The contravention of governance and compliance rules are real risks for growing and larger organisations. A major impediment to smooth operations and sustainable growth in organisations is the lack of adherence to standard business processes. Business leaders and executive management cannot control the outcome of every transaction the way they used to when the business was smaller.
Use Case 1 – Segregation of Duties
Are your ERP users processing transactions in conflict with Segregation of Duties (SOD) rules? An example of a SOD rule is: A user who raises an invoice on a customer may not also process the payment from the customer. Another SOD conflict would be a user who is able to process an invoice from a supplier onto the ERP system may not also process the payment to that supplier. The solution is to create a set of rules database tables, then to collect data from the user master files and access configuration tables in the ERP system, the transaction audit tables in the ERP system, from the database activity and also from the network security system to see if the person logged on to the PC is the same as the person who logged on to the ERP system from that PC. Put all this data together and develop a pattern recognition mechanism that culminates in a dashboard that will display:
- Incorrect user configurations. Are the configured to be able to act in conflict of SOD rules? This constitutes SOD conflict or governance risk.
- User activity that was in contravention of SOD rules. So, a single user processed a supplier invoice and the payment. This is fraud risk and an actual breach of governance.
In the scenario where the company has multiple, distributed operations, each with their own ERP system. Combining data from all the operations will provide insights into possible patterns of collusion between country operations staff. For example: a sales and dispatch user in one country operation is colluding with a purchasing and receiving user in another country and a potential external customer or supplier.
The ideal situation and the massive opportunity presented by Big Data, Advanced Analytics, Machine Learning and most importantly, Stream Analytics is to recognise, flag and escalate anomalous transactions when they occur. Waiting for internal or external auditors to pick these up is not good enough anymore.
The opportunity for further compliance and risk analysis and pattern recognition are endless, once you have all the data in a central repository and once you start the advanced analytics journey.
Use Case 2 – Delegation of Authority.
Traditional BI is a valuable tool for the management of Delegation of Authority contraventions. Big Data and Advanced Analytics takes this to a much more granular level, particularly when you start to combine SOD, Delegation of Authority and other statutory compliance regulations such as Sarbanes–Oxley (SOX). Ensuring audit-able compliance and preventing fraudulent transactions become very complex and time and overhead consuming activities.
Big Data and Advanced analytics will automate this for you and free you up to grow your business and manage your important client, supplier and staff relationships.
By way of example, take for instance the case where a user logs on to their PC, then, another user logs on to the ERP system from that workstation. The PC could potentially contain confidential information or documents that the incorrect user could abuse for procurement or payment motivation purposes. So, tracking the activity of the user logged on to a workstation that is not usually their own could lead to insights on potentially fraudulent activity.
Big Data and advanced analytics will also build up a profile of normal ERP user behavior, by individual user. A profile of a day-in-the-life-of a user, by timeline over a day, a week, a month, a quarter and a year. Any deviations from this could potentially indicate anomalous behavior in contravention of governance and compliance rules and of standard business processes.
You will even be able to determine if a user logged on to the ERP system is in fact the user by the way they interact with the system. A junior slipping into the office of a senior and authorising a purchase order comes to mind.
Additional benefits include:
- The user behaviour profiles will provide you with all the information you need for business process analysis, re-engineering and automation through Robotic Process Automation (RPA).
- Productivity statistical analysis becomes possible at a very granular level. Identification of staff training needs, capacity planning, planning for growth, planning for automation etc. are all real benefits of Big Data and Advanced Analytics in this use case.