Break out session EA Summit 2016: GRC Continuous Control ... · Break out session EA Summit 2016:...
Transcript of Break out session EA Summit 2016: GRC Continuous Control ... · Break out session EA Summit 2016:...
Break out session EA Summit 2016:
GRC Continuous Control with case
study by Stahl
November 10, 2016
Agenda
1
Every Angle for Governance, Risk & Compliance (GRC)
Customer case: Stahl
Introduction
2
3
Who is who?
Janine Siertsema
Functional Consultant at Every Angle
https://nl.linkedin.com/in/janinesiertsema
+31(0)6-2335 9769
Dennis van de Wiel
Senior Manager at KPMG
https://nl.linkedin.com/in/dvandewiel
+31(0)6-5154 1639
Cas Nuy
Global Business Support Manager at Stahl
+31(0)41 668 9329
Every Angle for GRC
Control the risk, seize the opportunity
Agenda
1
Every Angle for Governance, Risk & Compliance (GRC)
Customer case: Stahl
Introduction
2
3
How the process
was designed
What typically
happens
You cannot control what you don‘t understand... you cannot
improve what you can‘t control.
Need to
understand
this…
UNDERSTAND CONTROL IMPROVE
Root Causes of Issues, Losses
and Disruptions
Business
Performance
Data integrity, compliance, human error,
schedule adherence, process
conformance issues…
Service levels, Inventory control, supplier
performance, plan adherence, compliance,
data integrity…
Customer retention, Operating cost, revenue,
margin, risk prevention, integrity, cashflow…
Process
Performance
Control
PROCESS
non-conformance
We believe that Control is necessary for Improvement…
Where other tools measure only compliance, Every Angle’s
solution enables your team to understand, monitor and report on
conformance AND performance.
Control
DATA
non-conformance
Control
PEOPLE
non-conformance
Selection of GRC analyses - Purchase 2 Pay
Ma
ste
r d
ata
Pu
rch
as
e t
o P
ay
Paymentclearing
Goodsreceipt
Purchaseorder
Invoicereceipt
Paymentproposal
Bank Payment
Paymentrun
Vendormaster
VendorBank data
Vendorfinance data
Go
ve
rna
nc
e,
Ris
k a
nd
Co
mp
lia
nc
e
Incomplete
master data
PO’s without
GR/ IR
PO’s after
invoice
GR without
PO
SoD: change
bank vs invoice
Invoice cleared outside
payment run
SoD: Invoice entry
vs release
SoD: Change bank
vs payment run
Duplicate
suppliers
Direct bank
payments*
Every Angle platform and KPMG knowledge
EA4F2R
Finance &
Controlling
EA4P2P
Procure
to Pay
EA4O2C
Order
to Cash
EA4PM
Plant
Maint.
EA4HCM
Human
Resource
Free teaser set
A sample set of
angles and fields to
identify risks. Free as
part of Every Angle.
Full module
A full module
developed in
conjunction with
KPMG to enable
Continuous Control
Monitoring as part of
a risk strategy.
EA4S2D
Supply
Chain
EA4GRC
Governance, Risk and Compliance
Analytics
Content
Platform
EA4IT
IT
Mngmt.
