managing risk with controls intelligence solutions especially in an economic downturn n.
Skip this Video
Loading SlideShow in 5 Seconds..
Managing Risk with Controls Intelligence Solutions Especially in an Economic Downturn PowerPoint Presentation
Download Presentation
Managing Risk with Controls Intelligence Solutions Especially in an Economic Downturn

Loading in 2 Seconds...

play fullscreen
1 / 27

Managing Risk with Controls Intelligence Solutions Especially in an Economic Downturn - PowerPoint PPT Presentation

  • Uploaded on

Managing Risk with Controls Intelligence Solutions Especially in an Economic Downturn. Steve Boyce VP, Alliances & Business Development Approva Corporation Nov 7, 2008. Game Plan. The role of intelligent business controls in driving performance What is Controls Intelligence?

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Managing Risk with Controls Intelligence Solutions Especially in an Economic Downturn' - devin

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
managing risk with controls intelligence solutions especially in an economic downturn

Managing Risk with Controls Intelligence Solutions Especially in an Economic Downturn

Steve Boyce

VP, Alliances & Business DevelopmentApprova Corporation

Nov 7, 2008

game plan

Game Plan

  • The role of intelligent business controls in driving performance
  • What is Controls Intelligence?
  • Best practices for implementing a controls intelligence strategy
  • Business benefits of controls monitoring
  • Case studies & lessons learned
key drivers for grc investments

Key Drivers for GRC Investments

  • (c) OCEG

Source: The Governance, Risk Management, and Compliance Spending Report, 2008–2009, AMR Research

  • 11/18/2008

© 2007 Approva Corporation. All rights reserved.

a typical large organization has hundreds or thousands of controls

A Typical Large Organization Has Hundreds or Thousands of Controls


Purchasing Must Adhere to Corporate Procurement Policies

Business Processes


Third-Party ContractorsShould Not Have Accessto Proprietary Applications


An Employee Cannot Backdatea Journal EntryAfter the Endof a Quarter

the cost of poor controls intelligence

The Cost of Poor Controls Intelligence

Companies today…

GE to Adjust Accountingin Bid to End Probe

“…Problems with revenue recognition have cropped up in several GE units.”

NEC Details Major Fraud

“Fake orders resulted in$4 million in kickbacks. Meanwhile, internal investigations continue.”

  • Most controls are monitored manually.
  • Critical controls go untested.
  • Control breakdowns are identified long after they occur.
  • CFOs sign off on financials with imperfect information.

G.M. Says It Has Found Serious Flaws in Accounting

“…performance was threatened by “ineffective” controls over financial reporting…”

companies have three main types of controls

Companies Have Three Main Types of Controls

Operations & Financial ReportingTransactions, Fraud, Master Data Quality, Business ControlsAccess to ApplicationsSegregation of Duties, Emergency Access, User ProvisioningConfiguration of IT Systems & ProcessesChange Management, Required Fields, Tolerances and Limits

a controls intelligence strategy must address the entire lifecycle of controls

A Controls Intelligence Strategy Must Address the Entire Lifecycle of Controls


Controls Intelligence System


Approva Provides Controls Intelligence Software that enables you to:

Optimize Operational Controls

Automate Compliance


Risk & Fraud

approva s risk controls intelligence platform

Approva’s Risk & Controls Intelligence Platform

Risk Dashboard

Risk Analytics


Risk Monitoring

Certification Management

Approva Risk Management Solutions

Identifying & Preventing Fraud

Managing Cash Flows & Working Capital

Managing Assets & Inventory

Ensuring the Accuracy of Financial Reports

Securing & Ensuring Accuracy of Master Data

Managing User Access & Segregation of Duties (SoD)

Compliant Provisioning

Certifying Access

Securing Sensitive Information

Ensuring Best Practice Process Configuration Settings

Ensuring Best Practice System Configuration Settings

Approva Risk & Controls Intelligence System

  • Risk Analytics
  • Continuous Monitoring
  • Proactive Alerting
  • Baselining
  • Risk KPI Monitors
  • Audit Repository

Authoring Studios

what the analysts say about approva

What the Analysts Say About Approva

“We rate Approva's BizRights suite as strong positive because of its breadth of capability in all categories of SOD control.”

