The Sikich Solution
Glaukos partnered with Sikich to lead the Oracle RMC implementation, which focused on leveraging core product features through configuration, avoiding customization while aligning with business processes and IT General Controls for Sarbanes Oxley (SOX) compliance. The solution was introduced to internal stakeholders through demonstration and discovery sessions to ensure alignment and smooth adoption, while change management meetings with auditors secured buy-in for the new solution.
Glaukos can now proactively manage risks and achieve real-time visibility into its risk landscape, owing to the automation and real-time control monitoring implemented by Sikich. This transformation has improved Glaukos’ approach to risk management by overseeing ERP transactions, critical system configurations, and user role assignments. Additionally, the solution implemented streamlined document gathering for audit requests through digitized workflow and supporting evidence. The initial implementation laid a strong foundation for ongoing optimization and user adoption.
The Results
The implementation of Oracle RMC at Glaukos will bring major improvements to its risk management process. Previously, Glaukos manually reviewed audit logs, making it time-consuming to mitigate risk. Now, with Oracle RMC, Glaukos will benefit from proactive monitoring. System users receive real-time notifications for flagged configuration changes and suspicious transactions. This automation has streamlined the review process and reduced the effort required to identify and investigate potential risks.
Detecting high-risk scenarios, such as duplicate invoices, was once labor-intensive, but Oracle RMC has made it far more efficient. The time needed to uncover and respond to potential suspicious transactions will decrease, enabling quicker resolution and enhanced risk management. The implementation of continuous monitoring has bolstered detective controls for transactions and configuration changes, automating sixteen key SOX compliance controls—a major improvement from the previous process, which relied primarily on manual audit reviews. These automated controls not only strengthen Glaukos’ compliance posture but also will reduce the likelihood of audit deficiencies.
Another impactful change has been the tracking of configuration changes in approval workflows. Before Oracle RMC, tracking these changes was challenging without a systematic audit trail. Now, changes made to approval workflows are monitored in real-time with notifications that include the name of the user who made the changes and the date they occurred. This allows for easy linking of activity back to a support ticket, creating a clear, systematic process for monitoring configuration changes and providing the necessary support for audit compliance. Additionally, the time required to collect support is reduced, and the back-and-forth with Internal Audit teams has been minimized.
The process for Oracle ERP user access reviews has been completely transformed. Previously, it involved multiple stakeholders, with significant manual effort needed to compile data and complete quarterly certifications. Oracle RMC enables a fully automated, self-service process for access certifications. This leads to notable savings, as the legacy system that supported this process is being phased out, further contributing to operational efficiency and cost savings.
The implementation of Oracle RMC also fosters stronger alignment between process owners, IT security, and Internal Audit teams. By creating a more collaborative environment, the platform improves communication and increases overall risk awareness across the organization. Glaukos is excited about how this tool is going to simplify the audit process and shared their thoughts: “We wish we had partnered with Sikich earlier and can’t wait to unlock the benefits and potential that this product will bring.”
Key Improvements
- Proactive monitoring with real-time notifications for flagged changes and suspicious transactions
- Fraud detection made more efficient, with quicker resolution and stronger risk management
- SOX compliance controls automated for key areas, strengthening compliance posture
- Configuration change tracking with continuous monitoring and audit trails for better compliance
- User access reviews automated, leading to reduced time and costs
- Collaboration enhanced between process owners, IT security, and Internal audit teams, improving risk awareness