Future
All 71 out-of-the-box analytics of the EA4GRC module
(Master) Data Controls1. Duplicate customers *
2. Active customers without credit limit *
3. Incomplete customer master data
4. Critical changes to customer master data
5. Customers with high credit limits
6. Mandatory field settings for customer master data
Process Controls7. Billing due list *
8. Credit note / invoice ratio *
9. Customer Credit Exposure
10. Manual discounts on sales orders
11. Use of automatic credit check in sales orders
12. Sales orders with manually overwritten sales price
13. Delivery due for goods issue
14. Deliveries without source documents
15. Customer invoice classification
16. Customer invoices not transferred to FI
17. Customers credited without goods return
18. Ageing of customer balances
19. Manual Accounts Receivable payments
20. Customer invoices without sales order
Segregation of Duties (actual violations)21. Create SO vs. Release billing block SO *
22. Create SO vs. Create billing doc *
23. Create credit memo request vs. release credit
memo request
24. Maintain Credit Limit vs. Create Sales Order
25. Change Customer master vs. release billing
document
O2C (25)
(Master) Data Controls1. Duplicate vendors *
2. Vendors with alternate payee in document
3. Incomplete vendor master data
4. Critical changes to vendor master data
5. Vendors with inconsistent reconciliation account
6. Mandatory field settings for vendor master data
Process Controls7. Purchase orders without Goods Receipt or
Invoice Receipt indicator
8. Retrospective Purchase Orders (created after
invoice)
9. Purchase orders with manually overwritten
purchase price
10. Goods receipts without purchase order
11. Vendor invoice classification (3-/2-way match,
without purchase order)
12. Parked vendor invoices (current)
13. Invoices on one-time vendors
14. Vendor invoices without purchase order
15. Goods receipt quantity exceeds purchase order
16. Invoice value exceeds purchase order
17. Open items on GR/IR accounts *
18. Overdue vendor invoices and payments
19. Manually cleared vendor invoices (outside
payment run)
Segregation of Duties (actual violations)20. Create Purchase Order vs. Invoice Entry *
21. Change vendor bank account vs. Create invoice *
22. Change vendor bank account vs. Execute
Payment Run
23. Invoice Entry vs. Invoice Release
P2P (23)
(Master) Data Controls1. Changes to GL Account automatic posting only
indicator *
2. Changes to asset master data
3. GL accounts allowed for manual postings
4. Account determination for vendors
5. Account determination for customers
6. Account determination for assets
Process Controls7. Open items on suspense accounts *
8. Journal entries after period end *
9. Unposted and unvalued Assets
10. No cumulative depreciation on assets with
depreciations
11. Useful life of assets (asset life vs. depreciation)
12. Manual Journal Entries (MJE)
13. MJEs to accounts blocked for manual postings
14. MJEs on P&L accounts
15. MJEs after 18:00
16. MJEs Benford's Law
17. MJEs by users normally not posting MJEs
18. Unposted FI documents
19. Trial Balance cumulative and per period
20. Reconcile AP Postings with Balance
21. Reconcile AR Postings with Balance
22. Reconcile GL Postings with P&L
Segregation of duties (actual violations)23. Change GL account vs. create journal entry *
F2R (23)
* Free teaser set: A sample set delivered free as part of Every Angle.
WHAT ARE YOUR AMBITIONS
CONTINUOUS IMPROVEMENT
Embedding GRC in the organization
Governance, Organization & Structure Accountability & responsibilities
Risk profile Risk drivers/ Emerging Risks/ Interdependencies
Culture & Behavior Motivation / Incentives / Ethics and compliance
Enterprise Assurance Continuous monitoring / Effectiveness and efficiency review /
Integrated reporting
What are the next steps?
Who do we need to involve?
What are the timelines of dependencies?
When do you want to discuss a detailed plan?
Agenda
1
Every Angle for Governance, Risk & Compliance (GRC)
Customer case: Stahl
Introduction
2
3
Every Angle & GRCCas Nuy 10 november 2016 EA Summit
Agenda
1. Introduction Stahl
2. Why Every Angle
3. Why GRC
4. How we use it
Company vision
Stahl is a leading specialist and innovator in chemicals for leather treatments such as dyeing, tanning and finishing, as well as performance coatings for all kind of other materials. Stahl delivers essential, creative and inventive solutions that add value for the brands.
A brief history
• 1 Headquarters• 11 Plants• 42 Application labs / sales offices• 1800+ Employees
Worldwide coverage
Stahl’s expertise is not limited to a specific industry, we open up endless possibilities in:■ Automotive■ Transportation
■ Fashion■ Home interior ■ Architectural■ Leisure and sports■ Industrial textiles ■ Graphic Arts■ Coil and Industrial Metal
■ Electronics plastics■ Other specialty products…and the list just keeps on growing!
The specialistfor all industries
Every Angle
Acquisition 2014Integration 11 plants
Supply Chain
How we use it (EA)
• Pilot phase
– Support integration
– Focus Supply Chain
• New product EA R2016
GRC
Increased Audit focusNeed for mitigating controls
How we use it (EA)
EA4GRC
Governance, Risk and Compliance
Future
EA4F2R
Finance &Controlling
EA4P2P
Procureto Pay
EA4O2C
Orderto Cash
EA4PM
PlantMaint.
EA4HCM
HumanResource
EA4S2D
SupplyChain
EA4IT
IT Mngmt.
