Presentation is loading. Please wait.

Presentation is loading. Please wait.

NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010.

Published byAmia Dolan Modified over 10 years ago

Similar presentations

Presentation on theme: "NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010."— Presentation transcript:

1 NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010

2 Agenda Oracle: Did you know? What is G-R-C? GRC Offering Benefits Key Take-Aways

3 Oracle

4 Did you know? #1 in North America #1 in HR #1 in Public Sector Globally Project Oracle, 1977 Longest running relationship with government of any software vendor Scale $22.4 in revenue for FY 08 320,000 customers in 145 countries 92,000 employees (1 in 3 joined from acquisitions) Innovation and Investment Over 3,000 products with over 2,000 patents $3b R&D 20,000+ developers, running over 300,000 test scripts nightly 6,500 customer-driven enhancements yearly 1 million students supported 7,500 customer support specialists speaking 27 languages 20,000+ implementation consultants

5 What is G-R-C?

6 Creating Public Trust GRC in the Public Sector Integrity Governance Risk Compliance Governance + Risk Management + Compliance = Integrity equates to Structures + Threat Mitigation + Proofing = Public Trust

7 Motivation RationalizationOpportunity Fraud Triangle Reducing Fraud in Government As much as 7% of annual budget* That is $70m per billion of budget Pednault, S. (2009). Fraud 101: Techniques and Strategies for Understanding Fraud, 3 rd ed. Hoboken, NJ: John Wiley & Sons, p. xi. Need to break one leg of the triangle Motivation and Opportunity easiest to address Rationalization may be impossible to manage FRAUD Human Performance Improvement Kohlberg Moral Stages GRC

8 Risk-Controls Relationships Correct Outcome Risk Controls No Yes NoYes Possible Loss Possible Waste

9 Oracles GRC Offering

10 10 GRC Controls Management Access Controls Configuration Controls Transaction Controls GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Intelligence Reports Dashboards Alerts Key Risk & Control Indicators Applications Infrastructure Financial Compliance IT Governance Regulatory Policy MgmtInformation Privacy Environmental Product Quality & SafetyGlobal Trade Mgmt Financial Services GRC Intelligence If only we had a dash board that could highlight real time application access and / or transactional risk… Pre-built role-based Dashboards & KPI's Tailored diagnostics for all GRC initiatives Processes / Controls Documents Certification Assessments & Test Results Single source of GRC information across orgs and locations Oracle GRC Applications Suite Benefits GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation Preventive Controls

11

12

13 13 GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Intelligence Reports Dashboards Alerts Key Risk & Control Indicators Financial Compliance IT Governance Regulatory Policy MgmtInformation Privacy Environmental Product Quality & SafetyGlobal Trade Mgmt Financial Services Oracle GRC Applications Suite Benefits GRC Manager Ris Risks AssessmentsIssues Processes Policies Procedures Remediation GRC Manager We cant manage nor have the visibility of all the GRC initiatives across the enterprise…. End-to-End GRC business process Reduce cost and complexity by managing multiple global mandates with one system Rely on tamper proof chain of evidence for all financial compliance processes Align policies and processes with best practice risk and control frameworks GRC Controls Management Access Controls Configuration Controls Transaction Controls Applications Infrastructure Preventive Controls

14 Multiple hierarchies exist to represent frameworks, business models and financial structures.

15 Relationships are managed from the hierarchy down to the objectives, risks and controls in a many to many structure.

16 Oracle GRC workflow automatically generates emails to compliance staff of action items. These emails link the user directly back to Oracle GRC Manager with a single mouse click.

17 Easy to Use testing screens allow conclusions and supporting comments.

18 Track Issues until they are closed with immediate access to who is currently tasked and how long they have been working on it.

19 19 GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Intelligence Reports Dashboards Alerts Key Risk & Control Indicators Financial Compliance IT Governance Regulatory Policy MgmtInformation Privacy Environmental Product Quality & SafetyGlobal Trade Mgmt Financial Services Access Controls The SOD process is very manually intensive and only covers a fraction of the application landscape Best practice SOD Library Cross Application SOD Enablement Real-time Simulation & Remediation Preventive User Provisioning Library of prepackaged reports Accelerates role design and implementation Oracle GRC Applications Suite Benefits GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Controls Management Access Controls Configuration Controls Transaction Controls Applications Infrastructure Preventive Controls

20 20 GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Intelligence Reports Dashboards Alerts Key Risk & Control Indicators Financial Compliance IT Governance Regulatory Policy MgmtInformation Privacy Environmental Product Quality & SafetyGlobal Trade Mgmt Financial Services Configuration Controls If only we had a dash board that could highlight real time application access and / or transactional risk… Ease of deploying change management controls Enable risk management controls by enforcing policy procedures within the application Increase confidence in the management of data integrity. Repository of audit trails in change management reports Increase business confidence in efficiency and data integrity of the system. Oracle GRC Applications Suite Benefits GRC Manager Risks IAssessments Issues ssues Processes Policies Procedures Remediation GRC Controls Management Access Controls Configuration Controls Transaction Controls Applications Infrastructure Preventive Controls

21 21 GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Intelligence Reports Dashboards Alerts Key Risk & Control Indicators Financial Compliance IT Governance Regulatory Policy MgmtInformation Privacy Environmental Product Quality & SafetyGlobal Trade Mgmt Financial Services Transaction Controls We currently manage this on an ad-hoc basis that is manual and often error prone Easy to use interface to manage threshold values and generate parameterized reports across multiple applications Readily available audit reports of suspicious activities Workflow enabled process to distribute suspicious activities to key personnel for action / remediation Oracle GRC Applications Suite Benefits GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Controls Management Access Controls Configuration Controls Transaction Controls Applications Infrastructure Preventive Controls

