OIC Blog

Case Study

Company

ABC Company is a global leader in its industry, employing more than 10,000 employees with operations and manufacturing plants in several foreign countries.  The company is headquartered in a major city in the United States and is publically traded on the New York Stock Exchange.

Challenges

Like many other US publically traded companies operating in multiple foreign countries, ABC Company must comply with Sarbanes-Oxley Act of 2002, and many other domestic and foreign accounting standards, laws and regulations.

GRC Requirements

Initially, the company wants to focus on improving internal controls over Segregation of Duties, Application Access Controls, Change Management and Configuration Management.  The company also wants to implement a dashboard solution that will enable it to effectively manage and monitor these controls.

The company will also implement a solution to monitor Transaction Controls after they successfully accommodate their initial Governance, Risk and Compliance (GRC) requirements.

Oracle GRC Solution

The following table maps the company’s GRC requirements to the Oracle GRC applications, which accommodate each of these requirements.

Table 1: Map GRC Requirements to Oracle GRC Applications

Current State

ABC Company has implemented Release 11.5.10.2  Oracle Financials, Manufacturing, HRMS, CRM, Supply Chain and other Oracle suites of applications.  The company is also in the process of implementing (i.e. not upgrading) Release 12.1.2 Oracle Financials for one of its major organizations.  The company plans to migrate all of its operations from Release 11.5.10.2 to Release 12.1.2 in the near future.

Architecture Requirements

Review the Oracle GRC Support Matrix to help identify the architecture requirements to support the Oracle GRC applications.

This program provides you with access to the entire suite of Oracle Governance Risk and Compliance (GRC) Applications Controls for ninety (90) days.  This program also includes access to Release 12.1.1 of the Oracle E-Business Suite Vision Demo Instance, which is integrated with these Oracle GRC Applications.

1. Oracle Application Access Controls Governor (AACG) 8.5
2. Transaction Controls Governor (TCG) 8.5
3. Configuration Controls Governor (CCG) 5.5.1
4. Preventive Controls Governor (PCG) 7.3.1

When you subscribe to this program you become an OIC Contractor for ninety (90) days, which enables you to access our applications, My Oracle Support and the Oracle Partner Network (OPN).  This provides you with access to all of the Oracle documentation for these applications.  In addition, you will have access to all of the resources available on the Oracle Partner Network.

This program is ideal for Oracle Financial Professionals who want to become proficient implementing and using the Oracle GRC Applications.  You will be able to gain “hands on” experience working with the Oracle GRC applications.

When you feel comfortable with one or more of the Oracle GRC applications, you can take one of our Oracle GRC assessment exams, which assesses your knowledge of an Oracle GRC application as well as your communications skills.  If you pass the assessment exam and have, at least, good oral and written communication skills, you can use the OIC as a reference.  Moreover, we will aggressively promote your services and attempt to place you on one of our Oracle GRC projects.

The OIC does not guarantee that we will be able to successfully place you on an Oracle GRC project.

Go to http://www.theoicllc.com/membership to learn more and register for this program.

About the OIC

The Oracle Independent Consultants (OIC) is an Oracle Gold Partner.  We focus solely on providing Oracle Governance, Risk and Compliance (GRC) training, services and resources.

All organizations would like to be able to reduce the cost associated with the implementation and/or upgrade of the Oracle applications.  These costs generally range from several hundred thousand dollars several million dollars depending on the scope and complexity of the Oracle implementation.

The majority of the cost to implement Oracle application is associated with consulting fees.  An Oracle implementation is very labor intensive; therefore, anything that you can do to minimize the use of Oracle consultants and/or make them more efficient usually results in a significant reduction of implementation costs.

