By Julie Lev, Director ERP EPM Product Marketing, Oracle
At Oracle OpenWorld this past October, Oracle founder and CTO Larry Ellison spoke about the future of security. Attacks against ERP and other systems—whether in an effort to steal data, or to commit fraud—increasingly rely on artificial intelligence, Ellison told the audience. Humans cannot possibly keep up, so we need to counter AI with AI.
One of our clients, an international communications company, had reason to take these concerns very seriously. With hundreds of millions of customers globally and more than 150,000 employees, the company came to Oracle wanting more than risk detection; it needed risk prevention.
The communications company found the answer in Oracle Risk Management Cloud, which accelerates ERP deployments and helps customers avoid time-consuming manual security setups and vulnerability analysis.
The international firm adopted Oracle ERP Cloud to streamline compliance with domestic and international regulations, as well as to help enforce system segregation of duties (SoD). The driving motivation for adopting ERP Cloud was to preserve the knowledge of an aging workforce and embed that knowledge in the system. Given global concerns about a finance skills shortage, this move will put the company far ahead of the pack. New research found that a mere 10 percent of finance leaders feel their teams have the skills needed to drive their company into the digital age.
With the addition of Risk Management Cloud, the firm has gradually shifted from a security posture that was reactive to one that is proactive. Part of this can be attributed to newly acquired audit efficiencies. By deploying advanced financial controls to monitor payables and expenses, the firm discovered more incidents but did so with minimal effort, allowing its team to focus on not just remediating incidents, but also reshaping its processes to prevent incidents in the first place.
When a centuries-old retailer moved from four legacy ERP systems to Oracle ERP Cloud, governance, risk, and compliance were key concerns. The company therefore decided to integrate Risk Management Cloud early in the project.
The retailer has taken a “rolling approach” to going live with Oracle ERP Cloud and soon will enable Advanced Financial Controls and Advanced Access Control to enhance SoD, compliance monitoring and management. This will include adding data access controls as more general ledger objects become available and expanding visual dashboards and reports.
The company’s goal is to monitor security and address issues proactively, rather than simply reacting to audit requirements. By taking a service-based approach to risk through Risk Management Cloud, the firm can not only address emerging threats far more quickly than it could with in-house resources, but it also has the tools to thwart those threats before they happen.
Oracle has been working with a multibillion-dollar global engineering, procurement, construction, and installation company to create a five-year plan for moving the company onto a single ERP system following a recent merger. Operating in 56 countries with 40,000 employees, the firm realized it needed to introduce stronger security controls as part of its consolidated system.
The company’s current SoD practice provides 50 custom roles with a conflict matrix at the user level only, not at the privilege level. All analysis occurs in Excel and is implemented manually—which is not the best way for the business to stay nimble or secure.
After reviewing Oracle Advanced Access Controls along with standalone solutions available elsewhere in the market, the firm chose Oracle. It now has a framework for managing SoD conflicts, including pre-built but modifiable content for developing a conflict policy that suits its specific monitoring, detection, and response needs.
The company also has the ability to extract security data, analyze it offline, remove false positives, provide recommendations, implement those recommendations, and rerun analyses. Combined with its ability to evolve seamlessly as Oracle rolls out new features, Risk Management Cloud provides the firm with a highly secure backbone for running a single ERP system.
Poorly designed roles are the No. 1 reason for audit findings after an ERP system goes live. Risk Management Cloud can help stop these mistakes from even happening. Using advanced analytics and AI-based approaches, the system automatically audits 100 percent of transactions, detecting high-risk scenarios such as duplicate invoices and ghost employees, and uncovers risks by using advanced big data-based statistical techniques for outlier and anomaly detection.
With the AI-enabled tools in Risk Management Cloud, you can transform ERP security and audit. Learn how at Modern Business Experience during our session, “Use Data Science to Strengthen ERP Security and Audit 100 Percent of Payments.” The session catalog is now live, so register today using the discount code Leader19.