Glaukos is an ophthalmic pharmaceutical and medical technology company focused on novel therapies for the treatment of glaucoma, corneal disorders, and retinal diseases. As a publicly traded company, Glaukos believes sound principles of corporate governance and compliance with regulations to be key elements of success in maintaining trust with stakeholders and regulatory bodies.
As Glaukos grew, it faced maintaining effective risk management and compliance oversight due to its reliance on manual processes for monitoring internal controls and managing risks. These manual efforts can be time-consuming, prone to human error, and result in longer audit cycles, making it difficult to manage compliance efficiently. Glaukos sought out a more streamlined and proactive solution that could ensure compliance and audit readiness while supporting its growth. To address these issues, Glaukos implemented Oracle Risk Management and Compliance (RMC) to automate change management processes, reduce manual tasks by streamlining user access reviews, and enhance monitoring of key system configuration changes and high-risk transactions. The end goal is to fully retire the current legacy system, with Oracle RMC becoming the primary solution.
Glaukos partnered with Sikich to lead the Oracle RMC implementation, which focused on leveraging core product features through configuration, avoiding customization while aligning with business processes and IT General Controls for Sarbanes Oxley (SOX) compliance. The solution was introduced to internal stakeholders through demonstration and discovery sessions to ensure alignment and smooth adoption, while change management meetings with auditors secured buy-in for the new solution.
Glaukos can now proactively manage risks and achieve real-time visibility into its risk landscape, owing to the automation and real-time control monitoring implemented by Sikich. This transformation has improved Glaukos’ approach to risk management by overseeing ERP transactions, critical system configurations, and user role assignments. Additionally, the solution implemented streamlined document gathering for audit requests through digitized workflow and supporting evidence. The initial implementation laid a strong foundation for ongoing optimization and user adoption.
The implementation of Oracle RMC at Glaukos will bring major improvements to its risk management process. Previously, Glaukos manually reviewed audit logs, making it time-consuming to mitigate risk. Now, with Oracle RMC, Glaukos will benefit from proactive monitoring. System users receive real-time notifications for flagged configuration changes and suspicious transactions. This automation has streamlined the review process and reduced the effort required to identify and investigate potential risks.
Detecting high-risk scenarios, such as duplicate invoices, was once labor-intensive, but Oracle RMC has made it far more efficient. The time needed to uncover and respond to potential suspicious transactions will decrease, enabling quicker resolution and enhanced risk management. The implementation of continuous monitoring has bolstered detective controls for transactions and configuration changes, automating sixteen key SOX compliance controls—a major improvement from the previous process, which relied primarily on manual audit reviews. These automated controls not only strengthen Glaukos’ compliance posture but also will reduce the likelihood of audit deficiencies.
Another impactful change has been the tracking of configuration changes in approval workflows. Before Oracle RMC, tracking these changes was challenging without a systematic audit trail. Now, changes made to approval workflows are monitored in real-time with notifications that include the name of the user who made the changes and the date they occurred. This allows for easy linking of activity back to a support ticket, creating a clear, systematic process for monitoring configuration changes and providing the necessary support for audit compliance. Additionally, the time required to collect support is reduced, and the back-and-forth with Internal Audit teams has been minimized.
The process for Oracle ERP user access reviews has been completely transformed. Previously, it involved multiple stakeholders, with significant manual effort needed to compile data and complete quarterly certifications. Oracle RMC enables a fully automated, self-service process for access certifications. This leads to notable savings, as the legacy system that supported this process is being phased out, further contributing to operational efficiency and cost savings.
The implementation of Oracle RMC also fosters stronger alignment between process owners, IT security, and Internal Audit teams. By creating a more collaborative environment, the platform improves communication and increases overall risk awareness across the organization. Glaukos is excited about how this tool is going to simplify the audit process and shared their thoughts: “We wish we had partnered with Sikich earlier and can’t wait to unlock the benefits and potential that this product will bring.”
The implementation of Oracle RMC enhances Glaukos’ risk mitigation efforts by automating the identification of suspicious transactions and unapproved configuration changes. Preventive controls are strengthened through more effective and automated user access certifications. Audit cycle times are shortened due to Oracle audit trails and streamlined documentation collection, simplifying the reconciliation process during audits. All these enhancements result in greater operational efficiency, while supporting compliance with audit requirements. Thus, Glaukos has effectively strengthened its confidence in its compliance processes and operational performance, enabling the company to proactively manage risks before they escalate.
Glaukos plans to enhance its focus on Segregation of Duties compliance while continuing to phase out legacy systems, consolidating risk and compliance processes into one unified Oracle platform. This next phase will position Glaukos for sustained success in optimizing risk management and compliance across the organization. With Sikich’s expert guidance, Glaukos is well-equipped to achieve long-term cost savings and operational efficiencies, solidifying a strengthened risk management framework.