How we use it (GRC)
• Review of free set
• Pilot phase “Full set”
• First users GRC module R2016
• Overall results
• Signed the contract
– October 1st 2016
• Company wide license
– Scheduler
– ZEA03N
How we use it (GRC)
• Review of most valuable
– Internal Audit Officer
– Financial controller
• Regular sessions
– Specific GRC reports
– Specific SAP reports
– Stahl specific
• Automatic distribution
– Schedule improvement
How we use it (GRC)
• Activities in production by Support staff
• Parked vendor invoices
• Billing Due list
• Delivery due for goods issue
• Billing documents not transferred to FI
• One time vendor/customer
• Sales orders manual price change
• Various SOD actual violations
• Integrity master data
Activities in production by Support staff
with financial impact
Parked vendor invoices
Billing documents not transferred to FI
Various SOD actual violations
Automated distribution of Angle result
All 71 out-of-the-box analytics of the EA4GRC module
(Master) Data Controls1. Duplicate customers *
2. Active customers without credit limit *
3. Incomplete customer master data
4. Critical changes to customer master data
5. Customers with high credit limits
6. Mandatory field settings for customer master data
Process Controls7. Billing due list *
8. Credit note / invoice ratio *
9. Customer Credit Exposure
10. Manual discounts on sales orders
11. Use of automatic credit check in sales orders
12. Sales orders with manually overwritten sales price
13. Delivery due for goods issue
14. Deliveries without source documents
15. Customer invoice classification
16. Customer invoices not transferred to FI
17. Customers credited without goods return
18. Ageing of customer balances
19. Manual Accounts Receivable payments
20. Customer invoices without sales order
Segregation of Duties (actual violations)21. Create SO vs. Release billing block SO *
22. Create SO vs. Create billing doc *
23. Create credit memo request vs. release credit
memo request
24. Maintain Credit Limit vs. Create Sales Order
25. Change Customer master vs. release billing
document
O2C (25)
(Master) Data Controls1. Duplicate vendors *
2. Vendors with alternate payee in document
3. Incomplete vendor master data
4. Critical changes to vendor master data
5. Vendors with inconsistent reconciliation account
6. Mandatory field settings for vendor master data
Process Controls7. Purchase orders without Goods Receipt or
Invoice Receipt indicator
8. Retrospective Purchase Orders (created after
invoice)
9. Purchase orders with manually overwritten
purchase price
10. Goods receipts without purchase order
11. Vendor invoice classification (3-/2-way match,
without purchase order)
12. Parked vendor invoices (current)
13. Invoices on one-time vendors
14. Vendor invoices without purchase order
15. Goods receipt quantity exceeds purchase order
16. Invoice value exceeds purchase order
17. Open items on GR/IR accounts *
18. Overdue vendor invoices and payments
19. Manually cleared vendor invoices (outside
payment run)
Segregation of Duties (actual violations)20. Create Purchase Order vs. Invoice Entry *
21. Change vendor bank account vs. Create invoice *
22. Change vendor bank account vs. Execute
Payment Run
23. Invoice Entry vs. Invoice Release
P2P (23)
(Master) Data Controls1. Changes to GL Account automatic posting
only indicator *
2. Changes to asset master data
3. GL accounts allowed for manual postings
4. Account determination for vendors
5. Account determination for customers
6. Account determination for assets
Process Controls7. Open items on suspense accounts *
8. Journal entries after period end *
9. Unposted and unvalued Assets
10. No cumulative depreciation on assets with
depreciations
11. Useful life of assets (asset life vs.
depreciation)
12. Manual Journal Entries (MJE)
13. MJEs to accounts blocked for manual
postings
14. MJEs on P&L accounts
15. MJEs after 18:00
16. MJEs Benford's Law
17. MJEs by users normally not posting MJEs
18. Unposted FI documents
19. Trial Balance cumulative and per period
20. Reconcile AP Postings with Balance
21. Reconcile AR Postings with Balance
22. Reconcile GL Postings with P&L
Segregation of duties (actual violations)23. Change GL account vs. create journal entry *
F2R (23)
* Free teaser set: A sample set delivered free as part of Every Angle.
Questions
We believe that if it can be imagined, it can be created
[email protected] www.stahl.com
Janine Siertsema
Functional Consultant at Every Angle
https://nl.linkedin.com/in/janinesiertsema
+31(0)6-2335 9769
Dennis van de Wiel
Senior Manager at KPMG
https://nl.linkedin.com/in/dvandewiel
+31(0)6-5154 1639
Cas Nuy
Global Business Support Manager at Stahl
+31(0)41 668 9329
Thanks for joining this session!