“Approva should be on the shortlist of every organization taking a comprehensive approach that requires strong support for all three techniques, especially those organizations that need to support multiple ERP platforms or those that prefer an independent vendor.”

Source: 2008 Gartner MarketScope on Segregation of Duty Within ERP and Financial Applications

by Paul E. Proctor, Neil MacDonald, 25 September 2008

case study 1 automating financial controls

Case Study 1: Automating Financial Controls

Business Challenge


  • Reducing Risk:
    • Concerned about risk in the financial close process.
    • Financial controls could not be cost-effectively tested, monitored or enforced.
    • People were circumventing the process to make manual journal entries & update the chart of accounts.
  • Reducing Compliance Costs:
    • Financial controls required extensive effort by Internal Audit to manually test on an ongoing basis.
    • Manual queries had to be written, updated and executed. Results had to be manually reviewed.
  • Improving Efficiency:
    • Too much time was being wasted researching financial anomalies for audits.
  • Fortune 100 retailer
  • $76B in Revenue
  • 96,000 Employees
  • PeopleSoft Financial Management System (FMS) v8.4

“Misrepresenting our financial results would have had disastrous implications but it just wasn’t feasible to continuously monitor every control.”

© 2008 Approva Corporation. All rights reserved.

financial controls case study approva s approach

Financial Controls Case Study: Approva’s Approach

Finance /






Human Resources

Outsourcing Partners

External Audit


Unauthorized Transactions

Entries Avoiding Mgmt Review

  • Approva is used to monitor financial configuration and transaction-related controls.
  • Automatic alerts identify control exceptions so they can be addressed immediately.

Reversed Transactions

Unauthorized Master Data Changes

Unusual Debits & Credits

Unusual Trending in Key Accounts

Backdated Journal Entries

Revenue Entries After Period Close

Transactions With Missing Fields

© 2008 Approva Corporation. All rights reserved.

financial controls case study benefits

Financial Controls Case Study: Benefits

Business Benefits

  • Reduced risk of fraud and financial misstatement due to comprehensive and continuous monitoring of key financial controls.
  • Elimination of errors resulting from people circumventing existing financial controls and policies.

Reduced Risk

  • Reduced time required for internal audit team to test controls and respond to external audit requests.
  • Reduced travel and expense costs for internal audit team.

Reduced Compliance Costs

Improved Productivity

  • Improved utilization & retention of internal audit and finance staff resulting from elimination of low-value tasks.

“We were able to design and implement our automated financial controls within 3 months of the project kickoff.”

case study 2 controls monitoring across 26 applications

Case Study 2: Controls Monitoring Across 26+ Applications

Business Challenge

  • Identify & remediate user access violations across 26 applications.
  • Hold business users accountable for user access violations.
  • Manage controls for SAP go-live and legacy applications.
  • Create the capability to quickly add new applications as business needs change.

© 2007 Approva Corporation. All rights reserved.

limited brands complex it environment

Limited Brands: Complex IT Environment

Brand 3

Brand 2

Brand 4

Brand 5

Brand 1

26+ Applications

case study 2 limited brands

Case Study 2: Limited Brands

Business Benefits

  • Established sustainable process for monitoring and remediating user access (i.e. SoD) violations for 26+ app’s
  • Empowered business users to independently remediate and manage access control violations
  • Established accountability with business users for SoD violations
  • Created a framework to quickly incorporate additional applications into Approva for SoD monitoring

© 2007 Approva Corporation. All rights reserved.

case study 3 p card transaction monitoring

Case Study 3: P-Card Transaction Monitoring


Client Objectives

  • Monthly reconciliation activity taking too much manual time and effort
  • Manual audit was ineffective in meeting board oversight goals
  • Goal to grow the program, driving more value
  • One of the largest school districts in the US
  • ~$50 Billion annual spend
    • Started with $24M through P-Cards, grown to $104M
  • Started with ~250 cardholders, grown to 2,500 and 300K transactions
  • 5 full time P-Card program administrators
  • SAP and Legacy MainframeGL systems
  • Citibank Payment Card


  • Grew P-Card spend from $24M to $104M annually, and increased card holders from 246 to 2,500
    • Increased dollar rebate (~10 Basis Points)
  • P-Card program is effectively enforcing corporate policies and maintaining compliance, encouraged by board to continue to grow P-Card usage
  • Reduced audit preparation time through automation
  • Automated reconciliation; reduced time and errors
  • Avoided retraining users when switching banks. Able to capture most advantageous rebate offers.
  • Caught and stopped instances of misuse and was able to document issues and resolve quickly