22 22 GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Intelligence Reports Dashboards Alerts Key Risk & Control Indicators Financial Compliance IT Governance Regulatory Policy MgmtInformation Privacy Environmental Product Quality & SafetyGlobal Trade Mgmt Financial Services Preventive Controls We need to move from manual controls to automated controls… Automate & Streamline manual controls to become part of the transactional process Enforce and report data security and valid change management Audit Audit & Workflow Notifications Audit & Workflow Approvals Oracle GRC Applications Suite Benefits GRC Manager Risks Assessments Issues Processes Policies Procedures Remediation GRC Controls Management Configuration Controls Transaction Controls Applications Infrastructure Preventive Controls Access Controls

23 Oracle GRC Benefits

24 24 5 Key Areas Where GRC Can Reduce Risks and Costs ActivityBenefitsValue Impact SOD Analysis Automated Preventive Controls Configuration & Change Management Transaction Monitoring Governance & Compliance Visibility Industry proven, best practices policies Library of prepackaged reports Accelerates role design and implementation Run test cases and what-if analysis Enforce preventive controls for data integrity and access security Ease of creating workflow processes for Approval and notification Library of best practices prepackaged controls Ease of deploying change management controls Enforce policy procedures within the application Increase confidence of data integrity Manage & report suspect records across multiple applications Readily available audit reports Automated distribution of suspect records for review & remediation Capture internal and external perform- ance metrics quickly & accurately Fact-based continuous improvement 20-35% reduction in cost of on-going SOD auditing and monitoring 15-25% reduction in cost for IT to create and implement automated controls 20-30% reduction in audit and compliance testing cost related to configuration change management 20% reduction in audit and compliance costs related to investigation of transactions and fraud controls 10-40% reduction in costs of proving risk and compliance effectiveness across the enterprise SOD = Segregation of Duties

25 Cost Benefit Analysis Relative Impacts Audit cost savings Fraud Prevention Mission Enhancement

26 Key Take-aways

27 GRC Suite: Demonstrates accountability Increases public trust Lowers costs of audits Provides integrity Prevents waste, fraud, and abuse How? Library of prepackaged controls based on best practices Single source of truth for all documentation that will be audited Flexible reporting tool that can generate dashboards, alerts, and printed reports

28 Contact Information Cindy Schwimer Executive Director, Public Sector Solutions Cindy.schwimer@oracle.com Voice: 703-364-3104 Adam Schwartz GRC Specialist Adam.b.schwartz@oracle.com Voice: 860-817-9403

Download ppt "NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010."

Similar presentations

Technology for the Audit Team Copyright © 2008 ACL Services Ltd. Peter B. Millar Director, Business Development 25 June 2008 ACL AuditExchange 2009.

Technology for the Audit Team Copyright © 2008 ACL Services Ltd. Peter B. Millar Director, Business Development 25 June 2008 ACL AuditExchange 2009.
Leveraging an Integrated ERP and CRM System - Featuring Sage MAS 500 ERP and Sage SalesLogix CRM.

Leveraging an Integrated ERP and CRM System - Featuring Sage MAS 500 ERP and Sage SalesLogix CRM.
By Rick Clements cle@cypress.com Software Testing 101 By Rick Clements cle@cypress.com.

By Rick Clements Software Testing 101 By Rick Clements
FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.
Amitava Mitra, Solution Architect, Oracle Primavera, TCS

Amitava Mitra, Solution Architect, Oracle Primavera, TCS
Govern the Flow of Data: Moving from Chaos to Control

Govern the Flow of Data: Moving from Chaos to Control
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.

Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.
May 2009 Oracle GRC Strategy – Barry Greenhut

May 2009 Oracle GRC Strategy – Barry Greenhut
Data Warehouse External Data Loads Initiation Certification April 22, 2009 Project Certification Committee April 22, 2009 1.

Data Warehouse External Data Loads Initiation Certification April 22, 2009 Project Certification Committee April 22,
Data Warehouse External Data Loads Implementation Certification May 27, 2009 Project Certification Committee May 27, 2009 1.

Data Warehouse External Data Loads Implementation Certification May 27, 2009 Project Certification Committee May 27,
Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Workflow Product Overview.

Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Workflow Product Overview.
© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.

© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.
Windows Server Deployment and Management With System Center.

Windows Server Deployment and Management With System Center.
© 2002 page 1Americas Field Conference 2003filename.ppt hp.com business- to-business (B2B) websites and B2B integration.

© 2002 page 1Americas Field Conference 2003filename.ppt hp.com business- to-business (B2B) websites and B2B integration.
1 Traveling? Don’t Forget OIE! A global OIE rollout case study.

1 Traveling? Don’t Forget OIE! A global OIE rollout case study.
Business Process Management (BPM)/Business Intelligence (BI) Cayzen Technologies Information Processing Management Association (IPMA) May, 2008.

Business Process Management (BPM)/Business Intelligence (BI) Cayzen Technologies Information Processing Management Association (IPMA) May, 2008.
Commercial in confidence Scottish CIPFA Conference – Annual Reporting Solution www.TechnologyOneCorp.com.

Commercial in confidence Scottish CIPFA Conference – Annual Reporting Solution
Introduction to the Oracle GRC Platform

Introduction to the Oracle GRC Platform
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Similar presentations

Ads by Google