Recently, I had the pleasure of representing Oracle at the American Society of Military Comptrollers National Professional Development Institute (PDI). The PDI is the
premier training event for resource managers in the Department of Defense and US Coast Guard. Each year they assemble top presenters and key note speakers to convey their experiences and share the upcoming goals and vision for the Defense Department's financial and resource management community.
This year, the common themes were centered around 'auditability' and 'efficiency'.
What is auditability? There were many definitions/themes tossed around, but to summarize my notes, it boiled down to:- the proper tracking of funds- audit readiness- proper controls- proper documentation
There were sessions regarding entire programs focused on the need for auditability. For example, FIAR: Financial Improvement and Audit Readiness (http://comptroller.defense.gov/fiar/index.html) The FIAR stresses the "...improve(ment of) the Department's financial processes, controls and information."
The entire conference, one set of solutions kept popping into my head around, "how can Oracle's solutions assist the Department of Defense", or any other Federal Agency, improve their financial processes and controls? One answer came to mind: Oracle Governance, Risk, and Compliance Management. Commonly referred to as "GRC".
Let me summarize the main components around Oracle's GRC solution:
GRC Manager: This solution is the central repository for documenting business processes, policies, and established controls. All identified risks and issues are documented within the repository as well as action plans necessary for mitigation.
GRC Controls: This solution consists of a set of tools which are embedded with your ERP (financial, human resource, supply chain, etc.) applications to detect, prevent, and/or enforce the policies and procedures established by your Agency. Components of the solution include:- Application Access Control Governor: a robust tool for managing application roles and responsibilities; simplify segregation of duty maintenance- Configuration Controls Governor: complete audit trail for changes made to configurations- Transactions Control Governor: track violations of internal controls; alert management to suspicious activities; be warned when high dollar transactions are occurring on an irregular basis; - Preventative Controls Governor: prevent sensitive information from being viewed by unauthorized parties; enforce field, block, and form change control
If you are in the financial or resource management community and are concerned about auditability within your organization I suggest you follow up this post by reading about Oracle's GRC solutions. www.oracle.com/grc
Please feel free to follow up with thought and questions in the comments section below. Also, if you have a topic you would like addressed in this blog, just drop me a note at
[email protected] or leave the suggestion in the comment section as well.
Thank you for reading.