© 2008 Approva Corporation. All rights reserved.

top challenges with p card programs include managing exceptions and administration tasks

Top Challenges With P-Card Programs Include Managing Exceptions and Administration Tasks

Challenges Faced with P-Card Programs

Challenge score based on survey respondents

“Controls are the most pressing issue

to increase spend and number of P-Card users”

Source: Aberdeen Group, August 2007

© 2006 Approva Corporation. All rights reserved.

approva p card insight key product features

Approva P-Card Insight: Key Product Features

P-Card Insight

Workflow & Escalation

Dashboards and Reporting

  • Monitor and provide proactive alerts on P-Card program exceptions using complex analytics
  • Provide executive level dashboards on key risk and performance indicators
  • Sophisticated workflow with escalation for exception resolution with associated audit trail
  • Automatically reconcile transactions with purchases
  • Augment bank transactions with level II and III data

Automatic Reconciliation

Proactive Alerts

Complex Analytics

Audit Trail

© 2008 Approva Corporation. All rights reserved.

p card insight product features i

P-Card Insight Product Features (I)

Key Product Capabilities and Highlights

  • Complex workflows with escalations for sophisticated management of exceptions by user, auditor, or manager
  • Contextual business information provided
  • Can interact with end user via email or BizRights interface
  • Ability to have transactions and purchases flagged as automatically reconciled so no manual intervention required
  • Force manual reconciliation based upon business rules (threshold based on dollar amount, specific type of purchases, user, manager etc.)
  • Customizable reporting and dashboard
  • Dozens of pre-built reports
  • Drill down and drill through to find root cause of violations
  • Multiple level of reports, from graphical to summary to detail

Workflow& Escalation

Automatic Reconciliation

Dashboards& Reporting

© 2007 Approva Corporation. All rights reserved.

p card insight product features ii

P-Card Insight Product Features (II)

Key Product Capabilities and Highlights



  • Ability to schedule for automated and proactive report delivery
  • Workflow tasks proactively emailed to inbox of user
  • Best practice library of controls
  • Trending analytics to search for anomalies
  • Ability to analyze data from multiple systems within same rule
  • Complete capture of historical data
  • Audit trail maintained for all operations in the system
  • PCI DSS Level 1/SAS 70 Type II Certified
  • Secure platform that can be used as a control





© 2007 Approva Corporation. All rights reserved.

approva p card insight benefits

Approva P-Card Insight Benefits

  • Increased procurement saving
  • Reduced Cost of Monitoring and audit preparation
  • Vendor Consolidation
  • Bank Neutrality
  • Cardholder convenience

Reduced Cash Loss / Waste

Improved Process Efficiency

Reduced Risk

  • Increased Rebate
  • Eliminate non-preferred vendor spend
  • Increased Discounts
  • Identify leakage
  • Increased program assurance
  • Culture of Enforcement
  • Proactive identification of exceptions
  • Improve financial and budget controls

© 2006 Approva Corporation. All rights reserved.

controls intelligence benefits

Controls Intelligence Benefits

Customer Benefit from Improved Controls Intelligence



in summary

In Summary

  • Start With the Core Risk But Have a Plan to Expand
    • Capture “low hanging fruit” by automating manual controls
    • Focus on your top risks but ensure your solution can scale
    • Validate your approach and solution with your auditor



  • Consider Both Financial and IT Controls
    • Implement both preventive and detective controls
    • Consider the impact of IT, access and transaction-related controls
    • Trust but verify controls that come with your core applications


  • Business Users Should Own the Controls
    • Make sure your solution can speak to business users in their language
    • Empower business users to develop their own controls
    • Free up IT and internal audit staff to focus on value added tasks
selected approva customers

Manufacturing, Transportation & Public Sector

Selected Approva Customers

Technology, Telecom & Media

Consumer Products & Retail

Pharmaceutical & Biotech


Energy & Chemicals

© 2007 Approva Corporation. All rights reserved.

contact information

Contact Information

Steve Boyce

VP, Alliances & Business Development

Approva Corporation