You can effectively use Oracle Configuration Controls Governor (CCG) throughout the Software Development Life Cycle (SDLC) to help reduce IT costs. I have listed some of the ways that you can employ CCG to realize these savings. For example, you can use Snapshot Definitions to:

• Facilitate SR Resolution
• Document Baseline Configuration
• Facilitate Merger and Acquisition (M&A) Activities
• Monitor Changes Made by Patches
• Before Refreshing an Instance

Facilitate SR Resolution

When you submit a SR to Oracle Support to report an issue or a suspected bug in the program, Oracle often responds with a request for screen prints that document the issue.  Often this includes documentation of profile options and other configuration parameters. 

Many times, several consultants working on the implementation are not able to be as productive as they normally would be while they wait for the SR to be resolved.  For example, during integration testing, the Payables team is dependent on the Purchasing team to complete their setup and tests before Payables can test the integration with Purchasing.

You can save time and consequently reduce implementation costs by providing Oracle support with snapshot definitions that document profile options and other setup parameters that Oracle Support requires to quickly resolve an issue.

Document Baseline Configuration

Most Oracle consulting firms use a SDLC methodology that requires the consultants who implement the Oracle applications to document the setup (i.e. configuration parameters) of these applications.  For example, Oracle and many other Oracle consulting firms use Oracle Application Implementation Method (AIM) to prepare a BR100 to document the “baseline” configuration of the Oracle applications. 

This is a very time consuming process and consultants usually spend several hours over an extended period of time to complete the documentation.  Also, this is a manual effort, which is prone to human error.

You can use Oracle Configuration Controls Governor (CCG) to define snapshot definitions to document your “baseline” configuration of each Oracle application.  This process eliminates human error and takes a “snapshot” of your application configuration parameters at a specific point in time.  Thus, you eliminate the need to manually prepare documents such as the BR100 to complete this task.

Using CCG and GRCM to Create BR100s

First, create a BR100-like framework in Oracle GRC Manager. Enter your business requirements into the framework, and import the setup data that’s captured by CCG. Then, add your comments in the framework as desired, and take any needed compensating, remediating, or mitigating steps. If you’re wondering why CCG doesn’t let you annotate the setup data it captures, it’s because that would be at odds with a key GRC best practice: providing a single point of interaction between GRC users and all the data they need to make good decisions. Only solutions like GRCM and GRCI permit that holistic view, and only solutions like GRCM permit the automation of policies and workflows that rely on data from multiple sources, CCG being just one.

Facilitate Mergers and Acquisitions (M&A) Activities

In today’s business environment many companies that use Oracle the Oracle E-Business Suite (EBS) merge with and/or acquire other companies.  As part of the M&A process, these companies may have to integrate the newly acquired entities with the existing EBS.  Normally, this requires that the new entities be defined as additional Operating Units, added to an existing Set of Books or defined with a new Set of Books.

You can use the snapshot definitions generated by Oracle Configuration Controls Governor (CCG) to effectively and efficiently integrate newly acquired entities with your existing Oracle EBS.  Moreover, after you complete the setup of these new entities, you can use snapshot comparisons to ensure that you have configured these new entities properly.

Monitor Changes Made by Patches

Database Administrators (DBAs) frequently apply patches to the Oracle applications.  Generally, the DBA initially applies the patch to a patch, test or development instance applying the patch to the production instance.  Oracle implementation consultants and/or users are requested to “test” the functionality in their respective applications to ensure that the patch hasn’t “broken” anything.

Testing is a manual effort and most times the testing that is done is not very thorough.  You can save time and minimize the risk that a patch has changed something unexpectedly by taking a snapshot before and after the patch is applied and comparing the snapshots for differences in the configuration parameters.  You can then investigate the differences to ensure that they changes in the configuration are valid.

Before Refreshing an Instance

Organizations continually refresh databases due to limited system resources or other business requirements.  After the refresh, users sometimes find that functionality in the new instance is not the same as it had been before the refresh.

You can save time and frustration by taking snapshots before and after the refresh, which you can compare and identity any differences between configuration parameters before and after the database was refreshed.