Professional Documents
Culture Documents
GRC Governance Risk and Compliance in Oracle - Overview
GRC Governance Risk and Compliance in Oracle - Overview
GRC Governance Risk and Compliance in Oracle - Overview
Presenter Name
Presenter Title
Safe Harbor Statement
2
Oracle At-a-Glance
Globally…
#1 in Database
#1 in Supply Chain Mgmt
#1 in Customer Relationship Mgmt
#1 in Human Capital Mgmt
#1 in Industries
Founded in 1977. Headquarters in Redwood Shores,
CA with operations in 145 countries. - Retail
3
Agenda
• Business Challenges
• Oracle’s Leadership in GRC
• Solution Overview
• Customer Success
• Recommended Next Steps
4
Heavy Burden of Compliance
Services
$12B
$7.3B Headcount
Brand Value
= $12.6B
Technology
$9.8B
5
Compounded by Risk and Uncertainty
Risk
Level
Acceptable
Threshold
Visibility &
Communication
Leaders Breakdown is a Threat
lack an
enterprise Management regularly fails to
view of communicate risks to directors on a
risks timely basis, imperiling the value of a
company’s securities and ensuring
Compliance & IT assets embarrassment (or worse) when
risk aren’t aren’t aligned inevitable crises occur for which the
considered in with risk or company is unprepared.
core processes compliance
and decision- management Steve Mitchell, OCEG, Compliance Week, Dec 2007
making Lackneeds
of
high Continuing Need for
Governance Businesses
processes do not have Organizations GRC Information
aren’t the high lack a
consistently quality common Boards of directors cite
defined and information language compliance and risk management as
communicated they need around risk areas where better information is most
needed from the audit committee.
Source: Lee Dittmar, Demystifying GRC, Q4 2007 Mckinsey & Company
7
Burden Stems from Core Challenges
Challenge: Regulation
A
Risk
B
Standard
C
Multiple Requirements, R1 R2 R3 R1 R2 R3 R1 R2 R3
Fragmented Response
C1a C2a C3a C1b C2b C3b C1c C2c C3c
Challenge:
Insufficient Resources,
Manual Efforts
Challenge:
GRC
GRC as an Afterthought,
Holding Up the Business Business Processes
Sources: Adapted from Deloitte Consulting, Open Compliance and Ethics Group, and IDC
8
How Oracle GRC Solutions Help
Solution: Regulation
A
Risk
B
Standard
C
Consolidate
R1 R2 R3
C1 C2 C3
C5 C6 C7
C9 C10 C11
Risk
Solution: Policy
Process Assessment
Preventive
Remediation Control
Issues
Solution: GRC
Embed
Business Process
Sources: Adapted from Deloitte Consulting, Open Compliance and Ethics Group, and IDC
9
GRC Stakeholder Challenges & Value Props
FINANCE
FINANCE VALUE PROPOSITIONS
CHALLENGES IT VALUE PROPOSITIONS
CHALLENGES AUDIT VALUE PROPOSITIONS
CHALLENGES
•• Reduced
We need risk and increased
visibility into our high High percentage
• Manage of IT budget
by exception; reduce We need a consistent
• Closed-loop and
remediation cost-
and
confidence
risk areas in financial integrity devoted
time andto compliance,
cost and away
of compliance effective
better riskway to manage
management
from innovation business processes, risk, controls
•• Better
We needdecision-making armed
to lower spending with
and • Accelerate response to user • Faster information flow and better
visibility
real-time
resourcesdiagnostics
devoted to compliance • Unsatisfied with
provisioning currentensure
requests; state of visibility for quicker identification
application
data securitydata access and
& confidentiality • Wepotential
of need efficient
issues reporting and
•• Reduced audit time
The organization and costs;
needs to move
security comprehensive audit trail
faster, easier to
from manual validation of
automated • Consistent environments, full • Reduced audit time and efforts
compliance
controls • Unable to of
audit trail enforce best-practices
changes, easier • We needself-service
through to document corporate
reporting and
for configuration and change
migration/upgrade policiescentralized
online, and collaborate with line
evidence
•• Free
Policyupand
resources
processand time for
management of business owners
core value-add activities;
documentation is a challenge • Improved support of Internal • Timely and accurate information
Enhanced morale of finance staff • Disparate
Audit silos compliance
and LOB of information;
needs • Audit data and reports difficult to
• Better utilization of audit
difficult
with lesstoeffort
create reports to satisfy generate – require significant IT
resources and coordinated efforts
the business and LOB support
10
Progress in GRC Maturity with Oracle
Optimized
Proactive
Reactive • Analyze and trend
Informal • Policies are enforced
• Automated risk
• Risks are documented • Automated Process mitigation / Predictive
• Manual risk risk assessments
• Unified, standardized
• Compliant but at a assessment and & strategic approach • GRC objectives
high cost to business reporting
• Prevent policy embedded throughout
• Manual control the organization
Maturity
Oracle GRC Applications provide solutions for each maturity stage based
upon your present stage and objectives, and help you mature to the next
Time
11
Oracle Solutions for GRC
Audit Best-in-class GRC core
Assessment Remediation Loss Mgmt
solutions to support all
GRC Application Controls mandates and regulations
SOD & Application Transaction
Access Configuration Monitoring
Identity
GRC Infrastructure Controls
Data Systems Records & Digital
Pre-integrated with
Oracle applications and
technology, supports
Mgmt Security Mgmt Content Mgmt Rights heterogeneous
environments
12
Oracle GRC Reporting & Analytics
13
Oracle GRC Process Management
14
Oracle GRC Applications Controls
15
Oracle GRC Infrastructure Controls
16
Services, Support & Partnerships
• Rapid Deployment
• Full Lifecycle Project Management
• Subject Matter Experts
• Risk Assessment
• Prompt Remediation
• Best-practices & Controls
• Business Processes Optimization
• Partnerships with Key Accounting & Risk Advisory Firms
17
Sample of GRC Customers
High Tech / Communications/ Media Consumer / Retail
18
Recommended Next Steps
19
20
<Insert Picture Here>
To insert individual
customer stories into
this deck, refer to
http://my.oracle.com/portal/page/myo/Produc
t%20Marketing/Product%20Marketing/Apps
%20Mktg%20HmPg/GRCM%20Apps%20Mktg
%20HmPg/Customer%20Reference
21