard. Each year they assemble top presenters and key note speakers to convey their experiences and share the upcoming goals and vision
for the Defense Department's financial and resource
management community.
This year, the common themes were centered around 'auditability' and 'efficiency'.
What is auditability? There were many definitions/themes tossed around, but to summarize my notes, it boiled down to:- the proper tracking of funds- audit readiness- proper controls- proper documentation
There were sessions regarding entire programs focused on the need
for auditability.
For example, FIAR: Financial Improvement and Audit Readiness (http://comptroller.defense.gov/fiar/index.html) The FIAR stresses the "...improve(ment of) the Department's financial processes, controls and information."
The entire conference, one set of solutions kept popping into my head around, "how can
Oracle's solutions assist the Department of Defense", or any other Federal Agency, improve their financial processes and controls? One answer came to mind:
Oracle Governance, Risk, and Compliance
Management. Commonly referred to as "GRC".
Let me summarize the main components around
Oracle's GRC solution:
GRC Manager: This solution is the central repository
for documenting
business processes, policies, and established controls. All identified risks and issues are documented within the repository as well as action plans necessary
for mitigation.
GRC Controls: This solution consists of a set of tools which are embedded with your ERP (financial, human resource, supply chain, etc.) applications to detect, prevent, and/or enforce the policies and procedures established by your Agency. Components of the solution include:-
Application Access Control Governor: a robust tool
for managing
application roles and responsibilities; simplify segregation of duty maintenance- Configuration Controls Governor: complete audit trail
for changes made to configurations- Transactions Control Governor: track violations of internal controls; alert
management to suspicious activities; be warned when high dollar transactions are occurring on an irregular basis; - Preventative Controls Governor: prevent sensitive information from being viewed by unauthorized parties; enforce field, block, and form change control
If you are in the financial or resource
management community and are concerned about auditability within your organization I suggest you follow up this post by reading about
Oracle's GRC solutions. www.
oracle.com/grc
Please feel free to follow up with thought and questions in the comments section below. Also, if you have a topic you would like addressed in this blog, just drop me a note at
[email protected] or leave the suggestion in the comment section as well.
Thank you
for reading.
