Case Study - Healthcare
Oracle Risk Management Cloud Implementation
Project Summary:
Our client has been in the Dental Services industry since 1994 and is one of the country's leading dental support organizations. By 1997, they grew to more than 20 supported offices. Today, they have over 900 supported offices in 25 states and still growing rapidly. Although a privately held organization and not subject to SOX or other public company regulations their rapid growth was driving them towards establishing a risks & control framework for their organization. In addition, they had been live on Oracle Cloud ERP for 2 years but, yet they were still challenged with Separation of Duties (SOD) issues in their role design. The client chose Oracle Risk Management to assist them with documenting & deploying automating controls to monitor SOD, Sensitive Access, Configuration & Transaction Monitors.
Since this is the clients initial establishment of the Risk & Controls program, HiQuest’ first step was to help the client develop their 1st Risk & Controls Matrix (RCM). We did this through a series of interviews, documentation reviews, then applied our consulting expertise with industry best practices to derive the clients RCM. The RCM was then loaded into Oracle Risk Management Financial Reporting Compliance (FRC) module and mapped the framework to test, deploy & automate their controls.
After we identified which SOD policies were relevant to the client and included in the RCM, we then utilized Application Access Controls (AAC) to identify where we had Intra & Inter role SOD conflicts. AAC provided us the insight to identify what changes were needed to the roles in order to eliminate SOD’s. We then applied our roles design accelerator package “JumpStart” to provide custom roles that are SOD free to accelerate the re-design. Through a series of meetings, we quickly tailored the roles to meet the clients requirements and deployed them into production. Where we could not solve or eliminate the SOD’s we then utilized the Advanced Financial Controls (AFC) module to deploy mitigating controls to monitor the ERP systems transactions & configurations for any policies violations.
Challenges:
● Accelerated company growth requirements created a sense of urgency to focus on Secure Role Design and eliminate SOD’sAccelerated company growth requirements created a sense of urgency to focus on Secure Role Design and eliminate SOD’s.
● Risk and control management was a manual process using spreadsheets for SOD’s & created challenges for the internal controls team as their growth exacerbated the issues exponentially.
● Client needed to establish their 1st Risk & Controls Matrix & wanted to deploy digitally from day one.
● Switch to their first Big 4 auditing firm.
Results:
● Risk Cloud was implemented with no issues with the delivery of more controls than initially planned and on time on budget.
● A new Risk & Controls matrix helped the client establish & document their controls environment.
● The automation of key controls allowed rapid remediation and set the foundation for a continuous monitoring process with reduced cost, cycle time, and human error.
● By using the JumpStart offering the client was able to eliminate some of the biggest SOD role violations.
To request the full case study, please contact us here